Data protection at Digitalcourage
Data protection at Digitalcourage
First of all, we naturally strictly comply with the stipulations of the data protection laws, but beyond that, we also abstain from many practices other website owners deem “permissible”. In the following, you can find more precise information about which data we retain for what cause.
“We care about data protection” is what many companies verbosely claim on their websites – and yet, their actions show otherwise. As an organisation that advocates for data protection and civil rights, we want to be sure to adhere to our own standards in our work.
I. Scope of application:
This data protection statement is applicable to the internet offers by Digitalcourage e.V. under
-
https://digitalcourage.de,
-
https://civi.digitalcourage.de,
-
https://foebud.org,
-
https://shop.digitalcourage.de,
-
https://bigbrotherawards.de,
-
https://kidsdigitalgenial.de,
-
https://privacy-captcha.net,
-
https://frankgehtran.de,
-
https://socialswarm.net
-
https://lesen-gegen-ueberwachung.de
-
https://neuzustellen.de
including their respective subdomains.
II. Responsibility:
The entity responsible for the processing of personal data on this website is:
Digitalcourage e. V.
Marktstraße 18
33602 Bielefeld, Germany
Our complete contact info including our PGP key can be found here.
III. Data protection officer:
Datenschutzbeauftragte
c/o Digitalcourage e.V.
Marktstraße 18
33602 Bielefeld, Germany
Phone: +49 521 1639 1639
Email: datenschutz@digitalcourage.de
Encryption:
PGP key: datenschutz@digitalcourage.de: 0x97B4BBE4721C11E1
(right-click → “Save as” .asc file, then import)
PGP fingerprint: 0601 FA74 1F58 FB90 F4BA 8CFB 97B4 BBE4 721C 11E1
IV. Hosting:
All offers are run on our own infrastructure and overseen by our qualified personnel.
Exceptions are our internet offers under https://digitalcourage.de and https://bigbrotherawards.de: these internet offers are provided by freistil IT Ltd (https://www.freistil.it/) as a technical service provider on our behalf and following our specifications.
V. How we handle your data:
1) Usage data:
We automatically gather and store information transmitted by your browser in our server log files. This concerns the following information:
-
Browser type and version
-
Operating system used
-
Referrer URL (the previously visited website)
-
Date and time of server request
-
Pages viewed
The hostnames of the accessing computers as well as IP addresses are anonymised in real time and are not retained.
Exception: our privacy tool “Privacy Captcha” (https://privacy-captcha.net) does not process any of the data listed above.
2) Cookies and tracking:
We generally do not employ any cookies, other forms of tracking (such as advertising banners and “web bugs”) or active content (“Java”, “ActiveX”) on our websites.
Exceptions: When shopping in our online shop (https://shop.digitalcourage.de), using forms (https://civi.digitalcourage.de) and using the Privacy Captcha (https://privacy-captcha.net), session cookies are used. These cookies are necessary for technical reasons (for example, to use the shopping cart, process requests or generate download files), they do not save more information than necessary for their respective purpose and are deleted as soon as the browser is closed.
3) Contact form:
When you submit your personal data as part of an inquiry using the contact form, we exclusively use these data for the purpose intended by submitting the data: to answer your questions. The legal basis for this processing of data is your consent according to Art. 6 (1) lit. a – GDPR.
4) Contact via email, letter or phone:
When you contact us via email, letter or phone, we exclusively process your data for the purpose of answering your question. When you give us your email address to be added to a mailing list, we exclusively use it for this purpose. This is based on your consent according to Art. 6 (1) lit. a – GDPR. Emails and letters are generally stored according to the applicable statutory retention periods for business letters and are self-evidently not shared with third parties. You can use encryption to communicate with us. Our key can be found here.
Whether encrypted or not, we handle emails with utmost care. Highly confidential emails (for example regarding contenders for the BigBrotherAward) should be encrypted, if possible, for this reason.
5) Submission of job applications:
When you apply for a job with us, we exclusively process your data as part of the application process. (Art. 6 (1) lit. b – GDPR) In accordance with the applicable laws, all documents of rejected candidates are deleted within two months from the end of the application process.
6) Donation and membership forms:
We use your personal data submitted using our donation and membership forms exclusively for processing your donations, generating a donation receipt and communication for purposes of the association. The data are processed according to Art. 6 (1) lit. b – GDPR. If you have consented to receiving information from us (see also item 5), we also use the data you submitted for this purpose (according to Art. 6 (1) lit. a – GDPR).
7) Subscription to the press mailing list or newsletter/info:
Given your explicit consent, we regularly send you our newsletter or similar information via your specified email address. (Art. 6 (1) lit. a – GDPR)
If you want to receive press information, you can subscribe to and unsubscribe from our press mailing list independently. We may additionally use publicly available contact information of public institutions in order to send out press material (according to Art. 6 (1) lit. f – GDPR).
You only need to provide your email address in order to receive press information or the newsletter. If you additionally submit your postal address, you consent to also receiving information by letter post. When you subscribe to our newsletter, the data submitted are exclusively used for this purpose.
To confirm your subscription, we require a valid email address. In order to verify that the subscription has been ordered by the actual owner of the email address, we use the “double opt-in” process. For this purpose, we log the subscription, the dispatch of a confirmation email and the receipt of the answer requested therein. No other data are recorded. The data are used exclusively to send the newsletter and are not shared with third parties.
You can revoke your consent to the storage and use of your data for sending the newsletter at any time. Each newsletter contains a link under which you can unsubscribe from it. You can also unsubscribe by simply sending an email to mail@digitalcourage.de.
8) Signing online campaigns and petitions:
When you submit your personal data when signing a campaign, we exclusively use this data for the purpose intended by submitting the data:
For open letters and petitions, your name, your address and the date of signature may be submitted to the competent institution/the addressee of the open letter as part of a list on paper. For constitutional complaints, your name, your address and the date of signature may be submitted to the competent court (Federal Constitutional Court, Administrative Court or ECJ) as part of a list on paper. We need your email address in order to confirm your entry. Your email address will not be published or shared under any circumstances. Data recorded as part of other online campaigns (such as “Digitalzwangmelder” or “Netzwerk Freie Schulsoftware”) are processed for the specified purpose. These data are only published or shared with third parties (by name) with your prior explicit consent. The legal basis for this processing of data is your consent according to Art. 6 (1) lit. a – GDPR.
9) Attending events:
When you attend one of our events (or an event organised by us), your name and contact data may – if necessary – be shared with event and travel service providers for organisational purposes (for example, with a hotel in Germany or abroad for a room reservation) – the respective local data protection regulations apply. For cost processing, direct debit data (fee collection) may be shared with the bank of the association or other payment services (e.g. PayPal). The legal basis for this processing of data is Art. 6 (1) lit. b – GDPR. You may be contacted again after your attendance has ended (according to Art. 6 (1) lit. f – GDPR).
10) Shopping in the online shop:
When you submit your data when placing an order (no customer account needed) or registering a customer account, we exclusively use these data for contract execution and order processing (Art. 6 (1) lit. b – GDPR). You can delete your customer account independently or by contacting shop@digitalcourage.de at any time. For data minimisation reasons, we delete customer accounts after three years of inactivity at the end of the year.
When ordering the product “Lichtbildausweis”, we additionally request other data that are necessary for compiling the identity card. These data can be fictitious or real (i.e. personal; photograph, place of birth, nationality, body height, eye colour). These data are provided voluntarily and according to Art. 6 (1) lit. b – GDPR.
11) Using the Digitalcourage agency:
When you ask us to arrange lectures, workshops or similar services (both as the organiser of an event or as the speaker), we exclusively process your data for this purpose. The following personal data of customers are processed as part of the organisation and fee processing: contact and address data, invoice data and event-related information. These are – if necessary – shared with event or travel service providers, reduced to the necessary minimum. Payment data may be shared with the bank of the association. Evaluation sheets which you receive after the event are deleted upon assessment. The data are processed according to Art. 6 (1) lit. b – GDPR. Customer data are only published on the agency’s website with explicit consent (Art. 6 (1) lit. a – GDPR).
VI. Retention periods and limits:
We keep to the principles of data avoidance and data minimisation. Therefore, we only retain your personal data if and as long as necessary for the purposes specified here or according to the various retention periods mandated by law. With the end of the purpose or expiry of the retention periods, the respective data are routinely deleted or made unavailable in accordance with the applicable legal stipulations.
VII. Recipients or categories of recipients:
We do not share your personal information with third parties except when you give us explicit consent. When we do transmit data to service providers as part of contract data processing, the recipients are bound to the GDPR, the Federal Data Protection Act (BDSG), the Telecommunications and Telemedia Data Protection Act (TTDSG) as well as contractually, to our data protection statement. Examples of these service providers may be Deutsche Post for newsletter or donation receipt shipments, our bank for collecting donations or support membership fees or PayPal if you have selected this payment method. We reduce the data shared to the necessary minimum.
Generally, we do not share your data with authorities. Only if we are required to do so by law or by court order will we send your data to the respective authorities.
VIII. Your rights:
As a user of our internet offering, the GDPR grants you a number of rights, especially resulting from Art. 15 to 18 and 21 GDPR:
1) Withdrawal of consent:
Wherever you have given us consent, you can withdraw this consent at any time with effect in the future as mandated by Art. 7 (3) GDPR.
2) Right of access:
You can demand access to your personal data processed by us acc. to Art. 15 GDPR.
3) Right to rectification:
If information related to you is not or no longer accurate, you can demand rectification according to Art. 16 GDPR. If your data are incomplete, you can demand to have them completed.
4) Right to erasure:
You can demand erasure of your personal data under the conditions laid down in Art. 17 GDPR.
5) Right to restriction of processing:
You have the right to demand restriction of processing of the data related to you under the conditions laid down in Art. 18 GDPR.
6) Right to object:
You have the right to object to processing of the data related to you at any time on grounds relating to your particular situation according to Art. 21 GDPR.
7) Right to lodge a complaint:
You can lodge a complaint with the competent supervisory authority at any time. Which supervisory authority is competent in your case depends on the federal state of your habitual residence, place of work or place of the alleged infringement. You can find a list of the supervisory authorities (for the non-public sector) including contact details under: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Digitalcourage e.V. – V05