Privacy information

Below, we, the district of Görlitz (Görlitz District Office, Bahnhofstraße 24, Görlitz) (hereinafter: Görlitz District), would like to inform you comprehensively and in detail about how we protect your privacy and how personal data is processed when you visit our homepage for the Digital District of Görlitz.

The controller responsible for data processing within the meaning of Article 4 No. 7 GDPR is:

Görlitz District Office,
Bahnhofstraße 24, 02826 Görlitz, Germany.
Telephone: +49 3581 663-0
, Email: info@kreis-gr.de,
Website: www.kreis-goerlitz.de

The controller has appointed a data protection officer:

Görlitz District Office,
Bahnhofstraße 24, 02826 Görlitz, Germany
, Email: datenschutz@kreis-gr.de

Supervisory authority:

The Saxon Data Protection and Transparency Commissioner,
Devrientstraße 5, 01067 Dresden,
Postal address:
Postfach 110132, 01330 Dresden.

The definitions and terms used are based on Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or "GDPR") and the Saxon Data Implementation Act ("SächsDSDG"). In particular, the definitions in Articles 4 and 9 of the GDPR apply.

1. Scope of processing personal data

We generally only collect and use personal data of users of our website to the extent necessary for the provision and operation of our web or online services, or if another legal basis permits the collection and/or use of personal data for other purposes.

2. Legal basis

Insofar as personal data is processed on the basis of the consent of the data subject, Article 6 paragraph 1 letter a GDPR is the legal basis for the processing.

If personal data is processed to fulfill a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR. If processing personal data is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6(1)(d) GDPR.

If processing is carried out to protect a legitimate interest of the district or a third party and the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, Article 6 paragraph 1 letter f GDPR is the legal basis for the processing.

If personal data is processed within the framework of a so-called change of purpose, i.e., the data is to be used for purposes other than those for which it was originally collected, Article 6 Paragraph 4 GDPR is the legal basis.

In the case of processing special categories of personal data within the meaning of Article 9 GDPR, the legal basis for processing is the explicit consent of the data subject pursuant to Article 9(2)(a) in conjunction with Article 6(1)(a) GDPR and/or a legal basis for processing pursuant to Article 9(2)(b) GDPR.

3. Potential recipients of personal data

To provide our deliveries and services (including web and/or online offerings), we sometimes use third-party service providers who may act on our behalf and according to our instructions (data processors). These service providers may receive or come into contact with personal data in the course of providing their services and are therefore considered third parties or recipients within the meaning of the GDPR.

In such a case, we ensure that our service providers take sufficient security measures, that appropriate technical and organizational measures are in place, and that processing is carried out in a manner that complies with the requirements of this Regulation and guarantees the protection of the rights of the data subject (see Art. 28 GDPR).

Insofar as personal data is transferred to third parties and/or recipients outside of commissioned data processing, we ensure that this is done exclusively in accordance with the requirements of the GDPR and only if there is a corresponding legal basis (e.g. Art. 6 para. 4 GDPR, see also section 2).

4. Processing of data in so-called third countries

Your personal data is generally processed within the EU or the European Economic Area (“EEA”).

Only in exceptional cases (e.g., in connection with the engagement of service providers for web analytics services) may information be transferred to so-called "third countries." "Third countries" are countries outside the European Union and/or the Agreement on the European Economic Area where an adequate level of data protection equivalent to EU standards cannot be automatically assumed.

If the transmitted information also includes personal data, we ensure, prior to such transmission, that an adequate level of data protection is guaranteed in the respective third country or by the respective recipient in that third country. This can result, for example, from an "adequacy decision" of the European Commission, through the use of the so-called "EU Standard Contractual Clauses," or through other measures within the meaning of Articles 44 et seq. GDPR. Processing outside the EEA may also be justified under Article 49 GDPR or take place with consent to such processing pursuant to Article 49(1)(a) GDPR.

5. Data deletion and storage period

Personal data of the data subjects will be deleted as soon as the data is no longer required for the respective processing purposes. Instead of deletion, storage with restriction of processing may occur if this is provided for by European or national legislation in EU regulations, laws, or other provisions to which the district is subject.

The legal basis for this is Article 6(1)(c) or (f) GDPR. The data will be deleted at the latest when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion of a contract or for other purposes (e.g., legitimate interests pursuant to Article 6(1)(f) GDPR).

6. Rights of data subjects

The GDPR grants certain rights to individuals whose personal data is being processed (so-called data subject rights, in particular Articles 12 to 22 GDPR). These individual data subject rights are explained in more detail in Section V). If you wish to exercise one or more of these rights, you can contact us at any time. Please use the contact options provided in Section II.

To provide our websites and online services, we process personal data as follows:

1. Data processing for the provision of websites / Collection of log files

Each time our websites and their online services are accessed, our system automatically collects data and information from the accessing computer or device. The following data is collected (hereinafter referred to as "log data"):

• Information about the browser type and version used

• the user's operating system

• the user's IP address

• Date and time of access

• Websites from which the user's system accessed our website

• Websites accessed by the user's system via our website

• User activity on our website (e.g., click rates, time spent on site) is recorded. The aforementioned log data does not allow for any personal identification of the user. The IP address is truncated by removing its last [XX] digits.

Purpose and legal basis

The collection and processing of log data (in particular the IP address) is carried out for the purpose of providing our websites and online services, including the content provided therein, to the user. Temporary storage of the IP address is necessary for the duration of each communication process. This is required to address the communication traffic between the user and our website and/or online service, or is necessary for using our website and/or online service. The legal basis for this data processing – i.e., for the duration of your website visit/use – is Article 6 Paragraph 1 Letter b GDPR and Section 9 TTDSG (German Telecommunications and Telemedia Data Protection Act).

Beyond the communication process itself, the processing and storage of IP addresses in log files is carried out for the purpose of ensuring the functionality of our web and online services, for the optimization of these services, and for ensuring the security of our IT systems. The legal basis for storing the IP address beyond the communication process for these purposes is Article 6(1)(f) GDPR (legitimate interests) or Section 169 of the German Telecommunications Act (TKG).

Data Deletion and Storage Period:
The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of websites, this is the case when the respective session – the website visit – has ended. Log data, including the IP address, is stored beyond this period for system security purposes for a maximum of seven days from the end of the user's access to the website. Further processing and/or storage of log data is possible if the users' IP addresses are deleted after the aforementioned seven-day storage period or anonymized in such a way that it is no longer possible to associate the log data with an IP address. This is subject to further data processing in the cases listed below (e.g., cookies, etc.).

Right to object and erasure:
The collection of log data for the provision of the website, including its storage in log files within the aforementioned limits, is essential for the operation of the website. Therefore, users have no right to object.

2. Use of cookies

Our website uses cookies. Cookies are text files that are stored in or by the web browser on the user's computer system. Cookies do not contain programs and cannot place any malicious code on your computer. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again. Depending on the specific type of cookie and the possibility of associating a cookie with an IP address, it may be possible to establish a link to the user. We do not make such an association, or we anonymize IP addresses to prevent this.

Basically, a distinction is made between two types of cookies: (i) technically necessary or essential cookies and (ii) cookies that require user consent. We only use:

We use technically necessary or essential cookies

• Information about the device/PC used and its settings

   

Purpose and legal basis:
The purpose of using technically necessary cookies is to simplify website use for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognized even after a page change. We require technically necessary cookies for the following applications:

• Information about the device/PC used and its settings

The user data collected by technically necessary cookies is not used to create user profiles. The use of technically necessary cookies is based on Section 25 Paragraph 2 of the German Telecommunications and Telemedia Data Protection Act (TTDSG). Further data processing is based on Article 6 Paragraph 1 Letter b of the GDPR, insofar as the use of technically necessary cookies is required for the provision of our web and/or online services in accordance with the contract. In all other respects, the processing is based on Article 6 Paragraph 1 Letter f of the GDPR, as the use also serves the legitimate interests of providing web and/or online services and for informational purposes.

• Data deletion and storage period

Cookies are stored on the user's device (smart device/PC) and transmitted from there to our websites. A basic distinction is made between persistent cookies and session cookies. Session cookies are stored for the duration of a browser session and deleted when the browser is closed. Persistent cookies are not deleted when the browser session is closed, but are stored on the user's device for a longer period. We do not use persistent cookies.

3. Evaluation purposes

For statistical analysis purposes only, our website uses log data. This is done exclusively on an anonymous basis; in particular, no link is made to any personally identifiable user data and/or to an IP address or cookie. The IP address is truncated by removing its last [XX] digits. Therefore, this analysis of log data is not subject to the data protection regulations of the GDPR. These truncated IP addresses are stored for 190 days for statistical purposes.

4. Integration of third-party offers on our website

Various third-party online applications (e.g., Amt24, Browsealoud, form server sachsen.de into www.kreis-goerlitz.de . The collection and processing of personal data—insofar as any is collected—takes place on the servers hosting these applications. No data is stored on the www.kreis-görlitz.de . The stored data is used solely to ensure the service associated with the operation of www.kreis-görlitz.de . Otherwise, the provisions of data protection law apply.



The provider of this website uses services from etracker GmbH, Hamburg, Germany ( www.etracker.com etracker consent manager module is used for consent management. The etracker tag manager module allows the integration of script code from other tools. In combination, the etracker tag manager and consent manager enable the control of certain cookies and services with the appropriate consent. Even if you decline statistical cookies, usage data will be collected in accordance with the legal requirements of the EU General Data Protection Regulation (GDPR) and the German Telecommunications and Digital Services Data Protection Act (TDDDG). Data processing is based on the legal provisions of Article 6(1)(f) (legitimate interest) of the GDPR. Our legitimate interest, as defined by the GDPR, is to optimize our online services and to ensure the legally compliant integration and management of other services on our website. If you have given your consent, other technologies will be used based on Article 6(1)(a) of the GDPR. You can withdraw your consent at any time.

The web analytics data generated by etracker is processed and stored by etracker exclusively in Germany on behalf of the provider of this website and is therefore subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and has been awarded the ePrivacyseal . Because the privacy of our visitors is important to us, data that could potentially identify an individual, such as IP addresses, login credentials, or device identifiers, is anonymized or pseudonymized as soon as possible. This data is not used for any other purpose, combined with other data, or shared with third parties.

You can object to the aforementioned data processing at any time by clicking the slider. This objection will have no negative consequences. If no slider is displayed, data collection has already been prevented by other blocking measures.



Further information on data protection at etracker can be found here .

5. Failure to meet deadlines / Failure to comply with formal requirements in administrative procedures through the use of contact forms and email communication

Note: Electronic communication with the Görlitz district administration is solely for non-binding inquiries, information, and advice. It is therefore expressly pointed out that administrative procedures subject to specific formal requirements, such as filing objections, applications for certain benefits, etc., cannot be legally initiated electronically. Should such a procedure be intended, the relevant formal requirements must be met, e.g., by mail or fax.

The district of Görlitz enables access for electronically signed and encrypted messages. Further information can be found under "Guidelines for secure email communication".

Public key S/MIME certificate (*.cer)  S/MIME certificate (*.zip)

For questions regarding the processing of your personal data, for information about other data, or questions regarding the correction, blocking, revocation or deletion of data, please contact us by email at: datenschutz@kreis-gr.de

Under the GDPR, data subjects have the following rights in particular, although these may be subject to restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) and Sections 7, 8, and 9 of the Saxon Data Protection Implementation Act:

1. Right of access (Art. 15 GDPR)

Data subjects have the right to request information about whether or not their personal data is being processed. If we process personal data, you have the right to information about:

• the purposes of processing;

• the categories of personal data (type of data) that are processed;

• the recipients or categories of recipients to whom your data has been or will be disclosed; this applies in particular if data has been or will be disclosed to recipients in third countries outside the scope of the GDPR;

• the planned storage period, if possible; if it is not possible to specify the storage period, the criteria for determining the storage period (e.g. statutory retention periods or similar) must be communicated;

• Your right to rectification and erasure of data concerning you, including the right to restriction of processing and/or the possibility to object (see also the following paragraphs);

• the existence of a right to lodge a complaint with a supervisory authority;

• the origin of the data, if personal data were not collected directly from the data subjects.

You also have the right to information as to whether your personal data is subject to an automated decision within the meaning of Article 22 GDPR and, if so, what decision criteria underlie such an automated decision (logic) and what effects and implications the automated decision may have for you.

If personal data is transferred to a third country outside the scope of the GDPR, you have the right to information as to whether, and if so, on the basis of which safeguards, an adequate level of protection within the meaning of Art. 45, 46 GDPR is ensured at the data recipient in the third country.

You have the right to request a copy of your personal data. We generally provide data copies in electronic form unless you have specified otherwise. The first copy is free of charge; a reasonable fee may be charged for further copies. This provision is subject to the rights and freedoms of other individuals, which may be affected by the transmission of the data copy.

2. Right to rectification (Art. 16 GDPR)

You have the right to request that we correct your data if it is inaccurate, incorrect, and/or incomplete; the right to rectification includes the right to have it completed by providing supplementary statements or information. Any correction and/or completion must be carried out without undue delay.

3. Right to erasure (Art. 17 GDPR)

You have the right to request that we delete your personal data, insofar as

• the personal data are no longer necessary for the purposes for which they were collected and processed;

• The data processing is based on your consent and you have withdrawn your consent, unless there is another legal basis for the data processing;

• You have objected to data processing pursuant to Art. 21 GDPR and there are no overriding legitimate grounds for further processing,

• You have objected to the processing of your data for the purpose of direct marketing pursuant to Art. 21 para. 2 GDPR;

• Your personal data has been processed unlawfully;

• This concerns data relating to a child, collected in relation to information society services pursuant to Article 8(1) GDPR.

• There is no right to have personal data deleted, insofar as

• the right to freedom of expression and information conflicts with the request for deletion;

• the processing of personal data (i) is necessary for compliance with a legal obligation (e.g. statutory retention requirements), (ii) is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the controller or in the exercise of official authority vested in the controller or in the exercise of official authority vested in the controller or in the exercise of official authority vested in the controller (this includes interests in the area of ​​public health), or (iii) is necessary for archiving and/or research purposes;

• the personal data are necessary for the establishment, exercise or defense of legal claims.

The deletion must be carried out immediately – i.e., without culpable delay. If we have made personal data public (e.g., on the internet), we must, within the scope of what is technically possible and reasonable, ensure that third-party data processors are also informed of the deletion request, including the deletion of links, copies, and/or replications.

4. Right to restriction of processing (Art. 18 GDPR)

You have the right to restrict the processing of your personal data in the following cases:

• If you have disputed the accuracy of your personal data, you can request that we not use your data for other purposes and restrict its use for that purpose for the duration of the accuracy check.

• In the case of unlawful data processing, instead of data erasure pursuant to Art. 17 para. 1 lit. d GDPR, you may request the restriction of data use pursuant to Art. 18 GDPR;

• If you require your personal data for the establishment, exercise or defense of legal claims, but your personal data is no longer needed for any other purpose, you can request that we restrict the processing to the aforementioned legal purposes;

• If you have objected to data processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether our interests in processing override your interests, you can request that your data not be used for other purposes and restricted to that extent for the duration of the review.

Personal data whose processing has been restricted at your request may – subject to storage – only be processed (i) with your consent, (ii) for the establishment, exercise or defense of legal claims, (iii) for the protection of the rights of another natural or legal person, or (iv) for reasons of important public interest. Should a restriction on processing be lifted, you will be informed in advance.

5. Right to data portability (Art. 20 GDPR)

Subject to the following provisions, you have the right to request the release of your personal data in a commonly used electronic, machine-readable format. The right to data portability includes the right to transmit the data to another controller; upon request, we will therefore – to the extent technically feasible – transmit the data directly to a controller designated by you or to be designated by you.

The right to data portability applies only to data you have provided and requires that the processing is based on consent or is necessary for the performance of a contract and is carried out using automated means. The right to data portability under Article 20 GDPR does not affect the right to erasure under Article 17 GDPR. Data portability is subject to the rights and freedoms of other individuals whose rights may be affected by the data transfer.

6. Right to object (Art. 21 GDPR)

In the case of processing personal data for the performance of tasks carried out in the public interest (Art. 6 para. 1 lit. e GDPR) or for the purposes of legitimate interests (Art. 6 para. 1 lit. f GDPR), you may object to the processing of your personal data at any time with effect for the future. In the event of an objection, we will cease all further processing of your data for the aforementioned purposes, unless

• There are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or

• The processing is necessary for the establishment, exercise or defense of legal claims.

You can object to the use of your data for direct marketing purposes at any time with effect for the future; this also applies to profiling insofar as it is related to direct marketing. In the event of an objection, we will cease all further processing of your data for direct marketing purposes.

7. Prohibition of automated decision-making / profiling (Art. 22 GDPR)

Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data – including profiling. This does not apply insofar as the automated decision

• necessary for the conclusion or performance of a contract with you,

• is permitted under Union or Member State law, provided that such law contains appropriate safeguards for your rights and freedoms and legitimate interests, or

• This is done with your explicit consent.

Decisions based solely on automated processing of special categories of personal data are generally inadmissible, unless Article 22(4) in conjunction with Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and legitimate interests.

8. Legal remedies / Right to lodge a complaint with a supervisory authority

In case of complaints, you can contact the competent supervisory authority of the Union or the Member States at any time. For the district, the supervisory authority named in section I is responsible.

We reserve the right to amend and/or update this privacy policy from time to time. We will inform you of any significant changes that affect the use of your personal data. The current version can be found on our website under the "Privacy" link.