Privacy policy

Last updated: April 2021

(You can find an overview of the data privacy policies and related documents using the following links: dsgvo-gesetz.de and www.datenschutz.de)

The website http://use.metropolis.org with its subpages (hereinafter jointly referred to as the "Website") is an official Internet presence of the World Association of the Major Metropolises (Metropolis). It is operated by the Senate Chancellery - Metropolis Regional Secretariat of Europe (hereinafter "we", "us") and provided in Berlin/Germany.

We treat your personal data confidentially and in accordance with legal requirements and this policy. Detailed information on the legal requirements is available at https://gdpr-info.eu/ and the German-language site www.datenschutz.de. We are subject to the provisions of the General Data Protection Regulation (GDPR) and the data privacy laws of Berlin (Berlin Data Protection Act - Berliner Datenschutzgesetz, BlnDSG). Personal data on this Website are encrypted as far as possible using organisational and technical, i.e. digital, security measures. This protects them from damage, destruction or unauthorised access.

We will only process personal data insofar as this is necessary for the functional provision of this Website and our content and services. We want to strengthen trust in our services and for this reason handle personal data fairly and transparently. The following therefore describes how personal data is handled on this Website.

 

Table of Contents:

1. Definitions and provision/log files; data transfer to third parties

2. Controller

3. Further data processing

     3.1 Cookies and web analytics

     3.2 Newsletter

     3.3 Login area

4. Social media

5. Rights of the data subjects

6. Additional declarations

 

1. Definitions and provision/log files; data transfer to third parties

Personal data are any information about an identified or identifiable natural person. It is sufficient if this data, in combination with other information, allow identification.

The term processing covers any activities involving the handling of personal data. Activities include those that operate with and without the aid of automated processes. In particular, it includes the collection (acquisition), storage, adaptation or modification, reading out, querying, use, disclosure by transmission or other provision, comparison, linking, restriction, deletion or destruction of personal data.

If personal data are processed, the GDPR refers to the persons identified or identifiable thereby as the data subject.

For technical reasons and to maintain and improve functionality, your Internet browser automatically transmits information to us each time you visit the Website. This information is automatically collected and stored by us in log files so that the Website can be displayed in your browser. The temporary creation of these log files by the system is absolutely necessary to enable delivery of the Website to the user's end device. Our legitimate interest for processing is the operational security of the Website according to Art. 6(1)(f) GDPR. The following data will be processed:

  • Browser type and version
  • Operating system used (if included in browser data)
  • Your Internet Protocol data (IP address)
  • Date and time you access the Website
  • Website from which you are visiting us (referrer URL)
  • Webpages that you visit within use.metropolis.org
  • Data volume transferred
  • Access status (files transferred, file not found, etc.)

These anonymous data (with the exception of the IP address) do not allow any conclusions to be drawn about a specific person and are therefore not personal data. They may be evaluated for statistical purposes regarding the use of our Website, but not for purposes related to specific persons.

Personal data are only transferred to third parties who are not part of Metropolis with the consent of the data subject. They will also be transferred if there are legal disclosure obligations that require us to transfer them. No personal data will be transferred to third parties for advertising purposes.

The access data collected while using our Website will only be stored for the period of time for which these data are required to achieve the above purposes.

 

2. Controller

The data controller as described in the GDPR and other national data privacy laws of the member states as well as other data privacy regulations is:

 

Governing Mayor of Berlin - Senate Chancellery

Email: datenschutz@senatskanzlei.berlin.de

 

Address:

Chef der Senatskanzlei

Jüdenstr. 1

10178 Berlin

 

Telephone: +49 30 9026-0

Fax: +49 30 9026-2013

 

3. Further data processing

3.1 Cookies and web analytics

3.1.1 Cookies

We use "cookies" on our Website. These are small text files that are sent from our web server to your computer. They store certain information (e.g. identifying features) in your browser. If you access the Website using your mobile device (e.g. smartphone or tablet), we use mobile identifiers instead of cookies in otherwise the same procedure. A mobile identifier is a unique number (mobile ID) that is stored on a mobile device and can be read by a Website. Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.

If you use our Website without logging in, cookies allow us to statistically analyse usage. This includes recording new and returning visitors (performance cookies). They do not collect any information that could identify you. All information collected is anonymous and is used only to improve our Website and find out what interests our users. In addition, we use cookies to measure the extent to which free content is used. To determine this usage volume, our website sends a “unit ID” to your browser. This is an anonymous metric that serves the sole purpose of tracking the content that has already been used for free.

If you use our Website with your user account (see 3.3), cookies are also provided to identify your browser for the duration of the visit. This includes viewing various webpages.

Our Website can be viewed without saving cookies. You can disable cookie storage in your browser. You can also set the browser to notify you when a Website intends to store a cookie. In this case, you decide whether you want to accept the cookies. You can also delete cookies already stored in your browser using your browser settings. You can typically obtain the procedure for disabling cookies in the "Help" function of your browser. When cookies are disabled, the functionality and/or full availability of this Website may be limited.

Preferences external services

 

Legal basis for data processing

The legal basis for the use of technically mandatory cookies is our legitimate interest as described above in accordance with Art. 6(1)(f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") issued by us on the Website, the legal basis is also Art. 6(1)(a) GDPR.

 

Purpose of data processing

To ensure the full functionality of our Website, it is necessary to allow temporary cookies for technical reasons. Even if cookies have been disabled, our Website sends the above unit ID to your browser to measure the volume of free content used.

 

Duration of storage

We only use cookies to store session-relevant information within a Website. They expire automatically at the end of the session (session cookies) and are not stored permanently (transient cookies). We do not use any other technology to analyse user’s access behaviour.

 

3.1.2 Web analytics with Matomo

This Website uses the functions of the open source software Matomo, a web analytics service provided by InnoCraft Ltd. (7 Waterloo Quay PO625, 6140 Wellington, New Zealand (www.matomo.org)). You can give us your consent voluntarily when you call up our Website by pressing the corresponding button in the "cookie banner". The information generated by Matomo cookies about your use of this Website (for example, the time and frequency of your Website visit) is processed and stored locally on our web server. The information is not passed on to third parties. Your IP address is only stored in abbreviated form so that you remain anonymous as a user.

Specifically, Matomo uses the following tracking cookies: _pk_ref, _pk_cvar, _pk_id, _pk_ses. More detailed information can be found here: https://matomo.org/faq/general/faq_146/

 

Legal basis for processing personal data

The legal basis for processing your personal data is Art. 6(1)(a) GDPR if you have given us your explicit consent to do so when opening our Website. 

 

Purpose of data processing

We use the information collected by Matomo to evaluate your visit to this Website and to compile reports on Website activity. This allows us to improve the quality of our Website and its content. Using statistical analyses, we learn how the Website is used and can thus continually optimise our offer.

 

Duration of storage

The data relevant to the provision of web tracking are stored for as long as is necessary for the aforementioned recording purposes. The data collection and storage are anonymised. If there is a reference to a person, the data will be erased immediately unless there is a legal obligation to retain it. In any case, the erasure takes place after the obligatory retention period expires.

 

Revocation

You can revoke consent for evaluating your data with the help of Matomo at any time for the future. This then means that Matomo will no longer collect any session data.

 

3.2 OpenStreetMap

Based on your consent (Art. 6(1)(1)(a) GDPR), we integrate the maps of the service "OpenStreetMap" (https://www.openstreetmap.org), which are offered with the Open Data Commons Open Database Licence (ODbL) by the OpenStreetMap Foundation (OSMF). OpenStreetMap helps to find published information on a map.

To our knowledge, user data are used by OpenStreetMap solely for the purposes of displaying the map functions and caching the selected settings. In particular, these data may include IP addresses and location data of users, which, however, will not be collected without their consent (usually executed within the settings of their mobile devices).

To give you extra protection, we deliver the map images from our own map server. You can see how OpenStreetMap stores your data beyond that on OpenStreetMap's privacy page here https://wiki.openstreetmap.org/wiki/Privacy_Policy and here wiki.openstreetmap.org/wiki/EN:Legal_FAQ.

The provider of OpenStreetMap is the Openstreetmap Foundation:

Openstreetmap Foundation

132 Maney Hill Road

Sutton Coldfield

West Midlands

B72 1JU

United Kingdom

 

3.3 Newsletter

On our Website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask are transmitted to us:

  • Email address
  • First name, Surname
  • Academic title

In addition, the following data are collected during registration:

  • Date and time of registration

Your consent to processing your data is obtained by means of a double opt-in procedure as part of the registration process. You will only receive the newsletter when you click on the confirmation link in the invitation email.

The newsletter is sent by the service provider Mailjet (Mailjet SAS, 13-13bis, Rue de l'Aubrac, 75012 Paris, France). Mailjet is a service that can be used to organise and analyse newsletter distribution. The data you enter to receive the newsletter is stored on Mailjet's servers in the EU. You can find out more about Mailjet's security and privacy at https://www.mailjet.com/security-privacy/.

Mailjet allows us to analyse our newsletter campaigns. It makes it possible to determine, among other things, how many recipients have opened the newsletter message and, if applicable, which links in the message have been opened.

Beyond that, no data are passed on to third parties in connection with data processing for the newsletter.

 

Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6(1)(a) GDPR if the user has given consent.

 

Purpose of data processing

The email address is collected in order to deliver a newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

 

Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. Accordingly, the user's email address is stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will also be deleted upon termination of the subscription.

 

Possibility of objection and termination

The user can cancel the newsletter subscription at any time. For this purpose, there is a corresponding link in each newsletter. This also enables the revocation of consent to the storage of personal data collected during the registration process.

 

3.4 Login area

You have the possibility to use a separate login area on our Website. If you have forgotten your password or username for this area, you have the option of having these data sent to you after entering your contact details (email address). When registering for the newsletter, the data from the input mask are transmitted to us:

  • Registration email address
  • Password
  • Email address for using the "Forgot your password?" function

In addition, the following data are collected during registration and when logging in each time:

  • Date and time of registration or login

Your consent to processing your data is obtained by means of a double opt-in procedure as part of the registration process. Registration is not complete or possible until you click on the confirmation link in the invitation email.

Except for the possibility of registration as well as for combating abuse and troubleshooting or for maintaining functionality, no data are passed on to third parties in connection with data processing. The data are used exclusively for providing access to a user account (registration and login).

 

 

Legal basis for data processing

The legal basis for the processing of data after the user registers for a user account is Art. 6(1)(a) GDPR if the user has given consent.

 

Purpose of data processing

The email address is collected to enable registration in the data subject's own user account.

Other personal data collected during the registration process serves to prevent misuse of the services or the email address used.

 

Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. Accordingly, the user's email address will be stored as long as the user account is active and not deleted.

The other personal data collected during the registration process will also be deleted when the user account is deleted.

 

Possibility of objection and erasure

The user can delete the user account at any time. For this purpose, there is a corresponding box that can be ticked after each login. This also enables the revocation of consent to the storage of personal data collected during registration and each login process.

 

4. Social media

The platform use.metropolis.org runs its own Twitter channel. Users are informed separately about the processing of their personal data.

We do not use social media plugins on our Website. If our Websites contain icons from social media providers (Twitter, LinkedIn, Facebook), we use these only for passive linking to the pages of the respective providers.

 

 

5. Rights of the data subjects

As a data subject, you have the following rights vis-à-vis the Controller (2.):

  • Right of access to information about the processing of your personal data (this includes information about the purpose, recipients and duration of storage) in accordance with Art. 15 GDPR,
  • Right to rectify inaccurate personal data (Art. 16 GDPR),
  • Right to erasure according to Art. 17 GDPR,
  • Right to restrict processing and right to data portability (Art. 18 and 20 GDPR) as well as
  • The right to object to the processing of your data at any time (Art. 21 DS-GVO). If you object, your personal data will no longer be processed. An exception exists if there are compelling and legitimate grounds that outweigh your interests.

If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom it has disclosed the personal data about the rectification or erasure of the data or the restriction of processing. This does not apply if it is impossible or would involve a disproportionate effort. You have the right to be informed by the controller about these recipients.

Once given, consent can be revoked at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this.

In addition, without prejudice to other legal remedies, if you believe that data protection regulations are not being observed in the processing of your data, you may lodge a complaint with the competent supervisory authority (Art. 77 GDPR). Data subjects may address their complaints to the authority of their place of residence or place of work, but in principle also to any other data protection supervisory authority. The supervisory authority to which the complaint is lodged shall inform the complainant of the status of the complaint, including the possibility of an effective judicial remedy under Article 78 of the GDPR. The competent data protection supervisory authority for the Controller is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit). The Commissioner can be contacted as follows:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

Tel.: +49 30 13889-0

Email: mailbox@datenschutz-berlin.de

 

6. Additional declarations

If concluding a contract is necessary for the use of certain services on our Website, e.g. publishing a created profile, then personal data such as family name, first name, date of birth and address are collected in this context. These data will be used exclusively for the purposes of the contract and processed and used to the extent necessary for the establishment, organisation, modification and performance of the contractual relationship, in particular to provide more relevant information.

This Website contains links to websites that are not provided by use.metropolis.org. Data privacy on external sites is realised by the data protection regulations applicable there. We cannot accept any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether these operators comply with data protection regulations.

If you have any questions or comments about the data privacy practices of use.metropolis.org, or would like information about the personal data we have stored about you, please contact us at use.community@metropolis.org.

We store the personal data on specially protected servers in Germany.

We do not intend to use any personal data collected from you for any automated decision making processes (including profiling).