last update on 14.02.2020
As a political dialogue platform, we have a high responsibility in dealing with your particularly sensitive data on political attitudes and opinions. We want to explain to you openly and comprehensibly which data we collect and how we handle it securely. This fulfils our duty to provide information when collecting personal data at openPetition in accordance with Article 13 of the General Data Protection Regulation (GDPR).
Server in Germany and encrypted transmission
Your data is stored on servers in ISO/IEC 27001 certified data centers in Germany. The data transfer to our servers is encrypted with SSL throughout.
What personal information do we collect?
- name, address
- Age (only in Austria)
- Telephone number (if specified)
- E-mail address (if specified)
- Profile picture (if specified)
- "About me" text (if specified)
- Representative of an organization (if specified)
- Language, determined from the browser language or the set language
- IP address
- launched petitions
- Widgets created for a petition
- Signed petitions related to a region and category
- Comments, urgency and concern for signatories (if specified)
- Debate contributions, assessments of debate contributions
- Mandates are created by the user and verified by openPetition or researched directly by openPetition.
- Statements for public elected representatives
- Salutation (for elected representatives, if indicated)
- Transparency declaration for public elected representatives (if indicated)
- User linking for surveys, so that each user can only participate once
How do we use your data?
- We use your address to determine the assigned administrative levels and constituencies at all levels.
- We use age (only in Austria) to ensure petitioners and supporters meet the minimum age requirement
- We use your address to recommend petitions from the administrative levels assigned to you.
- We use the category of your last signed petition to recommend petitions with similar topics.
- We represent public signatures with name, place and country.
- We show the distribution of signatures on geographical maps with the maximum resolution of the postal code districts.
- We show you signatures of neighbours in your area who have signed the same petition. Via a contact form we enable networking among each other. The e-mail address of the recipient of a message is hidden from the sender. The e-mail address of the sender of a message is visible to the recipient.
- We allow the petitioner to contact his supporters via our platform (if you have agreed).
- We will send you recommendations of petitions (if you have agreed) signed in your neighbourhood.
- We will send you newsletters about the work of openPetition (if you have agreed).
- We occasionally send you petition recommendations (if you have agreed) from our openPetition minority shareholder Campact e.V., which financially supports us.
- We may occasionally send you petition recommendations from cooperating partner NGOs (if you have agreed). The increased reach of the petitions will be charged to the partner NGOs.
- We enable the petitioner to generate and download signature lists with all signatures and collective forms.
Who can see what of your data and for how long?
- Petent: The petitioner must provide the full name, address and a valid e-mail address. Only the name and location of the petitioner is publicly visible on the website and to search engines. One year after the petition is closed, the name of the petitioner will be made anonymous on the website.
- Supporters: As a supporter of a petition by a signature, the full name and full address must be provided. In order to stay informed about the petition, the specification of a valid e-mail address is required. If a pro or a contra argument is created for the petition debating room, the supporter must enter a valid email address. Supporters of public signatures only show the name and location of the website. Three days after signing, the last name for search engines is shortened to one letter. Six months after the end of the subscription, the data of supporters are no longer publicly available. Five years after completing the petition, the signatures will be deleted.
- Supporters of non-public signatures are at no time publicly visible on the website or to search engines.
- Petitioners and Petitionsempfänger see from all supporter data, including non-public signatures the name, the age (only in Austria), the zip code, the city and a reduced to 4 characters street and house number and possibly the comment
- Signature lists and questionnaires may not be forwarded by the petitioner, except to the petitioner, to anyone.
- After the petition has been handed over, the petitioner is obliged to destroy all signature data made available to him in digital or printed form.
- After the decision on a petition request, the petitioner is obliged to destroy all signature data made available to him digitally or in printed form.
- Cooperating partner NGOs that collect signatures on their own page using the openPetition widget can export their signature data and contact you directly (if you have agreed). We have no influence over the frequency and content with which the cooperating partner NGO contacts you.
- Profile pictures and profiles of mandate holders are publicly visible on the website and to search engines.
- Statements are publicly visible on the website and to search engines with the name of the mandate holder, the name of the political group/party and the time of the statement or the last processing of the statement.
- Profile pictures and profiles of petitioners are visible to the public on the website and not visible to search engines.
- Profile pictures and profiles of supporters are visible on the website through a hidden link. Profiles are never visible to search engines.
- Comments from supporters of public signatures are visible with name and location on the website, but not to search engines.
- Comments from supporters of non-public signatures are only visible with the location on the website, but not to search engines.
How can you determine your data?
- If you have entered an e-mail address, you can have a confirmation link sent to you. Confirm your email address and you will become a confirmed supporter.
- You will be recognized as a confirmed supporter by a cookie. You can enter a password to log in to openPetition at any time.
- As a confirmed supporter, you can edit the visibility of your signatures or revoke your signature during the subscription period.
- You can register at any time with your signature email to be able to process your signature.
- As a confirmed supporter or registered user you can edit your profile.
- As a confirmed supporter or registered user, you can edit your notification settings.
- As a petitioner, you can transfer your petition to a new spokesperson (see FAQ).
- As a mandate holder, you can edit your mandates and resign prematurely if necessary.
- As a mandate holder, you can take on mandates already created by openPetition or proposed by users after you have verified yourself to openPetition as a mandate holder.
No spying on other people's e-mail addresses
With openPetition it is not possible to determine whether the owner of this e-mail address has an account on openPetition or has signed a petition by entering a different e-mail address.
openPetition only sends newsletters and other e-mails to people who have actively agreed to receive them. We check every stored e-mail address by a so-called double opt-in procedure. We will send you a confirmation e-mail. Only after you have activated the confirmation link contained therein will we use the e-mail address for further communication with you. In this way we effectively ensure that we do not send unsolicited e-mails to people.
Users have the opportunity to recommend petitions to friends by e-mail. As a recipient you will only ever receive the first recommendation mail for each petition.
The recipient can permanently block the further receipt of recommendation mails for all petitions by means of a unsubscribe link in the recommendation mail.
The social media buttons on openPetition are simple share links or links to the openPetiton pages of the respective portal.
However, it is possible to associate information with you if you are signed in to YouTube or another Google service. If you don't want to, please sign out of your Google Account before clicking an embedded video to play.
Cookies are small files that are stored on a visitor's hard drive. They allow information to be held for a certain period of time and to identify the visitor's computer. For better user guidance we use permanent cookies. We also use session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies.
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Google Chrome: https://support.google.com/chrome/answer/95647
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
For local caching of form input, openPetition uses the local storage of your web browser. The form entries are protected in the local storage against accidental deletion until the form is sent or you log off.
Matomo (formerly Piwik)
Our website uses the Matomo web analysis service, which openPetition uses to analyze the use of the website. With the help of cookies general usage information is transmitted to our server. No personal usage behavior is saved. Your IP address will be anonymized. You can also object to the storage of general usage information:
Storing the IP address
For reasons of legal security, the IP address of the visitor in combination with the date and time is stored whenever he or she participates in the content of openPetition. As a rule, the visitor's Internet provider can be inferred from the IP address. The identity of the connection owner can be inferred from the Internet provider at any time. In accordance with the German Data Storage Act (Vorratsdatenspeichergesetz, VDS), connection holders can be identified retroactively on the basis of their IP address for up to 10 weeks.
duty to give information
According to §14 paragraph 2 TMG, we will provide information on personal data in individual cases by order of the responsible authorities, insofar as this is necessary for the purposes of criminal prosecution, for the prevention of danger by the police authorities of the Länder, for the fulfilment of the legal tasks of the Federal and State Office for the Protection of the Constitution, the Federal Intelligence Service or the Military Counter-Intelligence Service or for the enforcement of intellectual property rights.
Every time you visit the openPetition platform or pages containing an openPetition banner or petition widget, visitor browser information is automatically forwarded to us. This includes information on browser type, operating system, IP address, time and the last previously visited page (referrer). With openPetition, this data is not assigned to specific persons. The log files are statistically evaluated and help to ensure error-free operation of the pages.
For our online donation option we use the FundraisingBox service. FundraisingBox guarantees complete data protection and legally compliant data storage. FundraisingBox takes over the payment processing for us. The data of the donation transactions are transmitted securely encrypted via SSL at any time and stored in European data centers. Further information on data protection at FundrainsingBox can be found here: https://www.fundraisingbox.com/datenschutz.
We operate an official Facebook page under the URL https://www.facebook.com/openPetition on the basis of Art. 6 para. 1 lit. f GDPR. We do not collect, store or process personal data of our users on this site at any time. Furthermore, no other data processing is carried out or initiated by us. The data you enter on our Facebook page, such as comments, videos or pictures, will never be used or processed by us for any other purpose.
Facebook uses so-called web tracking methods on this page. Please be aware that Facebook may use your profile information to evaluate your habits, personal relationships or preferences. We have no influence on the processing of your data by Facebook.
Twitter company page
We operate under the URL https://twitter.com/oPetition an official Twitter page on the basis of Art. 6 Abs. 1 lit. f GDPR. We do not collect, store or process personal data of our users on this site at any time. Furthermore, no other data processing is carried out or initiated by us. The tweets you enter on Twitter will be published by Twitter and will never be used or processed by us for any other purpose.
Twitter uses so-called web tracking methods on this site. Please be aware that Twitter may use your profile information to evaluate your habits, personal relationships or preferences. We have no influence on the processing of your data through Twitter.
Your rights as a user
right to information: You have the right to request confirmation as to whether personal data concerning you are being processed; if this is the case, you have a right of access to this personal data and to the information specified in Article 15 of the GDPR. Start data inquiry
Right to correction: You have the right to immediately request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.
Right of deletion: You have the right to request that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies in detail, for example if the data are no longer required for the purposes pursued. Delete openPetition account
Right to limitation of processing: You have the right to request a restriction on processing for the duration of any examination if one of the conditions listed in Art. 18 GDPR is met, for example, if you have filed an objection to the processing.
Right to data transferability: In certain cases, which are detailed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transmission of this data to a third party.
Right of objection: If data are collected on the basis of Art. 6 para. 1 lit. f (data processing to protect legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons worthy of protection for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. Revoke a given consent
Right of appeal to a supervisory authority: According to Art. 77 GDPR, you have the right of appeal to a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The responsible supervisory authority for data protection issues is the Berliner Beauftragter für Datenschutz und Informationsfreiheit.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that the processing is necessary for the performance of a task in the public interest or in the exercise of official authority, which has been entrusted to the controller, Art. 6 para. 1 lit. e DSGVO as legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
This data protection declaration applies to all content on our pages openPetition.de and openPetition.eu. It does not include the websites linked on our site.
New technical developments and developments on the Internet make adjustments or additions to the openPetition data protection declaration necessary from time to time. You will be informed about the new features at this point.
Responsible body is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data.
Responsible for data processing on this website is:
Haus der Demokratie und Menschenrechte
Greifswalder Str. 4
Geschäftsführer Jörg Mitzlaff
Haus der Demokratie und Menschenrechte
Greifswalder Str. 4
If you want to exercise your rights as a user or have further questions about data protection at openPetition, please contact us at the e-mail address firstname.lastname@example.org