In principle, you can use our website without providing any personal data. In individual cases, however, it may be necessary to collect and process your personal data in order to use certain functions of our website. In addition, we collect and process personal data in the context of public participation and through the use of social media platforms, which we process in accordance with data protection regulations.
Content of this privacy policy
1. RESPONSIBLE PERSON AND DATA PROTECTION OFFICER
2. DEFINITIONS
3. DATA PROCESSING WITHIN THE FRAMEWORK OF WWW.GRUPPEF.COM
4. PARTICIPATION IN PUBLIC PARTICIPATION
5. TRANSMISSION TO THIRD COUNTRIES
6. YOUR RIGHTS
1. person responsible and data protection officer
Contact details of the person responsible
Person responsible for processing within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
Freiraum für alle GmbH
Lützowstraße 102-104
10785 Berlin
E-mail: info@gruppef.com
Contact details of the data protection officer
We have appointed a data protection officer in the company. You can contact him in all matters relating to your personal data as follows:
Sandra Leist
c/o Werk3 für Datenschutz GmbH
Letteallee 3
13409 Berlin
E-mail: datenschutz@gruppef.com
2. definitions
Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Person concerned
A data subject is the person whose personal data is processed by the controller.
Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Responsible persons
The controller is the person who decides on the purposes and means of processing personal data and also carries out this processing accordingly.
Processor:in
Processor:in is another natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. data processing within the framework of kiezblocks-mitte.de
Visit our website
(1)
When you visit our website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address and service provider
- Date and time of the request
- Content of the request (specific page)
- Access status/HTTP status code
- Website from which the request comes
- Browser incl. language and software version
- Operating system and its interface
(2)
The data listed in paragraph 1 is also automatically stored in the log files of our server. The log data is stored separately from other data and can only be viewed by the hoster. The log data is stored for 7 days. The legal basis for the processing of your data when you visit our website is Art. 6 para. 1 sentence 1 lit. f GDPR, § 15 Telemedia Act (TMG).
Use of cookies
We value your privacy and therefore do not use cookies. You therefore do not have to click away a cookie banner when you visit our website.
Contact by e-mail
(1)
When you contact us via the e-mail addresses provided on our website, the data you enter (your e-mail address and optionally your name and the other data you provide) will be stored by us at the time of access in order to process your request.
(2)
We delete the data arising in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
(3)
If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR.
4. participation in public participation
Maptionnaire
(1)
We use the Maptionnaire tool from Mapita to carry out online citizen participation. This allows us to receive survey data from you as part of a specific project. We will inform you about the exact content on the respective project page or during the implementation of the public participation.
(2)
All data transmitted by you is collected anonymously, so we ask you to refrain from entering personal data in the text fields.
(3)
The collection and processing of the data transmitted by you is carried out to carry out citizen participation and therefore constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
(4)
Information of the provider(s): Mapita Oy, Vironkatu 3 D 4, FI-00170 Helsinki, Finland. Further information on the purpose and scope of data collection and processing by Maptionnaire can be found in the privacy policy. There you will also find further information on your rights and the protection of your privacy: https://maptionnaire.com/customer-privacy.
Integration of uMap maps
(1)
We use the interactive map from uMap on our website to offer you a user-friendly way of displaying geographical data. UMap is a project of OpenStreetMap. The map is hosted by a third-party provider, and data such as your IP address and technical information (e.g. browser type, operating system) may be transmitted to the provider when the map is loaded. To protect your privacy, we have implemented a two-click solution. The legal basis is in accordance with Art. 6 para. 1 lit. a GDPR, your consent by clicking on the map.
(2)
How does the two-click solution work?
First click: Before the uMap map is loaded, a consent banner is displayed informing you that loading the map may result in data being transmitted to the third-party provider. You have the option of actively agreeing or rejecting the use of the map.
Second click: Only after you have clicked on “Agree” will the map be embedded in the website content and the data transfer to the third-party provider be started.
(3)
By clicking, you consent to the processing of your data by the third-party provider in accordance with their privacy policy. Further information on the processing of your data by uMap and the third-party provider can be found at https://www.fossgis.de/datenschutzerklärung/.
Newsletter dispatch (rapidmail)
(1)
With your consent, you can subscribe to our newsletter, with which we will inform you about important progress and results of the project in which you have participated.
(2)
We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3)
The only mandatory information for sending the newsletter is your email address. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4)
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in every newsletter e-mail.
(5)
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called tracking pixels, which are single-pixel image files. We record when our newsletter is sent to you, whether you open it and which links you click on in it.
(6)
The information is stored for as long as you have subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
(7)
We also delete your data as soon as the project in which you have participated has been successfully completed, provided there are no statutory retention periods.
(8)
Information from the provider(s): rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br. Further information on the purpose and scope of data collection and its processing by rapidmail can be found in the privacy policy. There you will also find further information on your rights and the protection of your privacy: https://www.rapidmail.de/newsletter-marketing-dsgvo-und-datenschutz-konform and at https://www.rapidmail.de/datenschutz.
5. transfer to third countries
In some cases, your data will be transferred to servers outside the EU by external service providers (so-called third countries). In particular, these may be service providers in the areas of marketing and social media, whereby we carefully select these service providers and contractually oblige them to comply with data protection in accordance with the legal requirements. If the service providers are located outside the EU, it is ensured that Binding Corporate Rules (BCR) or the standard data protection clauses within the meaning of Art. 46 GDPR apply in these cases, or an adequacy decision within the meaning of Art. 45 GDPR exists and an adequate level of data protection can therefore be guaranteed.
The following companies receive data in third countries outside the European Union: Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, https://privacycenter.instagram.com/policy
6. your rights
You have the following rights vis-à-vis us with regard to the processing of your personal data, which you can assert informally at any time vis-à-vis the contact persons listed above in 2.
Right to information
Upon request, we will provide you with information about which of your personal data we have stored, for what purpose, for how long, from what source and on what legal basis, and whether we have disclosed this data to third parties.
Right to rectification
If it turns out that the personal data we have about you is incorrect or incomplete, we will correct or supplement it immediately upon request.
Right to erasure (right to be forgotten)
You have the right to have your personal data deleted immediately, provided that there is no legal obligation to retain it.
Right to restriction of processing
You can request that we restrict the processing of your personal data.
Right to object to the processing
You can object to the processing of your personal data at any time. This applies in particular if the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
Right to data portability
You have the right to receive the personal data we hold about you in a universally readable format.
Right to lodge a complaint with a supervisory authority
You also have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us. The data protection authority of the federal state in which we have our registered office is responsible. You can find more information on this at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
We would like to politely point out that the exercise of your rights in individual cases may be subject to the fulfillment of certain conditions.
Ensuring data security and data protection
To ensure the protection and security of your personal data, we implement a large number of technical and organizational security measures, the effectiveness of which we regularly review.