Data Protection Declaration according to the GDPR
1. Name and Address of the Data Controller
Responsible party for the General Data Protection Regulation (GDPR) and otherwise occurring valid data protection laws and regulations within the member states of the European Union is:
DEMOS E-Partizipation GmbH
22769 Hamburg – Altona
Tel.: +49 (0)40 2286 735-70
2. Name and Address of the Data Protection Officer
The Data Protection Officer responsible for the controlling of data is:
DEMOS E-Partizipation GmbH
Office Berlin, Panoramastraße 1, 10178 Berlin - Mitte
Tel.: +49 (0)30 2787846-30
3. Generation of Log Data
The company keeps log files that record data and information each time a device accesses our server through an automated system. This data is then temporarily saved in the log files of the web server.
The log files contain data about the following:
1) The IP Address of the user
2) The date and time the particular website was accessed
3) Name of the website accessed
4) Notification of successful access to the website
5) Size of the transferred data volume
6) Information regarding the type of browser and browser versions
7) Operating system oft he user
8) The referral website that led the user to the company's website
9) SSL protocol version
The processing of this data allows for the delivery of the content of the company's websites, the provision of functionality of the company's IT systems and the optimisation of the company's websites. The log files' data is always saved separately from other types of personal data of the user.
Legal basis for generation of log data is Art. 6(1)(f) of the GDPR.
On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software sets a cookie on the computer of the users. Cookies are text files that are stored in the Internetbrowser or the Internetbrowser on the user's computer system. If individual pages of our website are called, the following data is stored:
• IP address of the user (anonymized)
• Date and time of the page view
• Title of the called page
• URL of the called page
• The website from which the user came to the called website (referrer)
• Local time, city and country of origin of the user
• Externally called links
• Information about the browser type used and the browser version used
• Number of page visits by the user
• Operating system used
• Used device type and screen resolution
• The length of stay on the website
• The frequency of calling the website
Matomo runs exclusively on the server of the controller in Germany. A transfer of the data to third parties does not take place. The software is set so that the IP addresses are not completely saved. In this way, an assignment of the shortened IP address to the calling computer is no longer possible.
Legal basis for use of Matomo is Art. 6(1)(f) of the GDPR.
5. Options for Establishing Contact
Electronic contact is possible via the provided email addresses. In the case that the data subject chooses the E-Mail-Adresses contacting the data controller, the personal data that has been provided by the data subject will be automatically stored. The storage of this data is for the sole purpose of the process of establishing contact with the data subject. The transmission of this data to third-parties does not occur.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. Art. 6(1)(b) of the GDPR serves as the legal basis for the processing of personal data required to fulfill a contract of which the data subject is a party. This also applies to processing operations required to carry out pre-contractual actions.
6. Routine Deletion and Blocking of Personal Data
The data controller saves the personal data of the data subject only for as long as is needed for the accomplishment of the purpose that the data has been saved for.
As soon as the purpose of the saving of the data becomes inapplicable, or the storage period according to stated procedures has expired, the personal data will be routinely blocked or deleted.
7. Rights of the Data Subject
According to the GDPR the following presents the rights of the data subject in relation to the data controller:
You have the right to request confirmation as to whether or not personal data about your person is/has been processed by the data controller.
(Art. 15 GDPR).
You have the right to the correction and/or the completion of personal data through the data controller, to the extent that the data that involves the data subject is incorrect or incomplete. (Art. 16 GDPR).
You can request for deletion or restriction of processing and objection to the processing. (Art. 17, 18 and 21 GDPR).
You may be entitled to data portability if you have consented to data processing or a data-processing contract and the processing of data is automated (Art. 20 GDPR).
Furthermore, there is a right of appeal to the competent supervisory authority. (Art. 77 DSGVO)
8. Transfer of Data to Third Parties
Services by Google LLC
The following services of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Tel: +1 650 253 0000, Fax: +1 650 253 0001, E-Mail: firstname.lastname@example.org are used on this Website:
Google Webfonts (a)
Google Maps (b)
These services are used in the sense of a uniform and appealing design of our website.
Further information about how the company Google LLC uses your data, as well as ways to customize privacy settings, see https://privacy.google.com/
Legal basis for use oft he services oft he company Google LLC is Art. 6(1)(f) of the GDPR.
On our website we link to the social media presence of our company in order to inform about our company. We have social media sites on the following social networks:
Legal basis for links to our social media presence is Art. 6(1)(f) of the GDPR.
Websites of customers
We link to the websites of the following customers:
Free and Hanseatic City of Hamburg (Datenschutzerklärung: https://www.hamburg.com/privacy-policy/)
FGV-DAPP (Datenschutzerklärung: http://dapp.fgv.br/en/about/)
9. Legal Basis of Processing
Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis in the case of the data controller’s/company’s obtaining of the consent of the data subject for the processing of personal data, .
Art. 6(1)(b) of the GDPR serves as the legal basis for the processing of personal data required to fulfill a contract of which the data subject is a party. This also applies to processing operations required to carry out pre-contractual actions.
Art. 6(1)(c) of the GDPR serves as the legal basis of the processing of personal data insofar as the data controller is required to fulfill a legal obligation .
Art. 6(1)(d) of the GDPR serves as the legal basis in the event that vital interests of the data subject or any other natural person require the processing of personal data, .
If the processing is necessary to safeguard the legitimate interests of the data controller or a third party and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, then Art. 6(1)(f) of the GDPR serves as the legal basis for processing. The legitimate interest of the data controller lies in the execution of the data controller’s business activities.
10. Duration of Storage of Personal Data
Personal data is stored for the duration of the respective legal retention period. After expiration of the deadline, the data will be routinely deleted, unless there is a need to initiate a contract or fulfill the contract.