1. Name and address of the responsible entity
Responsible for the processing of personal data as defined in Art. 4 No. 7 of the General Data Protection Regulation (GRPR) is:
The Governing Mayor of Berlin - Senate Chancellery
Chef der Senatskanzlei
Dr. Severin Fischer
2. Contact details of the Data Protection Officer
Data Protection Officer of the Senate Chancellery
Die Regierende Bürgermeisterin von Berlin – Senatskanzlei
3. Provision of the website and creation of log files
3.1 Description and scope of data processing
Each time the website https://gemeinsamdigital.berlin.de/ is visited, data and information is automatically collected by the computer system of the visiting computer.
The following data is collected:
- IP address
- Date and time of access to the page
- Address of the previously visited website (referrer URL)
- Name and version of the browser used
- Operating system of the computer
The data is stored in the log files of the system. They are processed separately from any other personal data that may be provided.
3.2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 Para. 1 Lit. e) GDPR in conjunction with § 2 para. 1 Data Processing Act (IVG).
3.3 Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The log files are stored in order to ensure the functionality of the website. This serves to optimise the website, to eliminate disruptions and to ensure the security of the information technology systems.
3.4 Duration of storage
The data is deleted once it is no longer required to fulfil the purpose stated above. Insofar as the data is required to provide access to the website, the data is deleted when the respective session is terminated.
Stored IP addresses are anonymised after 24 hours. Insofar as the data is stored in log files, it will be deleted after a maximum of 30 days.
Cookies are text files that are stored in or by the internet browser of the visiting computer.
The following cookies are used on the website:
Scope of data processing: Random character string to protect against so-called “cross-site request forgery” attacks when using the admin area (technically necessary cookie).
Legal basis: Art. 6 Para. 1 Lit. e) DSGVO in conjunction with § 2 Para. 1 IVG
Purpose: protection against so-called “cross-site request forgery” attacks
Type of cookie and retention period: First-party cookie, seven days
5 Subscription to the newsletter
5.1 Description and scope of data processing
A form and/or link to a newsletter subscription is available on our website. If a user takes advantage of this option, the data entered in the input mask is stored. The external provider Sendinblue is used for sending email newsletters:
Köpenicker Str. 126
Sendinblue is a service for organising and analysing the sending of email newsletters. The data entered by the user for the purpose of receiving email newsletters (e.g. email address) is stored on Sendinblue's servers.
The so-called double opt-in procedure is used to verify that the subscriber is actually the user of the specified email address and has intentionally subscribed to the email newsletter. For this purpose, a registration email with a confirmation link is sent. Only if the confirmation is received will the address be included in the distribution list. This data is used exclusively for sending the newsletter.
5.2 Legal basis for data processing
The processing of the data entered in the newsletter registration form is based on your consent (Art. 6 Para. 1 Lit. a) GDPR).
5.3 Purpose for data processing
The processing of the personal data from the input mask is solely for the purpose of sending the email newsletter. The data will be transmitted to Sendinblue GmbH. Sendinblue is prohibited from selling user data and using it for purposes other than sending email newsletters. Sendinblue is a certified provider in Germany that has been selected in accordance with the requirements of the GDPR and the Federal Data Protection Act.
Newsletters sent with Sendinblue allow us to analyse the behaviour of newsletter recipients. Among other things, we can analyse which recipients have opened the newsletter message and how often each link in the newsletter was clicked. All links in the email are so-called tracking links, with which user clicks can be counted.
5.4 Duration of storage
The data provided by the user for the purpose of receiving the email newsletter will be stored until the user unsubscribes from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue after unsubscribing from the newsletter. Subscribers can unsubscribe at any time, for example via the “unsubscribe” link in the email newsletter.
Further details can be found in the data protection regulations of Sendinblue:
6 Contact form and participation form
6.1 Description and scope of data processing
A contact form on our website can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.
These data are:
- First and last name
- Content of the message
In addition, the following metadata are stored:
- Date and time the message has been sent.
The website also contains a form for participation in the participation process. This can be used by users to be contacted by the relevant senate administration at the start of the participation process. If a user takes advantage of this option, the data entered in the input mask will be sent to us and stored.
- First and last name
- Content of the message
In addition, the following metadata will be stored:
- Date and time the message has been sent.
6.2 Legal basis for data processing
The legal basis for processing the data is Art. 6 Para. 1 Lit. e) of the GDPR in conjunction with § 2 Para. 1 IVG.
6.3 Purpose of data processing
The processing of the personal data from the form is solely for the purpose of processing the enquiry and making contact. If participation in the process is requested, the stored personal data will be made available to the senate administrations involved in the participation process for the purpose of making contact.
6.4 Duration of storage
The data is deleted once it is no longer required to fulfil the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved. If it is unclear whether a conversation has actually ended, the data will be deleted no later than 30 days after the last contact.
If an administrative procedure is initiated on the basis of the conversation, longer retention periods apply as part of our file management.
7. Recipients of personal data
The responsible body is supported in the technical operation of the website by Liquid Democracy e. V., Am Sudhaus 2, 12053 Berlin. This is involved in the processing of personal data as a service provider on the basis of a contract processing agreement in accordance with Art. 28 of the GDPR.
8. Rights of the data subject
If personal data of yours is processed, you as the data subject within the meaning of Art. 4 No. 1 of the GDPR have the following rights with regard to us as the data controller:
8.1 Right of objection
Persons whose data is processed on the basis of Art. 6 (1) Para 1 Lit. e) or f) of the GDPR have the right to object to this processing at any time (Art. 21 of the GDPR). In the event of an objection, your personal data will no longer be processed unless compelling reasons worthy of protection that outweigh your interests can be proven.
8.2 Further data subject rights
Under the General Data Protection Regulation, you have the following rights:
If your personal data are processed, you have the right to receive information about the data stored about you (Art. 15 of the GDPR).
If inaccurate personal data is processed, you have the right to rectification (Art. 16 of the GDPR).
If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17 and 18 of the GDPR).
If the data processing is based on your consent and is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 of the GDPR).
Should you make use of your above-mentioned rights, the data controller will check whether the legal requirements for this are met. To exercise all the rights mentioned in this section, any data subject may contact firstname.lastname@example.org.
8.3 Right of withdrawal in case of consent
If you have consented to the processing by means of a corresponding declaration, you may revoke your consent at any time for the future (Art. 7 (3) of the GDPR). This does not affect the lawfulness of the data processing carried out on the basis of the consent until the revocation. The revocation must be sent to email@example.com.
8.4 Right of appeal
Every data subject has the right to lodge a complaint with the supervisory authority (Article 77(3) of the GDPR), in particular in the member state of their place of residence, place of work or place of the alleged infringement, if they consides that their personal data are being processed unlawfully.
If you wish to contact the Berlin Commission for Data Protection and Freedom of Information, you can contact them as follows:
Berlin Commission for Data Protection and Freedom of Information
10969 Berlin (visitor entrance: Puttkamerstr. 16-18)
Phone: +49 030 13889 0
Fax: +49 030 215 5050
GDPR (European General Data Protection Regulation)