Skip to content

Data Privacy

Contact Information

The entity responsible for data protection under the General Data Protection Regulation (GDPR) is:

Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH Suttner-Nobel-Allee 4, 44803 Bochum hallo@zendis.de

You can also address any questions regarding data protection directly to our data protection officer: datenschutz@zendis.de or by mail to the address of the responsible party, for the attention of the data protection officer.

Your General Rights

Below is a summary of your general rights under the GDPR regarding the personal data processed by us. For explanations of legal terms, please refer to the definitions provided in the GDPR (see Article 4). If anything remains unclear, feel free to contact us.

  1. Withdrawal of consent: You may withdraw any consent given for the processing or sharing of your data at any time with future effect (Article 7(3) GDPR).
  2. Right to object: If the legal basis for processing your data is a legitimate interest under Article 6(1)(f) GDPR, you have the right to object to the data processing under Article 21 GDPR. If the data processing involves direct marketing, no explanation for your objection is required. In all other cases, you must provide reasons based on your particular situation that justify your objection.
  3. Correction of Data: If we have stored incorrect information about you, you have the right to request its correction (Article 16 GDPR).
  4. Access to Data: You may request information about the data we process about you (Article 15 GDPR, § 34 BDSG).
  5. Deletion or Restriction: You may request the deletion or restriction of your data, provided that no overriding retention obligations prevent this (Articles 17 and 18 GDPR, § 35 BDSG).
  6. Data Portability: You may request that we provide the data you have supplied to us in a machine-readable format for transfer to third parties (Article 20 GDPR).
  7. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, such as the Federal Commissioner for Data Protection and Freedom of Information, regarding any data protection issues related to us.

General Information on Data Processing

All processing of personal data requires a legal basis permitting such processing. The legal basis primarily depends on the purpose of the data processing. The lawfulness of a legal basis is generally determined by the specific scope of the data processing and the measures we implement to protect your data.

The legal bases for data processing are derived from Article 6(1) GDPR and, for particularly sensitive data such as health data, Article 9(2) GDPR. These provisions primarily cite the preparation or fulfillment of contractual, legal, or societal obligations as the main legal grounds for data processing. Additionally, many data processing activities are based on our legitimate interest, provided that the interests of the data subjects do not outweigh ours in the specific circumstances. When one of the aforementioned legal bases applies, no further consent from you is required for the processing.

Furthermore, data processing may occur based on your consent (Article 7 GDPR) or, for individuals under 16 years of age using information society services (e.g., websites, online games, social media platforms), with the consent of a parent or guardian (Article 8 GDPR).

In some cases, our obligation to obtain your consent arises not only or not exclusively from the GDPR but also from the Telecommunications Telemedia Data Protection Act (TDDDG) or the Unfair Competition Act (UWG). We have taken the obligations under these laws into account without explicitly mentioning them below.

If data is transferred to a country outside the European Economic Area (EEA), we ensure that data protection is safeguarded in accordance with Articles 44–49 GDPR. Such a transfer to a country outside the EEA is referred to as a "third-country transfer" in data protection law.

General Notice on Cookies

Cookies are text entries stored by your browser on your device when you visit a website. A cookie can store various types of information. In some cases, a cookie only stores a simple "yes" or "no" (e.g., "true" or "false") or a country code like "de" for the German language. Other times, it stores a string of characters enabling the unique identification of the browser upon revisiting the website (a so-called Cookie ID).

The right to set cookies is not determined solely by the GDPR but primarily by § 25 of the Telecommunications Telemedia Data Protection Act (TDDDG). This regulation distinguishes between cookies that are strictly necessary for the operation of an online offering (essential cookies) and those that are not. Essential cookies may be set without consent, whereas non-essential cookies always require consent—even if such consent is not required under the GDPR.

Before we store non-essential cookies on your device, we will ask for your consent in accordance with § 25 TDDDG. The purpose of each cookie and its legal basis under the GDPR are explained in the following descriptions of specific data processing activities.

You have several options to prevent the acceptance of cookies on your device:

  1. Consent manager: When visiting one of our websites, you can decide through our consent manager which cookies to allow or reject. In some cases, you can only opt for general acceptance or rejection of all cookies or groups of cookies.
  2. Browser Settings: You can configure your browser to never accept cookies. However, this may result in the loss of certain functionalities that rely on cookies, even those that do not require consent.
  3. Private Mode: You can access websites in your browser’s private mode. This mode blocks the storage of cookies in your browser or automatically deletes all cookies at the end of the session.
  4. Advanced Settings: Some browsers or browser plug-ins allow you to set more specific preferences regarding which cookies to accept by default and which to block.