Privacy Policy
1. Name and address of the responsible entity
Responsible for the processing of personal data as defined in Art. 4 No. 7 of the General Data Protection Regulation (GRPR) is:
The Governing Mayor of Berlin - Senate Chancellery
Email: datenschutz@senatskanzlei.berlin.de
Address:
Chef der Senatskanzlei
Dr. Severin Fischer
Jüdenstr. 1
10178 Berlin
2. Contact details of the Data Protection Officer
Data Protection Officer of the Senate Chancellery
Email: behDSB@senatskanzlei.berlin.de
Address:
Die Regierende Bürgermeisterin von Berlin – Senatskanzlei
Jüdenstraße 1
10178 Berlin
3. Data processor
The responsible entity is supported in the technical operation of the website by Liquid Democracy e.V. This is involved in the processing of personal data as a service provider on the basis of a data processing agreement pursuant to Art. 28 DSGVO.
Address:
Liquid Democracy e.V.
Am Sudhaus 2
12053 Berlin
[DKF1]Der Auftragsverarbeiter ist kein Empfänger von Daten im Sinne der DSGVO. Am besten oben als dritte Rolle neben dem Verantwortlichen und dem behDSB aufführen, statt hier im Text.
4. Provision of the website and creation of log files
4.1 Description and scope of data processing
Each time the website https://gemeinsamdigital.berlin.de/ is visited, data and information is automatically collected by the computer system of the visiting computer.
The following data is collected:
- IP address
- Date and time of access to the page
- Address of the previously visited website (referrer URL)
- Name and version of the browser used
- Operating system of the computer
The data is stored in the log files of the system. They are processed separately from any other personal data that may be provided.
4.2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 Para. 1 Lit. e) GDPR.
4.3 Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The log files are stored in order to ensure the functionality of the website. This serves to optimise the website, to eliminate disruptions and to ensure the security of the information technology systems.
4.4 Duration of storage
The data is deleted once it is no longer required to fulfil the purpose stated above. Insofar as the data is required to provide access to the website, the data is deleted when the respective session is terminated.
Stored IP addresses are anonymised after 24 hours. Insofar as the data is stored in log files, it will be deleted after a maximum of 30 days.
5. Cookies
Cookies are text files that are stored in or by the internet browser of the visiting computer.
The following cookies are used on the website:
Name: csrftoken
Scope of data processing: Random character string to protect against so-called “cross-site request forgery” attacks when using the admin area (technically necessary cookie).
Legal basis: Art. 6 Para. 1 Lit. f) DSGVO in conjunction with § 2 Para. 1 IVG
Purpose: protection against so-called “cross-site request forgery” attacks
Type of cookie and retention period: First-party cookie, seven days
6. Contact form
6.1 Description and scope of data processing
A contact form on our website can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.
These data are:
Email address
- Title
- First name (mandatory field)
- Last name (mandatory field)
- Organisation
- Email address (mandatory field)
- Content of the message (mandatory field)
In addition, the following metadata are stored:
- Date and time the message has been sent.
6.2 Legal basis for data processing
The legal basis for processing the data is Art. 6 Para. 1 Lit. a) of the GDPR in conjunction with § 2 Para. 1 IVG.
6.3 Purpose of data processing
The processing of the personal data from the form is solely for the purpose of processing the enquiry and making contact. If participation in the process is requested, the stored personal data will be made available to the senate administrations involved in the participation process for the purpose of making contact.
6.4 Duration of storage
The data is deleted once it is no longer required to fulfil the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved. If it is unclear whether a conversation has actually ended, the data will be deleted no later than 30 days after the last contact.
If an administrative procedure is initiated on the basis of the conversation, longer retention periods apply as part of our file management.
7. YouTube
The present offer integrates videos of the service Youtube on its pages.
Google Ireland Limited,
Gordon House,
Barrow Street,
Dublin 4
Ireland
7.1 Description and scope of data processing
The Youtube videos are provided with a preview image to prevent data from being transmitted to Google as soon as you enter the page. You will not be able to view the video content until you have actively consented to the data processing by clicking on the "Accept and View" button. After you have agreed, a connection to the Google server is established. In the process, Google also collects, processes and uses data about the visitors. The data processed may include in particular IP addresses, browser type, operating system, cookie information and location data.
The purpose and scope of the data collection by the Youtube service, as well as the further processing and use of your data there, in particular the duration of storage or criteria for determining this duration, as well as your rights in this regard and setting options for protecting your privacy, can be found in the Google privacy policy. A transfer to third countries without an adequacy decision, such as the USA, cannot be ruled out, so that we must inform you in accordance with Art. 49 (1) lit. a DSGVO that there may be a risk in the transfer. This could be, for example, that not all data subject rights can be enforced against Google.
Privacy policy of Google: www.google.com/policies/privacy/
Opt-out from Google: adssettings.google.com/authenticated
7.2 Legal basis for data processing
As soon as you have agreed to the display of content by clicking on the "Accept and display" button, you consent to your data being transferred to Google in accordance with Art. 6 (1) lit. a DSGVO.
7.3 Purpose of data processing
By using the two-click solution, we can protect your data. The integration of the Youtube videos serves to inform citizens about topics of the Berlin administration.
7.4 Duration of storage
Your consent to display Youtube videos is not stored. When you end your browser session, your consent is deleted, i.e. when you call up the pages on which Youtube content is integrated again, they are again provided with a preview image and you must consent again if you wish to see the content.
7.5 Possibility of objection and removal
The consent to the video display is valid until you leave the embedding page. The lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this.
8. Vimeo
The present offer integrates videos from Vimeo on its pages.
Vimeo.com, Inc.
555 West 18th Street
New York 10011
USA
8.1 Description and scope of data processing
The videos are provided with a preview image to prevent data from being transmitted to the provider as soon as you enter the page. You can only view the video content after you have actively agreed to the data processing by clicking on the "Accept and view" button. After you have agreed, a connection to the Vimeo server is established. In the process, data about the visitors is also collected, processed and used. The processed data may include in particular IP addresses, browser type, operating system, cookie information and location data.
The purpose and scope of the data collection by the Vimeo service, as well as the further processing and use of your data there, in particular the duration of storage or criteria for determining this duration, as well as your rights in this regard and setting options for protecting your privacy, can be found in the Vimeo privacy policy. A transfer to third countries without an adequacy decision (USA) takes place, so that we must inform you in accordance with Art. 49 Para. 1 lit. a DSGVO that there may be a risk with the transfer. This could be, for example, that not all data subject rights can be enforced against Vimeo.
Vimeo privacy policy: vimeo.com/privacy
Cookie policy of Vimeo (opt-out): vimeo.com/cookie_policy
8.2 Legal basis for data processing
As soon as you have agreed to the display of content by clicking on the "Accept and display" button, you consent to your data being transferred to Vimeo in accordance with Art. 6 (1) lit. a DSGVO.
8.3 Purpose of data processing
By using the two-click solution, we can protect your data. The integration of the Vimeo videos serves to inform citizens about topics of the Berlin administration.
8.4 Duration of storage
Your consent to view Vimeo videos is not stored. When you end the browser session, your consent is deleted, i.e. when you call up the pages on which content from Vimeo is embedded again, they will again be provided with a preview image and you must consent again if you wish to view the content.
8.5 Possibility of objection and removal
The consent to the video display is valid until the embedding page is left. The lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this.
9. Rights of the data subject
If personal data of yours is processed, you as the data subject within the meaning of Art. 4 No. 1 of the GDPR have the following rights with regard to us as the data controller:
9.1 Right of objection
Persons whose data is processed on the basis of Art. 6 (1) Para 1 Lit. e) or f) of the GDPR have the right to object to this processing at any time (Art. 21 of the GDPR). In the event of an objection, your personal data will no longer be processed unless compelling reasons worthy of protection that outweigh your interests can be proven.
9.2 Further data subject rights
Under the General Data Protection Regulation, you have the following rights:
If your personal data are processed, you have the right to receive information about the data stored about you (Art. 15 of the GDPR).
If inaccurate personal data is processed, you have the right to rectification (Art. 16 of the GDPR).
If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17 and 18 of the GDPR).
If the data processing is based on your consent and is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 of the GDPR).
Should you make use of your above-mentioned rights, the data controller will check whether the legal requirements for this are met. To exercise all the rights mentioned in this section, any data subject may contact behDSB@senatskanzlei.berlin.de.
9.3 Right of withdrawal in case of consent
If you have consented to the processing by means of a corresponding declaration, you may revoke your consent at any time for the future (Art. 7 (3) of the GDPR). This does not affect the lawfulness of the data processing carried out on the basis of the consent until the revocation. The revocation must be sent to behDSB@senatskanzlei.berlin.de.
9.4 Right of appeal
Every data subject has the right to lodge a complaint with the supervisory authority (Article 77(3) of the GDPR), in particular in the member state of their place of residence, place of work or place of the alleged infringement, if they consides that their personal data are being processed unlawfully.
If you wish to contact the Berlin Commission for Data Protection and Freedom of Information, you can contact them as follows:
Berlin Commission for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Phone: +49 030 13889 0
Fax: +49 030 215 5050