<p>Our privacy policy was last changed on September 20, 2021.</p> General remarks
# <p>Thank you for your interest in our privacy policy.
We are glad that you are interested in how we process your data.</p>
<p>We are committed to privacy, so we have designed our services from the ground up to collect as little data as possible.
We also try our best to keep data processing at a minimum.<br>
Most features on our websites will be executed entirely on your own computer, so the data you enter will never even reach our servers.
Furthermore, our websites can only be accessed via a TLS-encrypted connection to ensure that your connection to our server cannot be compromised by third parties.<br>
To exercise your privacy rights, we of course recommend using our generator which will help you generate the appropriate requests for free.</p>
<p>In this privacy policy, we would like to explain to you what data we collect and what rights you have.</p> Scope
# <p>This privacy policy applies to all activities of Datenanfragen.de e. V.
(“the association”).</p>
<p>This includes the data we collect and process from our member but also the data that is incurred from donations and the like.</p>
<p>In addition, this includes our websites Datenanfragen.de, datarequests.org, demandetesdonnees.fr, solicituddedatos.es, osobnipodaci.org, gegevensaanvragen.nl and pedidodedados.org.</p>
<p>The association’s purpose is to support the general public in exercising their right to privacy (“right to informational self-determination”) by informing and advising them with all questions regarding personal data protection.
We are bound by our constitution in all our activities.</p>
<p>With our website datarequests.org (as well as their translations), we want to help you exercise your right to privacy.
In order to do so, we offer a generator that helps you automatically generate requests, a company database with contact data for privacy-related requests to many companies and educational material on subjects related to privacy and data protection.
Finally, it has information on the association and allows you to join or donate among other things.</p> Controller and contact information
# <p>The controller as defined in Art.
4(7) GDPR for the services mentioned under “Scope” is:</p>
<p>Datenanfragen.de e. V.<br>
Schreinerweg 6<br>
38126 Braunschweig<br>
Germany</p>
<p>Legally represented by: Benjamin Altpeter and Lorenz Sieben<br>
Datenanfragen.de e. V.
is a non-profit listed in the register of associations of the district court of Braunschweig, under the registration number VR 201732, and recognized as a charitable organisation by the Braunschweig-Wilhelmstraße tax office.</p>
<p>Phone: +49 531 209299 35<br>
Fax: +49 531 209299 36<br>
Email: privacy@datenanfragen.de (PGP key <code>CC13 973A F8FD 11D1 4D94 98A8 0269 92F0 CF2C BB2E</code>)<br>
Web: www.datarequests.org/verein</p>
<p>If you have any questions about our privacy policy, believe that we are in violation of data protection laws or wish to assert your rights, please feel free to contact us at any time.</p> Do Not Track
# <p>We respect the Do Not Track (DNT) option that you can set in your browser.
If you have enabled it, we will deactivate all telemetry (currently there is none but we may implement privacy-friendly telemetry in the future).</p>
<p>We also recommend that you install Privacy Badger, a free and open source browser extension that sets the DNT header for you and automatically blocks websites that do not adhere to it.</p> Profiling
# <p>We do not use profiling or any other type of automated decision making.</p> Collected data
# <p>To fulfill our association’s purpose, to operate our website and to provide our services, we have to collect and process some personal data.
Our top priority is to minimise data collection and processing: We only collect personal data where it is necessary and only to the extent that it is necessary.
In addition, data is always collected for a specific purpose and storage is limited to the necessary period of time.</p>
<p>In order to give you the greatest possible control over your privacy, you can set whether you want to activate many functions of our websites at any time via our privacy controls.
A cookie is stored in your browser for each option.
It only contains an indication as to whether you have activated or deactivated the respective option, but no personal data.</p>
<p>In this section we would like to explain to you exactly under which circumstances we collect and process which data.
Not listed here are the processings that take place exclusively on your own computer and for which no data is transferred to us.
You can find further information about these in the above mentioned privacy controls.</p> Data we process automatically
# Server connection data
# <p>When you visit one of our websites, your browser connects to one or more of our servers.
We have configured all our servers not to save log files, but we do need to process some data in memory for a short while to serve your request.</p>
<ul>
<li>Affected data: the specific page you visited, the date and time of your visit, the data your browser sends with the request (the so-called “headers”), including information about your browser and operating system (the so-called “user-agent string”), and your IP address</li>
<li>Lawful basis: The brief processing of this data is necessary to offer our websites to you, it is based on Art.
6(1) lit.
b GDPR.</li>
<li>Duration of storage: none</li>
<li>Data disclosure: Our servers are operated by the following companies.
They are exclusively EU companies, which we have carefully selected to meet our high data protection standards.
<ul>
<li>Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany (privacy policy)</li>
<li>Uberspace, Jonas Pasche, Kaiserstraße 15, 55116 Mainz, Germany (privacy policy)</li>
<li>BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia (privacy policy)</li>
</ul>
</li>
</ul> Records in our company database
# <p>In our company database, we publish the contact details for privacy-related requests to companies and other organizations.
In the vast majority of cases, this data is <em>not</em> personal data.
Nevertheless, in rare cases, the processing of personal data is necessary for this purpose, for example in the case of names of natural persons in company names or e-mail addresses.<br>
We voluntarily grant data subjects of this processing an extended right to object.</p>
<ul>
<li>Affected data: if necessary: name, if necessary: e-mail address, if necessary: telephone number, if necessary: fax number, if necessary: address, if necessary: PGP key.</li>
<li>Lawful basis: The basis of the storage is our legitimate interest according to Art.
6(1) lit.
f GDPR to support our users in exercising their fundamental right to data protection as a data protection non-profit organization.</li>
<li>Data source: The data is taken exclusively from publicly accessible sources, each of which is indicated on the corresponding page in our company database.</li>
<li>Duration of storage: unlimited</li>
<li>Data disclosure: The data is publicly accessible via our website.</li>
</ul> Data you provide to us
# User content (like comments and contributions to our company database)
# <p>If you post content on datarequests.org (like comments or contributions to our company database), it may contain personal data.
The disclosure of this data is entirely voluntary for you.
Not providing it has no influence on your use of our website.</p>
<ul>
<li>Affected data: the data you provide in your contribution</li>
<li>Lawful basis: The basis of the storage is our legitimate interest to display the user contributions on our website in accordance with Art.
6(1) lit.
f GDPR.</li>
<li>Duration of storage: indefinitely</li>
<li>Data disclosure: User content is publicly accessible via our website.</li>
</ul> Error reports
# <p>If you report an error to us, your report may contain personal data.
The disclosure of this data is entirely voluntary for you.
Not providing it has no influence on your use of our website.</p>
<ul>
<li>Affected data: information about the error that occurred, information about your browser and operating system (the so-called “user-agent string”), the complete URL of the specific page you were visiting when the error occurred and potentially data you entered on that page<br>
We will always display all the information included in the report to you before you send it and give you the ability to alter or remove information from it.</li>
<li>Lawful basis: The basis of the storage is our legitimate interest to improve the stability and functionality of our website in accordance with Art.
6(1) lit.
f GDPR.</li>
<li>Duration of storage: indefinitely</li>
<li>Data disclosure: The content of error reports may be publicly accessible via our GitHub issue tracker.<br>
GitHub is operated by GitHub, Inc., 88 Colin P Kelly Jr Street, San Francisco, CA 94107, USA or their subsidiary GitHub BV, Vijzelstraat 68 – 72, 1017 HL Amsterdam, Netherlands.
For more information on how GitHub processes your data, please refer to their privacy policy.</li>
</ul> Membership applications
# <p>If you want to become a member of the association, you need to provide some data through the membership application form.
This data is necessary for our records and for us to be able to contact you with important information regarding your membership (like invitations to the general assembly, donation receipts or payment reminders).</p>
<p>Providing this data is necessary for us to fulfill our obligations laid down in our constitution and the law.
Thus, you can unfortunately not become a member of Datenanfragen.de e. V.
without providing said data.</p>
<ul>
<li>Affected data: Your name, the contact details you provided (an email address with an optional PGP key, as well as also optionally a postal mail address), the kind of membership (active or supporting membership) and your membership fee</li>
<li>Lawful basis: Collecting and processing this data is necessary for becoming a member, it is based on Art.
6(1) lit.
b GDPR.</li>
<li>Duration of storage: If your request is not accepted, we will delete the data immediately.
If your application is accepted and you become a member of the association, we will store the data for the duration of your membership.
After your withdrawal from the association, we will delete all data that we no longer need within 30 days.
For some data (including letters and receipts), however, there are legal storage obligations of currently up to ten years (see in particular § 147(3) of German AO).</li>
<li>Data disclosure: Only the board has access to this data.
Under certain circumstances we may be legally obliged (e.g.
on the basis of § 37 of German BGB) to pass on your contact data to other members of the association for internal communication.</li>
</ul> Membership fees
# <p>As a member you are likely required to pay membership fees in accordance with our membership fee regulation.
After your membership application has been accepted, we will ask for your payment details and the desired payment method.
We need this data for billing purposes and for issuing donation receipts.</p>
<ul>
<li>Affected data: the amount of the corresponding membership fee, your name, your payment details, the payment method, the date of payment<br>
If you have given us a SEPA direct debit mandate for your membership fees, the following data is also affected: your address, your mandate reference, the date of your SEPA direct debit mandate</li>
<li>Lawful basis: The collection and processing is necessary for the settlement of membership fees and is based on Art.
6(1) lit.
b GDPR.
In addition, we are subject to certain legal accounting obligations, for which we have to store and process the data pursuant to Art.
6(1) lit.
c GDPR.</li>
<li>Duration of storage: in general as long as there are legal storage obligations (refer in particular to § 147(3) of German AO), in addition our bank requires us the keep SEPA direct debit mandates for 14 months after the last debit has been made</li>
<li>Data disclosure: Only the board has access to this data.
We may have to pass it on to the tax office responsible for us as part of tax statements or similar.<br>
If you decide to pay through one of the external payment gateways we offer, these gateways will receive personal data on you and your payment and will provide some of that data to us.
For more details on those third parties and the affected data, have a look at the “External services” section below.</li>
</ul> Single and recurring donations
# <p>If you send us donations, we will receive data that we have to store and process for accounting purposes.</p>
<p>We are happy to accept anonymous donations, so providing this information is completely voluntary for you.</p>
<ul>
<li>Affected data: the donation amount, if applicable your payment details, the payment method, the date of payment</li>
<li>Lawful basis: We are subject to certain legal accounting obligations, therefore the storage and processing is based on Art.
6(1) lit.
c GDPR.</li>
<li>Duration of storage: as long as there are legal storage obligations (refer in particular to § 147(3) of German AO)</li>
<li>Data disclosure: Only the board has access to this data.
We may have to pass it on to the tax office responsible for us as part of tax statements or similar.<br>
If you decide to pay through one of the external payment gateways we offer, these gateways will receive personal data on you and your payment and will provide some of that data to us.
For more details on those third parties and the affected data, have a look at the “External services” section below.</li>
</ul> Contacting us
# <p>If you contact us (e.g.
by email), your message may contain personal data.
We will use this data exclusively to answer your message.</p>
<p>You do not have to provide any data to contact us, so the disclosure of this data is completely voluntary for you.</p>
<ul>
<li>Affected data: the data you include in your message</li>
<li>Lawful basis: The storage is based on our legitimate interest in replying to your message in accordance with Art.
6(1) lit.
f GDPR.</li>
<li>Duration of storage: as long as there are legal storage obligations</li>
</ul> Newsletter
# <p>We offer a newsletter with information about the activities of the association and for which you can register through the membership application form or through our website.
If you decide to do so, we will send you the relevant information by e-mail.</p>
<p>The subscription is entirely voluntary for you.</p>
<ul>
<li>Affected data: the contact details you provided (an email address with an optional PGP key)</li>
<li>Lawful basis: By subscribing, you consent to the sending of the newsletter in accordance with Art.
6(1) lit.
a GDPR.
You can revoke this consent at any time.
you can find out how to do this in the section “Right to revoke given consent”.</li>
<li>Duration of storage: until you unsubscribe from the newsletter</li>
<li>Data disclosure: Only board members can access the contact data.
The newsletter is sent using the Mailjet service.
Therefore, the contact data needs to be sent to Mailjet.<br>
Mailjet is run by Mailjet SAS, 13-13 bis rue de l’Aubrac, 75012 Paris, France.
For more information on how Mailjet processes your data, please refer to their privacy policy.</li>
</ul> External services
# <p>In order to make our servives more interesting and efficient, we work with some external services.</p> CoinGate
# <p>We allow you to make payments to the association (especially donations and membership fees) through the payment gateway CoinGate.
CoinGate is run by UAB “Decentralized”, A.
Goštauto g.
8, LT-01108 Vilnius, Lithuania.<br>
We use CoinGate for crypto currency transactions.
We will display a note in the payment form if your payment is made through CoinGate.</p>
<p>If you make a payment through CoinGate, UAB “Decentralized” receives all data incurred in the payment process, especially including: the payment amount, the crypto currency you are using, your payment details (like your Bitcoin wallet address), potentially your name, potentially your email address.<br>
For more details on how CoinGate processes your data, have a look at their privacy policy.</p> Mollie
# <p>We allow you to make payments to the association (especially donations and membership fees) through the payment gateway CoinGate.
Mollie is run by Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands.<br>
We use CoinGate for example for credit card transactions.
In any case, we will display a note in the payment form if your payment is made through Mollie.</p>
<p>If you make a payment through Mollie, Mollie B.V.
receives all data incurred in the payment process, especially including: your payment details (for example your bank account or credit card details) including the amount, your IP address, your browser and device type, potentially your name, potentially your address, potentially information on the kind of payment you are making to us, potentially all other data you actively provide (like when interacting with Mollie’s support).<br>
For more details on how CoinGate processes your data, have a look at their privacy policy.</p> PayPal
# <p>We allow you to make payments to the association (especially donations and membership fees) through the payment gateway PayPal.
PayPal is run by PayPal (Europe) S.à.r.l.
et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.<br>
We will display a note in the payment form if your payment is made through PayPal.</p>
<p>If you make a payment through PayPal, PayPal (Europe) S.à.r.l., S.C.A.
receives all data incurred in the payment process, especially including: the amount, data on the payment source for the transaction (for example your bank account or credit card details), device details, technical usage details, location details, your name, your address, your phone number, your email address.<br>
For more details on how PayPal processes your data, have a look at their privacy policy.</p> Your rights
# <p>The GDPR grants you comprehensive rights with regard to data protection.
We are strongly convinced that the right to data protection is a fundamental right and therefore we fully stand behind these rights.
You can exercise these rights at any time in an informal manner using the contact details given in the “Controller and contact information” section.<br>
We of course invite you to use our generator which will assist you with writing requests.</p> Right to data access
# <p>According to Art.
15 GDPR, you first of all have the right to request confirmation as to whether we store personal data on you.
If so, you may request a copy of this information and are furthermore entitled to the following information:</p>
<ul>
<li>the purposes of the processing;</li>
<li>the categories of personal data concerned;</li>
<li>the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;</li>
<li>where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;</li>
<li>the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;</li>
<li>the right to lodge a complaint with a supervisory authority;</li>
<li>where the personal data are not collected from the data subject, any available information as to their source;</li>
<li>the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.</li>
</ul> Right to data portability
# <p>In accordance with Art.
20 GDPR, you also have the right to receive the personal data concerning you that you have made available to us in a structured, commonly used and machine-readable format and to transmit this data to another controller without obstruction by us if the processing is based on consent pursuant to Art.
6(1) lit.
a GDPR, Art.
9(2) lit.
a GDPR or on a contract pursuant to Art.
6(1) lit.
b GDPR and the processing is carried out using automated procedures.</p> Right to rectification
# <p>According to Art.
16 GDPR, you have the right to request us to correct any inaccurate personal data concerning you without undue delay.
Furthermore, you have the right to request the completion of incomplete personal data—also by means of a supplementary declaration.</p> Right to erasure (“Right to be forgotten”)
# <p>According to Art.
17 GDPR, you have the right to demand that we delete personal data concerning you without undue delay.</p>
<p>This right is limited in particular when the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation or to assert, exercise or defend legal claims.</p> Right to revoke given consent
# <p>According to Art.
7(3) GDPR you have the right to revoke your consent given to us at any time.</p> Right to restriction of processing
# <p>According to Art.
18 GDPR, you have the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the personal data, if the processing is unlawful, if we no longer need the data for the purpose of processing or if you have filed an objection to the processing pursuant to Art.
21(1) GDPR, as long as it is not yet clear whether our legitimate interests outweigh yours.</p> Right to notification to recipients
# <p>If you request us to correct, delete or restrict the processing of your personal data in accordance with Articles 16, 17 and 18 respectively, we will notify all recipients to whom we have disclosed the relevant data in accordance with Art.
19 GDPR.</p> Right to object
# <p>According to Art.
21 GDPR, you have the right to object at any time to the processing of personal data concerning you which is necessary for the performance of a task in the public interest or because of our legitimate interest on the basis of Article 6(1) lit.
e or f respectively, based on grounds arising from your particular situation.
We will then no longer process the personal data, unless we can prove compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims.</p>
<p>If we use your personal data for direct marketing, you have the right to object to such processing at any time.
We will then no longer use your data for such purposes.</p>
<p>In addition, as a data subject whose data is published in our company database, you can object to this publication at any time, even without giving grounds arising from your particular situation.
After an objection, we will immediately remove the relevant data from our company database and, if requested, also include it in an internal blocking file in order to avoid future publication.
Only in the case of personal data of company owners do we reserve the right to refuse to remove the data after examining the individual case and if we consider there to be an outweighing public interest in the publication of the data.<br>
Where possible, we will replace removed personal contact data with general non-personal contact data of the company.</p> Right to lodge a complaint with a supervisory authority
# <p>According to Art.
77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the member state of your usual place of residence, your workplace or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR.</p>
<p>The following supervisory authority is responsible for us:</p>
<p>Die Landesbeauftragte für den Datenschutz Niedersachsen<br>
Prinzenstraße 5<br>
30159 Hannover<br>
Germany</p>
<p>Phone: +49 511 120 4500<br>
Fax: +49 511 120 4599<br>
Email: poststelle@lfd.niedersachsen.de (PGP key)<br>
Web: www.lfd.niedersachsen.de</p>