Data protection at nuudel.digitalcourage.de
With nuudel.digitalcourage.de (also available under nuudel.de and https://poll.digitalcourage.de or as an onion site accessible with the Tor Browser under http://vopmm4275ay6igoc.onion), we offer a poll tool for scheduling meetings and gathering opinions that minimises data collection: only the data entered manually are saved. This means no IP addresses, referrers, user agent strings or other personal technical data that other sites routinely collect.
I. Scope of application:
This data protection statement specifically applies to the meeting scheduling and poll service offered by Digitalcourage e.V. under https://nuudel.digitalcourage.de/ and the personal data collected by this website.
II. Responsibility:
The entity responsible for the processing of personal data on these websites is:
Digitalcourage e.V.
Marktstraße 18
33602 Bielefeld, Germany
Our complete contact info including our PGP key can be found here.
III. Data protection officer:
Datenschutzbeauftragte
c/o Digitalcourage e.V.
Marktstraße 18
33602 Bielefeld, Germany
Phone: +49 521 1639 1639
Email: datenschutz@digitalcourage.de
IV. Hosting:
This internet offering is hosted on a virtual server owned and run by Digitalcourage e.V. on the association’s own hardware.
V. How we handle your data:
1) Usage data:
We do not collect or save usage data on this server. Notably, the access logs of the web server used have been deactivated and the log file of the used web application Framadate saves into nowhere (/dev/null).
2) Cookies and tracking:
We generally do not employ any cookies or other forms of tracking (such as advertising banners and “web bugs”) on our website.
The only exception is the “PHPSESSID” session cookie used by Framadate which is not capable of tracking and is deleted upon exiting the browser.
3) Form data:
When you use our meeting scheduling or poll tool, we exclusively process the data you enter for this purpose. The data you enter – and only these data – are saved into a database. The legal basis for this processing of data is your consent according to Art. 6 (1) lit a – GDPR.
Unfortunately, the email address is a mandatory field for creating Framadate polls for technical reasons. If you do not want to disclose your email address, we recommend you use an invalid address in the form of “ANYTHING...@invalid”. Make sure the invalid email address ends in “@invalid” to ensure that no security-relevant data can end up in the wrong hands. In this case, you should save the administration pages of your polls under your bookmarks/favourites so that you can find them again later.
VI. Retention periods and limits:
We keep to the principles of data avoidance and data minimisation. Therefore, we only retain your personal data as long as necessary for the purposes specified here – i.e. until the specified expiry date of the respective poll. Immediately after, all pertaining data are deleted automatically.
VII. Recipients or categories of recipients:
We do not share your personal information with third parties except when you give us explicit consent. If we do transmit data to service providers as part of contract data processing, the recipients are bound to the GDPR, the Federal Data Protection Act (BDSG), the Telecommunications and Telemedia Data Protection Act (TTDSG) as well as contractually, to our data protection statement. Examples of these service providers may be Deutsche Post for newsletter or donation receipt shipments, our bank for collecting donations or support membership fees or PayPal if you have selected this payment method. We reduce the data shared to the necessary minimum.
Generally, we do not share your data with authorities. Only if we are required to do so by law or by court order will we send your data to the respective authorities.
VIII. Your rights:
As a user of our internet offering, the GDPR grants you a number of rights, especially resulting from Art. 15 to 18 and 21 GDPR:
1) Withdrawal of consent:
Wherever you have given us consent, you can withdraw this consent at any time with effect in the future as mandated by Art. 7 (3) GDPR.
2) Right of access:
You can demand access to your personal data processed by us acc. to Art. 15 GDPR.
3) Right to rectification:
If information related to you is not or no longer accurate, you can demand rectification according to Art. 16 GDPR. If your data are incomplete, you can demand to have them completed.
4) Right to erasure:
You can demand erasure of your personal data under the conditions laid down in Art. 17 GDPR.
5) Right to restriction of processing:
You have the right to demand restriction of processing of the data related to you under the conditions laid down in Art. 18 GDPR.
6) Right to object:
You have the right to object to processing of the data related to you at any time on grounds relating to your particular situation according to Art. 21 GDPR.
7) Right to lodge a complaint:
You can lodge a complaint with the competent supervisory authority at any time. Which supervisory authority is competent depends on the federal state of your habitual residence, place of work or place of the alleged infringement. You can find a list of the supervisory authorities (for the non-public sector) including contact details under: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
Digitalcourage e.V. – V02
