- 1 Definition of Terms
- 2 Collection of General Data and Information
- 3 Rights of the Affected Person
- 4 Legal Basis of Data Processing
- 5 Legitimate Interests in the Processing Being Pursued by the Administrator or a Third Party
- 6 Legal or Contractual Provisions for the Provision of Personal Data; Necessity for the Conclusion of the Contract; Obligation of the Affected Person to Provide the Personal Data; Possible Consequences of Non-Provision
- 7 Existence of Automated Decision-Making
- 8 Sources
Definition of Terms
Please note: This website can be accessed without explicitly entering personal data. For technical reasons, personal data will be derived from your access, and saved.
The following terms are used in this privacy statement, among others:
Personal data means any information relating to an identified or identifiable natural person (hereinafter the „Affected Person“). A natural person is considered to be identifiable, directly or indirectly, in particular by association with an identifier such as a name, with an identification number, with location data, with an online identifier or with one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
Affected person is any identified or identifiable natural person whose personal data is processed by the Responsible Person.
Processing means any process or series of operations related to personal data, such as collecting, capturing, organizing, organizing, storing, adapting or modifying, reading out, querying, using, with or without the aid of automated procedures; disclosure through submission, dissemination or any other form of provision, reconciliation or association, restriction, erasure or destruction.
Limitation of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
The Responsible Entity (for data processing) is the natural or legal person, public authority, body or other entity that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the Responsible Entity itself, or the specific criteria for his designation may be provided for under Union or national law. In the following, this entity is called Administrator.
Recipient is a natural or legal person, agency, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered to be beneficiaries.
The Third is a natural or legal person, public authority, body or other entity other than the Affected Person, the Responsible Entity, the Receiver, the authorized data processor, and the persons authorized under the direct responsibility of the Responsible Entity or authorized data processor to process the personal data.
Consent is any expression of will voluntarily and unequivocally made by the Affected Person in the form of a statement or other unambiguous confirmatory act, stating that they consent to the processing of personal data concerning them.
Name and Address of the Responsible Person
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:
Patrik Schindler Gerhart-Hauptmann-Weg 3 77652 Offenburg Deutschland Tel.: 0781-9705550 E-Mail: email@example.com Website: try-as400.pocnet.net
As mentioned above, this person is to be called Administrator.
By using cookies, this website can provide users of it with more user-friendly services that would not be possible without the cookie setting.
The Affected Person can prevent the setting of cookies by this website at any time by means of a corresponding setting of the Internet browser used and thus permanently suppress the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the Affected Person suppresses the setting of cookies in the Internet browser used, not all features of this website may be fully usable, though.
Collection of General Data and Information
This website is built upon the Software MediaWiki. MediaWiki has certain requirements for running properly. The requirements are fulfilled as follows:
- Apache provides the function of the web server software,
- PHP provides the function of a dynamic scripting language, enabling creation of HTML pages from program code instead of static files on permanent storage,
- MariaDB provides the ordered storage of content and changes to the content for this website.
All these facilities run on the server side of this website and not on the Affected Person's computer. The facilities mentioned above create HTML formatted text which is embedded in a data stream adhering to the Hyper Text Transfer Protocol (HTTP) standard 1.1 or later, and transferred to the Affected Person's computer. The web browser therein translates the embedded HTML text to a visual appealing rendition of this website contents.
Any data processing and saving takes place by means of the mentioned software and it's individual configurable or built-in, unalterable settings.
As soon as an article of this website is viewed, a temporary session cookie is created on the visitor's computer (aka the Affected Person's computer). This has an expiration time of 30 days after creation.
Also, accesses to searching or viewing articles are generally logged by the web server software Apache. The log entries include the IP address from which the access originated, the time of access, as well as path and additional data (URL) for controlling the software Mediawiki, as used by this website. Finally, an entry with the status code resulting from the access is added, as well as the size of the transmitted data. For technical reasons, several entries are made in the access log file for the individual elements of a page.
The server's log data is kept on the server for three days. The retention period results from the technical necessity to be able to analyze possible past error conditions in a timely manner.
Furthermore, the log data is copied to an independent data processing system in regular intervals as part of a full backup. The backups are accessible only to the person responsible for data processing (Administrator). This backup data is kept for 12 months and will be overwritten by new backups.
When using this general data and information, the Responsible Person does not draw any conclusions about the Affected Person. Rather, this information is needed to (1) properly deliver the contents of this website, (2) optimize this website's content, (3) ensure the continued viability of the underlying information technology systems and websites technology, and (4) provide law enforcement agencies with necessary information for prosecution in case of a cyber attack.
Additional Information and Personal Data
Anonymous changes of this website are not possible. Write access is granted after a valid log in with user and password. According to the Definition in Wikipedia, the following data will be recorded by means of the Software Mediawiki with every change to content of this website:
- Username and IP address of the access (change).
This is done in addition to the information named in the previous section. This information is stored indefinitely and is publicly available.
Additional cookies are set at login, for example to maintain the default settings of the logged-in state.
Write access is granted by the Administrator on request, individually with a user and password. When this user is created, the following personal information is collected:
- Username (short name),
- Password (in encrypted form),
- Email address.
The processing of this personal data takes place exclusively within this website software Mediawiki. They serve only the purpose of
- Authorization of write/change access,
- Delivery of automated (email) notifications of the Mediawiki software,
- Assignment of article changes to users.
Rights of the Affected Person
Each Affected Person has rights, as granted by the European Directive and Regulatory Authority, to fetch information about, and modify her personal data, processed by this website.
Each Affected Person has the right, as granted by the European Directive and Regulatory Authority, to require the Administrator to confirm whether personal data relating to him/her are being processed.
If an Affected Person wishes to make use of this confirmation right, they can contact the Administrator of this website at any time.
If you visit this website, you turn into an Affected Person.
If you just visited this website, personal data as laid out in Paragraph 2 has been already collected. It is technically not possible to suppress this collection of data.
If you had previously applied to get write access to this website, personal data as laid out in Paragraph 2.1 has been collected, processed and stored permanently.
Any affected person concerned by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority at any time to obtain from the Administrator information disclosure free of charge regarding the personal data stored about her, and to obtain a copy of that information. In addition, the European legislator and regulator has grants the Affected Person to request the following data:
- purposes for processing personal data
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data has been or is still being disclosed, in particular to recipients in foreign countries or to international organizations
- the planned duration for which the personal data will be stored, or if this is not possible, the criteria for determining that duration
- the confirmation of rights to
- rectification or erasure of the personal data concerning them,
- restriction of data processing
- revocation of permission to data processing.
- appeal to a supervisory authority
- if the personal data is not collected directly from the Affected Person: All available information about the origin of the personal data
- The existence of an automated decision-making, including profiling in accordance with Article 22, paragraph 1 and 4 GDPR and — at least in these cases — meaningful information about the logic involved and the scope and the desired impact of such processing for the person concerned.
Furthermore, the Affected Person has a right to know whether personal data has been transmitted to a foreign country or to an international organization. If this is the case, then the Affected Person has the right to obtain information about the appropriate warrantries regarding the transfer.
If an Affected Person wishes to make use of this right to disclosure, they can contact the Administrator of this website at any time.
Additionally, there is no automated decision-making (makes no sense technically).
Since this website is published in the global internet, personal data as stated in Paragraph 2.1 can be transferred to any entity technically able to connect to the global internet. This affects only if you have successfully signed up for write access, previously and made changes in any article on this website. If you just visited this website, data collected as laid out in Paragraph 2 will stay local to the Federal Republic of Germany.
Any person affected by the processing of personal data has the right granted by the European Directive and Regulatory Authority to demand the immediate correction of incorrect personal data concerning them. Furthermore, the Affected Person has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If an affected person wishes to make use of this right of correction, they can contact the Administrator of this website at any time.
This right extends only to the point where no automatic generated data is affected. For example, if you ask for correction of IP address, date or time of an access to this website, this makes no sense since the data has been collected automatically and thus can't be wrong. Such a claim may be seen as an attempt to forging, so authorities requiring transfer of data for legal reasons get false data in the end. For these reasons, claims to change automatically generated data are denied in any case.
Right to Deletion of Data
or: Right to be Forgotten.
Any person affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority to require the Administrator to immediately delete the personal data concerning him, provided that one of the following reasons is satisfied and the processing is not required:
- The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
- The Affected Person withdraws the consent on which the processing was based in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR and lacks any other legal basis for processing.
- The Affected Person objects to the processing according to Article 21 paragraph 1 of the GDPR and there are no legitimate reasons for the processing, or the affected person appeals in accordance with Article 21 paragraph 2 of the GDPR the processing.
- The personal data was processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
- The personal data was collected in relation to information society services offered pursuant to Article 8 paragraph 1 GDPR.
If one of the above reasons is apparent and an Affected Person wishes to pursue the deletion of personal data stored through this website, she may contact the [mailto: firstname.lastname@example.org Administrator of this website] at any time. He will delete the mentioned data as soon as possible.
If the personal data have been made public and the Administrator is responsible for deleting personal data as the Responsible Person pursuant to Art. 17 (1) GDPR, the Administrator shall take appropriate measures, including technical ones, for others, taking into account the available technology and the costs of implementation (a) inform data controllers processing the published personal data that the Affected Person has requested the other data controllers to delete all links to such personal data or to make copies or replicas of such personal data; Processing is not required. In individual cases, the Administrator will arrange what is necessary and inform the Affected Person of the measures taken.
For technical reasons, no guarantee can be given for the complete deletion of the published personal data on data processing systems supervised by other Administrators. If the action taken does not appear to be sufficient for the Affected Person, it must enforce its right to be deleted from these other Administrators. It is technically not possible for the Administrator to name the other persons responsible for the data processing precisely.
These are the immediate technical consequences when publishing data in a public Wiki. Even if you cease to take part in this wiki, your personal data will be retained to allow you to successfully claim authorship of parts of this website.
Right to Restrict Data Processing
Any Affected Person by the processing of personal data has the right granted by the European Directive and Regulatory Authority to require the Administrator to restrict the processing of their data if one of the following conditions applies:
- The accuracy of the personal data is contested by the Affected Person for a period of time that enables the person responsible to verify the accuracy of the personal data.
- The processing is unlawful, the Affected Person refuses to delete the personal data and instead requests the restriction of the use/processing of personal data.
- The Administrator no longer needs the personal data for initial defined purposes, but the Affected Person requires them to assert, exercise or defend their legal rights.
- The Affected Person has objected against the processing according to Article 21 paragraph 1 GDPR and it is not yet clear whether the legitimate reasons of the Administrator outweigh those of the Affected Person.
If one of the above conditions is met and an Affected Person wishes to request the restriction of processing of personal data stored in this website, they may contact the Administrator of this website at any time. He will carry out the restriction of processing as requested.
It is not clear how the software Mediawiki, used by this website, technically allows to further restrict data processing beyond the point of a bare minimum already achieved.
Right to Data Portability
Any Affected Person shall have the right granted by the European Directive and Regulatory Authority to receive the personal data concerning her in a structured, common and machine-readable format. She also has the right to transfer this data to another Administrator without hindrance by the data source Administrator, provided that the processing is based on the consent pursuant to Article 6 (1) (a) GDPR or Article 9 paragraph 2 (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and processing by automated means, unless the processing is necessary by means of of public interest or in the exercise of official authority, which has been assigned to the Administrator.
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the Affected Person has the right to request that the personal data is transmitted directly from one Administrator to another, where technically feasible and if so this does not affect the rights and freedoms of others.
In order to assert the right of data transferability, the Affected Person may at any time contact the Administrator of this website.
Right to Objection
Any person concerned by the processing of personal data shall have the right conferred by the European Directive and Regulatory Authority at any time, for reasons arising from its particular situation, against the processing of personal data relating to it pursuant to Article 6 (1) (e) or (f) GDPR takes an objection. This also applies to profiling based on these provisions.
In the event of an objection, the Administrator no longer processes the personal data unless it is possible to prove compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the Affected Person, or to exercise or defense of legal claims.
If the Administrator processes personal data in order to faciliate direct advertisements, the Affected Person has the right to object at any time to the processing of personal data for the purposes of such advertising. This also applies to profiling, as far as it is associated with such advertising. If the Affected Person objects to processing for direct marketing purposes, the Administrator also will no longer process the personal data for these purposes.
In addition, the Affected Person has the right to object against the processing of personal data relating to her, for reasons arising from his or her particular situation, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to fulfill a task of public interest.
In order to exercise the right to object, the Affected Person may contact the Administrator of this website directly. The Affected Person is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise her right of opposition by means of automated procedures using technical specifications.
This website doesn't incorporate advertisements. No profiling is done (makes no sense technically).
Automated Decisions on an Individual Basis, Including Profiling
Any person concerned by the processing of personal data shall have the right, as granted by the European Directive and Regulatory Authority, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on her or, in a similar manner, significantly affects her; unless the decision (1) is necessary for the conclusion or performance of a contract between the Affected Person and the Administrator, or (2) permitted by Union or Member State legislation to which the Administrator is subject, and that legislation provides for appropriate measures to safeguard the rights and freedoms and the legitimate interests of the Affected Person; or (3) with the explicit consent of the Affected Person.
If the decision (1) is required for the conclusion or performance of a contract between the Affected Person and the Administrator or (2) it is done with the explicit consent of the Affected Person, the Administrator of this website shall take appropriate action Measures to safeguard the rights and freedoms and legitimate interests of the Affected Person, including at least the right to obtain the intervention of a person by the Administrator, to express her own position and to contest the decision.
If the Affected Persion wishes to assert rights with regard to automated decisions, they can contact the [mailto: email@example.com Administrator of this website] at any time.
No automated decision-making is done on this website.
Right to Revoke a Data Protection Consent
Any person affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to revoke consent to the processing of personal data at any time.
If the Affected Person wishes to assert their right to withdraw consent, they can contact the Administrator of this website at any time.
Legal Basis of Data Processing
Art. 6 I lit. a GDPR is the legal basis for this website for processing operations where one has obtained consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the Affected Person is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If this website is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the Affected Person or another natural person. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. On this legal basis, processing operations that are not covered by any of the above mentioned legal bases are required if the processing is necessary to safeguard the legitimate interests of the Administrator of this website or a third party, provided that the interests, fundamental rights and fundamental freedoms of the Affected Person do not outweigh. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the Affected Person is a customer of the controller (recital 47, second sentence, GDPR). In this context, a legitimate interest can be derived from the fact that the Affected Person has sought permission to write access to this website.
Legitimate Interests in the Processing Being Pursued by the Administrator or a Third Party
If processing of personal data is based on Article 6 I lit. f GDPR, the legitimate interest of the Administrator is to store and make publicly available articles through this website.
Legal or Contractual Provisions for the Provision of Personal Data; Necessity for the Conclusion of the Contract; Obligation of the Affected Person to Provide the Personal Data; Possible Consequences of Non-Provision
The Administrator informs you that the provision of personal data is partly required by law (eg B tax provisions) or that it can also result from contractual arrangements (eg, information about the contracting party). Sometimes it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the Affected Person is required to provide us with personal information when our company concludes a contract with her. Failure to provide the personal data would mean that the contract with the person concerned could not be closed. Prior to any personal data being provided by the Affected Person, the Affected Person must contact the Administrator of this website. It will inform the individual on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of the non-provision of the personal data.
Existence of Automated Decision-Making
There is no automatic decision-making or profiling in the context of using this website.
This text was translated to english language with the aid of Google Translator and manual refinement, where appropriate.
In individual cases, corrections have been made to the wording by the Administrator of this website in order to express the special requirements of the data processing by the this website.