Privacy Information

As of: January 2023

The Point of Single Contact is a contact and information point and process support provider for enterprises. In the context of this role, it supports the recipients of business-related services and provides guidance for the recognition of European professional qualifications. It carries out the duties of the Point of Single Contact in the sense of Part V Section 1a of the Administrative Procedure Act in conjunction with §1 Section 1 of the law on proceedings of the Berlin authorities. In this Privacy Information document, we are going to inform you about confidential treatment of your data.

In order to ensure the comprehensibility of this privacy statement, the terms used, which are based on the European General Data Protection Regulation (GDPR), are explained in advance:

In order to ensure comprehensibility of our Privacy Information, the terms that are based on the European General Data Protection Regulation are explained below:

a) “Personal data”

is any information that relates to an identified or identifiable natural person (subsequently referred to as “data subject”). A natural person is considered identifiable if they can be identified through personal data either directly or indirectly. This data can, for example, be information related to a natural person’s physical, physiological, genetic, psychological, business-related, cultural or social identity that can be assigned to an identifier, such as a name, an identification number, location data, online identification data or one or multiple particular attributes.

b) “Processing”

is any procedure performed with or without the help of automatic processes, or any series of procedures in relation to personal data. This includes, for example, collecting, registering, organising, arranging, storing, adjusting or amending, reading, retrieving, using, disclosure through transmission, distribution or any other form of provision, synchronisation or linking, restricting, deleting or destroying of personal data.

c) “Restriction of processing”

means that stored personal data is marked in order to restrict future processing.

d) “Profiling”

is any form of automated processing of personal data in which such personal data is used in order to assess certain personal aspects that relate to a natural person. These can be aspects regarding a natural person’s work performance, financial situation, health, personal preferences, interests, reliability, behaviour, whereabouts or changes thereof, which are analysed or predicted.

e) “Pseudonymisation”

is the processing of personal data in such a way that the data can no longer be assigned to a specific data subject without the help of additional information. For this purpose it is necessary that such additional information is stored separately and subject to technical and organisational measures that ensure that the personal data is not matched to an identified or identifiable natural person.

f) A “file system”

is any structured collection of personal data that can be accessed based on particular criteria. It is not relevant in this context, whether such a collection is arranged centrally, decentralised or based on functional or geographic aspects.

g) The “controller”

is the natural person or legal entity, authority, facility or other body that decides about the purposes and means of processing personal data, either solely or together with others. If the purposes and means of such processing are specified by EU law or the laws of the member states, the controller or the particular criteria based on which the controller is determined may be provided by EU law or the law of the member states.

h) A “processor”

is a natural person or legal entity, authority, facility or other body that processes personal data on behalf of the controller.

i) A “recipient”

is a natural person or legal entity, authority, facility or other body to whom personal data is disclosed, regardless of whether such recipient is a third party or not. However, authorities who may receive personal data in the context of a particular investigation order based on EU law or the law of the member states are not considered recipients. Processing of such data by the authorities indicated above takes place in line with the applicable data protection provisions and according to the purposes of processing.

j) A “third party”

is any natural person or legal entity, authority, facility or other body, other than the data subject, the controller, the processor and those individuals, who are authorised to process the personal data under direct responsibility of the controller or processor.

k) “Consent”

of the data subject is any declaration of intent for a particular case that is made voluntarily, unambiguously and in an informed manner in the form of a statement or another clear, affirming act, through which the data subject expresses their approval for processing of their personal data.

The data controller pursuant to Article 4 Section 7 of the General Data Protection Regulation is:

Senate Department for Economics, Energy and Public Enterprises
Point of Single Contact Berlin

Address:
Martin-Luther-Straße 105
10825 Berlin

Email: ea@senweb.berlin.de
Website: https://www.berlin.de/ea

The data protection officer of the controller is:

Mrs. Kasner

Address:
Senate Department for Economics, Energy and Public Enterprises
The Data Protection Officer
Martin-Luther-Straße 105
10825 Berlin

Email: datenschutz@senweb.berlin.de

Any data subject can contact our data protection officer at any time, to ask questions or share feedback related to data protection.

You have the following rights against us in respect to your personal data:

• right of access,
• right of rectification or erasure,
• right of restriction of processing,
• right to object to processing,
• right to data portability.

As far as your personal data is processed based on Article 6 Section 1 Sentence 1 Letter e) or f) of the General Data Protection Regulation, you have the right according to Article 21 of the General Data Protection Regulation to object to processing of your personal data, as far as reasons apply for such objection, which relate to your particular situation.

If personal data is processed based on consent, you have the right to revoke such consent at any time. This will not affect the legality of any processing performed based on your consent up to the time of such revocation.

If you would like to assert your right to object or revoke your consent, simply send an email to: ea@senweb.berlin.de.

In addition, you have the right to submit a complaint about our processing of your personal data to a data protection supervisory authority.

Below you will find information about processing of personal data that is carried out when you use our website. In this context it is important to differentiate between use of our website for information only and submission of data and documents for using administrative services of the Point of Single Contact Berlin. For certain administrative services, users must register for using the service platform of the Point of Single Contact Berlin. Personal data is any data that refers to you personally, such as your name, address, email addresses or user behaviour.

The personal data that is processed when using administrative services is determined by the corresponding input screen in which the data is entered. This can be details about the data subject, such as the name, address or date of birth, as well as further business-related details, such as the business address, information about commercial activities, the trade register entry and other data that is required for using the specific service according to applicable legal provisions.

The necessity for the user of the service platform to provide personal data is based on the law on the Point of Single Contact for the State of Berlin, and the purpose of collecting such data is to handle the respective administrative procedure. The administrative procedure cannot be handled if the user does not provide the data.

If you contact us by email or using a contact form, we will collect and store the data you share with us, such as your name, street, house number, postcode, town, phone number, email address and the subject line for the purpose of answering your questions. This data is not disclosed to any third parties. We will delete the data produced in this context once storage is no longer necessary, or we will restrict processing, where statutory retention duties apply.

You can order various publications and information materials from the Point of Single Contact Berlin using our order form. Data such as the reason for your order, your sender details such as the name, street, house number, postcode and town and an email address for possible queries are collected and stored by us for handling your order. This data is not disclosed to any third parties. We will delete the data produced in the context of your order once storage is no longer necessary, or we will restrict processing, where statutory retention duties apply.

Below you will find information about any specific processes where we rely on external service providers for individual functions. This information includes the storage duration or the fixed storage duration criteria.

Feedback from the competent body can be communicated via the Point of Single Contact. The (additional) personal data is provided by the competent body in such a case.

The personal details of the data subject that are required for handling and processing the services offered on our website are collected, stored and processed according to the legal provisions of Article 6 Section 1 Sentence 1 Letter c) of the General Data Protection Regulation (EU GDPR) in conjunction with §2 and §5 of the law on the Point of Single Contact for the State of Berlin (EAG Bln), provided that this is necessary for carrying out the administrative service in question. The personal data entered by the data subject may be used internally for statistical purposes in line with the purposes specified as part of the legal provisions.

The data we collect is stored in the database of the Point of Single Contact for up to 180 days after the administrative service has been concluded, to enable the data subject to access the data. Application data that was entered by the data subject prior to submission, is kept for up to 180 days to allow for further editing by the data subject, and is then deleted automatically.

If the electronic payment service is used, the name of the user is, in addition, stored in the transaction database for 12 months, to allow for the name of the applicant to be matched to a transaction. The SEPA IBAN is stored in the transaction database for 5 days for processing the SEPA payment.

Furthermore, your data is stored by the recipients indicated in §8.

The data collected by us is transmitted to the respective competent bodies, such as public order offices and other authorities, to allow for the administrative services in line with the legal provisions; as far as permitted by law and necessary, these may also forward the data to further competent bodies as part of the onward transmission procedure (tax authorities, DGUV, IHK, HWK, immigration authority, customs, etc.). To the extent permitted by law, the data is generally stored for an indefinite period of time by these bodies.

Personal data from a business registration is available to the public for review, pursuant to §14 Section 5 and Section 7 of the Trade Regulations. A corresponding application (eAuskunft) is available on our website for this purpose. This application allows for personal data to be reviewed that is included in the official national notification templates based on the business notification regulation:

• Business registration (GewA1) – notification form only in German:
  https://www.gesetze-im-internet.de/gewanzv_2014/anlage_1.html

• Business re-registration (GewA2) – notification form only in German:
  https://www.gesetze-im-internet.de/gewanzv_2014/anlage_2.html

• Business deregistration (GewA3) – notification form only in German:
  https://www.gesetze-im-internet.de/gewanzv_2014/anlage_3.html

Furthermore, the data is stored by the processors that we instruct to operate our service platform, for no longer than the maximum duration indicated in §7.

When using the electronic payment service, you are referred directly to the website of the payment service provider. The name of the user is transmitted in this context. The additional data collected here, such as the credit card number, card verification code or IBAN is not processed by the controller indicated in §2 at any time.

Further information about processing of personal data by the payment service provider can be found in its privacy policy:

PAYONE GmbH
Lyoner Straße 9
60528 Frankfurt am Main
Privacy information

The transaction database and electronic payment interface is operated by:

BerlinOnline Stadtportal GmbH & Co. KG
Stefan-Heym-Platz 1
10367 Berlin
Email: payment-support@berlin.de

The data subject is granted the opportunity to register on our website for certain administrative services, by entering personal data. The personal data is determined by the corresponding input screen used for registration. The personal data entered is only used internally by the data controller, who collects, processes and stores the data for its own purposes.

The purpose of registration of data subjects using voluntarily shared personal data, is to offer the data subjects content or services whose nature requires that they are only made available to registered users. This includes, for example, secure communication with the competent bodies, tracking of the process status of the administrative services that are to be carried out, or settlement of business information charges. Registered individuals are entitled to have the personal data entered at the time of registration changed or erased from the controller’s database at any time.

When you start using our website, we will store personal data that your browser transmits to our server or that is logged by our web server, even if you do not register or otherwise transmit information to us. This applies to the following data that is technically necessary for us, to enable us to display our website to you and to ensure its stability and security (the legal basis is Article 6 Section 1 Sentence 1 Letter f) of the General Data Protection Regulations):

• Your IP address
• Your device ID, i.e. the unique number of the terminal device used
• Content, data and time of the request
• The time zone of the requesting terminal device
• The requested page
• HTTP status code
• The amount of data transmitted
• Referrer website
• Browser ID of your browser
• Language and version of the browser software
• Operating system of the terminal device used

This data is stored due to the fact that doing so is the only way to prevent misuse of our services, and that this data can help to solve crimes, if necessary. Storing this data is therefore necessary for protecting the data controller. This data is generally not disclosed to any third parties, unless legal duties for such disclosure apply or in the event of criminal prosecution.

Our website uses so-called “cookies”, which are small text files that are stored on your hard drive when you access our online presence. A cookie contains information that is linked to the specific terminal device used. Cookies cannot operate programmes or transmit viruses to your computer. Their purpose is to make the overall online presence more user-friendly and effective.

This website uses transient and persistent cookies with the following scope and functionality:

1. Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. They are used to store the so-called session ID, which allows for different requests of your browser to be assigned to the same session. This allows for your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
2. Persistent cookies are automatically deleted after a set period of time that can vary depending on the type of cookie. You can delete cookies at any time by accessing your browser’s security settings.

You can configure your browser settings as desired and, for example, reject third-party cookies or all cookies. Please note that the functionality of our website will be limited if you do so, or it may not work at all.

We use transient and persistent cookies for the following purposes:

1. Various cookies that are technically necessary for tracking a server-side web session of the user in the client (web browser) and for protection against certain client-side attack scenarios. If the web browser blocks these cookies, the application cannot be used. These cookies are connected to the client-side session in the web browser and are therefore deleted automatically by the web browser, when the user closes it. The content of these cookies is not stored permanently on the server side; after the end of the server-side session it is no longer possible to draw any conclusions to the user account that was authenticated for the respective session, or to the data that was collected during the session, for example using a form.
2. Various cookies in which display states of the user surface are stored, including whether the user opened or closed help texts in forms with help functions, or whether they opened or closed particular system and maintenance messages. If the web browser blocks these cookies, the application cannot receive the display status of the respective information; however, it is still possible to use the application. Some of these cookies are linked to the client-side session and are deleted by the web browser when it is closed by the user, and others remain stored in the web browser for a certain period of time. These cookies contain the display status only and do not allow for any conclusions to be drawn with regard to the registered user or the user’s account.

We integrate external services to be able to provide interesting content or certain useful functions.

1) Google reCAPTCHA

a) Description

Our website uses the Google tool “reCAPTCHA” (subsequently referred to as “reCAPTCHA”). This tool is provided by the company Google Inc., Google Ireland Limited, based in Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA analyses, whether the data entered on our website (e.g. in the registration form) is entered by a human being or by an automated programme as a form of misuse.

For this purpose, reCAPTCHA uses information that arises from the website visitor’s behaviour. This analysis is started automatically, as soon as a visitor accesses the website. It ends when the visitor logs in on the page and therefore becomes known by name, or when the visitor leaves the page.

b) Data processing

reCAPTCHA uses various attributes such as the IP address, the duration of the visit to the website or the user’s mouse movements for its analysis. The reCAPTCHA analyses are performed entirely as background operations. Visitors to the website are not separately informed about this.

The service transmits their previously abbreviated IP address and possibly other data required for the service to Google. Your full IP address is only transmitted to a Google server in the USA and abbreviated there in exceptional cases. The data that is transmitted by your browser in connection to reCAPTCHA is not combined with any other Google data.

• Google reCAPTCHA:
• Google’s Privacy Policy

c) Legal basis

The legal basis for processing is Article 6 Section 1 Letter f) GDPR. As the website operator, we have a legitimate interest to protect our online presence against misuse in the form of automated spying or SPAM and to ensure that it is used by human users only, and only for personal, non-commercial purposes.

2) Google Maps

a) Description

Our website uses the map service Google Maps by the company Google LLC., based on 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps provides free maps, such as city maps.

b) Data processing

When accessing the “Google Maps” service, Google may place persistent cookies for processing user settings and user data in particular. In this context, Google will also acknowledge the requesting IP address and store it for statistical purposes, for example. Information about the use of the online offerings is usually transmitted to a Google server in the USA and stored there. We have no influence on how Google treats this data.

• Google’s Privacy Policy

c) Legal basis
The legal basis for processing is Article 6 Section 1 Letter f) GDPR. As the website operator, we have a legitimate interest to protect our online presence against misuse in the form of automated spying or SPAM and to ensure that it is used by human users only, and only for personal, non-commercial purposes.

This Privacy Information is dated January 2023 and can be accessed and printed on our website at any time: https://www.berlin.de/ea/en/privacy-statement/.