Privacy Policy

The Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH (hereinafter referred to as "ZenDiS" or "we") takes the protection of your personal data seriously. This page provides information about how we process your personal data when you visit our website www.opendesk.eu.

Mandatory information pursuant to Article 13 GDPR

In accordance with legal requirements in Germany, we have provided a telephone number and email address on our website. Information submitted through these channels is automatically stored by us in order to process the request or to contact the requestor. We do not share this information with third parties without your consent. In the case of contact by telephone or email for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Article 6(1)(b) GDPR. For all other contacts on your part, the processing of personal data by us is based on our legitimate interest in accordance with Article 6(1)(b) GDPR. For all other contacts on your part, the processing of personal data by us is based on our legitimate interest in accordance with Article 6(1)(f) GDPR.

1. Controller

The controller responsible for data collection and data processing on this website in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:

Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
Suttner-Nobel-Allee 4
44803 Bochum
Germany
Email: hallo@zendis.de
Tel.: +49234 367 1503 0

Name and address of data protection officer:

dsgvoschutzteam.com
Lukmann Consulting GmbH
Packerstraße 131a
8561 Söding
Austria

Tel.: +49 7223 95 666 77
Email: service@dsgvoschutzteam.com

2. Processing of your personal data

When you visit our website, your personal data will be processed.

2.1 Data processing when you contact us

The data processing serves the purpose of processing your request. Your personal data is processed in accordance with Article 6 (1)(f) GDPR. The legitimate interest arises from the need to process your data in order to respond to your request. We only store your data for as long as is necessary for this purpose, i.e. until your inquiry has been answered in full or, if the inquiry is related to a contract, until that contract period has expired. There is no legal obligation for you to provide your personal information. However, if you choose not to provide your data, we will be unable to contact you.

2.2 Technical data

2.2.1 Log files

When you visit our website, our web server temporarily stores what are known as log data records (server log files) in an anonymised form. These consist of:

  • IP address and host name

  • Time of access

  • Browser used by visitor

  • Operating system used by visitor

  • Originating link or URL

  • Search engine used, including keywords

  • Time on page

  • Number of pages viewed

  • Last page opened before leaving the website

This data is processed for the purpose of the technical provision of our website and for statistical evaluation, as well as for identifying and tracing any unauthorised access to the web server or any other criminal offences. The legal basis for data processing is Article 6 (1)(f) GDPR. Our legitimate interest in temporarily storing technical access information is to provide you with a technically functional and user-friendly website, and to ensure the security of our systems. The storage of information on a terminal device used by you and the retrieval of this information, regardless of the technology used (cookies, object storage, pixels, web beacons, etc.), is based on your consent in accordance with § 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG), which you declare by opting in. You may revoke your consent at any time by modifying your cookie settings. If storage is absolutely necessary in order to provide access to the website, the legal basis for said storage is § 25 (2) TTDSG. The recipient of the data is our hosting service provider Ionos (see section 3.1 below). Log file information is stored for a maximum of 30 days after your last visit to the website and is then deleted. Data processing is necessary for the operation of our website. If you do not wish to have your data processed, then do not access our website. The provision of personal data is neither required by law nor contract, but is necessary for the functionality of our website.

2.2.2 General information about cookies

We use cookies on our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a unique string of characters, which allow certain information to be passed back to the site that set the cookie. Cookies cannot run programmes or deliver viruses to your computer and therefore cannot cause any damage. They are used to make the website more user-friendly and effective overall, i.e. more convenient for you. Cookies may contain information that allows us to recognise the device you are using. In some cases, however, cookies only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted when you close your browser, and persistent cookies, which are stored beyond the individual session. There are also different types of cookies depending on their function:

  • Technical cookies: These are strictly necessary to move around the site. They use basic functions and ensure the security of the site. They do not collect information about you for marketing purposes, nor do they record which web pages you have visited.

  • Performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when using the website. They do not collect any information that could identify you; all information collected is anonymous and used exclusively to improve our website and help identify our users’ interests.

  • Advertising cookies, targeting cookies: These are used to provide the website user with customised advertising on the website or offers from third parties, and to measure the effectiveness of these offers. Advertising and targeting cookies are stored for a maximum of 13 months.

  • Social sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks) and are stored for a maximum of 13 months.

We use cookies to ensure that our website functions properly. It also allows us to optimise your experience of the website. These are the purposes of the data processing. Any use of cookies that is not strictly necessary from a technical point of view constitutes a processing of data which requires your consent pursuant to Article 6 (1)(1)(a) GDPR. This applies in particular to the use of cookies for advertising, targeting or sharing purposes. In addition, we will only disclose your personal data processed by cookies to third parties if you have given your consent in accordance with Article 6 (1)(1)(a) GDPR. Below, we explain the legal basis in relation to each service. The storage of cookies on a terminal device used by you and their retrieval is based on your consent in accordance with § 25 (1) TTDSG, which you declare by opting in. You can revoke your consent at any time via your cookie settings. If storage is absolutely necessary in order to provide the website, the legal basis for such storage is § 25 (2) No. 2 TTDSG. We will only store your data for as long as is necessary to fulfil the stated purposes. The cookies will then be deleted. As far as your consent per Article 6 (1)(1)(a) GDPR constitutes the legal basis for the data processing, you may revoke this consent at any time. You can do this by deleting the cookies in your browser. There is no legal or contractual requirement for you to provide your personal information. However, without the provision of this information, the functionality of our website may not be guaranteed. It is also possible that some services may not be available.

2.3 Analysis and tracking

We use the open source software tool SimpleStats on our website to collect information for the continuous improvement of our website through web statistics. The software analyses web server log files (see section 3.4.1 above). When individual pages of our website are accessed, the following data is stored:

  • IP address of the user's accessing system, shortened to two bytes and thus anonymised

  • The website visited

  • The URL from which the user came to the requested website (referrer), unless you have prevented this through a browser setting

  • The sub-pages accessed from the website visited

  • The time spent on the website

  • The frequency with which the site is accessed

  • Other information provided by the user's browser, such as language, country or browser used.

The software only runs on our website servers. The user's personal data is only stored there. The data is not shared with third parties. The software is set so that IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The legal basis for the storage of the required cookie is your consent in accordance with § 25 (1) TTDSG, which you declare by opting in. The further processing of your personal data after storage or reading is also based on your express consent in accordance with Article 6 (1)(1)(a) GDPR. You can declare and revoke your consent in accordance with § 25 (1) TTDSG and Article 6 (1)(1)(a) GDPR by clicking on the corresponding button in our cookie banner.

3. Transfer of personal information to external service providers

For some functions on our website, we use external service providers to whom we transfer personal data. All third party service providers commissioned by us act as contract processors for us in accordance with our instructions and Article 28 GDPR per data protection regulations. The contractual agreement stipulates, among other things, that the processors undertake to comply with data protection, which includes securing your personal data by means of appropriate technical and organisational measures, in particular by means of encryption technologies.

3.1 Ionos

We use Ionos to host our website. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you visit our website, Ionos collects various log files including your IP address (see section 2.2.1). The legal basis for collecting this data is Article 6 (1)(f) GDPR. We have a legitimate interest in making our website as reliable as possible. Further information can be found in the Ionos Privacy Policy.

4. Data erasure and retention periods

For each processing operation we carry out, we indicate how long we will store the data and when it will be erased or blocked. If no explicit retention period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on our servers in Germany, unless otherwise specified. However, data may be stored for longer periods in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by statutory provisions to which we are subject as a data controller (e.g. § 257 German Commercial Code (HGB), § 147 German Fiscal Code (AO). At the end of the storage period prescribed by law, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.

5. Data security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TLS encryption for our website), taking into account the state of the art, the cost of implementation and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and effects) for the data subject. Our security measures are continually improved in line with technological developments.

6. No transfer of data to third countries

Your personal data will not be transferred to companies located outside the European Union or the European Economic Area.

7. No obligation to provide personal information

We do not make the provision of our website dependent on you providing us with personal information in advance. As a user of our website, you are under no legal or contractual obligation to provide us with your personal data. However, if you do not provide us with the necessary data, we may be unable to provide you with certain services or may be unable to provide you with certain services at all. If this is the case, you will be notified separately in this Privacy Policy.

8. Your rights

You may exercise your rights as a data subject with regard to the processing of personal data concerning you at any time by contacting us using the contact details provided at the beginning of this Policy. As a data subject, you are entitled to:

  • request information about your data processed by us in accordance with Article 15 GDPR. In particular, you may request information about the purposes of processing, the category of data, the categories of recipients to whom your data have been or will be disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction or objection, the existence of a right to lodge a complaint, the origin of your data if not collected by us, and the existence of automated decision making, including profiling, and, where applicable, meaningful information about its details. In accordance with Article 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate data or the completion of incomplete data stored by us; in accordance with Article 17 GDPR, you have the right to obtain from us the erasure of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

  • request in accordance with Article 18 GDPR the restriction of the processing of your data if the accuracy of the data is contested by you or the processing is unlawful;

  • receive in accordance with Article 20 GDPR the data which you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller ("data portability");

  • object to, in accordance with Art. 21 GDPR, the processing if said processing is based on Article 6 (1)(1)(e) or (f) GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If your objection is not to direct marketing, we ask you to explain the reasons why we should not process your data in the way we have done so far. If your objection is justified, we will review the situation and either discontinue or amend the processing, or inform you of our overriding legitimate reasons for continuing the processing;

  • withdraw, in accordance with Article 7 (3) GDPR, your consent once given, i.e. your voluntary, informed and unambiguous expression of your consent to the processing of the personal data concerned for one or more specific purposes by means of a statement or other unequivocal affirmative act, at any time, if you have granted such consent. As a result, we will no longer be able to continue the data processing based on this consent in the future;

  • lodge a complaint in accordance with Article 77 GDPR with a data protection supervisory authority about our processing of your personal data.

9. Privacy policy updates

Due to changes in legal or regulatory requirements, as well as the evolution of technical standards and our offerings, adjustments to this Privacy Policy may be necessary, so it will be reviewed periodically for the need for changes or additions. The Privacy Policy may therefore be amended at any time with effect for the future. This Privacy Policy is effective as of April 2023.