We are committed to privacy, so we have designed our services from the ground up to collect as little data as possible. Most features on datarequests.org will be executed entirely on your own computer, so the data you enter will never even reach our servers. Furthermore, our websites can only be accessed via a TLS-encrypted connection to ensure that your connection to our server cannot be compromised by third parties.
To exercise your privacy rights, we of course recommend using our generator which will help you generate the appropriate requests for free.
With datarequests.org, we want to help you exercise your right to privacy. In order to do so, we offer a generator that helps you automatically generate requests, a company database with contact data for privacy-related requests to many companies and educational material on subjects related to privacy and data protection.
Controller and contact information
The controller as defined in Art. 4(7) GDPR for the services mentioned under “Scope” is:
Datenanfragen.de e. V.
c/o Benjamin Altpeter
Legally represented by: Benjamin Altpeter and Lorenz Sieben
Datenanfragen.de e. V. is a non-profit listed in the register of associations of the district court of Braunschweig, under the registration number VR 201732, and recognized as a charitable organisation by the Braunschweig-Wilhelmstraße tax office.
Do Not Track
We respect the Do Not Track (DNT) option that you can set in your browser. If you have enabled it, we will deactivate all telemetry (currently there is none but we may implement privacy-friendly telemetry in the future).
We also recommend that you install Privacy Badger, a free and open source browser extension that sets the DNT header for you and automatically blocks websites that do not adhere to it.
We do not use profiling or any other type of automated decision making.
To operate our website and to provide our services, we collect and process some personal data. Our top priority is to minimise data collection and processing: We only collect personal data where it is necessary and only to the extent that it is necessary. In addition, data is always collected for a specific purpose and storage is limited to the necessary period of time.
In order to give you the greatest possible control over your privacy, you can set whether you want to activate many functions at any time via our privacy controls. A cookie is stored in your browser for each option. It only contains an indication as to whether you have activated or deactivated the respective option, but no personal data.
In this section we would like to explain to you exactly under which circumstances we collect and process which data. Not listed here are the processings that take place exclusively on your own computer and for which no data is transferred to us. You can find further information about these in the above mentioned privacy controls.
Data we collect automatically
Server log files
In addition to that, some of the files on our website are requested from servers run by Amazon Web Services EMEA SARL, 5 rue Plaetis, L-2338 Luxembourg, Luxembourg (the authorized representative of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA in the European economic area). These servers may collect aggregated statistics on how the services are used. While have have access to these statistics, we cannot influence whether or how they are collected.
Amazon Web Services, Inc. is certified under the US-European “Privacy Shield” framework, which ensures that the EU data protection level is maintained, through Amazon.com, Inc.. For more information on how Amazon Web Services processes your data, please refer to their data privacy FAQ.
- Affected data: the specific page you visited, the date and time of your visit, the origin of your request (the so-called “referrer”), information about your browser and operating system (the so-called “user-agent string”), your country and your IP address
- Lawful basis: The data is stored on the basis of our (and our hosting partners’) legitimate interest in improving the stability and functionality of the servers in use in accordance with Art. 6(1) lit. f GDPR.
- Duration of storage: 30 days for Netlify; 60 days for Amazon Web Services
Data you provide to us
If you contact us (e.g. by email), your message may contain personal data. We will use this data exclusively to answer your message.
You do not have to provide any data to contact us, so the disclosure of this data is completely voluntary for you.
- Affected data: the data you include in your message
- Lawful basis: The storage is based on our legitimate interest in replying to your message in accordance with Art. 6(1) lit. f GDPR.
- Duration of storage: as long as there are legal storage obligations
User content in our company database
If you post content in our company database, it may contain personal data. The disclosure of this data is entirely voluntary for you. Not providing it has no influence on your use of our website.
- Affected data: the data you provide in your contribution
- Lawful basis: The basis of the storage is our legitimate interest to display the user contributions on our website in accordance with Art. 6(1) lit. a GDPR.
- Duration of storage: indefinitely
- Data disclosure: User content is publicly accessible via our website.
If you report an error to us, your report may contain personal data. The disclosure of this data is entirely voluntary for you. Not providing it has no influence on your use of our website.
- Affected data: information about the error that occurred, information about your browser and operating system (the so-called “user-agent string”), the complete URL of the specific page you were visiting when the error occurred and potentially data you entered on that page
We will always display all the information included in the report to you before you send it and give you the ability to alter or remove information from it.
- Lawful basis: The basis of the storage is our legitimate interest to improve the stability and functionality of our website in accordance with Art. 6(1) lit. a GDPR.
- Duration of storage: indefinitely
- Data disclosure: The content of error reports may be publicly accessible via our GitHub issue tracker.
The GDPR grants you comprehensive rights with regard to data protection. We are strongly convinced that the right to data protection is a fundamental right and therefore we fully stand behind these rights. You can exercise these rights at any time in an informal manner using the contact details given in the “Controller and contact information” section.
We of course invite you to use our generator which will assist you with writing requests.
Right to data access
According to Art. 15 GDPR, you first of all have the right to request confirmation as to whether we store personal data on you. If so, you may request a copy of this information and are furthermore entitled to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right to data portability
In accordance with Art. 20 GDPR, you also have the right to receive the personal data concerning you that you have made available to us in a structured, commonly used and machine-readable format and to transmit this data to another controller without obstruction by us if the processing is based on consent pursuant to Art. 6(1) lit. a GDPR, Art. 9(2) lit. a GDPR or on a contract pursuant to Art. 6(1) lit. b GDPR and the processing is carried out using automated procedures.
Right to rectification
According to Art. 16 GDPR, you have the right to request us to correct any inaccurate personal data concerning you without undue delay. Furthermore, you have the right to request the completion of incomplete personal data—also by means of a supplementary declaration.
Right to erasure (“Right to be forgotten”)
According to Art. 17 GDPR, you have the right to demand that we delete personal data concerning you without undue delay.
This right is limited in particular when the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation or to assert, exercise or defend legal claims.
Right to revoke given consent
According to Art. 7(3) GDPR you have the right to revoke your consent given to us at any time.
Right to restriction of processing
According to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the personal data, if the processing is unlawful, if we no longer need the data for the purpose of processing or if you have filed an objection to the processing pursuant to Art. 21(1) GDPR, as long as it is not yet clear whether our legitimate interests outweigh yours.
Right to notification to recipients
If you request us to correct, delete or restrict the processing of your personal data in accordance with Articles 16, 17 and 18 respectively, we will notify all recipients to whom we have disclosed the relevant data in accordance with Art. 19 GDPR.
Right to object
According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you which is necessary for the performance of a task in the public interest or because of our legitimate interest on the basis of Article 6(1) lit. e or f respectively, for reasons arising from your particular situation. We will then no longer process the personal data, unless we can prove compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims.
If we use your personal data for direct marketing, you have the right to object to such processing at any time. We will then no longer use your data for such purposes.
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the member state of your usual place of residence, your workplace or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR.
The following supervisory authority is responsible for us:
Die Landesbeauftragte für den Datenschutz Niedersachsen