Privacy policy

1. General information

We are very pleased with your interest in our project. Data protection is of particular importance to Moving Cities, a project of the association United4Rescue - Gemeinsam Retten e.V. Using the Moving Cities website is generally possible without providing any personal data. This privacy policy informs you about the processing of your personal data (hereinafter referred to as "data") in connection with the use of the Moving Cities website and the functionalities provided through it. However, if a data subject wishes to make use of special services of our project through our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain the consent of the data subject. Regarding the terms used, such as "processing" or "controller," we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

We collect your data if you have given us your consent, if the collection is necessary to process your request (e.g., when you subscribe to the newsletter), if we are legally obliged to do so, if we have a legitimate interest (e.g., to improve our offerings), or if it is necessary to protect vital interests of the data subject or another natural person. This is legally established in Art. 6, paragraph 1 of the GDPR.

In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. The processing of personal data, such as the name, address, or email address of a data subject, is always carried out in accordance with the GDPR and in compliance with applicable national data protection regulations for Moving Cities. With this privacy policy, our team aims to inform the general public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 paragraph 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and perform contractual measures, as well as to respond to inquiries, is Art. 6 paragraph 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 paragraph 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 paragraph 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 paragraph 1 lit. d GDPR serves as the legal basis.

As the controller, Moving Cities has implemented numerous technical and organizational measures to ensure the highest possible protection of personal data processed through this website. However, internet-based data transmissions may generally have security gaps, so absolute protection cannot be guaranteed. Therefore, it is at the discretion of the data subject to transmit personal data to us through alternative means, such as by telephone.

2. Name and Address of the Data Controller

The website is operated by Moving Cities, a project of the association United4Rescue - Gemeinsam Retten e.V. ("Moving Cities"). Moving Cities is responsible for the processing of your personal data within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other provisions of a data protection nature.

You can contact Moving Cities either in writing or by email:

Moving Cities Lichtenrader Str. 41 12049 Berlin Germany Email: info@moving-cities.eu

3. Collection of General Data and Information

When you visit the Moving Cities website, we collect only the data that your browser transmits to our server (so-called server log files). This general data and information is stored in the server's log files. The following data is technically necessary for us to display the website to you:

  • The types and versions of the browser used,

  • The operating system used by the accessing system,

  • The website from which the accessing system came to our website (so-called referrer),

  • The subpages accessed on our website by the accessing system,

  • The date and time of access to the website,

  • An Internet protocol address (IP address),

  • The Internet service provider of the accessing system,

  • Other similar data and information used for security purposes in the event of attacks on our information technology systems.

Processing is carried out in accordance with Art. 6 paragraph 1 sentence 1 lit. b) GDPR based on your use of our website and our interest in improving the stability and functionality of our website according to Art. 6 paragraph 1 sentence 1 lit. f) GDPR.

We process your data to provide you with a functional website, store the data for the duration that Moving Cities has set for this purpose, and delete your data afterward.

When using this general data and information, Moving Cities does not draw conclusions about the data subject. Instead, this information is needed to:

  • Correctly deliver the content of our website,

  • Optimize the content and advertising of our website,

  • Ensure the permanent functionality of our information technology systems and the technology of our website,

  • Provide law enforcement authorities with the necessary information in the event of a cyber attack.

These anonymized data and information are statistically analyzed by Moving Cities and further evaluated with the aim of improving data protection and data security within our project to ultimately ensure an optimal level of protection for the personal data we process. The anonymized server log file data is stored separately from all personal data provided by a data subject.

Only employees of Moving Cities who are responsible for managing the website or those entrusted with analyzing the transmitted data have access to your personal data.

If, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this will only be done based on a legal permission (e.g., when transmission of data to third parties, such as payment service providers, is required for contract fulfillment according to Art. 6 paragraph 1 lit. b GDPR), if you have consented, if there is a legal obligation, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the course of utilizing third-party services or disclosing or transmitting data to third parties, this will only be done if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual permissions, we will only process or have data processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means the processing occurs, for example, based on specific guarantees, such as the officially recognized determination of an adequate level of data protection (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called "Standard Contractual Clauses").

4. Subscription to Our Newsletter

On the Moving Cities website, users are given the opportunity to subscribe to our project’s newsletter. The personal data transmitted to the data controller when subscribing to the newsletter is determined by the input mask used for this purpose.

Moving Cities regularly informs its customers and business partners about the project’s offers via a newsletter. The newsletter can generally only be received by the data subject if they have a valid email address and have registered for the newsletter. A confirmation email is sent to the email address initially provided by the data subject for newsletter subscription, following the double opt-in procedure. This confirmation email serves to verify whether the holder of the email address, as the data subject, has authorized the receipt of the newsletter.

When subscribing to the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace any potential misuse of a data subject's email address at a later point in time and thus serves to legally protect the data controller.

The personal data collected during newsletter registration is solely used for sending our newsletter. Furthermore, subscribers may be informed by email if this is necessary for the operation of the newsletter service or in the event of registration-related changes, such as changes to the newsletter offer or technical changes. No personal data collected in connection with the newsletter service will be shared with third parties. The subscription to our newsletter can be canceled by the data subject at any time. Consent to the storage of personal data given by the data subject for newsletter dispatch can be revoked at any time. To revoke consent, a corresponding link is included in every newsletter. Furthermore, there is also the option to unsubscribe directly on the website of the data controller or inform the data controller in another way.

4.1. Newsletter Tracking

The newsletters contain a so-called "web beacon." This is a pixel-sized file that is retrieved from the server of our mailing service provider when the newsletter is opened.

Some information is collected and stored in order to better understand the reading behavior of the recipients and to improve our newsletter. This includes, among other things, information about the browser and system, as well as the time of retrieval. Additionally, we can determine the following: During this retrieval, technical information, such as details about the browser and system, as well as your IP address and the time of retrieval, is collected. This information is used to technically improve the services based on technical data or to better understand the target audience and their reading behavior based on the locations from which the newsletter is accessed (which can be determined using the IP address) or the access times.

The statistical data also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information may be assigned to individual newsletter recipients. However, neither we nor the mailing service provider aim to track individual users. The evaluations are primarily used to recognize the reading habits of our users and to adjust our content accordingly, or to send different content based on the interests of our users.

This personal data will not be shared with third parties. Affected individuals have the right to withdraw their separate consent, which was given via the Double Opt-In procedure. After a withdrawal, this personal data will be deleted by the data controller. Unsubscribing from the newsletter is automatically interpreted by Moving Cities as a withdrawal.

4.2 Use of Brevo

We send our newsletter only with the consent of the recipients or based on a legal permission. Our newsletters contain information about the work of Moving Cities.

The newsletters are sent using "Brevo." Brevo Email (Sendinblue GmbH) is a service provided by Sendinblue GmbH for managing email addresses and sending messages. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

We have entered into a data processing agreement (DPA) for the use of the aforementioned service.This is a data protection contract that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Brevo is a service used to organize and analyze the sending of newsletters. The email addresses of our newsletter recipients, as well as other data entered for the purpose of receiving the newsletter, are stored on the servers of Sendinblue GmbH in Germany. Brevo uses this information to send and analyze the newsletters on our behalf. Furthermore, Brevo may use this data for its own purposes, such as optimizing the sending and display of newsletters or for economic purposes, to determine the countries of origin of the recipients. However, Brevo does not use the data of our newsletter recipients to contact them directly or to share it with third parties.

The data processing is based on your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. The lawfulness of the processing that has taken place before the withdrawal remains unaffected.

The data you provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter. After you unsubscribe from the newsletter, your data will be deleted from the newsletter distribution list. Data that has been stored for other purposes will not be affected.

After unsubscribing from the newsletter distribution list, your email address may be stored by us or the newsletter service provider on a "blacklist" to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and ours in ensuring compliance with legal requirements for sending newsletters (legitimate interest according to Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

For more details, you can review Brevo's privacy policy here: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

5. Data Protection in Applications and the Application Process

The data controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case when an applicant submits their application documents electronically, for example, via email or through a web form on the website of the data controller. If the data controller enters into an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two months after the rejection decision is communicated, unless there are other legitimate interests of the data controller that prevent deletion. A legitimate interest in this context might include, for example, a legal obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

6. Social Media

We maintain online presences on social networks and platforms to inform about our work and to communicate with supporters. If you click on a link, such as one leading to Instagram or Twitter, you will be directed to the respective websites of the different providers. The data processing on the respective website is subject to the applicable privacy policy of that provider. Moving Cities has no influence over the data processing carried out on these platforms.

Unless otherwise specified in our privacy policy, we process the data of users when they communicate with us within these social networks and platforms, for example, by writing posts on our online presences or sending us messages.

6. 1 Instagram

The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos and also enabling the redistribution of such data to other social networks.

The operating company of Instagram's services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time a user accesses a page of this website operated by the data controller, where an Instagram component (Instagram button) is integrated, the browser on the affected user's IT system is automatically prompted by the Instagram component to download the display of the relevant Instagram component. As part of this technical procedure, Instagram gains knowledge of which specific page of our website is being visited by the affected person. If the affected person is logged into Instagram at the same time, Instagram recognizes with each visit to our website and during the entire stay on our website which specific page the affected person is visiting. This information is collected by the Instagram component and assigned to the Instagram account of the affected person. If the affected person clicks on one of the Instagram buttons integrated on our website, the transmitted data and information are associated with the personal Instagram user account of the affected person and stored and processed by Instagram.

Instagram always receives information about the visit to our website if the affected person is logged into Instagram at the time of visiting our website, regardless of whether the Instagram component is clicked or not. If the affected person does not want such information to be transmitted to Instagram, they can prevent it by logging out of their Instagram account before accessing our website.

Further information and the applicable privacy policies of Instagram can be found at Instagram's Privacy Policy and Instagram Legal Privacy.

6.2 Twitter/"X"

The data controller has integrated components of Twitter, or "X", on this website. Twitter is a multilingual, publicly accessible microblogging service that allows users to post and share short messages called "tweets," limited to 280 characters. These short messages are accessible to everyone, even those not registered on Twitter. The tweets are also shown to the "followers" of the respective user. Followers are other Twitter users who subscribe to a user's tweets. Moreover, Twitter allows the use of hashtags, links, or retweets to address a wider audience.

The operating company of Twitter is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

Each time a user accesses a page of this website operated by the data controller where a Twitter component (Twitter button) is integrated, the browser on the affected person's IT system is automatically prompted by the Twitter component to download the representation of the corresponding Twitter component. More information about the Twitter buttons is available at Twitter's Resources Page. As part of this technical procedure, Twitter gains knowledge of which specific page of our website is being visited by the affected person. The purpose of integrating the Twitter component is to allow users to share the content of this website, to promote the website in the digital world, and to increase our visitor numbers.

If the affected person is logged into Twitter at the same time, Twitter recognizes with each visit to our website which specific page of our website is being visited. This information is collected by the Twitter component and assigned to the respective Twitter account of the affected person. If the affected person clicks on one of the Twitter buttons integrated on our website, the transmitted data and information are associated with the personal Twitter user account of the affected person and stored and processed by Twitter.

Twitter always receives information about the visit to our website if the affected person is logged into Twitter at the time of visiting our website, regardless of whether the Twitter component is clicked or not. If the affected person does not want such information to be transmitted to Twitter, they can prevent it by logging out of their Twitter account before accessing our website.

The applicable privacy policies of Twitter are available at Twitter Privacy.

7. Data Protection Regulations for the Use of Matomo

We use Matomo, an open-source software tool for web analytics, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offerings in accordance with Art. 6 Para. 1 lit. f GDPR). Web analytics is the collection, gathering, and evaluation of data on the behavior of visitors to websites. A web analytics tool collects data about, among other things, from which website a person has come to a particular website (the so-called referrer), which subpages of the website have been accessed, or how often and for how long a subpage has been viewed. Web analytics is primarily used to optimize a website and for cost-benefit analysis of online advertising.

The software is operated on the server of the data controller, and the data-sensitive log files are stored exclusively on this server.

The purpose of the Matomo component is to analyze the visitor flow on our website. The data controller uses the collected data and information to evaluate the use of this website, to compile online reports showing the activities on our website.

Matomo sets a cookie on the affected person's IT system. What cookies are has already been explained above. By setting the cookie, we are enabled to analyze the use of our website. Each time a page of this website is accessed, the browser of the affected person is automatically prompted by the Matomo component to transmit data for online analysis to our server. In the course of this technical procedure, we receive knowledge of personal data, such as the IP address of the affected person, which helps us to track the origin of the visitors and clicks.

By using the cookie, personal information such as the access time, the location from which access originated, and the frequency of visits to our website are stored. Every time our website is visited, this personal data, including the IP address of the internet connection used by the affected person, is transmitted to our server. This personal data is stored by us. We do not share this personal data with third parties.

The affected person can prevent the setting of cookies by our website at any time through the corresponding setting of their used internet browser, as described above, and thus permanently object to the setting of cookies. This setting of the internet browser would also prevent Matomo from setting a cookie on the affected person's IT system. Furthermore, any cookies already set by Matomo can be deleted at any time via an internet browser or other software programs.

Additionally, the affected person has the option to object to and prevent the collection of data generated by Matomo that relates to the use of this website. To do this, the affected person must set "Do Not Track" in their browser.

However, by setting the opt-out cookie, it is possible that the websites of the data controller may no longer be fully usable for the affected person.

Further information and the applicable privacy policies of Matomo can be found at Matomo Privacy Policy.

8. Your Rights

You can contact Moving Cities at any time in writing or by email to withdraw your consent to the processing of your personal data or to exercise the following rights:

  • Request information about your data to control and verify it,

  • Obtain a copy of your personal data,

  • Correct, delete, or restrict processing, which also includes the right to complete incomplete or incorrect data with additional information,

  • Object to the processing; please note that you have the right to object under Art. 21 GDPR to the processing of personal data based on legitimate interests under Art. 6 Para. 1 S. 1 lit. f) GDPR; you have the right to object when the processing is based on reasons specific to your situation; if the objection concerns the processing of personal data for direct marketing purposes, you have a general right to object without specifying a special situation,

  • You can receive the data you provided in a structured, commonly used, and machine-readable format and transmit it to another controller, provided you gave consent for processing or the processing is based on a contract. If you have given us consent for the processing of your personal data, you can withdraw it at any time with effect for the future.

  • You also have the right to file a complaint with a supervisory authority regarding the processing of your personal data. Please contact the competent authority in your place of residence or the authority responsible for United4Rescue in Lower Saxony: The State Commissioner for Data Protection Lower Saxony, Prinzenstraße 5, 30159 Hannover.

9. Why is your personal data being collected?

You may not be able to provide us with your personal data, or you may provide it incompletely. In such cases, for example, if you prevent the storage of a cookie, it could result in you not being able to use all of the website's functionalities. If you do not provide your personal data completely, for example, when signing up for the newsletter, we may not be able to fulfill your request to subscribe.

10. Duration for which personal data is stored

The data controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose, or if this is provided for by European law or another legislator in laws or regulations to which the data controller is subject.

If the storage purpose no longer applies, or if a storage period prescribed by European law or another competent legislator expires, the personal data will be routinely and in accordance with legal requirements locked or deleted.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the retention period has expired, the corresponding data will be routinely deleted unless it is required for the fulfillment of a contract or for pre-contractual purposes.

11. Data provision requirements: necessity for contract conclusion, obligation to provide personal data and potential consequences of non-provision

We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may arise from contractual agreements (e.g., details about the contract partner). In some cases, it may be necessary to provide personal data for the conclusion of a contract, which must then be processed by us. The data subject is, for example, required to provide us with personal data when our project enters into a contract with them. Failure to provide personal data would result in the inability to conclude the contract with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences would be of failing to provide the personal data.

12. Existence of automated decision-making

As a responsible project, we do not engage in automated decision-making or profiling.

The authentic language of this privacy notice is German. This is an English translation from German. Moving Cities is responsible for the processing of your personal data within the meaning of the German General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature.

This privacy policy was created by the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which serves as the external data protection officer for Bayreuth, in cooperation with IT and data protection lawyer Christian Solmecke.