Below we inform you about the type, scope and purpose of the processing of your personal data when using our website "adhocracy.plus" (hereinafter "platform"). Personal data is all information relating to an identified or identifiable natural person.
1. Responsible person
The person responsible within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data. The person responsible for the personal data processed during a visit to our platform is the person within the meaning of the GDPR: Liquid Democracy e.V., Am Sudhaus 2, 12053 Berlin, phone +49 (0) 30 6298 4840, e-mail firstname.lastname@example.org (hereinafter "we").
We have appointed a data protection officer: Julian Dehm, Am Sudhaus 2, 12053 Berlin, email@example.com, +49 30 62984840
2. If you visit our platform
When you visit our platform, our server collects the following information from your end device: browser type and version, operating system, the previously visited Internet page ("referrer"), IP address and time of the page call.
We collect and process this data in order to ensure trouble-free operation of our platform and to detect, prevent and track any misuse of our services. Furthermore, we use the collected data for statistical purposes, for example to evaluate which end devices and browsers are used to call up our platform, in order to continuously adapt and improve our services to the needs of users on this basis.
This data processing is based on Article 6 paragraph 1 letter f GDPR. We anonymise all personal technical data mentioned in the first paragraph 24 hours after their collection. We delete the information on the operating system, browser type and version 30 days after it has been collected.
3. User account, notifications by e-mail
If you create a user account on our platform, we collect your e-mail address and a user name of your choice (pseudonym); without this data we cannot create a user account for you.
To set up a user account you can - instead of using our registration form - also enter the access data of an existing account on Google, GitHub or Twitter. In such a case, the respective service provider will provide us with your e-mail address or other service-specific identification and, if applicable, the user name used there. The data transmitted in this way will then be used to create your user account with us. If the service provider has not provided us with an e-mail address for you, we will also ask you for it.
Legal basis for the data processing is article 6 paragraph 1 letter b GDPR (fulfillment of the rights and obligations from the usage contract). We keep the personal data associated with the user account stored until the end of the user relationship.
If you have a user account with us, we can keep you up to date on news from our portal by e-mail on request (e.g. on new contributions in procedures in which you participate, on newly published procedures and on new functions of our platform). You can set in your user account which notifications you would like to receive. You can revoke your consent at any time by adjusting the settings in your user account accordingly. The legal basis for the use of your e-mail address for notifications is Article 6 paragraph 1 letter a GDPR (Einwilligung).
If you are an organisation that publishes a procedure on our platform, we will collect your actual name or company name and address in addition to the e-mail address and user name. This data is indispensable for concluding a contract with us; we process it for the purpose of fulfilling the contract in accordance with Article 6 paragraph 1 letter b GDPR. We keep the data stored until all mutual claims arising from the contractual relationship have been finally settled and the association and tax retention periods have expired.
When deciding on the conclusion of a contract, we refrain from automated decision-making and profiling.
4. Contract processors
As technical service providers for the operation of our platform on the Internet (web hoster), we make use of the services of Hetzner Online GmbH, 91710 Gunzenhausen and for mail hosting the Heinlein Support GmbH, Schwedter Straße 8/9B 10119 Berlin as contract processors pursuant to Article 28 GDPR. To process the data of authorized representatives of our user organizations in our Customer Relation Management (CRM), we use the services of Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.
5. Communication by e-mail
If you send us a message by e-mail, we store your message with the sender data transmitted with it (name, e-mail address and if necessary other information added by your e-mail program and the transmitting servers). To receive, store and send e-mails, we use an e-mail provider who acts for us as a processor in accordance with Article 28 GDPR.
The legal basis for this data processing is our legitimate interest in being able to answer your message and also to respond to any follow-up questions you may have (Article 6 paragraph 1 letter f GDPR). We will delete the data collected with your message at the latest by the end of the calendar year following the last communication with you concerning your request, subject to the provisions of the following paragraph.
If you send us a legally relevant declaration regarding a contractual relationship with us (e.g. a complaint), the legal basis for the processing, irrespective of the means of transmission, is also Article 6 paragraph 1 letter b GDPR In such a case, we will delete the data associated with your declaration as soon as all mutual claims arising from the contractual relationship have been finally settled and the association and tax retention periods have expired.
The mail servers used by us work with TLS and SSL, so that the transmission between your and our mail server is encrypted, even if your e-mail provider supports at least one of these encryption techniques.
For your security, we also offer PGP encrypted e-mail communication. To do this, ask for the PGP key for the e-mail address to which you would like to write. If you want us to reply to you in the same encrypted way, include your PGP public key in your email.
If you write a contribution on our platform, we will publish your contribution at the appropriate place on our platform together with your user name. In order to prevent misuse of our offer, we store the IP address of the terminal from which you are writing for a period of 24 hours (Article 6 paragraph 1 letter f GDPR). We reserve the right to delete unobjective or thematically inappropriate contributions at any time. If you delete your user account with us, your contributions remain on our platform so that other users can continue to follow the course of a participation process, but we anonymise the user name previously displayed with your contributions as author identification. Personal data contained within a contribution text - e.g. if you have written your own name in it - remain unaffected by the deletion of the user account.
When you visit our platform, we place a "cookie" on your end device. This is a small text file that allows us to recognize your device when you return to our site at a later time. With the help of cookies, we can prevent misuse of our services and analyse certain user behaviour, e.g. which parts of our platform you use, how long you stay on our site and when and how often you return to our site. A stored cookie is deleted at the latest twelve months after your last visit to our platform.
This data processing is carried out on the basis of Article 6 paragraph 1 letter f GDPR for the purpose of enabling you to operate our platform safely and conveniently, to align our platform even better with the interests of our visitors and the technology they use (terminal device and browser types) and to analyse and optimise the technical functions of our site and the efficiency of any advertising measures.
You can prevent the creation of cookies by going to the cookie settings of your Internet browser and opposing the creation of cookies for our platform or for all websites in general. You can also delete cookies that have already been placed there.
8. Donations and donation receipts
1. Description and scope of data processing
According to §147 of the German Tax Code, we are obliged to keep accounting records for ten years. For this purpose, we store account statements that include both the sender and the amount and date of donations.
When requesting a donation receipt via the donation form, we collect name, organization, e-mail address, postal address, account information such as IBAN and name of bank, the total amount, date and type of donation. We only use this information to issue you a donation receipt. The data is transmitted using TLS encryption and cannot be viewed by third parties. If an unsolicited donation receipt is desired in subsequent years, the data will continue to be stored for this purpose.
When using the donation form here on the website, data will only be transferred to a service provider for the purpose of processing the donation. We use the donation form of twingle GmbH, Prinzenallee 74, 13357 Berlin. The twingle GmbH provides the technical platform for the donation process for this donation form. The data you enter during the donation process (e.g. address, bank details, etc.) will be stored by twingle on servers in Germany for the sole purpose of processing the donation.
2. Legal basis for the data processing
The legal basis for the processing of data for accounting documentation is Art. 6 para. 1 lit. c GDPR.
The legal basis for the processing of data after requesting a donation receipt is Art. 6 Para. 1 lit. b GDPR if the user has given her consent.
We have concluded a contract with twingle for order data processing. The transmission of data when using the donation form is based on art. 6 para. 1 lit. a GDPR (consent) and art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract).
3. Purpose of the data processing
The storage of the booking data serves the fulfilment of the obligation to keep records according to §147 of the German Fiscal Code.
The storage and processing of the data after requesting a donation receipt is exclusively for this purpose.
The transmission of data to our service provider twingle when using the donation form on the website serves exclusively the purpose of handling donations.
4. duration of storage
The booking data will be deleted as soon as the legal period of ten years is reached.
The data for the creation of a one-time donation receipt will be deleted four weeks after the donation receipt has been sent. If an unsolicited donation receipt is desired in subsequent years, the data will be stored until the corresponding consent is revoked or until we receive no more donations for a calendar year.
5. possibility of opposition and removal
The storage of the booking data for the fulfilment of the obligation to preserve records according to §147 of the German Tax Code cannot be objected to.
Consent to data processing for the purpose of donation certification and handling of donations via twingle can be revoked at any time. A revocation does not affect the effectiveness of data processing operations in the past.
9. Your rights
With regard to the personal data that we process about you, you have the following rights:
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, we will inform you of the personal data stored about you and the further information pursuant to Article 15 (1) and (2) GDPR.
You have the right to have incorrect personal data concerning you corrected immediately. Taking into account the purposes of the processing, you also have the right to demand the completion of incomplete personal data - also by means of a supplementary declaration.
You may request us to delete your personal data immediately under the conditions set out in Article 17 (1) GDPR, unless processing is required pursuant to Article 17 (3) GDPR.
You can demand that we restrict the processing of your data if one of the requirements of Article 18 (1) GDPR applies. In particular, you may request the restriction instead of deletion.
We will notify all recipients to whom we have disclosed personal data concerning you of any rectification or deletion of your personal data and any restriction on processing, unless this proves impossible or involves disproportionate effort. We will also notify you of such recipients if you so request.
You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format and may request that we transfer this data to another responsible person without hindrance, as far as this is technically possible.
If data processing is based on your consent, you have the right to revoke your consent at any time. The revocation of your consent does not affect the legality of the data processing that has taken place until your revocation.
RIGHT OF OBJECTION: FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME; this right of objection applies to data processing carried out on the basis of Article 6 paragraph 1 letter f GDPR in order to safeguard our or a third party's legitimate interests, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. If you exercise your right to object, we will no longer process the data in question unless we can prove that there are compelling reasons for the processing which are worthy of protection and which outweigh your interests, rights and freedoms, or that the processing serves the assertion, exercise or defence of legal claims.
IN THE EVENT THAT WE PROCESS PERSONAL DATA FOR DIRECT ADVERTISING (E.G. NEWSLETTER), YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR DATA FOR SUCH PURPOSES.
If you are of the opinion that the processing of your personal data violates the GDPR, you can lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the presumed violation. This does not preclude other administrative or judicial remedies.
The local supervisory authority responsible for data protection is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.