Privacy Policy City of Bocholt
By visiting our website https://www.bocholt.de, the Bocholt municipal administration provides you with a telemedia service within the meaning of the Telemedia Act. The operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. The following information provides a simple overview of what happens to your personal data when you visit our website or use other administrative services.
I. General information pursuant to Article 13 of the General Data Protection Regulation (GDPR)
1. contact details
1.1 Name and address of the responsible body
Responsible for this website is the
Bocholt City Council
The Mayor
Kaiser-Wilhelm-Str. 52-58
46395 Bocholt
Tel.: 02871/953-0
E-mail: Stadtverwaltungverwaltung(at)bocholt(dot)de
DE-Mail: Stadtverwaltungverwaltung(at)bocholt.de-mail(dot)de
URL: https: //www.bocholt.de
1.2 Name and address of the data protection officer
In accordance with Art. 37 Para. 3, the city administration of Bocholt has appointed a joint official data protection officer who looks after several local authorities. Information on the institution and the data protection officer is as follows
Zweckverband KAAW - Kommunale ADV-Anwendergemeinschaft West
Weberstraße 5
49477 Ibbenbüren
Germany
Mario Könning
Workplace/location: Borken town hall
Phone: +49 (2861) 939409 or +49 (0)5451 5622-751
e-mail: Send e-mail
1.3 Name and address of the data protection supervisory authority
The competent supervisory authority for data protection is the
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle(at)ldi.nrw(dot)de
2. your rights as a user
As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. You have the right
- pursuant to Art. 15 GDPR i.V.m. §§ Sections 12, 49 DSG NRW to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details. Please note that your right to information may be restricted or excluded in certain cases in accordance with Section 48 of the State Data Protection Act of North Rhine-Westphalia.
- pursuant to Art. 16 GDPR in conjunction with. § to demand the immediate correction of incorrect data or the completion of your personal data stored by us;
- in accordance with Art. 17 GDPR in conjunction with. § Section 50 (2) DSG NRW to demand the deletion of your personal data stored by us if this is required by law. However, the right to erasure pursuant to Art. 17 (1) and (2) GDPR does not apply if, among other things, the processing of personal data is necessary for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
- pursuant to Art. 18 GDPR in conjunction with. to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you object to the processing of your personal data in accordance with Art. 21 GDPR in conjunction with § 14 DSG NRW. § 14 DSG NRW have lodged an objection to the processing;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
- in accordance with Art. 21 GDPR in conjunction with. § 14 DSG NRW, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (a) or (e) of Article 6(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website. Please send your objection to this email address.
- In accordance with Art. 7 para. 3 GDPR, you have the right to revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence for this purpose.
3. general communication with the city administration of Bocholt
a) What data is processed for what purpose?
We offer you various access options for "electronic" communication when contacting the Bocholt city administration:
- Contact form
- E-mail communication
- DE-Mail communication
- Telephone system (answering machine: recording on tape)
- User account (website)
The following can be saved when you contact us
- Salutation
- First name
- Surname
- e-mail address
- Street address
- House number
- Postcode
- Town
- Telephone number
- Subject
- Your message / your content
- Timestamp
- IP address
The purpose of data processing and storage is to be able to respond to your request.
b) What is the legal basis for processing this data?
If you use one of the communication media, personal data is entered on an expressly voluntary basis. The legal basis for processing is Article 6(1)(a) GDPR. If your enquiry and the medium used is an administrative act, we process this information in accordance with Article 6(1)(e) GDPR.
Persons under the age of 16 should not transmit any personal data to us unless the consent of their parents or legal guardians has been given (Art. 8 (1) GDPR). The consent must then be expressly noted in the message (Art. 8 para. 2 GDPR).
c) Are there other recipients of the personal data in addition to the controller?
We only use the personal data you have entered for the purpose you have requested and only within the administration or the specialist offices responsible for the respective service.
If it is an official request that is not the responsibility of our city administration, we assume that you agree that we may forward your enquiry to the responsible public institution (e.g. district, state, federal government, etc.) so that we can deal with your request. We will only pass on your request in connection with public institutions.
d) How long will the data be stored?
We delete the personal data that we receive via communication as soon as storage is no longer required for the purpose pursued by you or in connection with the administrative processes triggered by it and the applicable retention obligations.
e) Note on e-mail communication
We expressly point out that you communicate electronically by e-mail at your own risk. The city administration of Bocholt cannot guarantee that a message received is secure against interception or falsification.
Please use your DE-Mail address or our contact form for secure communication.
f) Notes on tape recordings (answering machine)
We would like to point out that if your spoken word is recorded by the answering machine and the content is decisive for the implementation of an administrative act, we will process (store) this information for the intended purpose.
Data processing when visiting our website (DSGVO)
4. external links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to a website outside our responsibility, please note that these websites have their own data protection information. We accept no responsibility or liability for these third-party websites and their data protection notices. Therefore, before using these websites, please check whether you agree with their data protection declarations.
You can recognise external links either by the fact that they are displayed in a different colour from the rest of the text or underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. In particular, the operator of the other website will receive your IP address, the time at which you clicked on the link, the page on which you clicked on the link and other information that you can find in the data protection information of the respective provider.
Please also note that individual links may lead to data being transferred outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal remedies against this data access. If you do not want your personal data to be transferred to the link destination or even exposed to unwanted access by foreign authorities, please do not click on any links.
5. web host
a) What data is processed for what purpose?
When you access content on the website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file, which may allow identification. The following data is collected:
- Name of the server
- Volume of data transferred
- Internet protocol address (IP address)
- Date and time of access
- Destination of the enquiry
- Status of the enquiry
- Website from which the user accessed the server
- Web browser used, your computer's operating system if applicable, and the name of your provider
The aforementioned data (log files) are processed by us for the following purposes
- Ensuring a smooth connection to the website
- Ensuring a comfortable use of our website
- Evaluation of system security and stability
- Prosecution in the event of misuse and
- for further administrative purposes
b) What is the legal basis for processing this data?
The legal basis for the temporary storage of data is § 3 para. 1 DSG NRW i.V.m. Art. 6 para. 1 letter e and para. 3 GDPR.
c) Are there other recipients of the personal data in addition to the controller?
Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company). In this case, the personal data collected on this website will be stored on the hosting company's servers. In addition to the data mentioned above, this may include, for example, contact requests, contact data, names, website access data, meta and communication data, contract data and other data generated via a website. You can find out more about this in the "Configurable forms" section. Our service provider for our website is
EGOTEC AG
Management Board: Heiko Roth, Johannes Jakob
Chairwoman of the Supervisory Board: Silvia Jakob
Pfalzgraf-Otto-Straße 81
74821 Mosbach
info(at)egotec(dot)com
EGOTEC receives and processes personal data on our behalf as a processor. The hosting and operation of our website takes place in Germany, at:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
This service provider (Hetzner Online GmbH) is a subcontractor of EGOTEC AG and also processes the data exclusively in a contract processing relationship.
d) How long will the data be stored?
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for up to thirty days directly and only accessible to administrators.
6. website user account
a) What data is processed for what purpose?
As a user of our website, you have the option of setting up a user account. The account is set up either in conjunction with the ServiceKonto NRW or by entering it manually. The user account is used for various purposes. On the one hand, you can use your details to automatically fill in forms provided by us with your master data or, on the other hand, the user account is required to subscribe to the newsletter.
The user account is not a prerequisite for using our administrative processes. You can therefore also use our website without a user account.
b) What is the legal basis for processing this data?
The legal basis for the temporary storage of the data is your consent in accordance with Art. 6 para. 1 letter a GDPR.
c) Are there other recipients of the personal data in addition to the controller?
The user account is part of our content management system. Our service provider therefore processes the data on our behalf. For more details, please refer to section 5 letter c.
d) How long will the data be stored?
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. As a rule, the user account will be deleted by you. If the City of Bocholt determines that the account has been inactive for 3 years, it will be deleted by the system.
7. newsletter (e-mail & messenger services)
a) What data is processed for what purpose?
The prerequisite for newsletter registration is a corresponding user account. The user account serves as a verification process and enables you to subscribe to our newsletter:
- Business development newsletter
- City marketing newsletter
- Newsletter City of Bocholt
Depending on the newsletter, the following data may be processed:
- Master data such as names
- address data
- Communication data such as e-mail addresses, telephone numbers
- IT data such as IP address
- Login and registration data
We process the aforementioned data for the following purposes
- To inform you about our news.
b) What is the legal basis for processing this data?
The legal basis for the temporary storage of the data is Article 6(1)(a) EU GDPR in accordance with your consent.
c) Are there other recipients of the personal data in addition to the controller?
When you register for a newsletter, the data collected will be used exclusively for the newsletter. As a rule, the data is not transferred to third parties.
The city of Bocholt uses a module of your website operator to send the newsletter. The website operator processes the data on behalf of the City of Bocholt, see section 5 letter c for more details. If you receive information from us via a messenger service, we process your personal data together with the messenger service. The responsible messenger service first processes your information and our information. We have commissioned the service of Whappodo.com GmbH to fulfil data protection requirements. This service provider processes the data of the messenger services on our behalf in order to provide you with the newsletter or information via this communication channel
d) How long is the data stored?
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected or you have withdrawn your consent. If you object to the processing for this subject area, your personal data will be deleted immediately.
d) Cancellation
The subscription to the newsletter can be cancelled by the user concerned at any time. Either by deactivating it in the user account. For this purpose, there is a corresponding link or notice in every newsletter.
Exception: Newsletter via Threema and Telegram. Please send the word STOP for this.
d) Notes on messenger services
We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an email to the email address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within a certain period of time, your information will be blocked and automatically deleted after a certain period of time.
Whappodo.com
We use the Whappodo service. Whappodo is a central platform that enables us at the City of Bocholt to integrate various messenger services in order to communicate with you via a central user interface. The service provider therefore processes your data on our behalf, which you make available to us via the messenger services you use.
Among other things, the data protection information of the service provider also applies: https://www.whappodo.com/datenschutz/
Telegram Messenger
If you use Telegram together with us, we refer you to the terms of use and data protection conditions of the service provider: https://telegram.org/privacy
Threema Messenger
If you use Threema together with us, please refer to the terms of use and privacy policy of the service provider: https://threema.ch/de/privacy
8. forms
Our website uses various forms and systems to create forms. We either provide you with corresponding forms via our content management system (CMS) (section 8.1) or use a form management system (section 8.2), which generally offers you administrative services in the context of digitalisation. You can find out more in the following subsections.
8.1 Configurable forms (CMS)
a) What data is processed for what purpose?
Our website contains configurable forms. This enables the Bocholt city administration to create forms such as a contact form, feedback, etc. Personal data can be processed via a configurable form. We explain which configurable forms we use in the following subsections from section 6.1.1.
b) What is the legal basis for processing this data?
The legal basis for the processing of your data in the context of a configurable form is generally Art. 6 para. 1 GDPR. Depending on the (form) content, you can find the legal basis in the following subsections or ask the data protection officer.
c) Are there other recipients of the personal data in addition to the controller?
The processing is carried out on behalf of our hosting provider. For more information on the hosting provider, please refer to section 5 (Web host). Depending on the content of the form, other internal or, in rare cases, external bodies may be affected. You can find out more in the corresponding subsection for the appropriate form.
d) How long is the data stored?
We delete the personal data that we receive via the form as soon as storage is no longer required for the administrative processes triggered and the applicable retention obligations. More detailed information on deletion can be found in the corresponding information obligations of the individual forms.
8.1.1 Contact form
a) What data is processed for what purpose?
We have already provided you with detailed information about communication between you and Bocholt City Council in section 3. The contact form offers you a secure exchange of communication. For further information on the purposes, please refer to section 1, bullet point 3.
b) What is the legal basis for processing this data?
The legal basis for the initial contact is generally Art. 6 para. 1 lit. a GDPR. A detailed description is described for you in section 3 letter b.
c) Are there other recipients of the personal data in addition to the controller?
We have already informed you in detail about the recipients in sections 3 and 8.1. Please feel free to take a look.
d) How long will the data be stored?
We have already informed you in detail about deletion periods in the context of communication with the city administration in section 3 (d).
8.2 Online forms (form management)
a) What data is processed and for what purpose?
The forms provided process your personal data in accordance with your request or in connection with the administrative processes triggered by it. These services are accessed via an external link. As we are also the operator of the form server, we inform you about this privacy policy.
As a rule, we collect your master data, address data, contact data and, depending on your request, other information. Individual information on data protection for the corresponding administrative process can be found in the information requirements for the corresponding forms (details can be found in section 3 of this privacy policy).
b) What is the legal basis for processing this data?
The legal basis for the processing of your data is generally
Article 6(1)(e), (c) or (d) GDPR
Other legal bases may also apply depending on the form:
Art. 6 para. 1 letter a GDPR
Art. 6 para. 1 letter b GDPR
c) Are there other recipients of the personal data in addition to the controller?
If you send forms to the Bocholt city administration by post, no other recipients are affected.
In the case of electronic delivery of forms, the city administration of Bocholt uses a service provider. For this purpose, the service provider receives the above-mentioned data as a processor. The following service providers are involved:
- Zweckverband KAAW as contractual partner
- bol Behörden Online Systemhaus GmbH as hosting provider
In connection with triggered administrative processes, it cannot be ruled out that other bodies will receive your personal data. More detailed information is described in the information obligations of the respective administrative process.
d) How long will the data be stored?
We delete the personal data that we receive via the form as soon as the storage is no longer required for the triggered administrative process and the applicable retention obligations. More detailed information on deletion can be found in the corresponding information obligations of the individual forms.
Personal data that is accessed via a link (form call) is stored by the hosting provider for 180 days (IP address, browser used, log files).
e) Notes on electronic transmission
We assure you that your personal data will be transmitted in encrypted form in accordance with the state of the art.
9. use of local storage items, session storage items and cookies
a) What data is processed for what purpose?
Our website uses local storage items, session storage items and cookies.
Local storage is a mechanism that enables the storage of data within the browser on your end device. This data usually contains user preferences, such as the "day" or "night" mode of a website, and is retained until you delete the data manually.
Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your end device.
Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These three objects can also be stored on your device by third-party companies when you visit our website (third-party requests). This enables us, as the operator, and you, as a visitor to this website, to utilise certain third-party services that are installed on this website. Examples of this are cookies for processing payment services or cookies for displaying videos or maps.
b) What is the legal basis for processing this data?
These mechanisms can be used in a variety of ways. They can improve the functionality of a website, control shopping basket functions, increase the security and convenience of website use and carry out analyses of visitor flows and behaviour. Depending on the individual functions, they must be categorised under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping basket function) or serve to optimise the website (e.g. cookies to measure visitor behaviour), they are used on the basis of Art. 6 para. 1 lit. e GDPR. As the website operator, we have a public interest in the storage of these objects for the technically error-free and optimised provision of our services. In all other cases, cookies are only stored with your express consent in accordance with Art. 6 para. 1 lit. a GDPR.
c) Are there other recipients of the personal data in addition to the controller?
If objects or mechanisms are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.
d) How long is the data stored?
The objects or mechanisms are deleted after the purpose has been fulfilled. You are responsible for the deletion of cookies that are stored on your end device, for example, by giving your consent.
10. use of external services (third-party services)
External services are used on our website. External services are services from third-party providers that are used on our website. This can be done for various reasons, for example for embedding videos, maps, advertising tools, website security and much more. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a public or contractual interest in the use of these services in accordance with Article 6 lit. b, e GDPR, we will obtain your consent as a visitor to our website, which can be revoked at any time, before using them (Article 6 para. 1 lit. a GDPR).
10.1 Content Management System - EGOTEC AG
a) What data is processed for what purpose?
A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more appealing website.
b) What is the legal basis for processing this data?
We base this processing on a public interest (Art. 6 para. 1 lit. e GDPR). Our public interest lies in the technically error-free presentation and optimisation of the website.
c) Are there other recipients of the personal data in addition to the controller?
We use the CMS from EGOTEC AG, EGOCMS. The provider of the service is EGOTEC, Pfalzgraf-Otto-Straße 81, 74821 Mosbach, Germany.
As the service is used locally on our behalf, there are no other data transfers to third parties with the exception of the hosting provider (see section 5).
d) How long is the data stored?
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
10.2 Online appointment bookings
a) What data is processed for what purpose?
The online appointment booking service is available to you free of charge. The use of online appointment booking is personalised. For this purpose, we process personal data (registration data, appointment data) as part of your booking.
b) What is the legal basis for processing this data?
If you book an appointment via our website, personal data is entered on an expressly voluntary basis. The legal basis for processing is Article 6(1)(a) GDPR.
Persons under the age of 16 should not transmit any personal data to us unless the consent of their parents or legal guardians has been given (Art. 8 (1) GDPR). The consent must then be expressly noted in the message (Art. 8 para. 2 GDPR)
c) Are there other recipients of the personal data in addition to the controller?
The City of Bocholt's appointment software is hosted by
JCC SOFTWARE
Zutphenstraat 59
7575 EJ Oldenzaal
The Netherlands
The service provider receives the above-mentioned data for this purpose as a processor.
Internally, the responsible specialised department receives your data.
d)How long will the data be stored?
We delete the personal data that we receive via the appointment booking software as soon as it is no longer required for the purpose for which it was collected.
e) Notes on appointment bookings
Appointments can only be made by the person named in the reservation or an authorised representative on behalf of this person. The name of the person making the reservation cannot be changed at a later date. The transfer of an appointment to a third person is not permitted.
The date of birth serves as the verification date for collecting the local ticket number for the planned appointment.
10.3 Analytics (analysis tools)
a) What data is processed for what purpose?
We process personal data of website visitors to analyse user behaviour. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to improve the user-friendliness of our website. By means of the analysis tools used, for example, our website visitors could be recognised the next time they visit our website and their click/scroll behaviour, their downloads measured, page views recognised, the duration of the visit or the bounce rates measured, and the origin of the website visitors (city administration, country, which page the visitor comes from) could be traced. With the help of the analysis tools, our market research activities can be improved and thus offer you sustainable administrative services.
b) What is the legal basis for processing this data?
The processing of the data is based on the legal basis of consent (Article 6(1)(a) GDPR). As a website visitor, you have consented to the processing of your personal data with your voluntary, explicit and prior consent. Without separate consent, the personal data will not be processed by us in the manner described above, provided that there is no other legal basis within the meaning of Article 6 (1) GDPR on which we base the processing. We will proceed in the same way if you withdraw your consent. This will not affect the lawfulness of the processing carried out until you withdraw your consent.
c) Are there other recipients of the personal data in addition to the controller?
The recipient(s) depends on the service used. The services we use in the context of the analysis are described below.
d) How long is the data stored?
The information obtained as part of the analysis is deleted as soon as the purpose has been achieved and there is no need for further processing. You must contact the respective third-party service provider to find out how they handle your data.
10.3.1 Matomo
a) What data is processed for what purpose?
We use the open source software Matomo to analyse and statistically evaluate the use of the website. Cookies are used for this purpose. The information generated by the cookie about website usage is transmitted to our servers and summarised in pseudonymous usage profiles. The information is used to analyse the use of the website and to enable a needs-based design of our website. The information is not passed on to third parties. Under no circumstances is the IP address associated with other data relating to the user. The IP addresses are anonymised so that they cannot be assigned (IP masking).
b) What is the legal basis for processing this data?
The legal basis for the temporary storage of data is § 3 para. 1 DSG NRW i.V.m. Article 6(1)(a), (e) EU GDPR.
c) Are there other recipients of the personal data in addition to the controller?
The provider of the service is InnoCraft Ltd, 150 Willis St, 6011 Wellington,
New Zealand. Information is not passed on to third parties through the use of Matamo, as this service is hosted locally.
d) How long is the data stored?
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Furthermore, it is up to you as the user to delete your cookies if necessary. If you delete your cookies, this means that the opt-out cookie will also be deleted and you may have to deactivate Matomo again.
e) Notes on cookies
The service uses the following cookies on our website
Name: _pk_id.1.164d
Storage duration: 393 days
Type: 1st party
Purpose: This cookie is used to store a unique visitor ID.
10.4 Google services
We use Google services on our website. These services are integrated in compliance with data protection regulations (iFrame and two-click solution). As a visitor, you have the option of proactively activating the services when using the website. If you activate the service, personal data, usually your IP address, will also be processed by Google. We explain below which Google services we have embedded in our website.
10.4.1 Third-party providers: Google Translate
a) What data is processed for what purpose?
We use the Google Translate service on our website with the aim and purpose of having texts provided by us on our website machine-translated by Google into a language of your choice. When the translation function is activated, personal data is processed. The following data is processed by Google
- IP address
- Location of the access
- Data from the accessed device
- Visit duration/time
- Diagnostic data
Please note: If you use the translation function with a logged-in Google user account, unique identifiers will be assigned to your user account and processed.
b) What is the legal basis for processing this data?
The legal basis for the temporary storage of the data is § 3 para. 1 DSG NRW i.V.m. Art. 6 para. 1 letter a GDPR in accordance with your consent as soon as you activate the service.
c) Are there other recipients of the personal data in addition to the controller?
The data collected is processed exclusively by Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland. The use of the service may result in data being transferred to a third country (USA).
d) How long is the data stored?
General information on data protection can be found here: https: //policies.google.com/privacy. Information on the deletion of these services can also be found here.
10.5 E-payment (external payment service providers)
a) What data is processed for what purpose?
We, the city administration of Bocholt, use an online payment service to enable you to make online payments as part of our administrative processes and services. The service is accessed via an external link, but we are already informing you here about data protection when handling your personal data.
You have the option of paying contributions, fees, entrance fees, taxes, fines, etc. via the administrative processes we have set up in connection with the associated charges.
We collect personal data from you in two different ways as part of the e-payment process:
1. when you visit the website of our online payment service, we collect personal data via log data (further information in section two of this privacy policy).
2. personal data is collected when using the selected online payment process. The data - accounting data records - are processed automatically in our financial accounting system. All information corresponding to your payment transaction is affected.
The aforementioned data is processed by us for the following purposes:
- Processing of administrative transactions involving a payment
- The data collection serves to forward the data to a payment service provider, which carries out the actual payment process with the user. As a rule, the following data is processed here: Application, surname, first name, administrative procedure used for the booking record and its URL and one or more monetary amounts. Other data recorded in the calling application/procedure may also be processed (e.g. vehicle registration number in the case of administrative offences).
b) What is the legal basis for processing this data?
The legal basis for the temporary processing of the data is Section 3 (1) DSG NRW in conjunction with Art. 6 (1) (a) GDPR. Art. 6 (1) (a) and (e) GDPR and your selected payment method.
c) Are there other recipients of the personal data in addition to the controller?
In the case of electronic payments, Bocholt City Council uses a service provider (processor for the software) and other payment service providers. The categories of recipients only receive the information for which they are responsible. The following categories of recipients are affected
- Zweckverband KAAW as contractual partner
- GovConnect GmbH as software manufacturer (payment platform)
- ITEBO GmbH as hosting provider
- Payment service providers as the party responsible for carrying out the payment process such as
- PayPal
- Paydirekt
- Sofortüberweisung
- credit card payment
- direct debit
- Giropay
- Please note: Please note the data protection provisions of the service provider you have selected.
d)How long will the data be stored?
We store the data relating to the payment transaction in connection with the associated administrative processes and the applicable retention obligations. These are ten years.
e) Notes on the selection of your online payment service
By using the respective online payment service, you, as the user, are subject to its contractual terms and conditions. Bocholt City Council has no influence on these contractual conditions. Once data has been entered and "sent" to the payment service provider by mouse click, it can no longer be cancelled or deleted by the service provider. Once the data has been processed by the connected payment service provider, the data is retained and stored by the service provider for statistical purposes. It is then automatically deleted. In addition, the data is created, stored and transmitted for the creation and transmission of accounting records for the city administration of Bocholt. They are stored there for at least ten years. It is not possible to delete the data from the financial systems. The data may be transferred to foreign servers if the selected payment service provider operates the servers abroad. The service provider has no possibility of influencing this.
All connections are SSL/TLS encrypted. This ensures that all data is transmitted securely between the parties involved according to the current state of the art. However, the actual level of encryption also depends on the web browser used.
11. social networks
The City of Bocholt only refers to your presence on social media such as Facebook, X (most recently: Twitter), WhatsApp, YouTube etc. via links. You can recognise the link by the respective logo of the social network.
The purpose of our profiles on social media platforms is to increase our internet presence and the associated greater awareness as well as the provision of (press) information. Therefore, the legal basis is legitimate interest pursuant to Art. 6 para. 1 lit. e GDPR. Furthermore, with regard to the processing activities by the social networks, please refer to their own legal bases (e.g. consent pursuant to Art. 6 para. 1 lit. a GDPR), which you can find in the respective privacy policy.
No so-called social media plugins are used by the city of Bocholt on its website. External pages of the social networks are only accessed by actively using the links. If you do not want social networks to assign data collected via our website to your user account, you must log out of the social network before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information of the respective provider.
What does it mean for you as a user when you connect with us via social networks? When you visit our profiles, your IP address and other information about the devices you use are processed, which enables IP addresses to be assigned to individual users. We have no influence on this data processing. We would like to point out that you use our profiles on social networks and their functions on your own responsibility. Details on data processing can be found in the operator's privacy policy.
At this point, we would like to point out once again that you use the services we offer and their functions on your own responsibility. This applies in particular to interactive functions such as sharing, rating, commenting, etc.
Additional information on the social networks
We have a profile (channel) on WhatsApp. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Detailed information on the handling of personal data can be found in the following WhatsApp privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea?lang=de
Meta Platform also transfers and processes data in the USA. There is currently no adequate level of protection for data transfers to the USA. For this reason, there are risks when processing the data. Meta Platform uses standard contractual clauses and is part of the Data Privacy Framework, whereby Meta Platform undertakes to ensure an adequate level of data protection.
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.
Meta Platform also transfers and processes data in the USA. There is currently no adequate level of protection for data transfers to the USA. For this reason, there are risks associated with the processing of data. Meta Platform uses standard contractual clauses and is part of the Data Privacy Framework, whereby Meta Platform undertakes to ensure an adequate level of data protection.
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Detailed information on the handling of personal data can be found in Instagram's privacy policy at https://help.instagram.com/519522125107875.
Meta Platform also transfers and processes data in the USA. There is currently no adequate level of protection for data transfers to the USA. For this reason, there are risks associated with the processing of data. Meta Platform uses standard contractual clauses and is part of the Data Privacy Framework, whereby Meta Platform undertakes to ensure an adequate level of data protection.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
You can find detailed information on the handling of personal data in the following YouTube privacy policy: https://policies.google.com/privacy?hl=de.
Google also transfers and processes data in the USA. There is currently no adequate level of protection for data transfers to the USA. For this reason, there are risks associated with the processing of data. Google uses standard contractual clauses and is part of the Data Privacy Framework, whereby Google undertakes to ensure an adequate level of data protection.
3. information obligations for data processing in the context of the use of administrative services
Administrative service A-Z | Data protection notice pursuant to Articles 12 to 14 of the EU General Data Protection Regulation (EU-DSGVO) |
---|---|
Job applications | Data protection notice for job applications |
Housing benefit application | Data protection notice for housing benefit applications |
Aliens law | Data protection information in connection with the submission of a declaration of commitment |