Data Protection Policy

Version 2.3 of 13 January 2023

The protection of your personal data is very important to us. In accordance with the relevant data protection regulations we inform you in the following about the collection, processing and use of your data in the context of our


Website

Within the use of the website www.algorithmwatch.org, we - AW AlgorithmWatch gGmbH – as the data controller (hereinafter also referred to as “we” or “us”), collect and store the data you provided as long and so far this is necessary to fulfil the specified purposes and legal obligations. In the following, we will inform you about what data is involved, how the data is processed and what rights you have, especially in regard of the General Data Protection Regulation (EU) 2016/679 (GDPR).

Collection and processing of personal data and their purposes

Webhosting

For the provision of this website, we use the web hosting service manitu GmbH, Welvertstraße 2, 66606 St. Wendel, Germany. (hereinafter “Manitu”).

The offer if the website requires the commissioning of a webhost service.

The legal foundation for utilization of wservices is Art. 6 Subs. 1 Sentence 1 lit. f GDPR due to our legitimate economic interest to make our offer available on this website. In connection with the hosting wservices collects data in our behalf, which accrues while the use of the website.

We have concluded a data processing agreement with web hosting wservices. Through this agreement the service provider ensures, that he processes the data in accordance with the General Data Protection Regulation and ensures the protection of the data subject rights.

When visiting the website

You can access the website www.algorithmwatch.org without disclosing your identity. The browser on your end device automatically sends information to our website server (e.g. IP address of the querying computer, date and time of the access, name and URL of the accessed file, browser type and version and also further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.).

This information, which also includes your ip-address, is temporarily stored in a log file. The following information is collected without any action on your part and deleted automatically after 1 month.

We process these data to ensure trouble-free connection to the website, comfortable use of our website, for evaluating system security and stability and also for further administrative purposes.

The legal foundation for the data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest follows from the above purposes for the data collection.

Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

Improvement of our offering using visit statistics

To improve our online services, we occasionally evaluate how the site is used.

For this purpose, we create visitor statistics by using the web analytics software Matomo (formerly Piwik). In doing so we don’t collect personal data.

Matomo saves two anonymized identification numbers in your browser (HTTP cookies), in order to differentiate between the different website users. In this context your IP address is used for the analysis, while being shortened in a manner that makes it impossible to link it to you.

You have two options, should you not agree to us using your visits of our website in order to create these statistics:

Comment function and spam protection

If you choose to use the comment function at the end of articles, we will collect the data on the commenting users name or used nickname, the email address, the website if applicable as well as the IP address. This data is stored with the comment. The processing of data in the course of publishing online comments and user reactions is justified because it is in our legitimate interest to partake in an opinion and information exchange pursuant to Article 6 (1) lit. f GDPR. To prevent the misuse of this function we use the plug-in Aksimet which is used to detect comments containing spam.

Youtube

With consent pursuant to the first sentence of Article 6 (1) lit f) GDPR, we use components (videos) of YouTube, LLC, 901 Cherry Avenue, 94066 San Bruno, CA (USA) (hereinafter referred to as ‘YouTube’), a company of Google Inc., Amphitheatre Parkway, 94043 Mountain View (USA), (hereinafter referred to as ‘Google’).

We use the ‘extended data protection mode’ option provided by YouTube.

Upon requesting an Internet page with embedded video, our website connects to the YouTube servers and renders the content on the Internet page using your browser.

According to the information provided by YouTube, in the ‘extended data protection mode’, your data will be transferred to the US YouTube servers only while you watch the video. The transferred data include the Internet page you just viewed and device-specific data including your IP address. By clicking ‘run’ on the video you agree to this transfer.

Should you be logged into your YouTube account at the same time, YouTube will associate these collected data with your member account. You may prevent this by logging out of your YouTube account prior to visiting our website.

Google complies with the data protection regulation of the US Privacy Shield and is registered with the US Privacy Shield Program of the US Department of Commerce.

Data security

All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognize a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the ad-dress bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continually monitored and improved to reflect technological developments.

Data subject rights

Please see below.


Newsletter subscription

AlgorithmWatch offers several newsletters that users can subscribe to. For all subscribers to these newsletters, the following privacy policy applies.

With your subscription of the newsletter, we store your e-mail address, IP address, the date of registration, and, if provided, your first and last name, as well as your organization. For the registration process, we use the so-called Double-Opt-In procedure in order to prevent fraud by using a confirmation e-mail, thereby making sure that you really want to be contacted by us.

We analyse your use of the newsletter for purposes of the design of future newsletters as well as for personalisation and personalized targeting purposes. In particular, we use link and opening tracking. However, other techniques may also be used that either store information on your end device or access information stored on it in connection with the analysis. Finally, we may also use information from our other projects - e.g. DataSkop - for personalisation purposes, in which case we will inform you separately.

We store your personal data until you withdraw your consent to receive the newsletter or object to the processing.

We use the service Mailjet provided by Mailgun Technologies, Inc. (Mailgun) for emailing and contact management services. If you subscribe to a newsletter, your data is processed on Mailgun's servers based on our instructions (Art. 28 DSGVO). Insofar as data is processed by Mailgun or Mailgun's subprocessors outside the EU/EEA and there is no adequate level of data protection corresponding to the EU standard, we have also concluded standard contractual clauses (available at: https://www.mailjet.com/legal/dpa/) of the European Union as appropriate guarantees and to establish an appropriate level of data protection with Mailgun.

The legal ground for the collection and processing of this data is Article 6.1 (a) GDPR and, insofar as information is stored or accessed on your terminal device for analysis purposes, additionally on the basis of Sec. 25 para. 2 no. 2 TTDSG. Your data is being solely used for the distribution of the newsletters and only based on what you have given consent to. The date of your registration is collected exclusively for documenting your registration to the newsletter. Insofar as you were already a subscriber prior to the introduction of personalisation, the legal basis for this is Article 6.1 (f) GDPR, whereby our legitimate interest lies in the purpose of the processing. Subscribers can subscribe or unsubscribe themselves, without any intervention from AlgorithmWatch, at any time via the “unsubscribe“ link in each newsletter, or via e-mail to newsletter@algorithmwatch.org. By unsubscribing, they withdraw their consent or object to any of the processing mentioned above.


Participation in surveys

We occasionally conduct surveys on our website. If you participate in a survey, we process the data you provide on the basis of our legitimate interests in conducting the survey and analysing the results accordingly (Art. 6 (1) (f) GDPR). The survey is analysed anonymously, i.e. no personal data is stored permanently.

If you, as part of the survey, voluntarily provide us with your email address, we will process your data so that we can keep you informed about the survey and the results. We will also inform you by email about projects, events or other news related to the survey.

We analyse your use of the newsletter in order to design it according to your needs and to be able to target and personalise it for specific audiences. In particular, we use link tracking and opening tracking. However, other technologies may also be used that either store information on your end device or access information stored on it in connection with the analysis. We use the Mailjet programme from Mailgun Technologies, Inc. (Mailgun) to send and create the newsletter and to manage subscriptions.

If you subscribe to our newsletter, Mailgun will act as processor of the aforementioned data (Art. 28 GDPR). Insofar as data is processed by Mailgun or Mailgun's processors outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have also concluded the valid standard contractual clauses (available at: https://www.mailjet.com/legal/dpa/) of the European Union as suitable guarantees and to establish an appropriate level of data protection with Mailgun as part of our processing agreement.

The processing is carried out on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR and - insofar as information is stored or accessed on your end device for analysis purposes - additionally on the basis of § 25 para. 2 no. 2 TTDSG. We collect the date of registration in order to document the registration for the newsletter.

You can revoke your consent to the processing of your personal data and its use for sending, analysing and personalising the newsletter at any time. The cancellation or objection can be made via an "unsubscribe" link in each newsletter itself, or by email to us.

Your data will be processed for this purpose until either the survey and all activities associated with the project are completed or you withdraw your consent.


Donations

You can support AlgorithmWatch by donating via direct bank transfer or via the donation widget on the website. To do this, you need to provide standart personal data.

When using the donation widget, data is transmitted to a service provider exclusively for the purpose of processing the donation. We’re using the donation widget by twingle GmbH, Prinzenallee 74, 13357 Berlin, who we have commited to a data processing agreement in accordance with the GDPR. twingle GmbH provides the technical platform for the donation process through this widget. The data you enter when making a donation (e.g. address, bank details, etc.) are stored by twingle on servers in Germany solely for the purpose of processing the donation.

In order to issue and send donation receipts, name, e-mail address, address, account information such as IBAN and name of the bank, the total amount, the date, and the type of donation are stored. We use the data exclusively to issue the donation receipt. If an unsolicited donation receipt is desired in subsequent years, the data will continue to be stored for this purpose.

According to §147 of the German Fiscal Code (Abgabenordnung), AlgorithmWatch is obliged to keep accounting records for ten years (after the end of the calendar year in which the last donation was made). For this purpose, we store account statements that contain the sender as well as the amount and date of donation transfers. The accounting data is deleted as soon as the statutory term of ten years has been reached.

It is not possible to object to the storage of accounting data for the purpose of fulfilling the obligation to keep records in accordance with §147 of the German Fiscal Code (Abgabenordnung).

Consent to data processing for the purpose of donation certification and donation processing via twingle can be revoked at any time. A revocation has no effect on the validity of data processing procedures in the past.


Signature Collection via the Open Petition Widget

This website uses the petitions' form of openPetition gGmbH, Greifswalder Str. 4, 10405 Berlin. openPetition gGmbH provides a technical platform for the collection of petitions' signatures. In order to guarantee for the validity of the petition, your personal data when signing the petition (e.g. name, address, comments) will be saved on German servers and processed by openPetition. With every page view of the petition, browser information (e.g. type of browser, operating system, IP-address, time and referrer) will be saved and processed. Logfiles will be statistically evaluated and help maintaining a fault-free operation of the websites. The data protection regulations of openPetition apply.

Signature collection via "ECI signing widget"

The widget is used to allow interested parties to sign the European Citizens' Initiative (ECI) directly on our website. The widget is currently embedded on the following pages of this website: Reclaim Your Face – A European Citizens Initiative to ban biometric mass surveillance

For ECI “signatories” (people officially signing the ECI via the first step of the widget):

For campaign “supporters” (people signing up for the EDRi newsletter and our newsletter in order to be kept informed about the ECI and the wider campaign, via the second part of the widget):

1 Note I: if you would like to specify what this will be for a particular country, you can find the full list here: https://europa.eu/citizens-initiative/data-requirements_en
Note II: as we are using our own signature collection system, there will not be any option for anyone from any country to sign with their eID.


Events

By registering online to attend an event of AlgorithmWatch, you consent to the collection, retention and use of your personal information in accordance with the terms of this policy.

Processing of your data

When you register for an event, we require certain data from you, depending on the type of event. The invitation or registration form indicates which information is required and which is voluntary. Your data will not be passed on to third parties, except service operators listed below. Any exceptions (e.g. at cooperation events with partners) will be clearly communicated during the registration.

We may use your personal data only for the following purposes:

Your data will not be used by us for automated decision-making or for profiling within the meaning of Art. 22 GDPR.

Access to your data at AW is limited to

Voluntary disclosure of your data

The provision of your personal data is not mandatory and we try to strictly limit the processing of your personal information. However, we cannot accept your registration without stating the data indicated as required in the registration form of the respective event. If you do not provide us or our cooperation partner with proof of your identity at the entrance if requested, you will not be able to enter the event.

If you have any questions or comments, please contact events@algorithmwatch.org.

Data subject rights

Please see below.


Job and fellowship applications

Thank you for your interest in our job vacancies. The protection of your personal application data is very important to us. Therefore we inform you in the following about the collection, processing and use of your data in the context of the email application, in accordance with the relevant data protection regulations.

Data collection

In the context of your email application, we will collect and process the personal application data listed below:

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily disclosed in the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data or ethnic background).

Purpose of data collection / dissemination

The collection and processing of your personal application data is carried out exclusively for the purpose of filling positions within our organisation.

As a matter of principle, your data will only be forwarded to the employees* of our organisation responsible for the specific application procedure. Your application data will not be used or passed on to third parties beyond this.

Retention period of application data

Your personal application data will be deleted automatically six months after completion of the application process, except in the case of a justified revocation, so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act.

Storage for future job advertisements

If we are unable to offer you a position that is currently vacant, but believe, on the basis of your profile, that your application may be of interest for future openings, we will store your personal application data in our talent pool for a period of twenty-four months, provided that you expressly consent to such storage and use.

Data subject rights

Please see below.


Data subject rights

You have the right:

If you want to exercise your data subject rights, simply send an email to privacy(at)algorithmwatch.org

Right to object

You have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, insofar as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.

Data controller

Postal address of the data controller:

AW AlgorithmWatch gGmbH
Linienstraße 13
10178 Berlin
Germany
If you want to exercise your right to object, simply send an email to privacy(at)algorithmwatch.org

Corrections

AlgorithmWatch will endeavour to keep your personal information accurate. If you require access to personal information we hold on you, wish to amend an inaccuracy, or have your information deleted from our files then please contact our data protection officer Kathleen Georgi at dpo(at)algorithmwatch.org.

Actuality and changes to this Data Protection Policy

This data protection policy is the latest version and amended as of 15 March 2019.

The further development of our website and online services or changes in statutory or public-authority requirements may render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under https://algorithmwatch.org/en/privacy/

Questions

If you have any questions regarding our Data Protection Policy or require any clarifications, please contact us:

Sign up for our Community Newsletter

For more detailed information, please refer to our privacy policy.