DATA PROTECTION
The following privacy policy applies to the use of the website aboutsomethink.org and forum.aboutsomethink.org as well as the ASK chatbot. (hereinafter referred to as ‘Services’).
We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the above-mentioned services. This statement describes how and for what purpose your data is collected and used and what options you have in connection with personal data. By using these services, you consent to the collection, use and transfer of your data in accordance with this privacy policy.
1. RESPONSIBLE BODY
The controller for the collection, processing and use of your personal data within the meaning of the GDPR is
reelport GmbH
Leipziger Str. 49
10117 Berlin
Germany
Tel: +49 (0) 15510801613
Data Protection Officer: Tilman Scheel
E-Mail: info@aboutsomethink.org
Duisburg Local Court
Commercial register number HRB: 17822
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can address your objection to the controller named above.
You can save and print out this privacy policy at any time.
2. GENERAL USE OF THE WEBSITE
2.1 Access data
Our provider collects information about you for us when you use this website. We automatically collect information about your usage behaviour and your interaction with us and register data about your computer or mobile device. We collect, store and use data about every access to our online offering (so-called server log files).
The access data includes
- Name and URL of the retrieved file,
- Date and time of access,
- amount of data transferred,
- Notification of successful retrieval (HTTP response code),
- Browser type and browser version,
- operating system,
- Referrer URL (i.e. the previously visited page),
- IP address
- and the requesting provider.
We use this log data without allocation to your person or other profiling
- for statistical evaluations for the purpose of the operation, security and optimisation of our online offer,
- but also to anonymously record the number of visitors to our website
- as well as the extent and type of use of our website and services,
- as well as for billing purposes to measure the number of clicks received from co-operation partners.
Based on this information, we can search for and rectify errors and improve our services.
We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services. We delete the IP address when it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our services.
2.2 E-mail contact
If you contact us (e.g. by e-mail), we will store your details for the purpose of processing your enquiry and in the event that follow-up questions arise. We only store and use other personal data if you consent to this or if this is legally permissible without special consent.
2.3 Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc (‘Google’). Google Analytics uses ‘cookies’, which are text files placed on your computer or mobile device, to help the website analyse how users use the service. The information generated by the cookie about the use of these services by site visitors is usually transmitted to a Google server in the USA and stored there.
However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymisation is active on this service. Google will use this information on our behalf to analyse your use of the services, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
If you do not want your website activities to be available to Google Analytics and the data generated by the cookie and relating to your use of the services (including your IP address) to be collected and processed by Google Analytics, you can install the browser add-on to deactivate Google Analytics. This prevents activity data from being shared with Google Analytics via the JavaScript executed on websites (gtag.js, ga.js, analytics.js and dc.js).
http://tools.google.com/dlpage/gaoptout?hl=de
You can find more information on data protection by Google Analytics and the use of data by Google here:
https://www.google.com/intl/de/policies/privacy/partners/
In order to record IP addresses anonymously (so-called IP masking), Google Analytics has been extended within our service by the code ‘gat._anonymizeIp’.
2.4 Legal basis and storage period
The legal basis for data processing in accordance with the above paragraphs is Article 6(1)(f) GDPR. Our interests in data processing are, in particular, to ensure the operation and security of the website, to analyse the way in which visitors use the website and to simplify the use of the website. Unless specifically stated, we only store personal data for as long as is necessary to fulfil the purposes pursued.
2.5 Registration
Our service offers users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data is not passed on to third parties.
The following data is collected as part of the registration process:
Name, surname
password
email address
Profession / position
Institution / organisation in which you work
The following data is also stored at the time of registration:
- The IP address of the user
- Date and time of registration
As part of the registration process, the user’s consent to the processing of this data is obtained.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. User registration is required for the provision of certain content and services on our service.
- Forum members can remain logged in
- Creation of an avatar for recognition in the forum
- Overview of previously written comments in the forum
The data will not be passed on to third parties. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our service is cancelled or modified. As a user, you have the option of cancelling your registration at any time. You can have the data stored about you amended at any time.
2.6 Newsletter
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us.
This is the following data:
- First name
- e-mail address
- IP address of the accessing computer
- Date and time of registration
Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.
No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent. The purpose of collecting the user’s email address is to send the newsletter. The purpose of collecting the user’s email address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used. The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user’s email address is therefore stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is generally deleted after a period of seven days. The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to revoke consent to the storage of personal data collected during the registration process. As a user, you have the option of cancelling your registration at any time. You can have the data stored about you amended at any time.
3. YOUR RIGHTS AS A DATA SUBJECT AFFECTED BY DATA PROCESSING
If you would like to assert these rights, please send your request by e-mail or post, clearly identifying yourself, to the address given in section 1. Below you will find an overview of your rights.
3.1 Right to confirmation and information
You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information from us free of charge about the personal data stored about you, together with a copy of this data. You also have the right to the following information:
- the purposes of processing;
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority;
- if the personal data are not collected from you, all available information about the origin of the data
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
3.2 Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
3.3 Right to erasure (‘right to be forgotten’)
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- The personal data have been processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If we have made the personal data public and we are obliged to delete it in accordance with Art. 17 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.
3.4 Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or
- you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our company override yours.
3.5 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where
- the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
3.6 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
3.7 Automated decisions including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
3.8 Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time.
3.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
4. DATA SECURITY
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. Your personal data is transmitted to us in encrypted form. This also applies to the customer login. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
5. AUTOMATED DECISION-MAKING
Automated decision-making based on the personal data collected does not take place.
6. DISCLOSURE OF DATA TO THIRD PARTIES, NO DATA TRANSFER TO NON-EU COUNTRIES
In principle, we only use your personal data within our company. If and insofar as we involve third parties in the fulfilment of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing (‘order processing’), we contractually oblige order processors to use personal data only in accordance with the requirements of data protection laws and to guarantee the protection of the rights of the data subject.
Data transfer to bodies or persons outside the EU outside the cases mentioned in this declaration in points 2.3 and 7 ff. does not take place and is not planned.
entsprechende Leistung erforderlich ist.
Für den Fall, dass wir bestimmte Teile der Datenverarbeitung auslagern („Auftragsverarbeitung“), verpflichten wir Auftragsverarbeiter vertraglich dazu, personenbezogene Daten nur im Einklang mit den Anforderungen der Datenschutzgesetze zu verwenden und den Schutz der Rechte der betroffenen Person zu gewährleisten.
Eine Datenübertragung an Stellen oder Personen außerhalb der EU außerhalb der in dieser Erklärung in Punkt 2.3 und 7. ff. genannten Fällen findet nicht statt und ist nicht geplant.
7. SPECIAL PROVISIONS FOR THE ASK CHATBOT
We provide companies and institutions (hereinafter referred to as ‘customers’) with the chatbot ‘ASK’ for use. The chatbot is a computer programme that simulates a conversation.
7.1 How the chatbot works
When you call up the chatbot, you will be forwarded from the customer service to our chatbot. No personal data is transferred to us during the forwarding process. We only receive the data mentioned in section 2.1.
After calling up the chatbot, you will be greeted by a customer-specific greeting. You can then make enquiries about the respective customer’s offer in the input field and have a conversation about the customer’s content.
The requests you make are converted into vectors by the so-called Embedding API of OpenAI. A vector is a numerical representation of a natural language text. This vector is compared in a vector database operated by us in Germany with the vectors determined from the user’s content (e.g. books, magazines or information about pieces of music). Vectors of content that are similar to the vector of the search query are in turn transmitted to OpenAI together with the search query via an API. OpenAI then generates a natural language response based on these vectors, which is subsequently displayed in the chat.
We do not use data from conversations to train language models or other AI applications.
7.2 No processing of personal data
You will not be asked to enter any personal data at any time. We ask you not to use any personal data in the course of the conversation. The chatbot is programmed in such a way that it refuses to use personal data.
7.3 Encryption of the data
When communicating with third-party providers such as Open AI, all data is encrypted via HTTPS.
7.4 Forwarding the data to OpenAI
Your input into the chatbot is first forwarded to OpenAI for the creation of vectors. The processing of the data by OpenAI both in the creation of the vectors and in the generation of natural language text takes place on the basis of order processing and follows the rules of OpenAI listed here.
https://openai.com/policies/data-processing-addendum/
7.5 Contacting us
If you have any questions regarding data protection by us or by the services commissioned by us, please contact the contact named in Section 1.