As of March 2022
I. Name and address of the person responsible
The person who holds responsibility, as defined by the General Data Protection Regulation, the Federal Data Protection Act, the Rhineland-Palatinate State Data Protection Act, and other applicable data protection laws, is the
Ministry of Labor, Social Affairs, Transformation and Digitization of the State of Rhineland-Palatinate
Bauhofstraße 9
55116 Mainz
Phone: 06131-160
Fax: 06131-16 3595
E-Mail: poststelle@mastd.rlp.de
II. Name and address of the Data Protection Officer
The data protection officer of the controller is:
Friedrich Riester
Ministry of Labor, Social Affairs, Transformation and Digitization of the State of Rhineland-Palatinate
Bauhofstraße 9
55116 Mainz
Phone: 06131-16-2396
E-Mail: datenschutz@mastd.rlp.de
This Internet offer is technically operated by the Landesbetrieb für Daten und Information (LDI) as a service provider. The processing of usage data there is carried out on our behalf and according to our specifications in accordance with Art. 28 GDPR. The editorial responsibility lies with the Ministry of Social Affairs, Labor, Health and Demography.
III. Handling of your data
1. Scope of the processing of personal data
According to Art. 4 GDPR, all information relating to an identified or identifiable natural person. An individual who can be identified, either directly or indirectly, by being associated with an identifier such as a name, identification number, location data, online identifier, or personal characteristics that reveal their physical, physiological, genetic, mental, economic, cultural, or social identity is considered an identifiable natural person.
In principle, we process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain consent in advance for factual reasons and the processing of the data is permitted by legal regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Par. 1 Sentence 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the Ministry is subject, Art. 6 Par. 1 Sentence 1 lit. c i. v. m. Art. 6 Par. 3 Satz 1 lit. b DSGVO i. v. m. § 3 LDSG as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Par. 1 Sentence 1 lit. d DSGVO as the legal basis.
If processing of personal data is required for the Ministry to perform a task that serves the public interest or falls under the scope of official authority, as outlined in Art. 6 Par. 3 Satz 1 lit. b DSGVO i. v. m. § 3 LDSG as the legal basis for the processing.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. If the European or national legislator has included provisions in EU regulations, laws, or other regulations that apply to the responsible party, storage may also occur. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires.
IV. Provision of the data information portal and creation of log files
1. Description and scope of data processing
Whenever our website is accessed, our system automatically gathers data and information from the computer system of the device used to access it.
We do not collect data and information about the user's operating system, browser type, or version used. The data is not stored together with other personal data of the user.
2. Legal basis
The legal basis for the temporary storage of the data and the log files is Art. 6 Par. 3 lit. DSGVO i.v.m. § 3 LDSG.
3. Purpose of the processing
In order for the website to be delivered to the user's computer, it is necessary for the system to temporarily store the IP address. The direct, automated anonymization of the IP address takes place at the time of data collection.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
5. Possibility of objection and removal
The collection of data for the provision of the website is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
6. Public area
The data information portal provides a chance for interested citizens, to stay informed about the advancement of broadband expansion.
7. Registration - Access to the password-protected area
A one-time registration is required to use the data information portal.
For the registration it is necessary to provide your e-mail address, your user name and a password. Once the relevant information has been provided, an email will be generated automatically and sent to the platform administrator, who can then assign the appropriate role to the individual in question. After that, the registration is completed. After registration, various functions are available to you.
In the event that you are currently signed in to the password-protected section, a log file will be generated which records your username and the most recent subpage that was accessed within the password-protected area. The purpose of this log file is to aid our support team in providing assistance with the usage of the data information portal if required. The log files are anonymized after a period of seven days, making it impossible to draw any conclusions about the identity of the user. In particular, we only store the IP addresses in an abbreviated, anonymized form. The legal basis is Art. 6 Par. 1 P. 1 lit. e DSGVO.
V. General use of cookies
When the website is visited and used, different cookies are set. Cookies are text files that are created by a website and saved on a user's web browser. They hold information that can identify the user when they revisit the website, allowing the website to remember the user's preferences and login information for a more personalized experience. Cookies cannot run programs or transmit viruses to your computer. The primary purpose of the cookies we use is to enhance the user experience and make the service as efficient and user-friendly as possible.
The data information portal uses cookies in particular
- for load distribution;
- to save login data;
- to save contents of form fields;
- to note that you have been shown information placed on our website so that it will not be displayed again the next time you visit the website.
Cookies are utilized to enhance the convenience and personalized experience of utilizing the website. The processing of the cookies is based on either obtaining the user's consent or fulfilling a legitimate interest. In this respect, the legal basis is Art. 6 Par. 1 P. 1 lit. a or f DSGVO.
The country platform sets the cookies listed below
SessionID cookie: Purpose: Stores information that links online activities to a specific browser session, and expires after 14 days.
CSRF Token Cookie: Purpose: Provides protection against cross-website request forgery (CSRF), and expires after 14 days.
Viewed Cookie Policy: Purpose: Records the user's consent to the use of cookies, and remains valid for one year.
JSessionID cookie: Purpose: Facilitates secure communication between the client and web server using HTTP protocols, and expires after the browser is closed.
VI. Links to other websites and online offers
The websites and online offers of other providers not affiliated with the MASTD may be linked to the data information portal. Once these links are clicked, MASTD no longer has any control over what data is collected by the linked providers, or how it is used. For more detailed information on how data is collected and used, please refer to the privacy policy of the respective provider. As the collection and processing of data by third parties is beyond the control of MASTD, we cannot be held responsible for it.
VII. Transfer of data
In principle, the collected data will only be passed on if:
- the user has given his express consent in accordance with Art. Art. 6 Par. 1 P. 1 lit. a DSGVO has issued,
- the transfer according to Art. 6 Par. 1 P. 1 lit. If processing personal data is required under the DSGVO for the purpose of asserting, exercising, or defending legal claims, and there is no reasonable grounds to believe that the data subject's legitimate interests override the processing, then such data may be disclosed.
- the MASTD according to Art. 6 Par. 1 P. 1 lit. DSGVO is legally obliged to pass on,
- this is for the performance of public tasks in accordance with Art. 6 Par. 1 P. 1 lit. DSGVO is required or
- this is permitted by law and in accordance with Art. 6 Par. 1 P. 1 lit. If processing personal data is necessary for the performance of contractual relationships with the user or for the implementation of pre-contractual measures, which are carried out at the request of the user, then such data may be processed in accordance with the provisions of the DSGVO.
Some of the data processing described in this Privacy Policy may be carried out by our service providers. Aside from the service providers mentioned in the imprint, this also includes data centers that store our website and databases, as well as IT service providers that maintain our systems. If data is passed on to service providers, they may use the data exclusively for the performance of their tasks. The service providers were carefully selected and commissioned. MASTD's service providers have a contractual obligation to comply with MASTD's instructions, implement suitable technical and organizational measures to protect data subjects' rights, guarantee sufficient data protection, and are closely monitored by MASTD.
Furthermore, data may be disclosed in connection with official inquiries, court orders, and legal proceedings if such disclosure is necessary for the prosecution or enforcement of the law.
VIII. Rights of the data subject
If your personal data is processed, you are the data subject in the sense of the DSGVO and you have the following rights towards the person responsible:
1. Right to information
You can request confirmation from the person responsible as to whether personal data concerning you will be processed by us.
If such processing exists, you can request information from the person responsible about the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, in accordance with Art. 22 Par. 1 and 4 GDPR and – at least in these cases - meaningful information about the logic involved as well as the scope and the intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is being transferred to a third country or an international organization. In this context, you have the right to be informed about the appropriate safeguards under Art. 46 GDPR in case of a transfer of your personal data to a third country or an international organization.
2. Right to rectification
You have a right to rectification and/or completion to the person responsible, provided that the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
3. Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of personal data concerning you:
(1) if you dispute the accuracy of the personal data concerning you:
for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) if the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
(4) if you object to the processing in accordance with Art. 21 Par. 1 DSGVO and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been limited, it can only be processed, except for storage, with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If the restriction of processing was imposed in accordance with the above. If the conditions are restricted, you will be informed by the person responsible before the restriction is lifted.
4. Right to erasure
a) Obligation to delete
You can request from the controller that the personal data concerning you be deleted immediately, and the controller is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing is based in accordance with Art. Art. 6 Par. 1 Sentence 1 lit. a or Art. 9 Par. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) You submit in accordance with Art. Art. 21 Par. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. Art. 21 Par. 2 GDPR, you have the right to object to the processing.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
(6) The personal data concerning you have been collected in relation to
Information society services pursuant to Art. 8 Par. 1 DSGVO.
b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 Par. 1 DSGVO, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data from you.
c) Exceptions
The right to erasure and the obligations just described under 4. b) do not exist to the extent that processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) in order to fulfil a legal obligation that requires processing under the law of the Union or the Member States to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority, the
has been transferred to the person responsible;
(3) for reasons of public interest in the field of public health in accordance with Art. 9 Par. 2 lit. h and i, as well as Art. 9 Par. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. Art. 89 Par. 1 DSGVO, insofar as the right referred to in section a) is expected to achieve the objectives of this processing
makes it impossible or seriously impairs it, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have exercised your right to rectify, erase, or limit the processing of your personal data with the controller, the controller is required under Art. 19 of the GDPR to take appropriate measures, including technical measures, taking into account available technology and the cost of implementation, to inform all recipients to whom the personal data concerning you has been disclosed of the rectification or erasure of the data or the restriction of processing, unless this is impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6. Right to data portability
You have the right to obtain from the controller, in a structured, commonly used and machine-readable format, the personal data concerning you that you have provided to the controller. Furthermore, you have the right to transfer this personal data to another controller, without obstruction from the controller who provided the data, provided that:
(1) the processing is based on a consent pursuant to Art. 6 Par. 1 Sentence 1 lit. DSGVO or Art. 9 Par. 2 lit. DSGVO or on a contract pursuant to Art. Art. 6 Par. 1 Sentence 1 lit. DSGVO is based and
(2) the processing is carried out using automated procedures.
If you exercise this right, you also have the right to have your personal data transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.
You cannot exercise the right to data portability if the processing of personal data is necessary for performing a task carried out in the public interest or exercising official authority vested in the controller.
7. Right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 Par. 3 Satz 1 lit. DSGVO i.v.m. § 3 LDSG; this also applies to profiling based on these provisions.
The controller must cease processing your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing is necessary for the establishment, exercise, or defense of legal claims.
You have the right to object, without being subject to automated decision-making, to the processing of your personal data for profiling purposes or direct marketing. This right applies regardless of Directive 2002/58/EC and can be exercised through automated means using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision-making in individual cases, including profiling
You have the right to object to being subject to a decision that is based solely on automated processing, including profiling, and that has a legal effect on you or significantly affects you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is permissible on the basis of Union or Member State legislation to which the controller is subject, and such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Par. 1 DSGVO, unless Art. 9 Par. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
The controller shall take appropriate measures to protect your rights, freedoms and legitimate interests, including, at a minimum, your right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision, in cases mentioned in (1) and (3).
10. Right to lodge a complaint with a supervisory authority
You have the right to file a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, especially in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority responsible for handling the complaint must inform you about the progress and outcome of the complaint, including the option of seeking a judicial remedy under Art. 78 GDPR.