We are committed to privacy, so we have designed our services from the ground up to collect as little data as possible. Furthermore, our websites can only be accessed via a TLS-encrypted connection to ensure that your connection to our server cannot be compromised by third parties.
To exercise your privacy rights, we recommend a service such as datarequests.org which will help you generate the appropriate requests for free.
The controller as defined in Art. 4(7) GDPR for the services mentioned under “Scope” is:
We respect the Do Not Track (DNT) option that you can set in your browser. We don’t currently employ any tracking but if we ever do in the future, we will disable it if you have set the DNT header.
We also recommend that you install Privacy Badger, a free and open source browser extension that sets the DNT header for you and automatically blocks websites that do not adhere to it.
We do not use profiling or any other type of automated decision making.
To operate our website and to provide our services, we collect and process some personal data. Our top priority is to minimise data collection and processing: We only collect personal data where it is necessary and only to the extent that it is necessary. In addition, data is always collected for a specific purpose and storage is limited to the necessary period of time.
In this section we would like to explain to you exactly under which circumstances we collect and process which data.
Server connection data
When you visit our website, your browser connects to one or more of our servers. We have configured all our servers not to save log files, but we do need to process some data in memory for a short while to serve your request.
- Affected data: the specific page you visited, the date and time of your visit, the data your browser sends with the request (the so-called “headers”), including information about your browser and operating system (the so-called “user-agent string”), and your IP address
- Lawful basis: The brief processing of this data is necessary to offer our website to you, it is based on Art. 6(1) lit. b GDPR.
- Duration of storage: none
- Data disclosure: Our servers are operated by the following companies. They are exclusively EU companies, which we have carefully selected to meet our high data protection standards.
If you contact us (e.g. by email), your message may contain personal data. We will use this data exclusively to answer your message.
You do not have to provide any data to contact us, so the disclosure of this data is completely voluntary for you.
- Affected data: the data you include in your message
- Lawful basis: The storage is based on our legitimate interest in replying to your message in accordance with Art. 6(1) lit. f GDPR.
- Duration of storage: as long as there are legal storage obligations
If you post content on our website, it may contain personal data. The disclosure of this data is entirely voluntary for you. Not providing it has no influence on your use of our website.
- Affected data: the data you provide in your post
- Lawful basis: The basis of the storage is our legitimate interest to display the user contributions on our website in accordance with Art. 6(1) lit. a GDPR.
- Duration of storage: indefinitely
- Data disclosure: User content is publicly available on our website.
In order to make our websites more interesting and dynamic for you, we have integrated some external services.
We include videos on our website that are hosted on YouTube. YouTube is an offer of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, which is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google LLC (and its subsidiary YouTube LLC) are certified under the US-European “Privacy Shield” framework, which ensures that the EU data protection level is maintained.
The GDPR grants you comprehensive rights with regard to data protection. We are strongly convinced that the right to data protection is a fundamental right and therefore we fully stand behind these rights. You can exercise these rights at any time in an informal manner using the contact details given in the “Controller and contact information” section.
You can also use a generator like datarequests.org which will assist you with writing requests.
According to Art. 15 GDPR, you first of all have the right to request confirmation as to whether we store personal data on you. If so, you may request a copy of this information and are furthermore entitled to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In accordance with Art. 20 GDPR, you also have the right to receive the personal data concerning you that you have made available to us in a structured, commonly used and machine-readable format and to transmit this data to another controller without obstruction by us if the processing is based on consent pursuant to Art. 6(1) lit. a GDPR, Art. 9(2) lit. a GDPR or on a contract pursuant to Art. 6(1) lit. b GDPR and the processing is carried out using automated procedures.
According to Art. 16 GDPR, you have the right to request us to correct any inaccurate personal data concerning you without undue delay. Furthermore, you have the right to request the completion of incomplete personal data—also by means of a supplementary declaration.
According to Art. 17 GDPR, you have the right to demand that we delete personal data concerning you without undue delay.
This right is limited in particular when the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation or to assert, exercise or defend legal claims.
According to Art. 7(3) GDPR you have the right to revoke your consent given to us at any time.
According to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the personal data, if the processing is unlawful, if we no longer need the data for the purpose of processing or if you have filed an objection to the processing pursuant to Art. 21(1) GDPR, as long as it is not yet clear whether our legitimate interests outweigh yours.
If you request us to correct, delete or restrict the processing of your personal data in accordance with Articles 16, 17 and 18 respectively, we will notify all recipients to whom we have disclosed the relevant data in accordance with Art. 19 GDPR.
According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you which is necessary for the performance of a task in the public interest or because of our legitimate interest on the basis of Article 6(1) lit. e or f respectively, for reasons arising from your particular situation. We will then no longer process the personal data, unless we can prove compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims.
If we use your personal data for direct marketing, you have the right to object to such processing at any time. We will then no longer use your data for such purposes.
According to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the member state of your usual place of residence, your workplace or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR.
The following supervisory authority is responsible for us:
Die Landesbeauftragte für den Datenschutz Niedersachsen