Privacy Icons Forum (PIF)
Version: January 2020
Data Protection Information
1. General information
2. Processed data when using our website
3. Processed data when contacting us via our contact form
1. General information
1.1 Data controller and purview
The responsible person publishes this website in accordance with the applicable privacy legislation of the European Union and of Germany. The responsible person is:
Dr. Zohar Efroni
Weizenbaum Institute for the Networked Society
Hardenberg Str. 32
The following paragraphs outline how we process your data. Inasmuch as the subsequent paragraphs or other separate privacy information do not state otherwise, the provisions in this section titled General information apply.
If you have questions regarding data protection, please contact us in writing to the aforementioned postal address or via e-mail to firstname.lastname@example.org.
1.2 Rights of persons affected and regulatory authority
As a rule, you have the following rights:
- Right of access (Article 15 General Data Protection Regulation, GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
In order to exercise your rights, you may contact us via postal mail to the aforementioned address or you may send us an e-mail to email@example.com.
We will review each individual request, and, should we conclude that the rights invoked do not apply, we will specify our reasons for such an assessment in writing. We may require an additional proof of identity in order to minimise the risk of abuse of the rights.
If you think that your rights have been compromised, you have the right to issue a formal complaint with the relevant supervisory authority in the state of Berlin. In addition to the named Berlin authorities, you may also contact the regulators in the federal state of Germany or in any other EU member state where you reside or work.
1.3 Data recipients
Data will only be transmitted to third parties according to rules set out in written agreements, in which all legal responsibilities are clearly laid out, or alternatively, according to the rules outlined in the following sections.
1.4 Changes to our data protection information
From time to time, this data protection information may be subject to changes and improvements, especially if changes in applicable law or our internal processes should necessitate this.
2. The data we process when you are using our website
When using our website, personal information is collected for the following purposes:
2.1 To transmit our online contents
2.2 To improve our web services
2.3 To secure our technical infrastructure
The hosting provider may implement cookies that do not collect personal information. Cookies are text files that contain an identification number, which will be stored by your web browser and, should you revisit our website, will be retransmitted to the hosting provider. However, non-personal information transited via cookies might be combined with personal information already held by the hosting provider. For more information about the data processing practices of the hosting provider and your option regarding cookies, please visit the this page.
We currently do not use analytics tools, but we might introduce analytics in the future solely for statistical purposes. A web analytics tool typically collects the following types of data: Referrer (the site that was visited immediately before visiting our site), type of browser and its version, operating system, type of device, a time stamp and anonymised IP address.
2.1 Transmission of online contents
2.1.1 Purpose and categories of data
In order for you to be able to view contents posted on our website, your browser will transmit the following information to us or to the hosting provider (as part of an HTTP request):
- Your IP address (a numerical label that identifies your internet access point).
- Information about your device, for example, the type of internet browser used, the rate of data transmission, or the size of your screen.
2.1.2 Legal basis
We process the data on the basis of Art. 6 sect. 1 lit. f) GDPR to inform the interested public (e.g., you – when visiting our website) about our research projects and related research, which constitutes our legitimate interest.
2.1.3 Retention of data
Normally, the collected data is immediately deleted after its transmission.
2.1.4 Your rights
Rights of access, rectification, erasure as such are not applicable, since for the purpose of transmission, the data is only retained temporarily and will be deleted immediately after the end of the session.
2.2 Improvement of our services
2.2.1 Purpose and categories of data
In order to optimise our online contents, we evaluate on a generalised basis how users navigate our website. For this, we or our service providers analyse the following data, which is derived from HTTP requests:
- Part of your IP address (that is, the numerical label identifying your computer access point), which is being anonymised by deleting the final two parts (blocks of numbers) of the address.
- The web page you have requested.
- Information regarding the type of internet browser and operating system used.
- Possibly, the page visited before accessing our website (referrer information).
2.2.2 Legal basis
We process the data on the basis of Art. 6 sect. 1 lit. f) GDPR to improve our web services, which constitutes our legitimate interest.
2.2.3 Retention of data
All personalised data are anonymised immediately after it has been gathered.
2.2.4 Your rights
There is no legal right for the data in question to be rectified, deleted, or shared with the user, as the data retained is anonymised. As a rule, anonymising the data makes it impossible to connect specific data with specific individual users who request such information and actions.
2.3 The Security of our technical infrastructure
2.3.1 Purpose and categories of data
To secure our technical infrastructure, our service provider might draw on the following information contained in the HTTP request:
- Your IP address (a sequence of numbers identifying your current computer access point to the web).
- The website you requested.
- Information about the type of internet browser and operating system used.
- Possibly, the web page viewed before visiting our website (referrer information).
2.3.2 Legal basis
The data for this purpose is being stored and processed on the basis of Art. 6 sect. 1 lit. f) GDPR to analyse malfunctions and attacks targeting our technical systems, which constitutes our legitimate interest.
2.3.3 Retention of data
2.3.4 Your rights
Generally, there is a legal right to request information about the above-mentioned types of data, as well as a right to having them rectified. However, as a rule, the data in question can only be personalised via the IP address, and therefore, we might not be able to directly assign the respective data to your person, at least not without your help. The reason for this is that we need to connect your “real-life” identity with the IP address that you have used when visiting our website. Such a connection can usually be done by contacting the corresponding Internet access provider that assigns the IP addresses to its users (e.g., you).
However, your provider will give us the user identity behind an IP address only on the basis of a legally justified access request from our part, for instance, if we can prove an attack on our website from a specific IP address. Thus, if you want us to facilitate the exercise of your rights in a case where we have no direct claim, it is up to you to reveal to us the connection between your identity and your IP address (and verify the accuracy of that connection). As soon as you voluntarily reveal and verify the connection between your identity and the IP address, we can comply with your rights, such as provide you with all the information stored with us regarding the IP address in question.
3. Contacting us via email or our contact form
3.1 Purpose and categories of data
Should you contact us via email or by using our contact form, we will store and use your email address and all further information that you provide us to answer your contact request, which constitutes our processing purpose.
3.2 Legal basis
We store and process the data for this purpose based on your consent according to Art 6 sect. 1 lit a), or, alternatively, on the basis of Art. 6 sect. 1 lit. f) GDPR, while enabling you to actively engage with us, which constitutes our legitimate interest. We will store the information in our email storage as long as necessary to address the issue expressed in your contact request.
3.3 Retention of data
In the absence of other legal requirements, personal data will be retained until users retract their consent, submit an objection, or demand that the data be deleted. Additionally, the legal basis for the retention of data will be reviewed on a regular basis and, should no legal basis be applicable anymore, data will be deleted within a reasonable processing period of up to three months.
3.4 Your rights
For the above categories you have a general right to information. You further have the right to demand that data be rectified, deleted, or that its processing be limited. If you have contacted us via email, you can usually access the data in your own email feed. Of course, in case you have deleted your email feed or otherwise lost (access to) it, we can always re-send our email exchange with you back to you. You may exercise your other data subject rights correspondingly.