Scope of the processing of personal data

As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision and optimisation of a functional website as well as our contents and services.

The processing of our users' personal data regularly only takes place with their consent. An exception applies in cases where the processing of data is permitted by legal regulations.

Legal basis for the processing of personal data

This website is part of the public relations work of the Gera municipality. The legal basis for the processing of personal data in the context of this public relations work is Art. 6 Para. 1 lit. e DSGVO in conjunction with § 16 ThürDSG. Insofar as we obtain consent for processing operations of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (DSGVO) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which you are a party (e.g. ordering publications), Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to pre-contractual measures.

Disclosure of personal data to third parties and order processors

As a matter of principle, we do not pass on any personal data to third parties without your express consent. If, in the course of processing, we nevertheless disclose your data to third parties, transmit it to them or otherwise grant them access to the data, this is also done exclusively on the basis of one of the aforementioned legal grounds. If we are obliged to do so by law or by court order, we must transfer your data to bodies entitled to receive information.

In some cases, we use carefully selected external service providers to process your data. If data is passed on to service providers within the scope of so-called order processing, this is done on the basis of Art. 28 DSGVO. Our order processors are bound by our instructions. We only commission processors who offer sufficient guarantees that appropriate technical and organisational measures are taken in such a way that the processing is carried out in accordance with the requirements of the GDPR and ensures the protection of your rights.

Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose for storing it no longer applies.

Automated decision-making (profiling)

We do not use automated decision-making (profiling).

Provision of the website and creation of log files (log files)

Description and scope of data processing

Each time our website is accessed, our system collects data and information from the computer system of the accessing computer. The following data is stored:

• IP address of the user,
• requested content (HTTP request),
• date and time of the request,
• amount of data transferred,
• message about successful retrieval (HTTP status code),
• Browser type, language and operating system of the user,
• URL of the previously visited website (referrer)

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. e DSGVO in conjunction with § 16 ThürDSG.

Purpose of the data processing

We use the log data only for the proper operation, the improvement of security and the optimisation of the offer.

Duration of storage

The log files are deleted after 90 days.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Cookie use

Description and scope of data processing

When you access this website, we store cookies (small files) on your computer. Individual areas of the website (e.g. the public authority guide) generate a session cookie. Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. e DSGVO in conjunction with. § 16 ThürDSG.

Purpose of the data processing

The purpose of using technically necessary cookies is to make the functions of the website possible.
The user data collected through technically necessary cookies are not used to create user profiles.

Duration of storage, right of objection and right of disposal

The session cookies are automatically deleted when the browser session is ended.

E-mail, contact forms and postal correspondence

Description and scope of data processing

Contact can be made via the e-mail addresses provided, contact forms or by post. In this case, the personal data of the user transmitted by e-mail, contact form or post will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. e DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of the data processing

The processing of personal data from the e-mail serves us solely to process the contact.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. A retention period of up to three years applies to personal data sent by e-mail or post.

Possibility of objection and removal

The user has the right to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, among other means, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
If you wish to send us confidential information or documents that are subject to the written form requirement, we request that you use paper-based communication.

E-mail is an unsecured electronic communication, i.e. - similar to a postcard - the content can be spied out by outsiders (with the corresponding knowledge and technical equipment). It is therefore not suitable for the transmission of confidential information - for this we recommend the conventional postal letter.

If electronic communication has been opened, the Gera municipality assumes that all communication can take place in this way, insofar as other regulations, in particular data protection concerns, do not conflict with this.

Data protection regulations of the associated subdomains

The person responsible for the content of the subdomain in each case is responsible for compliance with the provisions of data protection law (in particular the DS-GVO).

Web analysis through Matomo

Scope of the processing

We use the open source software tool Matomo on our website. Matomo enables us to evaluate user movements in a privacy-friendly manner for the purpose of improving our offer. Matomo does not set cookies on the user's computer for this purpose.

If individual pages of our website are accessed, the following data is stored:

pseudonymised IP address: For pseudonymisation, the IP address is cut in half.

• Date and time of visit
• Title of the displayed website
• URL of the displayed website
• Domain of the previously viewed website (shortened referrer)
• Downloaded files
• Outgoing links clicked
• Time elapsed between calling up the web page and displaying it to the user (page speed)
• Browser used (User-Agent Header)
• Browser language (Accept-Language header)
• Geographical region from which the site is accessed: The allocation is based on the browser language and the anonymised IP address.

If you want to generally prevent the recording of your page visits, you have the option of activating the Do-Not-Track function in your browser. This measure is also effective for other pages you visit.

For this website, the collection of your page visits can also be prevented by the following opt-out option.

Please note that when you activate this option, a cookie is stored on your system:

You have the option to prevent actions you take here from being analysed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users. Your visit to this website is currently collected by Matomo web analytics. Deselect this checkbox for opt-out.

Legal basis for the processing of personal data

The legal basis for the processing of the users' personal data is Art. 6 para. 1 lit. e DSGVO.

Purpose of the data processing

The analysis of surfing behaviour is based on Art. 6 para. 1 lit. e DSGVO. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

Possibility of objection and removal

For more information on the privacy settings of the Matomo software, please see the following link: https://matomo.org/docs/privacy/ 

Data protection with integrated external services

On individual pages you will find the services of certain providers integrated. When you first call up the page, these integrations are deactivated and therefore no data is transmitted to these services. Only when you click on the corresponding button does it become active and you thus give your consent to transmit data to the respective operator of the social network. If you wish to use this function, please note the following information:

Social Plugin Facebook

Our website uses social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are recognisable by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

When you call up a web page of our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and inform you according to the current state of knowledge:

By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, there is still the possibility that Facebook will obtain and store your IP address.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy: https://www.facebook.com/business/gdpr 

If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your membership data stored on Facebook, you must log out of Facebook before visiting our website.

It is also possible to block Facebook social plugins with add-ons for your browser.

Embedded YouTube videos

We integrate the videos of the platform "YouTube" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. In the process, Youtube is informed which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your Youtube account first.

If a Youtube video is started, the provider uses cookies that collect information about user behaviour. We usually choose the "extended data protection mode" for the integration.

If you have deactivated the saving of cookies for the Google Ad programme, you will not have to expect any such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at "Youtube" can be found in the provider's data protection declaration at:https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/  We would like to point out that you use the services offered here and their functionality on your own responsibility. The legal basis is your consent pursuant to Art.6 para. 1 letter a DS-GVO.

LinkedIn

We maintain an online presence on https://de.linkedin.com . For this purpose, we use the services of the technical platform of LinkedIn Ireland Unlimited Company, WiltonPlace, Dublin 2, Ireland (hereinafter: LinkedIn).

The use of this service is not required to contact us or to receive our information. Information that we publish via this service can also be accessed in the same or similar form at www.....). We therefore draw your attention to the fact that you use the service offered here and its functionalities on your own responsibility. This applies in particular to the use of interactive functions, such as sharing. When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymised form. This provides us with insights into the types of actions people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page,e.g. whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves the performance of a public task. The evaluation of the types of actions taken on our LinkedIn company page serves to improve our company page on the basis of these insights within the framework of public relations. The legal basis for this processing is Art. 6 (1) (e) DSGVO. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at de.linkedin.com.

Information about your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access - Art. 15 GDPR

You can request confirmation from us as the controller as to whether personal data relating to you is being processed by us.
If such processing is taking place, you can request information from the controller about the following:
- the purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectify or erase the personal data concerning you, a right to restrict processing by the controller or a right to object to such processing;

• the existence of a right of appeal to a supervisory authority;
• any available information on the origin of the data, if the personal data are not collected from the data subject;
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
• You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer. Reference is also made to the right to data portability, Art. 20 DSGVO.

Right of rectification - Art. 16 GDPR

You have a right of rectification and/or completion vis-à-vis us as the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay.

Right to restriction of processing - Art. 18 GDPR

You may request the restriction of the processing of personal data concerning you under the following conditions:

• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of the processing but you need them for the establishment, exercise or defence of legal claims; or
• if you have objected to the processing pursuant to Article 21(1) DSGVO and it has not yet been determined whether the controller's legitimate grounds override your grounds.

Where the processing of personal data relating to you has been restricted, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to erasure - Art. 17 GDPR

a) Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) DSGVO and there is no other legal basis for the processing.
• You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
• The personal data concerning you have been processed unlawfully.
• The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.

c) Exceptions

The right to erasure does not apply to the extent that the processing is necessary

• for the exercise of the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
• for the assertion, exercise or defence of legal claims.

Right to information - Art. 19 GDPR

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to data portability - Art. 20 GDPR

You have the right to obtain from the controller the personal data concerning you in a commonly used, machine-readable format in order to have it transferred to another controller if necessary, provided that

• the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and
• the processing is carried out with the aid of automated procedures.

When exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transferred directly from us to another controller, where this is technically feasible.

Right to object - Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) DSGVO.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Right to revoke the declaration of consent under data protection law - Art. 7 (3) DSGVO

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right to complain to the supervisory authority - Art, 77 DSGVO

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Competent supervisory authority:
Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI).
PO Box 900455
99107 Erfurt
poststelle@datenschutz.thueringen.de
https://www.tlfdi.de