I. Responsible entity (controller)
The controller within the meaning of article 4 (7) GDPR is:
II. Contactability of the public data protection officer
If you have questions as to whether the City of Düsseldorf (the state capital) processes your data in accordance with data protection law, please direct them to the Düsseldorf public data protection officer: Datenschutzbeauftragten der Landeshauptstadt Düsseldorf, Dezernat 07/1, D-40200 Düsseldorf, telephone 0211-8991, email firstname.lastname@example.org.
Alternatively - and for general questions about data protection - you can also contact the state commissioner for data protection and freedom of information at Kavalleriestrasse 2-4, 40213 Düsseldorf, telephone +49211-384240, email email@example.com.
III. General information about data processing
We process the personal data of our users only to the extent necessary for the presentation both of a serviceable website and of our contents and services. Thereafter the data are deleted at once. They are treated in strict confidence by the City of Düsseldorf and the partner engaged for technical processes, the ITK Rheinland special-purpose association (www.itk-rheinland.de). Please take note of the special advice on data protection featured in some of the e-government offers on the pages of our website. You would also do well to bear in mind that if you transmit data on the internet in unencrypted form it is possible that third parties may gain access to or doctor the data. Data using the online processes and forms which are offered at www.duesseldorf.de are therefore as a basic rule exchanged in encrypted form (HTTPS/SSL), which means they are protected against unauthorised access and tampering. Confidential data should never be sent by unencrypted email. Further information on this can be found in the general conditions for electronic communication with the City of Düsseldorf.
If you use the forms offered on our website, they will be furnished with a transport encryption (SSL encrypted) and so they will be transported to us in perfect safety. As we use the services of Form-Solutions e.K., Karlsruhe (www.form-solutions.de) for such official forms, the forms are stored there briefly and temporarily for processing purposes.
Your personal data are processed either on the basis of either a provision of statute law or your personal consent. The relevant statutory provisions are listed in article 6 (1) GDPR. The law allows processing if it serves the purpose of enabling the City of Düsseldorf to perform its tasks; in which case the legal basis is either the general data protection law stated in article 6 (1) GDPR in conjunction with section 3 of the data protection act (DSG) of the state of North Rhine Westphalia or a statutory provision covering a specific area. Your consent can also represent a solid basis for the data processing.
Data are erased as soon as they are no longer necessary for the achievement of the purpose for which they were collected. That is what happens, at the end of a visit to our website, to data collected so as to enable you to access it. Where the data are stored in the webserver's logfiles, they are erased after seven days at the latest.
IV. Provision of the website and creation of logfiles
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. In the process the following data are collected:
- Information about the browser type and the version used
- The user's operating system
- The user's internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user's system has reached our website
- Websites accessed by the user's system via our website.
The data are also stored in our system's logfiles. These data are not stored together with other personal data of the user.
The legal basis for the temporary storage of the data and the logfiles is article 6 (1) e) GDPR.
The temporary storage of the IP address by the system is necessary in order to make it possible for the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the visit. The logfiles are stored for the purpose of ensuring the website's operational capability. The data also help us to optimise the website and ensure the safety of our IT systems. In this connection there is no analysis of the data for marketing purposes. The purposes served here also include data processing in the public interest as set forth in article 6 (1) e) GDPR.
The collection of data to make the website available and the storage of the data in logfiles are absolutely essential for the operation of the website. In this instance, therefore, it is not possible for the user to object.
The City of Düsseldorf uses so-called session cookies on its website in order to optimise its use every time it is accessed. Session cookies are small information units which a provider places in the RAM of the user's computer, in order to enhance user friendliness by making it easier to return to the page. A unique identification number created at random, a so-called session ID, is stored in a session cookie. A cookie also contains information on its origin and the storage duration.
Technical programs such as etracker, PIWIK, Google Analytics, which serve the purpose of recording and analysing the user's patterns of use, are in cases where they are used, described in the separate privacy policies of the departments concerned. Data are collected and stored on these websites for analysis and optimising purposes. On that basis usage profiles can be created under a pseudonym. An objection can be filed at any time to the collection and storage of data with effect for the future.
The email address is processed for one reason only: to send the subscriber the newsletter. The said service provider can use the recipient's data - under a pseudonym, i.e. without attribution to a specific user - to optimise or improve its own services, e.g. for the technical optimising of the dispatch and presentation of the newsletter or for statistical purposes. The service provider does not however use the following data of the recipients of our newsletter in order to make contact with them or pass on the data to third parties:
- IP address of accessing computer
- Date and time of registration.
The data are erased as soon as they are no longer needed to achieve the purpose for which they were collected. The user's email address is therefore stored for as long as the subscription to the news letter is effective. The subscription can be terminated at any time by the user concerned. Every news letter has a link for that specific purpose. Such termination also entails withdrawal of the consent given to the storage of the personal data that were collected during the registration process.
VII. Rights of person affected (data subject)
According to the GDPR the data subject has, in general terms, the following rights in relation to the processing of personal data:
- Right to information, article 15 GDPR
Data subjects (i.e. you) have the right to obtain information on their personal data processed at the City of Düsseldorf and in particular about the purpose of the processing and the duration of the storage of the data.
- Right to rectification, article 16 GDPR
This right comprises having inaccurate personal data rectified or having incomplete personal data completed.
- Right to erasure, article 17 GDPR
Data subjects have the right to have personal data erased by the City of Düsseldorf as the entity responsible for the processing. Data may be erased where use for the purpose intended is no longer necessary, the consent given has been withdrawn or the personal data have been unlawfully processed. The request for erasure must not be in conflict with any of the legal grounds stated in article 17 (3) GDPR.
- Right to restriction of processing, article 18 GDPR
Data subjects have the right to restrict continued processing of personal data where one of the statutory preconditions applies.
- Right to data portability, article 20 GDPR
As provided for in article 20 GDPR, the data subject has the right to receive the personal data concerning him or her from the controller in a structured, commonly used and machine-readable format and the right to transmit those data to another controller.
- Right to object, article 21 GDPR
As provided for in article 21 GDPR, the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of his or her personal data collected by the controller.
- Automated decision in individual cases, including profiling, article 22 GDPR
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, except where one of the exceptions stated in subsection 2 of this provision applies.
- Right to withdraw the consent granted
Where the data processing has the legal basis of consent, the data subject has the right to withdraw at any time the consent he or she has granted.
VIII. Regulatory authority and the right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the following regulatory authority: Landesbeauftragter für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestrasse 2-4, D-40213 Düsseldorf, tel. +49211-384240, email firstname.lastname@example.org. You may exercise this right if you consider that the processing of your personal data infringes the provisions of the GDPR.