Avoiding Datacollection and Limiting Collected Data
We follow best current practices in limiting the amount of personally identifiable information (in the following, PII) our services collect. All data we do have to collect is only stored as long as this is necessary to provide our service, or as long as otherwise legally mandated.
Your Rights: Information, Correction, Complaint, Locking and Deletion
The GDPR, or "Datenschutz-Grundverordnung" as the applicable German implementation, gurantees you certain rights which you as a user--given appropriate legal basis--can invoke versus us.
Art. 15 DS-GVO – Right to be informed
Your have the right to demand a confirmation on whether we do or did process your PII. If we did process PII connected to your person, you have the right to be informed which PII we processed, as well as for why we did process this data, and in which way we processed it.
Art. 16 DS-GVO – Right to correction
You have the right to demand the immediate correction of incorrectly stored PII. Under consideration of the reason of processing of the collected PII, you also have the right to demand the completion of incomplete datasets, which also includes demanding additional annotations.
Art. 17 DS-GVO – Right to deletion
You have the right to demand the immediate deletion of all PII related to your person. If a deletion is not possible, the right to limit processing, see below, applies.
Art. 18 DS-GVO – Right to limit processing
You have the right to demand to limit the processing of your PII.
Art. 20 DS-GVO – Right to portability
You have the right, given PII processing takes place based on an explicit agreement or to fulfill a contract, to receive all data you provided to us in a structured, common, and machine readable format. You have the right to directly transfer this data to another service provider without our interference as long as this is technically feasible.
Art. 21 DS-GVO – Right to objection
You have the right to object to our processing of your PII, if this processing takes place for our own justified interests, serves the fulfillment of public interests, or in the exercise of official authority vested in the controller.
If you object to processing, your PII will no longer be processed, except if we do offer protected reasons for the processing of this data that outweight you rights and interests, or if the processing is necessary to claim, exercise, or defend legal claims.
Please note that we have to verify your identity to exercise before implementing your requests und this policy. Please send your inquiries to firstname.lastname@example.org and we will handle your requests within four weeks. Please do not send copies of legal documents, passports, or other identification cards along with these mails.
Legal Grounds for Processing Your PII
We process your data for this service based on the following grounds:
- Art. 6 Abs. 1 lit. a EU-Datenschutzgrundverordnung (DSGVO): If we collected your consent to process this data;
- Art. 6 Abs. 1 lit. b EU-Datenschutzgrundverordnung (DSGVO): If we collected PII to fulfill a contract or agreement;
- Art. 6 Abs. 1 lit. c EU-Datenschutzgrundverordnung (DSGVO): If we are legally required to collect this PII;
- Art. 6 Abs. 1 lit. f EU-Datenschutzgrundverordnung (DSGVO): If we need to collect this data to fulfill the legitimate interests of the service we provide, or a third party. In these cases, you interests, basic rights, and basic freedoms must not outweight these legitimate interests.
If PII is processed based on Art. 6 Abs. 1 lit. a or f you can object to processing of your data at any time.
Note on requests for data deletion: A legal obligation to preserve certain PII exists in some cases, for example, for financial documentation, but also for claiming or defending legal claims for compensation of demages. Even in the event of a deletion request we will store such data up until the legally obligated limits.
Collection of General Information
Upon each request to a service under engelsystem.de, we will store and process the following data for up to 14 days for operational reasons:
- Date and time of the access
- IP Addresses
- Accessed URI
- User Agent String
Modern webbrowsers allow you to control, limit, or prevent websites' ability to set cookies. Many browsers allow you to configure them so that all cookies are deleted once you close the webbrowser. Deactivating cookies may limit the functionality of our site.
We set cookies necessary for electronic communication processes or to provide specific functionality you requested, for example keeping you logged in to our site based on Art. 6 Abs. 1 lit. f DSGVO. As the operator of these sites we have a legitimate interest to set cookies that are necessary for a reliable operation of our services. We do not set tracking or analysis cookies.
Services Around the Engelsystem
If you are contacting the team under email@example.com, your email address will become visibile to a limited group of people in the team. There we process the following data:
- Email address
- Name or Nickname
- Contents of the email you send
- Timestamps and further metadata
Engelsystem instances under engelsystem.de help not-for-profit organizations serving the public good in organizing their events.
To use these instances, you have to register an account. If you register an account, the following PII will be processed and saved:
Visible for all volunteers:
- Nickname, Pronouns
- DECT Number, Mobilenumber
- Membership in teams/Engeltypes and permissions
Visible for shift coordinators (depending on the events size up to 100 people):
- Email address (if allowed in the notification settings)
- Shirt size
- Registered shifts and completed work, including the location, freeloader stte, and organizational notes
- Additional qualifications (Driving license)
- Availability / Planned arrival and departure
- Various status information (arrived, received shirt, force-active)
- Questions and answers to the organization
Visible for buerocrats (up to 20):
- User Settings (Language, Theme, Notification via email)
- Audit log for all activities
Visible only for the volunteers themselve and server admins (there is a total of 3):
- Password (Hashed)
- Private messages (sent and received)
- Replies to questions asked to the organization
- Notes for individual shifts
All collected data will be deleted under the terms noted below.
Deletion of Data