Data Protection Policy
DigitalService GmbH des Bundes would like to use this Data Protection Policy to explain to you what data is processed and in what form when you visit our website. This also fulfils our obligation to inform you in accordance with Article 13 of the General Data Protection Regulation (GDPR).
I. Data controller and contact information for the data protection officer
DigitalService GmbH des Bundes
Commercial Register: HRB 212879 B
Court of Registry: Charlottenburg
Christina Lang & Philipp Moeser
II: Personal data, purposes and legal basis for data processing
1. Personal data
According to the GDPR, personal data are "any information relating to an identified or identifiable natural person (hereinafter 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. General usage of the website
When you call up this website, we process the data for your request, such as the specific page called up, your IP address, your browser and similar metadata on our server for a short time in order to deliver the website correctly. We store this data in log files only in anonymised form, i.e. in particular we do not log IP addresses or other data that could be traced back to you as an individual.
In order to understand the use of our website and to improve it regularly, we use the web analysis tool Plausible Analytics. Plausible does not set any cookies or store any information in the browser. Plausible Analytics does not collect any personal data, either. More information about the data protection policy of Plausible Analytics can be found here. Service provider: OÜ Plausible Insights, Västriku tn 2, Tartu 50403, Estonia.
The software runs exclusively on the servers of our website. Personal data of users is only stored there. The data is not passed on to third parties. The software is set in such a way that IP addresses are not stored completely, with 2 bytes of the IP address being masked (e.g.: 192.168.xxx.xxx). This makes it is no longer possible to assign the abbreviated IP address to the calling computer.
The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. f of the GDPR. By anonymising the IP address, users' interest in the protection of their personal data is sufficiently taken into account. The data is deleted as soon as it is no longer required for our recording purposes. All personal data is automatically deleted after 90 days. Beyond this, only daily totals are archived, which can no longer be assigned to individual persons.
We offer you the option of opting out of the analysis process on our website. To do this, you must follow the link in the following paragraph. This will set another cookie on your system, which signals to our system not to save the user's data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.
Notwithstanding the foregoing basic conditions, however, the web server of our hoster automatically registers accesses to the websites and, in particular, your IP address. Your IP address is not stored, however.
In addition, our hoster creates so-called log files to maintain system security. These log files contain the following information:
- Date of access
- The URL
- Contents which can be accessed and
- Information that is transferred
This information remains anonymous for us. It is therefore not possible to draw conclusions about an individual.
If you contact us at the e-mail address provided on our website, you will at a minimum provide us with your e-mail address and, if applicable, other information that you disclose in your e-mail. We need to process this data so that we can deal with your request.
3. Purposes and legal basis of data processing
Your IP address is processed during the connection process so that we can provide you with our website. It is based on Art. 6 para. 1 lit. f) of the GDPR. Our legitimate interest lies in the aforementioned purpose.
Processing in the context of contacting you takes place so that we can process and answer your enquiry. The legal basis is Art. 6 para. 1 lit. f) of the GDPR. Our legitimate interest lies in the purpose mentioned above.
If you participate in one of our events, we process your data (first and last name, title, address, telephone number, email address, position and company) in order to stage the event and enable you to participate. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b of the GDPR. The legal basis for taking and storing photographs and videos at the events is Art. 6 (1) sentence 1 lit. f of the GDPR based on our legitimate interest in reporting on the event. Further information on our handling of your data and your rights at our events can be found here.
Furthermore, we only process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) on the basis of your corresponding consent (Art. 6 para. 1 lit. a of the GDPR).
III. Recipients of data
Within our company, the departments that have access to your data are those that are responsible for processing the requests. In addition, we use external service providers if we cannot or are unable to reasonably perform services ourselves. These external service providers are primarily providers of IT services and telecommunication services, with each of which we have concluded an order processing agreement (AVV). Wherever possible, we prefer to use European service providers that are directly covered by the scope of the European General Data Protection Regulation (GDPR).
No transfer to third countries takes place in principle and only if it is necessary for the execution of your orders, is required by law or you have given us your consent to do so.
IV. Storage period
Our log files are stored for 14 days. We store your emails and contacts for as long as is necessary to process your enquiry and then store these for a maximum period of 12 months in case you contact us again in relation to your original question.
V. Data subjects' rights
The General Data Protection Regulation guarantees you certain rights that you can assert against us – insofar as legal requirements are met.
The data subject's right to information (Art. 15 of the GDPR): You have the right to request confirmation from us as to whether personal data relating to you are being processed and, if so, what these data are and the circumstances in which they are being processed.
Right to rectification (Art. 16 of the GDPR): You have the right to demand that we correct any inaccurate personal data relating to you without delay. In doing so, you also have the right to request the completion of incomplete personal data – including by means of a supplementary declaration – taking into account the purposes of the processing.
Right to erasure (Art. 17 of the GDPR): You have the right to demand that we delete personal data concerning you without delay. Please note the exception described under II. 4 herein.
Right to restriction of processing (Art. 18 of the GDPR): You have the right to demand that we restrict processing.
Right to data portability (Art. 20 of the GDPR): You have the right, in the event of processing based on consent or for the performance of a contract, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and to transfer this data to another controller without hindrance from us or to have the data transferred directly to the other controller, insofar as this is technically feasible.
Right to object (Art. 21 of the GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary on grounds of a legitimate interest on our part or for the performance of a task carried out in the public interest, or which is carried out in the exercise of official authority. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. Insofar as we process your personal data for the purpose of direct marketing, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR in conjunction with Section 19 of the BDSG): You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State in which you have your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates applicable law.
To exercise these rights, please contact firstname.lastname@example.org or contact us by telephone or post (see our Legal Notice).
VI. Obligation to provide data
You have no contractual or legal obligation to provide us with personal data. However, we are unable to provide you with our services without the data you provide.
VII. Existence of automated decision-making (including profiling)
We do not use automated decision-making that has legal repercussions for you or affects you.
If you have any comments or questions:
We take all possible precautions to protect and secure your data. We welcome your questions and comments about data protection; just send an email to email@example.com.