Privacy Policy

The technical operator for berlin.de, BerlinOnline GmbH, provides the website and collects browser data (so-called log files).

BerlinOnline GmbH
Stefan-Heym-Platz 1
10367 Berlin

Description and scope of the data processing

Every time a user accesses a page or file on the web portal, data is collected about this process.

This data is:

• Browser type and version
• Operating system used
• Website that referred you to us (referrer URL)
• Website you visit
• Date and time of your visit
• Your Internet Protocol (IP address)
• Amount of data transferred
• Access status (files transferred, file not found, etc.)

Legal basis for the data processing

The legal basis for the processing of the data is the legitimate interest pursuant to Article 6 (1) (f) GDPR. The legitimate interest lies in the secure provision of the website requested by the user. In addition, the purposes listed below also constitute our legitimate interests.

Purpose of the data processing

The data is processed for technical reasons in order to maintain and improve the functionality and operational security of the web portal.

Duration of storage

The data will be deleted after 14 days.

The website may make use of temporary cookies. These are small text files sent by the web server to your computer to store certain information.

Temporary cookies are used only for the session. These cookies are deleted at the end of the session, i.e. when you leave the website or close the browser window.

The legal basis is the legitimate interest pursuant to Article 6(1)(f) GDPR.

The website can also be viewed without cookies being stored. You can deactivate the storage of cookies in your browser settings or set your browser to notify you when a website intends to store a cookie. In this case, you can decide whether or not to accept the cookie. However, for technical reasons it is necessary to allow all temporary cookies in order to use the full functionality of the website.

The web analytics service „Mapp Intelligence“ (formerly „Webtrekk Analytics“) from Webtrekk GmbH is used on the web portal pages.

Mapp Digital
c/o Webtrekk GmbH
Schönhauser Allee 148
10435 Berlin

We would like to point out that Webtrekk GmbH, as the operator of the service, belongs to the Mapp Digital US group of companies based in the USA and that US law may apply. We have been assured that data transfer is excluded (through appropriate technical and organisational measures).

Description and scope of the data processing

Information collected includes operating system, browser, provider, previously visited website (referrer URL), and date and time visited.

The IP address is truncated prior to any processing so that it is anonymised and used only for session identification and geolocation (down to city level). The truncated IP address is then immediately deleted so that the stored data no longer has any personal reference and cannot be linked to the user’s identity, even via the Internet Service Provider.

To protect the privacy of visitors to the site, no personally identifiable information is collected. IP addresses are not logged, nor is any unique visitor information (such as e-mail addresses or names) collected. There is no cross-device tracking, URL parameters are truncated before processing, there is no merging with other data (e.g. demographic data) and the data is not shared with third parties.

The web analytics service also uses cookies to collect data. These are text files that are stored on the visitor’s computer. Mapp Intelligence only uses temporary session cookies that are limited to the duration of the visit. No persistent cookies are used for further recognition of visitors. Reach analysis is therefore exclusively session-based.

The analytical data collected will be stored and processed exclusively in Germany.

Legal basis for the data processing

The legal basis for anonymisation and the associated one-time processing of the IP address is legitimate interest pursuant to Article 6(1)(f) of the GDPR.

Purpose of the data processing

The service collects completely anonymous statistical data about the use of the website and enables us to continually improve the portal and its user-friendliness by evaluating, for example, reach, frequently visited areas and times, visitor flows and user actions.

Duration of storage

The anonymised data will be kept for 4 years.

This service includes videos from the YouTube service on its pages.

Google Ireland Limited,
Gordon House,
Barrow Street,
Dublin 4
Ireland

Description and scope of the data processing

YouTube videos are provided with a preview image to prevent data being sent to Google when you enter the site. You can only see the video content if you have actively consented to the data processing by clicking the „Accept and View“ button. A connection to the Google server is established after you have given your consent. Google also collects, processes and uses information about visitors. The data processed may include IP addresses, browser type, operating system, cookie information and location data.

The purpose and scope of data collection by the service, as well as the further processing and use of your data there, including, without limitation, the retention period or criteria for determining such retention period, and your rights and choices regarding your privacy, can be found in the Google privacy policy.

Google privacy policy: www.google.com/policies/privacy/
Opt out of Google: adssettings.google.com/authenticated

Legal basis for the data processing

Once you have agreed to the display of content by clicking the „Accept and display“ button, you consent to the transfer of your data to Google pursuant to Article 6(1)(1)(a) of the GDPR.

Purpose of the data processing

By using the two-click solution, we can protect your data. The integration of YouTube videos serves to inform members of the public on topics related to the Berlin administration.

Duration of storage

Your consent to view YouTube videos is not saved. When you end your browser session, your consent is deleted, which means that when you return to the pages containing YouTube content, a preview image is displayed and you must give your consent again if you wish to view the content.

Right of objection, removal and revocation

Consent to display the video is valid until the user leaves the embedding page. This does not affect the lawfulness of the processing carried out on the basis of the consent until it is revoked.

Description and scope of the data processing

Legal basis for the data processing

Purpose of the data processing

Duration of storage

Right of objection, removal and revocation

This website uses so-called inline frames („iFrames“). iFrames integrate content from external sites into your own website via a URL. In simple terms, iFrames can be used to display small windows on a specific website in which a completely different website or application is displayed. In order to display the integrated content, the browser data (for a detailed list, see BerlinOnline’s privacy policy - Browser data section) is also sent when the page is accessed. This data is the same data that is transmitted when the URL integrated via iFrame is accessed directly.

iFrame with the Controller’s content

Should the integrated URL or application (for example, a specialised procedure of the state of Berlin, logging onto the Berlin contract awarding platform or the form for requesting certificates from the city’s district councils) fall within the sphere of responsibility of the office responsible for the website or sub-domain concerned (e.g. Berlin.de or a sub-domain), merely viewing the integrated URL shall not constitute extended data processing. In this case, the URL or the application will be directly visible on the web page visited, via the iFrame.

Legal basis for the data processing

The legal basis for this processing is our legitimate interest in the informative and user-friendly operation of the website, pursuant to Article 6(1)(f) of the GDPR.

The information you provide will not be passed on to third parties.

iFrame with third-party content

When an external URL or application is integrated, data processing, i.e. transmission of data to the third party, usually occurs. In this case, the two-click method is used, i.e. you cannot see the external URL or application in the iFrame before you have actively consented to the data processing by clicking the activation button. No data is transmitted to third parties before this button is clicked.

Legal basis for the data processing

Once you have agreed to the display of content by clicking the „Accept and display“ button, you consent to the transfer of your data to the provider of the iFrame pursuant to Article 6(1)(1)(a) of the GDPR.

Duration of storage

Your consent to the display the iFrame is not stored. When you leave the page, your consent will be deleted, which means that when you return to the pages containing iFrames content, they will be marked with two clicks and you must give your consent again if you wish to view the content.

Right of objection, removal and revocation

The consent to display the iFrames is valid until the user leaves the embedding page. This does not affect the lawfulness of the processing carried out on the basis of the consent until it is revoked.

The exact nature of the data that is transferred to each of the iFrames containing third party content - where such content is used - is described below.

You have a right, vis-à-vis the office responsible:

1. To be given information about the processing of your personal data (which also includes information on the purpose of the processing of your data, the recipients of your data and duration of the storage), pursuant to Art. 15 GDPR
2. to rectification of any incorrect personal data (Art. 16 GDPR);
3. to erasure pursuant to Art. 17 GDPR;
4. to restriction of the processing and data portability (Arts. 18 and 20 GDPR); and
5. to object to the processing of your data at any time (Art. 21 GDPR). Should you file an objection, your personal data will no longer be processed. An exception is made if mandatory reasons worthy of protection, which outweigh your interests, exist.

Consent granted by you may be revoked at any time with effect for the future. The lawfulness of the processing that was carried out until the time of the revocation, based on your consent, shall not be affected thereby. In such a case, we may possibly no longer be able to assist you with your concern. The revocation is to be directed to the official Data Protection Officer at the contact address given in Clause II.

In order to preserve any rights mentioned in this clause, any data subject may contact the Data Protection Officer (see Clause II).

In addition, - if you are of the opinion that data protection regulations were not respected when your data was processed - you may contact the competent supervisory authority with a complaint (Art. 77 GDPR). Data subjects may direct their complaint to the authority competent for their place of residence, however basically also to any other data protection supervisory authority. The competent data protection authority is the Berlin Commissioner for Data Protection and Freedom of Information, whom you can contact as follows:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Tel.: +49 30 13889-0
E-mail: mailbox@datenschutz-berlin.de