We would like to inform you about how we handle the data which can be personally related to you, e.g. name, address, e-mail addresses, user behaviour which you – knowingly or unknowingly – leave behind when you visit our website, and if applicable how long they are stored as well as about the rights which you as a data subject have towards us.
Controller of your Personal Data
Responsible according to art. 4 no. 7 GDPR is the Stiftung Neue Verantwortung e. V., Beisheim Center, Berliner Freiheit 2, D-10785 Berlin, T. +49(0)30 81 45 03 78 80, F. +49(0)30 81 45 03 78 97, E-Mail: firstname.lastname@example.org
Data Protection Officer
You can reach our data protection officer at email@example.com.
Purpose and Legal Basis of Data Processing
a. Processing of Access Data / Server Log Files
The Stiftung Neue Verantwortung collects data on each access to www.policydatascientists.eu (so-called server log files).
This access data includes in particular:
– IP address
– File, date and time of request
– Time zone difference to Greenwich Mean Time (GMT)
– Contents of the request (concrete page)
– Access status/ HTTP status code
– Amount of data transferred in each case
– Website from which the request originates
– Operating system and its interface
– Language and version of the browser software.
The Stiftung Neue Verantwortung uses these server log files exclusively for statistical evaluations for the purpose of the operation of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. However, the Stiftung Neue Verantwortung reserves the right to subsequently check the log data if there are concrete indications of justified concerns about illegal use.
According to this, our legitimate interests are to ensure the functionality, the operation and the optimization of our website and IT security. The legal basis of this data processing is Art. 6 para. 1 (f) DSGVO.
b. Processing your Contact Request
When you contact us by e-mail, the data you provide us with (your e-mail address, possibly your name and telephone number) will be stored by us to answer your questions. If you provide us with your personal data by e-mail when contacting us, we will process your personal data to process your enquiries and to contact you.
Your personal data will be processed on the basis of your consent for the purpose of executing your personal request. The legal basis for this data processing is Art. 6 para. 1 (a), Art. 7 GDPR.
c. Processing for the organization of the Policy Data Science Network and other events
Purposes and legal bases of data processing
Subject to your consent, the Stiftung Neue Verantwortung will process your name and e-mail address for the purpose of organizing the Policy Data Science Network and share this data with other network members. For the purpose of organizing events, the data may also be transferred to third parties such as speakers or design agencies.
Your personal data will be processed for the above-mentioned purposes on the basis of your consent. The legal basis for this data processing is Art. 6 para. 1 (a), Art. 7 GDPR.
Recipients of personal data
We use the application Microsoft Excel to process the aforementioned data. The recipient of the data is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The transfer to Microsoft takes place for the purpose of order processing within the meaning of Art. 28 GDPR.
Microsoft reserves the right to process Customer Data for its own purposes. The Stiftung Neue Verantwortung has no influence on this data processing by Microsoft. To the extent that Microsoft processes personal data for its own purposes, Microsoft is the sole controller and as such is responsible for compliance with all applicable data protection regulations.
Transfers to a third country
In the context of the transfer of data to Microsoft for data processing, a transfer of personal data to recipients outside the European Economic Area, for example, Microsoft Corporation in the USA, cannot be excluded.
To the extent that personal data is transferred to the U.S., Microsoft Ireland has entered into the standard contractual clauses for data processors adopted by the EU Commission (available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de), which permit the transfer of personal data to the U.S. in individual cases.
d. Processing due to Legal Obligations
In addition, we are subject to various storage and documentation obligations and may also be required by law to disclose personal data. The legal basis for this data processing is Art. 6 para. 1 (c) GDPR.
Duration of Data Processing
As soon as the processing of your data is no longer necessary for the above-mentioned purposes, your data will be deleted. We will delete the data that arises in this context after it is no longer required to be stored or restrict processing if there are legal retention obligations. Furthermore, data may be stored if this is required by European or national regulations to which the controller is subject. Blocking or deletion of the data also occurs when a storage period provided for by the aforementioned provisions expires.
Your Data Subject Rights
You have the following rights towards us regarding your personal data:
– Right of access pursuant to art. 15 GDPR,
– Right to rectification pursuant to art. 16 GDPR,
– Right to erasure pursuant to art. 17 GDPR,
– Right to restriction of processing pursuant to art. 18 GDPR,
– Right to data portability pursuant to art. 20 GDPR,
– Right to object to the processing pursuant art. 21 GDPR.
According to art. 77 para. 1 GDPR, you also have the right to lodge a complaint with a supervisory authority about the processing of your personal data by us.
Your Right to withdraw your given Consent to the Processing of your Data
If you have given your consent to the processing of your data (art. 6 para. 1 (a), art. 7 GDPR), you can withdraw it at any time in accordance with art. 7 para. 3 GDPR. Such a withdrawal influences the permissibility of the processing of your personal data after you have pronounced it towards us. The lawfulness of processing based on consent before its withdrawal remains unaffected. You can withdraw your consent to the use of your personal data by sending a message to firstname.lastname@example.org or by sending a message to the contact details as stated above or given in the imprint.
Your Right to object to the Processing of your Data
As far as we base the processing of your personal data on the weighing of interests (art. 6 para. 1 (f) GDPR), you have the right to object to the processing of your personal data at any time pursuant to art. 21 GDPR. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.
Information about automated Decision-making
We do not use automatic decision-making processes (e.g. profiling).