Privacy Policy City of Bocholt

By visiting our website https://www.bocholt.de, the Bocholt municipal administration provides you with a telemedia service within the meaning of the Telemedia Act. The operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. The following information provides a simple overview of what happens to your personal data when you visit our website or use other administrative services.

I. General information pursuant to Article 13 of the General Data Protection Regulation (GDPR)

1. contact details

1.1 Name and address of the responsible body

Responsible for this website is the

Bocholt City Council
The Mayor
Kaiser-Wilhelm-Str. 52-58
46395 Bocholt

Tel.: 02871/953-0
E-mail: Stadtverwaltungverwaltung(at)bocholt(dot)de
DE-Mail: Stadtverwaltungverwaltung(at)bocholt.de-mail(dot)de
URL: https: //www.bocholt.de

1.2 Name and address of the data protection officer

In accordance with Art. 37 Para. 3, the city administration of Bocholt has appointed a joint official data protection officer who looks after several local authorities. Information on the institution and the data protection officer is as follows

Zweckverband KAAW - Kommunale ADV-Anwendergemeinschaft West
Weberstraße 5
49477 Ibbenbüren
Germany

Mario Könning
Workplace/location: Borken town hall
Phone: +49 (2861) 939409 or +49 (0)5451 5622-751
e-mail: Send e-mail

1.3 Name and address of the data protection supervisory authority

The competent supervisory authority for data protection is the

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf

Telephone: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle(at)ldi.nrw(dot)de

2. your rights as a user

As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. You have the right

• pursuant to Art. 15 GDPR i.V.m. §§ Sections 12, 49 DSG NRW to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details. Please note that your right to information may be restricted or excluded in certain cases in accordance with Section 48 of the State Data Protection Act of North Rhine-Westphalia.
• pursuant to Art. 16 GDPR in conjunction with. § to demand the immediate correction of incorrect data or the completion of your personal data stored by us;
• in accordance with Art. 17 GDPR in conjunction with. § Section 50 (2) DSG NRW to demand the deletion of your personal data stored by us if this is required by law. However, the right to erasure pursuant to Art. 17 (1) and (2) GDPR does not apply if, among other things, the processing of personal data is necessary for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
• pursuant to Art. 18 GDPR in conjunction with. to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you object to the processing of your personal data in accordance with Art. 21 GDPR in conjunction with § 14 DSG NRW. § 14 DSG NRW have lodged an objection to the processing;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
• in accordance with Art. 21 GDPR in conjunction with. § 14 DSG NRW, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (a) or (e) of Article 6(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website. Please send your objection to this email address.
• In accordance with Art. 7 para. 3 GDPR, you have the right to revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future and
• to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence for this purpose.

3. general communication with the city administration of Bocholt

a) What data is processed for what purpose?

We offer you various access options for "electronic" communication when contacting the Bocholt city administration:

• Contact form
• E-mail communication
• DE-Mail communication
• Telephone system (answering machine: recording on tape)
• User account (website)

The following can be saved when you contact us

• Salutation
• First name
• Surname
• e-mail address
• Street address
• House number
• Postcode
• Town
• Telephone number
• Subject
• Your message / your content
• Timestamp
• IP address

The purpose of data processing and storage is to be able to respond to your request.

b) What is the legal basis for processing this data?

If you use one of the communication media, personal data is entered on an expressly voluntary basis. The legal basis for processing is Article 6(1)(a) GDPR. If your enquiry and the medium used is an administrative act, we process this information in accordance with Article 6(1)(e) GDPR.

Persons under the age of 16 should not transmit any personal data to us unless the consent of their parents or legal guardians has been given (Art. 8 (1) GDPR). The consent must then be expressly noted in the message (Art. 8 para. 2 GDPR).

c) Are there other recipients of the personal data in addition to the controller?

We only use the personal data you have entered for the purpose you have requested and only within the administration or the specialist offices responsible for the respective service.

If it is an official request that is not the responsibility of our city administration, we assume that you agree that we may forward your enquiry to the responsible public institution (e.g. district, state, federal government, etc.) so that we can deal with your request. We will only pass on your request in connection with public institutions.

d) How long will the data be stored?

We delete the personal data that we receive via communication as soon as storage is no longer required for the purpose pursued by you or in connection with the administrative processes triggered by it and the applicable retention obligations.

e) Note on e-mail communication

We expressly point out that you communicate electronically by e-mail at your own risk. The city administration of Bocholt cannot guarantee that a message received is secure against interception or falsification.

Please use your DE-Mail address or our contact form for secure communication.

f) Notes on tape recordings (answering machine)

We would like to point out that if your spoken word is recorded by the answering machine and the content is decisive for the implementation of an administrative act, we will process (store) this information for the intended purpose.

Data processing when visiting our website (DSGVO)

4. external links

This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to a website outside our responsibility, please note that these websites have their own data protection information. We accept no responsibility or liability for these third-party websites and their data protection notices. Therefore, before using these websites, please check whether you agree with their data protection declarations.

You can recognise external links either by the fact that they are displayed in a different colour from the rest of the text or underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. In particular, the operator of the other website will receive your IP address, the time at which you clicked on the link, the page on which you clicked on the link and other information that you can find in the data protection information of the respective provider.

Please also note that individual links may lead to data being transferred outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal remedies against this data access. If you do not want your personal data to be transferred to the link destination or even exposed to unwanted access by foreign authorities, please do not click on any links.

5. web host

a) What data is processed for what purpose?

When you access content on the website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file, which may allow identification. The following data is collected:

• Name of the server
• Volume of data transferred
• Internet protocol address (IP address)
• Date and time of access
• Destination of the enquiry
• Status of the enquiry
• Website from which the user accessed the server
• Web browser used, your computer's operating system if applicable, and the name of your provider

The aforementioned data (log files) are processed by us for the following purposes

• Ensuring a smooth connection to the website
• Ensuring a comfortable use of our website
• Evaluation of system security and stability
• Prosecution in the event of misuse and
• for further administrative purposes

b) What is the legal basis for processing this data?

The legal basis for the temporary storage of data is § 3 para. 1 DSG NRW i.V.m. Art. 6 para. 1 letter e and para. 3 GDPR.

c) Are there other recipients of the personal data in addition to the controller?

Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company). In this case, the personal data collected on this website will be stored on the hosting company's servers. In addition to the data mentioned above, this may include, for example, contact requests, contact data, names, website access data, meta and communication data, contract data and other data generated via a website. You can find out more about this in the section "configurable forms". Our service provider for our website is

EGOTEC AG
Management Board: Heiko Roth, Johannes Jakob
Chairwoman of the Supervisory Board: Silvia Jakob
Pfalzgraf-Otto-Straße 81

74821 Mosbach
info(at)egotec(dot)com

EGOTEC receives and processes personal data on our behalf as a processor. The hosting and operation of our website takes place in Germany, at:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

This service provider (Hetzner Online GmbH) is a subcontractor of EGOTEC AG and also processes the data exclusively in a contract processing relationship.

d) How long will the data be stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for up to thirty days directly and only accessible to administrators.

6. website user account

a) What data is processed for what purpose?

As a user of our website, you have the option of setting up a user account. The account is set up either in conjunction with the ServiceKonto NRW or by entering it manually. The user account is used for various purposes. On the one hand, you can use your details to automatically fill in forms provided by us with your master data or, on the other hand, the user account is required for registration in the newsletter.

The user account is not a prerequisite for using our administrative processes. You can therefore also use our website without a user account.

b) What is the legal basis for processing this data?

The legal basis for the temporary storage of the data is your consent in accordance with Art. 6 para. 1 letter a GDPR.

c) Are there other recipients of the personal data in addition to the controller?

The user account is part of our content management system. Our service provider therefore processes the data on our behalf. For more details, please refer to section 5 letter c.

d) How long will the data be stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. As a rule, the user account is deleted by you. If the City of Bocholt determines that the account has been inactive for 3 years, it will be deleted by the system.

7. newsletter (e-mail & messenger services)

a) What data is processed for what purpose?

The prerequisite for newsletter registration is a corresponding user account. The user account serves as a verification process and enables you to subscribe to our newsletter:

- Business development newsletter

- City marketing newsletter

- Newsletter City of Bocholt

Depending on the newsletter, the following data may be processed:

- Master data such as names

- address data

- Communication data such as e-mail addresses, telephone numbers

- IT data such as IP address

- Login and registration data

We process the aforementioned data for the following purposes

- To inform you about our news.

b) What is the legal basis for processing this data?

The legal basis for the temporary storage of the data is Article 6(1)(a) EU GDPR in accordance with your consent.

c) Are there other recipients of the personal data in addition to the controller?

When you register for a newsletter, the data collected will be used exclusively for the newsletter. As a rule, the data is not transferred to third parties.

The city of Bocholt uses a module of your website operator to send the newsletter. The website operator processes the data on behalf of the City of Bocholt, see section 5 letter c for more details. If you receive information from us via a messenger service, we process your personal data together with the messenger service. The responsible messenger service first processes your information and our information. We have commissioned the service of Whappodo.com GmbH to fulfil data protection requirements. This service provider processes the data of the messenger services on our behalf in order to provide you with the newsletter or information via this communication channel

d) How long is the data stored?

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or you have withdrawn your consent. If you object to the processing for this subject area, your personal data will be deleted immediately.

d) Cancellation

The subscription to the newsletter can be cancelled by the user concerned at any time. Either by deactivating it in the user account. For this purpose, there is a corresponding link or notice in every newsletter.

Exception: Newsletter via Threema and Telegram. Please send the word STOP for this.

d) Notes on messenger services

We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an email to the email address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within a certain period of time, your information will be blocked and automatically deleted after a certain period of time.

Whappodo.com

We use the Whappodo service. Whappodo is a central platform that enables us at the City of Bocholt to integrate various messenger services in order to communicate with you via a central user interface. The service provider therefore processes your data on our behalf, which you make available to us via the messenger services you use.

Among other things, the data protection information of the service provider also applies: https://www.whappodo.com/datenschutz/

Telegram Messenger

If you use Telegram together with us, we refer you to the terms of use and data protection conditions of the service provider: https://telegram.org/privacy

Threema Messenger

If you use Threema together with us, please refer to the terms of use and privacy policy of the service provider: https://threema.ch/de/privacy

8. forms

Our website uses various forms and systems to create forms. We either provide you with corresponding forms via our content management system (CMS) (section 8.1) or use a form management system (section 8.2), which generally offers you administrative services in the context of digitalisation. You can find out more in the following subsections.

8.1 Configurable forms (CMS)

a) What data is processed for what purpose?

Our website contains configurable forms. This enables the Bocholt city administration to create forms such as a contact form, feedback etc. Personal data can be processed via a configurable form. We explain which configurable forms we use in the following subsections from section 6.1.1.

b) What is the legal basis for processing this data?

The legal basis for the processing of your data in the context of a configurable form is generally Art. 6 para. 1 GDPR. Depending on the (form) content, you can find the legal basis in the following subsections or ask the data protection officer.

c) Are there other recipients of the personal data in addition to the controller?

The processing is carried out on behalf of our hosting provider. For more information on the hosting provider, please refer to section 5 (Web host). Depending on the content of the form, other internal or, in rare cases, external bodies may be affected. You can find out more in the corresponding subsection for the appropriate form.

d) How long is the data stored?

We delete the personal data that we receive via the form as soon as the storage is no longer required for the administrative processes triggered and the applicable retention obligations. More detailed information on deletion can be found in the corresponding information obligations of the individual forms.

8.1.1 Contact form

a) What data is processed for what purpose?

We have already provided you with detailed information about communication between you and Bocholt City Council in section 3. The contact form offers you a secure exchange of communication. For further information on the purposes, please refer to section 1, bullet point 3.

b) What is the legal basis for processing this data?

The legal basis for the initial contact is generally Art. 6 para. 1 lit. a GDPR. A detailed description is described for you in section 3 letter b.

c) Are there other recipients of the personal data in addition to the controller?

We have already informed you in detail about the recipients in sections 3 and 8.1. Please feel free to take a look.

d) How long will the data be stored?

We have already informed you in detail about deletion periods in the context of communication with the city administration in section 3 (d).

8.2 Online forms (form management)

a) What data is processed and for what purpose?

The forms provided process your personal data in accordance with your request or in connection with the administrative processes triggered by it. These services are accessed via an external link. As we are also the operator of the form server, we inform you about this privacy policy.

As a rule, we collect your master data, address data, contact data and, depending on your request, further information. Individual information on data protection for the relevant administrative process can be found in the information requirements for the relevant forms (details can be found in section 3 of this privacy policy).

b) What is the legal basis for processing this data?

The legal basis for the processing of your data is generally

Article 6(1)(e), (c) or (d) GDPR

Other legal bases may also apply depending on the form:

Art. 6 para. 1 letter a GDPR

Art. 6 para. 1 letter b GDPR

c) Are there other recipients of the personal data in addition to the controller?

If you send forms to the Bocholt city administration by post, no other recipients are affected.

In the case of electronic delivery of forms, the city administration of Bocholt uses a service provider. For this purpose, the service provider receives the above-mentioned data as a processor. The following service providers are involved:

• Zweckverband KAAW as contractual partner
• bol Behörden Online Systemhaus GmbH as hosting provider

In connection with triggered administrative processes, it cannot be ruled out that other bodies will receive your personal data. More detailed information is described in the information obligations of the respective administrative process.

d) How long will the data be stored?

We delete the personal data that we receive via the form as soon as the storage is no longer required for the triggered administrative process and the applicable retention obligations. More detailed information on deletion can be found in the corresponding information obligations of the individual forms.

Personal data that is accessed via a link (form call) is stored by the hosting provider for 180 days (IP address, browser used, log files).

e) Notes on electronic transmission

We assure you that your personal data will be transmitted in encrypted form in accordance with the state of the art.

9. use of local storage items, session storage items and cookies

a) What data is processed for what purpose?

Our website uses local storage items, session storage items and cookies.

Local storage is a mechanism that enables the storage of data within the browser on your end device. This data usually contains user preferences, such as the "day" or "night" mode of a website, and is retained until you delete the data manually.

Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your end device.

Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.

These three objects can also be stored on your device by third-party companies when you visit our website (third-party requests). This enables us, as the operator, and you, as a visitor to this website, to utilise certain third-party services that are installed on this website. Examples of this are cookies for processing payment services or cookies for displaying videos or maps.

b) What is the legal basis for processing this data?

These mechanisms can be used in a variety of ways. They can improve the functionality of a website, control shopping basket functions, increase the security and convenience of website use and carry out analyses of visitor flows and behaviour. Depending on the individual functions, they must be categorised under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping basket function) or serve to optimise the website (e.g. cookies to measure visitor behaviour), they are used on the basis of Art. 6 para. 1 lit. e GDPR. As the website operator, we have a public interest in the storage of these objects for the technically error-free and optimised provision of our services. In all other cases, cookies are only stored with your express consent in accordance with Art. 6 para. 1 lit. a GDPR.

c) Are there other recipients of the personal data in addition to the controller?

If objects or mechanisms are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.

d) How long is the data stored?

The objects or mechanisms are deleted after the purpose has been fulfilled. You are responsible for the deletion of cookies that are stored on your end device, for example, by giving your consent.

10. use of external services (third-party services)

External services are used on our website. External services are services from third-party providers that are used on our website. This can be done for various reasons, for example for embedding videos, maps, advertising tools, website security and much more. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a public or contractual interest in the use of these services in accordance with Article 6 lit. b, e GDPR, we will obtain your consent, which can be revoked at any time, as a visitor to our website before using them (Article 6 para. 1 lit. a GDPR).

10.1 Content Management System - EGOTEC AG

a) What data is processed for what purpose?

A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more appealing website.

b) What is the legal basis for processing this data?

We base this processing on a public interest (Art. 6 para. 1 lit. e GDPR). Our public interest lies in the technically error-free presentation and optimisation of the website.

c) Are there other recipients of the personal data in addition to the controller?

We use the CMS from EGOTEC AG, EGOCMS. The provider of the service is EGOTEC, Pfalzgraf-Otto-Straße 81, 74821 Mosbach, Germany.

As the service is used locally on our behalf, there is no further data transfer to third parties with the exception of the hosting provider (see section 5).

d) How long is the data stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

10.2 Online appointment bookings

a) What data is processed for what purpose?

The online appointment booking service is available to you free of charge. The use of the online appointment booking service is personalised. For this purpose, we process personal data (registration data, appointment data) as part of your booking.

b) What is the legal basis for processing this data?

If you book an appointment via our website, personal data is entered on an expressly voluntary basis. The legal basis for processing is Article 6(1)(a) GDPR.

Persons under the age of 16 should not transmit any personal data to us unless the consent of their parents or guardians has been given (Art. 8 (1) GDPR). The consent must then be expressly noted in the message (Art. 8 para. 2 GDPR)

c) Are there other recipients of the personal data in addition to the controller?

The City of Bocholt's appointment software is hosted by

JCC SOFTWARE
Zutphenstraat 59
7575 EJ Oldenzaal
The Netherlands

The service provider receives the above-mentioned data for this purpose as a processor.

Internally, the responsible specialised department receives your data.

d)How long will the data be stored?

We delete the personal data that we receive via the appointment booking software as soon as it is no longer required for the purpose for which it was collected.

e) Notes on appointment bookings

Appointments can only be made by the person named in the reservation or an authorised representative on behalf of this person. The name of the person making the reservation cannot be changed at a later date. The transfer of an appointment to a third person is not permitted.

The date of birth serves as the verification date for collecting the local ticket number for the planned appointment.

10.3 Analytics (analysis tools)

a) What data is processed for what purpose?

We process personal data of website visitors to analyse user behaviour. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to improve the user-friendliness of our website. By means of the analysis tools used, for example, our website visitors can be recognised the next time they visit our website and their click/scroll behaviour, their downloads measured, page views recognised, the duration of the visit or the bounce rates measured, and the origin of the website visitors (city administration, country, which page the visitor comes from) can be traced. The analysis tools enable us to improve our market research activities and thus offer you sustainable administrative services.

b) What is the legal basis for processing this data?

The processing of the data is based on the legal basis of consent (Article 6(1)(a) GDPR). As a website visitor, you have consented to the processing of your personal data with your voluntary, explicit and prior consent. Without separate consent, the personal data will not be processed by us in the manner described above, provided that there is no other legal basis within the meaning of Article 6 (1) GDPR on which we base the processing. We will proceed in the same way if you withdraw your consent. This will not affect the lawfulness of the processing carried out until you withdraw your consent.

c) Are there other recipients of the personal data in addition to the controller?

The recipient(s) depends on the service used. The services we use in the context of the analysis are described below.

d) How long is the data stored?

The information obtained as part of the analysis is deleted as soon as the purpose has been achieved and there is no need for further processing. You must contact the respective third-party service provider to find out how they handle your data.

10.3.1 Matomo

a) What data is processed for what purpose?

We use the open source software Matomo to analyse and statistically evaluate the use of the website. Cookies are used for this purpose. The information generated by the cookie about website usage is transmitted to our servers and summarised in pseudonymous usage profiles. The information is used to analyse the use of the website and to enable a needs-based design of our website. The information is not passed on to third parties. Under no circumstances is the IP address associated with other data relating to the user. The IP addresses are anonymised so that they cannot be assigned (IP masking).

b) What is the legal basis for processing this data?

The legal basis for the temporary storage of data is § 3 para. 1 DSG NRW i.V.m. Article 6(1)(a), (e) EU GDPR.

c) Are there other recipients of the personal data in addition to the controller?

The provider of the service is InnoCraft Ltd, 150 Willis St, 6011 Wellington,
New Zealand. Information is not passed on to third parties through the use of Matamo, as this service is hosted locally.

d) How long is the data stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Furthermore, it is up to you as the user to delete your cookies if necessary. If you delete your cookies, the opt-out cookie will also be deleted and you may have to deactivate Matomo again.

e) Notes on cookies

The service uses the following cookies on our website

Name: _pk_id.1.164d
Storage duration: 393 days
Type: 1st party
Purpose: This cookie is used to store a unique visitor ID.

10.4 Google services

We use Google services on our website. These services are integrated in compliance with data protection regulations (iFrame and two-click solution). As a visitor, you have the option of proactively activating the services when using the website. If you activate the service, personal data, usually your IP address, will also be processed by Google. We explain below which Google services we have embedded in our website.

10.4.1 Third-party providers: Google Translate

a) What data is processed for what purpose?

We use the Google Translate service on our website with the aim and purpose of having texts provided by us on our website machine-translated by Google into a language of your choice. When the translation function is activated, personal data is processed. The following data is processed by Google

• IP address
• Location of the access
• Data from the accessed device
• Duration/time of visit
• Diagnostic data

Please note: If you use the translation function with a logged-in Google user account, unique identifiers will be assigned to your user account and processed.

b) What is the legal basis for processing this data?

The legal basis for the temporary storage of the data is § 3 para. 1 DSG NRW i.V.m. Art. 6 para. 1 letter a GDPR in accordance with your consent as soon as you activate the service.

c) Are there other recipients of the personal data in addition to the controller?

The data collected is processed exclusively by Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland. The use of the service may result in data being transferred to a third country (USA).

d) How long is the data stored?

General information on data protection can be found here: https: //policies.google.com/privacy. Information on the deletion of these services can also be found here.

10.5 E-payment (external payment service providers)

a) What data is processed for what purpose?

We, the city administration of Bocholt, use an online payment service to enable you to make online payments as part of our administrative processes and services. The service is accessed via an external link, but we are already informing you here about data protection when handling your personal data.

You have the option of paying contributions, fees, entrance fees, taxes, fines, etc. via the administrative processes we have set up in connection with the associated charges.

We collect personal data from you in two different ways as part of the e-payment process:

1. when you visit the website of our online payment service, we collect personal data via log data (further information in section two of this privacy policy).

2. personal data is collected when using the selected online payment process. The data - accounting data records - are processed automatically in our financial accounting system. All information corresponding to your payment transaction is affected.

The aforementioned data is processed by us for the following purposes:

• Processing of administrative transactions involving a payment
• The data collection serves to forward the data to a payment service provider, which carries out the actual payment process with the user. As a rule, the following data is processed here: Application, surname, first name, administrative procedure used for the booking record and its URL and one or more monetary amounts. Other data recorded in the calling application/procedure may also be processed (e.g. vehicle registration number in the case of administrative offences).

b) What is the legal basis for processing this data?

The legal basis for the temporary processing of the data is Section 3 (1) DSG NRW in conjunction with Art. 6 (1) (a) GDPR. Art. 6 (1) (a) and (e) GDPR and your selected payment method.

c) Are there other recipients of the personal data in addition to the controller?

In the case of an electronic payment, Bocholt City Council uses a service provider (processor for the software) and other payment service providers. The categories of recipients only receive the information for which they are responsible. The following categories of recipients are affected

• Zweckverband KAAW as contractual partner
• GovConnect GmbH as software manufacturer (payment platform)
• ITEBO GmbH as hosting provider
• Payment service providers as the party responsible for carrying out the payment process such as
• PayPal
• Paydirekt
• Sofortüberweisung
• credit card payment
• direct debit
• Giropay
• Please note: Please note the data protection provisions of the service provider you have selected.

d)How long will the data be stored?

We store the data relating to the payment transaction in connection with the associated administrative processes and the applicable retention obligations. These are ten years.

e) Notes on the selection of your online payment service

By using the respective online payment service, you, as the user, are subject to its contractual terms and conditions. Bocholt City Council has no influence on these contractual conditions. Once data has been entered and sent to the payment service provider "by mouse click", it can no longer be cancelled or deleted by the service provider. Once the data has been processed by the connected payment service provider, the data is retained and stored by the service provider for statistical purposes. It is then automatically deleted. In addition, the data is created, stored and transmitted for the creation and transmission of accounting records for the city administration of Bocholt. They are stored there for at least ten years. It is not possible to delete the data from the financial systems. The data may be transferred to foreign servers if the selected payment service provider operates the servers abroad. The service provider has no possibility of influencing this.

All connections are SSL/TLS encrypted. This ensures that all data is transmitted securely between the parties involved according to the current state of the art. However, the actual level of encryption also depends on the web browser used.

10.6 Booking platform (anny)

a) What data is processed for what purpose?

Content from booking platforms is implemented on our website. These may provide information, contain advertising or even enable the booking of services or other offers. In addition to technical data such as the IP address, the data that you provide is transmitted to the provider.

b) What is the legal basis for processing this data?

Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the lawfulness of the processing carried out up to the revocation.

c) Are there other recipients of the personal data in addition to the controller?

The city administration of Bocholt uses a service provider for the booking platform provided. The service provider is

anny GmbH
Cäcilienstraße 30
50667 Cologne

Tel.: 0241 93688158

https://anny.co/

anny GmbH receives and processes personal data on behalf of a processor. The hosting and operation of our website takes place in the European Economic Area.

As part of the use of the application, access to personal data is granted to employees who need it to fulfil their tasks.

d) How long is the data stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

e) Note on cookies

The service uses the following cookies on our website

Name: _i18n_redirected

Storage period: 365 days

Type: 3rd party cookie, anny.co

Purpose: This cookie is used to redirect users to their preferred website.

10.7 Content Delivery Network (CDN)

a) What data is processed and for what purpose?

We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, the service provider that makes this network available processes your IP address and the information about when you visited our website. All further information on data processing by this service provider can be found in its privacy policy.

b) What is the legal basis for processing this data?

We base this processing on a public and legitimate interest (Art. 6 para. 1 lit. e, f GDPR). Our public and legitimate interest is to be able to present our website to you as quickly, securely and reliably as possible.

c) Are there other recipients of the personal data in addition to the controller?

c.1) Bootstrap CDN

We use the Bootstrap CDN service on our website. The provider of the service is Prospect One Ltd, Królewska 65A/1, PL-30-081 Krakow, Poland.

By using the service, data may be transferred to a third country (USA).

Bootstrap CDN is a content delivery network that mirrors our content via various servers to ensure optimal accessibility worldwide

Further information can be found in the provider's data protection information at the following URL: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net

c.2) CloudFlare

We use the CloudFlare service on our website. The provider of the service is Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany.

The use of the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.

Cloudflare is a so-called content delivery network that provides security functions in addition to distributing the website across several servers. Cloudflare also acts as a reverse proxy for our website.

Further information can be found in the provider's data protection information at the following URL: https://www.cloudflare.com/privacypolicy/.

d) How long is the data stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

10.8 Map services (ArcGIS, OpenStreetMap)

a) What data is processed for what purpose?

We use a map service on this website. In order for the map to be used and displayed on the website, the map must be loaded from the provider's server. This involves your IP address being transmitted to the provider's server. Depending on the provider, cookies and other technologies, including fonts, may be loaded. You can find more information on this in the provider's privacy policy.

b) What is the legal basis for processing this data?

Data will only be processed if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the lawfulness of the processing carried out up to the point of withdrawal.

c) Are there other recipients of the personal data in addition to the controller?

C1) ArcGIS

We use the ArcGIS service on our website. The provider of the service is Environmental Systems Research Institute, Inc, 380 New York Street, Redlands, CA 92373, USA.

Use of the service may result in data being transferred to a third country (USA).

Further information can be found in the provider's data protection information at the following URL: https://www.esri.com/en-us/privacy/privacy-statements/privacy-statement.

C2) OpenStreetMap

We use the OpenStreetMap service on our website. The provider of the service is the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

Use of the service may result in data being transferred to a third country (United Kingdom). The European Commission has confirmed an adequate level of data protection for the country by means of an adequacy decision.

Further information can be found in the provider's data protection information at the following URL: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

d) How long will the data be stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

10.9 Software framework

a) What data is processed for what purpose?

Software frameworks facilitate interaction with a platform by creating a standardised interface to it. Frameworks are used to reduce the development effort for recurring software requirements and to ensure the reusability of code and functions. Some software frameworks implement security features to prevent improper use of the website. Software frameworks can increase functionality, accessibility, security and performance with little effort. Other areas of application can also be covered by software frameworks.

b) What is the legal basis for processing this data?

Data will only be processed if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the lawfulness of the processing carried out up to the revocation.

c) Are there other recipients of the personal data in addition to the controller?

jQuery

We use the jQuery service on our website. The provider of the service is the OpenJS Foundation, 1 Letterman Dr, Ste D4700, San Francisco, California, 94129, USA.

By using the service, data may be transferred to a third country (USA).

Further information can be found in the provider's data protection information at the following URL: https://openjsf.org/wp-content/uploads/sites/84/2021/04/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf.

d) How long is the data stored?

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

11. social networks

The City of Bocholt only refers to your presence on social media such as Facebook, Instagram, X (most recently: Twitter), WhatsApp, YouTube etc. via links. You can recognise the link by the respective logo of the social network.

The purpose of our profiles on social media platforms is to increase our online presence and thus raise our profile and provide (press) information. Therefore, the legal basis is legitimate interest pursuant to Art. 6 para. 1 lit. e GDPR. Furthermore, with regard to the processing activities by the social networks, please refer to their own legal bases (e.g. consent pursuant to Art. 6 para. 1 lit. a GDPR), which you can find in the respective privacy policy.

No so-called social media plugins are used by the city of Bocholt on its website. External pages of the social networks are only accessed by actively using the links. If you do not want social networks to assign data collected via our website to your user account, you must log out of the social network before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information of the respective provider.

What does it mean for you as a user when you connect with us via social networks? When you visit our profiles, your IP address and other information about the devices you use are processed, which allows IP addresses to be assigned to individual users. We have no influence on this data processing. We would like to point out that you use our profiles on social networks and their functions on your own responsibility. Details on data processing can be found in the operator's privacy policy.

We would like to point out once again that you use the services we offer and their functions on your own responsibility. This applies in particular to interactive functions such as sharing, rating, commenting, etc.

Supplementary information on social networks

Social networks process personal data of their users to a large extent. The following information is intended to inform you about the data protection aspects of the social networks and platforms operated by the City of Bocholt.

a) What data is processed for what purposes?

In addition to other media channels, in particular the city's website, the city of Bocholt maintains online presences within social networks and platforms in order to be able to inform the citizens, interested parties and users active there as part of its public relations work. Citizens, users and interested parties thus have various options available to them to find out about the city of Bocholt and to get in touch with it.

b) What is the legal basis for processing this data?

The City of Bocholt uses social networks for targeted public relations work with citizens. The associated processing of users' personal data is justified in accordance with Art. 6 para. 1 lit. e GDPR in conjunction with Section 3 para. 1 of the NRW Data Protection Act. Effective information of citizens by public authorities serves the fulfilment of a task in the public interest. In addition, users are generally asked by the respective platform providers for their consent to the data processing described above in accordance with Art. 6 para. 1 lit. a) GDPR.

c) Information on data processing in social networks

We would like to point out that when using social networks, user data may be processed outside the European Union. It is not known which data is specifically collected and for what purposes it is processed. However, it is certain that the IP address of users and other data or information about you that is stored on your device in the form of cookies is collected and processed. We have no influence over this data processing. The transfer of data outside the European Union may result in risks for users because, for example, the enforcement of users' rights could be made more difficult, especially in the US.

Furthermore, user data may be processed by providers for market research and advertising purposes. For example, user profiles are created based on user behaviour and the resulting interests of users. The usage profiles can be used by the providers, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

In principle, we are jointly responsible with the respective social media platform for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with Art. 15 et seq. of the GDPR against the social media platform as well as against us. However, for a detailed description of the respective processing and the opt-out options, we refer you to the following linked information from the providers. In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the user's data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

1 Facebook :

We have a profile on Facebook. Responsible for the processing of personal data are

Bocholt city administration
The Mayor
Kaiser-Wilhelm-Str. 52-58
46395 Bocholt

Phone: 02871/953-0
E-mail: https://www.bocholt.de

and

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
https://www.facebook.com

as joint controllers pursuant to Article 26 GDPR and the Facebook Page Insights Supplement: https://www.facebook.com/legal/terms/page_controller_addendum

The Facebook page of the city of Bocholt(https://www.facebook.com/stadt.bocholt) publishes current information from our region as well as campaigns, initiatives, events and news about the city of Bocholt. If you visit our fan page, personal data will be stored and processed by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, as the provider of Facebook, in accordance with Facebook's privacy policy. You can find detailed information on the handling of personal data in the following Facebook privacy policy: https://www.facebook.com/privacy/policy/.

Beyond this, we only process data to a very limited extent:

If users comment on, share or otherwise respond to one of the posts on our Facebook fan page, the City of Bocholt processes personal data. This includes the respective Facebook user data (in particular user name, profile URL, profile picture), the content of the comments made by the users and the relevant metadata (in particular the time at which users posted the respective comment).

Meta Platforms Ireland Limited provides us with statistics and usage data via the social media platform Facebook, which we can use to analyse the use of our Facebook fan page, so-called "Page Insights". As the page operator, we do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, such as the storage duration of cookies on user end devices. The primary responsibility under the GDPR for the processing of Insights data lies with Meta Platforms Ireland Limited. As the website operator, we have no other way of evaluating user behaviour on our Facebook fan page, not even via user tracking. It is also generally not possible for us to identify visitors to our Facebook fan page on the basis of page insights. In particular, in accordance with the agreement, we have no right to demand that Meta Platforms Ireland Limited disclose individual user data. Identification is only possible for us if we can assign individual profile pictures to "Like" information for the page, but only if our Facebook fan page has been marked by visitors with "Like" and the "Like" information is set to "public". The City of Bocholt can use Page Insights to anonymously analyse the reach, page views, time spent on video posts, actions (likes, comments, sharing of posts) and by age, gender and location (as specified by the users in their respective Facebook profiles). Settings can be made for the analysis of reach or corresponding filters can be set with regard to the selection of a time period, the viewing of a specific post and demographic groupings (e.g. female, 20-30 years old). This data is anonymised, aggregated and abstracted. These settings therefore do not allow the city of Bocholt to draw any conclusions about individuals. The evaluation serves to optimise the offer on the Facebook page of the city of Bocholt for the purpose of public relations.

You can find out what information Facebook uses to create the page insights here:https://www.facebook.com/legal/terms/information_about_page_insights_data

Facebook also gives you the option of customising your advertising preferences using the opt-out procedure:

https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu

- The following cumulative and non-personalised data is provided via the "Page-Insights" of the city of Bocholt as the page operator:

- Actions on the page (including website clicks, button clicks, etc.)

- Page views (including by age, gender and country)

- "Likes" information for the page (page growth)

- Post reach

- Reach of Facebook stories - Post interactions - Video views

- Page followers (including source of new followers)

- People (cumulative data, including by gender, age, country, city and language)

As the provider of the information service, the city of Bocholt does not collect or process any other data from the use of the Facebook page.

User data remains accessible to the City of Bocholt via our Facebook fan page until the user's account or only the relevant data itself, for example the individual comment, is deleted. In addition, the City of Bocholt may store the above-mentioned data if and as long as this is necessary for legal proceedings or to fulfil retention obligations.

The rights of users vis-à-vis the City of Bocholt with regard to the processing of personal data can be found in section 2 "Your rights as a user" in this privacy policy.

Data collected via the social media platform is exchanged and processed within Meta Platforms Ireland Limited. Meta Platforms Ireland Limited also includes Instagram, WhatsApp and Oculus, among others. For example, information collected via Facebook is used to display personalised advertising to users on Instagram, or information from WhatsApp is used to take action against accounts that send spam via WhatsApp on Facebook. The information can be found in the Facebook Data Policy ( https://www.facebook.com/privacy/policy/ ) at "How do the Facebook companies work together?". When Meta Platforms Ireland Limited processes data, user data may be transferred outside the European Economic Area (EEA), in particular to the USA.

Right to object: If personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, users have the right to object to the processing of personal data in accordance with Art. 21 GDPR. Unless Meta Platforms Ireland Limited has compelling legitimate grounds for processing the User Information which override the interests or fundamental rights and freedoms of the respective User, or unless the processing is necessary for legal reasons, the objection will be upheld and Meta Platforms Ireland Limited will cease processing the respective User Information. The options for managing User information and for lodging an objection are available in the network operator's help section: https: //www.facebook.com/help/contact/367438723733209

Personal data breaches in connection with joint processing, Art. 33, 34 GDPR: To the extent that a personal data breach affects Meta Platforms Ireland Limited's obligations under the Controller Addendum, Users may lodge a complaint with the leading supervisory authority responsible for Meta Platforms Ireland Limited, the Irish Data Protection Commission, or with the local supervisory authority of the respective User.

2 Instagram :

We have a profile on Instagram. Responsible for the processing of personal data are

Bocholt city administration
The Mayor
Kaiser-Wilhelm-Str. 52-58
46395 Bocholt

Phone: 02871/953-0
E-mail: https://www.bocholt.de

and

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
https://www.instagram.com/

as joint controllers pursuant to Article 26 GDPR.

The Instagram channel Stadt Bocholt publishes information from our region as well as campaigns, initiatives, events and news about the city of Bocholt. Cross-media [MK1] content is also published. If you visit our channel, personal data will be stored and processed by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, as the provider of Instagram, in accordance with Instagram's privacy policy. You can find the privacy policy here: https://privacycenter.instagram.com/policy/

Beyond this, we only process data to a very limited extent:

We use the statistics service Instagram Insights for the purpose of needs-based design and continuous optimisation of our pages. This service records your activity on our site and makes it available to us in anonymised statistics. This provides us with information about, among other things, the interactions of our fan page visitors, the views of our page, the reach of posts, information about the activity of our subscribers and information about the countries and cities from which our visitors come, as well as statistics about the gender ratios of our visitors. It is not possible to draw conclusions about individual users or for the administrator to access individual user profiles. In addition, we store usernames and comments that are deleted due to a breach of netiquette. These are only retained for the purpose of providing any necessary evidence in the event of legal disputes within the limitation period. We do not store or process any other personal data about you. We ask users, after we have asked them publicly and without obligation, for permission to repost their pictures on the City of Bocholt Instagram channel. We save the declaration of consent as a screenshot and the image as a file with the user's details. The photos and the declaration of consent are stored for as long as the photo is posted on the channel or until consent is revoked. [MK2] For technical reasons, the reposted photo is stored on the Instagram server [Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland]. Cancellation is possible at any time (for more information, see: Rights of the data subject). In the event of cancellation, the image and the user's details will be deleted immediately.

3. threads, to Instagram App :

We have a Threads profile from Instagram. Responsible for the processing of personal data are

Bocholt city administration
The Mayor
Kaiser-Wilhelm-Str. 52-58
46395 Bocholt

Phone: 02871/953-0
E-mail: https://www.bocholt.de

and

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
https://www.instagram.com/

as joint controllers pursuant to Article 26 GDPR.

The threads channel @stadt.bocholt is used for press and public relations work on all topics relating to the city of Bocholt.

If you visit our fan page, personal data will be stored and processed by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, as the provider of Instagram, in accordance with Instagram's privacy policy. The privacy policy can be found here:

https://help.instagram.com/515230437301944/?helpref=uf_share

In addition, we store usernames and comments that are deleted due to a breach of netiquette. These are only retained for the purpose of providing any necessary evidence in the event of legal disputes within the limitation period. We do not store or process any other personal data about you.

4 YouTube :

We have a profile on YouTube. Responsible for the processing of personal data are

Bocholt city administration
The Mayor
Kaiser-Wilhelm-Str. 52-58
46395 Bocholt

Phone: 02871/953-0
E-mail: https://www.bocholt.de

and

Google LLC
Amphitheatre Parkway
Mountain View
CA 94043, USA
https: //www.youtube.com/

as joint controllers pursuant to Article 26 GDPR.

The YouTube channel of the city of Bocholt ( https://www.youtube.com/@stadt.bocholt ) enables the publication of moving image contributions on press events, events and offers of the city of Bocholt. The films are tailored to the target group and report on the latest news from the city of Bocholt and help to present the diversity of topics within a city. The social media team also professionally answers users' questions and comments on YouTube.

When you visit YouTube, Google LLC ("Google"), Amphitheatre Parkway, Mountain View, CA 94043, USA, as the operator of YouTube, stores and processes personal data in accordance with Google's privacy policy. You can find the privacy policy here: https: //policies.google.com/privacy?hl=de&gl=de

Beyond this, we only process data to a very limited extent. In the event of a breach of netiquette, we store usernames and comments that are deleted due to a breach of netiquette. These are only retained for the purpose of providing any necessary evidence in the event of legal disputes within the limitation period.

5 X (formerly Twitter) :

We have a profile on X. Responsible for the processing of personal data are

Bocholt city administration
The Mayor
Kaiser-Wilhelm-Str. 52-58
46395 Bocholt

Phone: 02871/953-0
E-mail: https://www.bocholt.de

and

Twitter Inc.
1355 Market Street
Suite 900
San Francisco
CA 94103, USA
https://twitter.com

as joint controllers pursuant to Article 26 GDPR.

The X-channel @StadtBocholt is used for press and public relations work on all topics related to the city of Bocholt.

If you visit our channel, Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, as the operator of Twitter, stores and processes personal data to the extent described in the privacy policy. You can find the privacy policy here: https: //twitter.com/de/privacy

We do not store or process any other personal data about you. Only in the event that you send us a direct message will your user name be stored. We also store usernames and comments that are deleted due to a breach of netiquette. These will only be retained for the purpose of providing any necessary evidence in the event of legal disputes within the limitation period.

6 LinkedIn :

We have a profile on LinkedIn. Responsible for the processing of personal data are

and

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
https://de.linkedin.com/

as joint controllers pursuant to Article 26 GDPR.

The LinkedIn channel of the city of Bocholt ( https://www.linkedin.com/company/stadt-bocholt/ ) is used for press and public relations work on all topics relating to the city of Bocholt.

If you visit our LinkedIn account, LinkedIn as the operator stores and processes personal data to the extent described in the privacy policy. You can find the privacy policy here: https://de.linkedin.com/legal/privacy-policy?_l=de_DE

When you visit our LinkedIn authority page, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymised form. This gives us insights into the types of actions that people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn authority page, e.g. whether you are a follower of our LinkedIn authority page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarised Page Insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights. We therefore do not store or process any of your personal data. Only in the event that you send us a direct message will the user name and possibly the content be stored. We also store usernames and text content that is deleted due to a breach of netiquette. These are only retained for the purpose of providing any necessary evidence in the event of legal disputes within the limitation period.

We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at

https://de.linkedin.com/legal/l/dpa

LinkedIn offers the option to object to certain data processing; information and opt-out options in this regard can be found at

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

7 WhatsApp

We have a profile (channel) on WhatsApp. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Detailed information on the handling of personal data can be found in the following WhatsApp privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea?lang=de

Meta Platform also transfers and processes data in the USA. There is currently no adequate level of protection for data transfers to the USA. For this reason, there are risks when processing the data. Meta Platform uses standard contractual clauses and is part of the Data Privacy Framework, whereby Meta Platform undertakes to ensure an adequate level of data protection.

12. chatbot "Digital citizen assistant"

We use an AI-based chatbot on our website to answer your enquiries and optimise citizen service. This is hosted by YOUniquehorns GmbH from Ulm in Germany ("BotBucket").

Your chat history (questions/answers) and your IP address are stored by our IT service provider for a maximum of three months and then automatically deleted. Only anonymised information on the usage statistics of the entire chatbot is retained.

"BotBucket" is operated in the AWS and Azure cloud. The server locations are within the EU. Requests entered may also be processed by Google outside the EU (search). By using the chatbot on our site, you expressly consent to this processing. The chatbot does not require any information about you as the user at any point.

Therefore, please make sure that you do not enter any information about yourself or other persons, such as names, e-mail addresses, telephone numbers, etc., in the chat window when using the chat.