DEMOS Back to demos-deutschland.de

Data Protection Declaration according to the GDPR

1. Name and Address of the Data Controller

Responsible party for the General Data Protection Regulation (GDPR) and otherwise occurring valid data protection laws and regulations within the member states of the European Union is:

DEMOS E-Partizipation GmbH
Eifflerstraße 43
22769 Hamburg – Altona
Germany
Tel.: +49 (0)40 2286 735-70
E-Mail: info@demos-deutschland.de
Website: www.demos-deutschland.de

2. Name and Address of the Data Protection Officer

The Data Protection Officer responsible for the controlling of data is:

Helge Bewernitz
DEMOS E-Partizipation GmbH
Office Berlin, Panoramastraße 1, 10178 Berlin - Mitte
Germany
Tel.: +49 (0)30 2787846-30
E-Mail: datenschutz@demos-deutschland.de
Website: www.demos-deutschland.de

3. Generation of Log Data

The company keeps log files that record data and information each time a device accesses our server through an automated system. This data is then temporarily saved in the log files of the web server.

The log files contain data about the following:

  1. 1. The IP address of the user
  2. 2. The date and time the particular website was accessed
  3. 3. Name of the website accessed
  4. 4. Notification of successful access to the website
  5. 5. Size of the transferred data volume
  6. 6. Information regarding the type of browser and browser versions
  7. 7. Operating system of the user
  8. 8. The referral website that led the user to the company's website
  9. 9. SSL protocol version

The processing of this data allows for the delivery of the content of the company's websites, the provision of functionality of the company's IT systems and the optimisation of the company's websites. The log files' data is always saved separately from other types of personal data of the user.

Legal basis for generation of log data is Art. 6(1)(f) of the GDPR.

4. Matomo

On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software sets a cookie on the computer of the users. Cookies are text files that are stored in the internet browser or the internet browser on the user's computer system. If individual pages of our website are launched, the following data is stored:

  • 1. IP address of the user (anonymized)
  • 2. Date and time of the page view
  • 3. Title of the page launched
  • 4. URL of the page launched
  • 5. The website from which the user came to the website launched (referrer)
  • 6. Local time, city and country of origin of the user
  • 7. Externally opened links
  • 8. Information about the browser type used and the browser version used
  • 9. Number of page visits by the user
  • 10. Operating system used
  • 11. Used device type and screen resolution
  • 12. The length of stay on the website
  • 13. The frequency of visiting the website

Matomo runs exclusively on the server of the controller in Germany. A transfer of the data to third parties does not take place. The software is set so that the IP addresses are not completely saved. In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

Legal basis for use of Matomo is Art. 6(1)(f) of the GDPR.

5. Options for Establishing Contact

Electronic contact is possible via the provided email addresses. In the case that the data subject chooses the e-mail addresses contacting the data controller, the personal data that has been provided by the data subject will be automatically stored. The storage of this data is for the sole purpose of the process of establishing contact with the data subject. The transmission of this data to third-parties does not occur.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. Art. 6(1)(b) of the GDPR serves as the legal basis for the processing of personal data required to fulfill a contract of which the data subject is a party. This also applies to processing operations required to carry out pre-contractual actions.

6. Routine Deletion and Blocking of Personal Data

The data controller saves the personal data of the data subject only for as long as is needed for the accomplishment of the purpose that the data has been saved for. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject.

As soon as the purpose of the saving of the data becomes inapplicable, or the storage period according to stated procedures has expired, the personal data will be routinely blocked or deleted.

7. Rights of the Data Subject

According to the GDPR the following presents the rights of the data subject in relation to the data controller:

You have the right to request confirmation as to whether or not personal data about your person is/has been processed  by the data controller. (Art. 15 GDPR).

You have the right to the correction and/or the completion of personal data through the data controller, to the extent that the data that involves the data subject is incorrect or incomplete. (Art. 16 GDPR).

You can request for deletion or restriction of processing and objection to the processing. (Art. 17, 18 and 21 GDPR).

You may be entitled to data portability if you have consented to data processing or a data-processing contract and the processing of data is automated (Art. 20 GDPR).

Furthermore, there is a right of appeal to the competent supervisory authority. (Art. 77 DSGVO)

8. Transfer of Data to Third Parties

Services by Google LLC

The following services of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Tel: +1 650 253 0000, Fax: +1 650 253 0001, E-Mail: support-de@google.com are used on this Website:

  • Google Webfonts (a)
  • Google Maps (b)

These services are used for aesthetic purposes within our website.

The privacy policy of the company Google LLC for the service Google Webfonts (a) can be found here: : https://developers.google.com/fonts/faq

The privacy policy of the company Google LLC for the service Google Maps (b) can be found here: https://www.google.com/help/legalnotices_maps.html

The privacy policy of the company Google LLC can be found here: https://policies.google.com/privacy?hl=en

Further information about how the company Google LLC uses your data, as well as ways to customize privacy settings, see https://privacy.google.com/

Legal basis for use of the services of the company Google LLC is Art. 6(1)(f) of the GDPR.

Social Networks

On our website we link to the social media presence of our company in order to inform about our company. We have social media sites on the following social networks:

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Privacy Policy: https://www.facebook.com/legal/FB_Work_Privacy)

Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. (Privacy Policy: https://twitter.com/de/privacy#update)

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Privacy Policy: https://policies.google.com/privacy?hl=den)

Tumblr, Inc., 770 Broadway, New York, NY 10003, USA (Privacy Policy: https://www.tumblr.com/privacy/en)

Legal basis for links to our social media presence is Art. 6(1)(f) of the GDPR.

Websites of customers

On our website we link to the internet presence of some selected customers of our company. When calling the corresponding website, the terms of use and data protection regulations apply.

We link to the websites of the following customers:

Bertelsmann Foundation (Privacy Policy: http://www.bertelsmann-stiftung.de/en/system/privacy-policy/)

Free and Hanseatic City of Hamburg (Datenschutzerklärung: https://www.hamburg.com/privacy-policy/)

Lower Saxony state authority for road and traffic engineering (Privacy Policy: http://www.strassenbau.niedersachsen.de/live/privacypage.php)

The Federal State of Schleswig-Holstein (Privacy Policy: http://www.schleswig-holstein.de/DE/Serviceseiten/Datenschutzerklaerung/datenschutz_node.html;jsessionid=01E6E19CFE0AB25C55F1DC237619FA3F

T-Systems GmbH (Privacy Policy: https://www.t-systems.com/de/en/data-protection)

Lichtenberg district, Berlin (Privacy Policy: https://www.buergerhaushalt-lichtenberg.de/datenschutz)

Commission on the geological repository for high level radioactive waste (Privacy Policy: https://www.bundestag.de/service/datenschutz)

FGV-DAPP (Datenschutzerklärung: http://dapp.fgv.br/en/about/)

9. Legal Basis of Processing

Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis in the case of the data controller’s/company’s obtaining of the consent of the data subject for the processing of personal data.

Art. 6(1)(b) of the GDPR serves as the legal basis for the processing of personal data required to fulfill a contract of which the data subject is a party. This also applies to processing operations required to carry out pre-contractual actions.

Art. 6(1)(c) of the GDPR serves as the legal basis of the processing of personal data insofar as the data controller  is required to fulfill a legal obligation .

Art. 6(1)(d) of the GDPR serves as the legal basis in the event that vital interests of the data subject or any other natural person require the processing of personal data.

If the processing is necessary to safeguard the legitimate interests of the data controller or a third party and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, then Art. 6(1)(f) of the GDPR serves as the legal basis for processing. The legitimate interest of the data controller lies in the execution of the data controller’s business activities.

10. Duration of Storage of Personal Data

Personal data is stored for the duration of the respective legal retention period. After expiration of the deadline, the data will be routinely deleted, unless there is a need to initiate a contract or fulfill the contract.