Summary
Hello!
Wonderful that you are taking part in the KlimaKarl competition. In order for the app to function technically, we need to process some of your data. You can find all the details in our privacy policy. Because you probably have better things to do than to read it completely, we have summarized here which data we need and why:
- Email address: We need this for notification emails and announcement of winning teams. Will be stored until three months after the end of the competition, then irrevocably deleted.
- Username: You can register in the app with either your real name or a pseudonym. This way you can influence how your teammates see you. The usernames will be irrevocably deleted after the end of the competition.
- Profile and feed pictures: You have the option to post pictures to the app or upload a profile picture. Remember that all your colleagues can see them. The pictures will be irrevocably deleted after the end of the contest.
- Activities: We only store the activities you enter in the app during the contest using randomly generated IDs. This means that the entries are anonymized and not linked to your user name. We do not delete this data after the end of the contest so that we can also analyze retrospectively to what extent the app has an influence on the change in behavior.
We process your personal data strictly in accordance with the requirements of the EU General Data Protection Regulation (GDPR). Your data will never be passed on to third parties.
_____________________
Detailed information on the handling of your personal data
We are very pleased about your interest in our app – and thus in our company. The protection of your private rights and freedoms is very important to us; we only use your data for the intended purposes. Since it is important to us that you are aware at all times of the extent to which we collect, use and, if necessary, transmit your data to third parties, we will inform you below in detail about the processing of your personal data collected by us or stored by us.
In principle, you can use our pages and apps without providing any data; if there are any exceptions to this for selected services, we will explain these in the following chapters. We will not process data without a legal basis without your informed consent. When processing personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and any other data protection regulations.
Name and address of the controller
Sustainable Change Labs UG (haftungsbeschränkt)
Kirsten Hillebrand, Hendrik Hinrichs
Bauernstr. 7c
28203 Bremen
E-Mail: post@klimakarl.de
Website: https://www.klimakarl.de/
Contact for data protection
Hendrik Hinrichs
Bauernstraße 7c
28203 Bremen
Tel: 0176 61335522
E-Mail: hendrik@klimakarl.de
Rights of data subjects
The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:
- Right to Information
This requirement concerns in particular information on the following details of the data processing:
- Purposes of the processing
- Categories of data
- Recipients or categories of recipients, if applicable
- If applicable, the planned duration of storage or the criteria for determining this duration.
- Information on the respective right to rectification, deletion, restriction or objection
- Existence of the right of appeal to a supervisory authority
- If applicable, origin of the data (if not collected from you)
- If applicable, existence of automated decision-making, including profiling, including meaningful information on the logic involved, the scope and the expected effects
- If applicable, (planned) transfer to a third country or international organization
- Right to Correction
We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.
- Right to Erasure (Right to be forgotten)
Provided that the processing is no longer necessary and one of the following conditions is met:
- Discontinuation of the purpose of processing
- Withdrawal of your consent and the absence of any other legal basis for processing
- Objection to processing without an important reason to the contrary
- Unlawful processing
- Necessary for compliance with a legal obligation
- Data collection was carried out in accordance with Art. 8 (1) DS-GVO.
- We will pass on your request, if necessary, to those third parties to whom a transfer of your data had previously taken place as part of the deletion request.
- Right to Restriction of Processing
Provided that one of the following conditions is met:
- You dispute the accuracy of your data (restriction may take place for the duration of the review on our side).
- In the event of unlawful processing and if the data is not to be deleted, restriction of processing will take the place of deletion
- If the processing purposes cease to exist, at the same time you need your data for the assertion, exercise or defense of legal claims
- After you have lodged an objection pursuant to Art. 21 (1) DS-GVO and for the duration of the examination as to whether our legitimate reasons outweigh yours.
- Right to Data Portability
If it is technically possible and does not affect the rights and freedoms of other persons, we will – at your request – transfer your data to another recipient (responsible party).
- Right of Objection
If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a DSGVO), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is associated with such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) DS-GVO, unless such processing is necessary for the performance of a task carried out in the public interest.
- Automated decisions in individual cases including profiling
If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
- Right to Revoke Consent in Accordance with Data Protection Laws
You have the right to revoke consent to the processing of personal data at any time.
- Right to Complain to a Supervisory Authority
A list of the supervisory authorities responsible in Germany can be found on the website of the Federal Commissioner for Data Protection or at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/AufsBehoerdFuerDenNichtOeffBereich/AufsichtsbehoerdenNichtOeffBereich_liste.html
General information about data processing in the app
The following information applies to the data processing on our app in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.
Data security information
We secure our app and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. However, despite regular checks, complete protection against all dangers is not possible.
Legal Basis for Processing
We process personal data in accordance with the requirements of the GDPR, depending on the type and purpose of the processing as follows:
| Permitted use | DSGVO requirement |
| Informed consent | Art. 6 Abs. 1 a |
| Performance of a contract | Art. 6 Abs. 1 b |
| Implementation of pre-contractual measures | Art. 6 Abs. 1 b |
| Fulfillment of legal obligations | Art. 6 Abs. 1 c |
| Protection of vital interests | Art. 6 Abs. 1 d |
| Safeguarding our legitimate interest | Art. 6 Abs. 1 f |
Our legitimate interest
Our legitimate interest, as defined in Article 6 (1) f DS-GVO, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.
General deadlines for data deletion
After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.
Deletion or blocking of personal data
We store your personal data only for the period required to fulfill the specified purpose. After the purpose no longer applies and after expiration of any existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.
Collection of general data and information
Using the app requires some app permissions, through which data is collected:
| App permissions | Purpose of the authorization |
| Access all networks, Run at startup, Disable hibernation, Preserve Internet data, Play Install Referrer API, Get network connection, Edit or delete SD card contents, Get network connection | All data collected through the app authorization are technically necessary and are collected and stored anonymously; we neither intend nor make any inference to the person concerned. |
Obligation to provide personal data
Under certain circumstances (e.g. due to legal or contractual regulations), an obligation arises for you to provide us with your personal data. Examples of such processing as follows:
| Nature or purpose of the processing | Necessity |
| Fulfillment of the contractual obligation (e.g. delivery of the goods to your address) | Fulfillment of the contractual obligation (e.g. delivery of the goods to your address) |
| In the employee context (e.g. transmission of data to the tax office) | Compliance with legal requirements (e.g. tax regulations) |
A violation (i.e. the failure to provide the required data) would mean that the respective data processing and consequently the corresponding contract with you could not be concluded. Upon request, we will inform you in each individual case before collecting your data whether the provision is required by law or contract or necessary for the conclusion of the contract and what consequences, if any, would arise for you from the refusal.
Information about specific data processing on the app
If applicable, in deviation from or in addition to the above-mentioned general information, you will find details on the individual data processing on our app below.
| Data type | Purpose of collection | |
| Purpose of the processing of general data | Username, Password, Email | Enabling secure access for the KlimaKarl app, competition support |
| Legal basis (according to Art. 6 DSGVO) | Safeguarding our legitimate interest (Art. 6 para. 1 f) | |
| Purpose of the processing of special categories of personal data | ||
| Legal basis (according to Art. 9 DSGVO) | ||
| Recipient (if applicable) | ||
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | none | |
| If known: Duration of data storage | See General deadlines for data deletion | |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | There is no obligation. | |
| Consequences of non-compliance (in case of failure to provide the required data) | ||
| If applicable, existence of an automated decision-making process | Automated decision-making does not take place in principle and is not planned | |
| If applicable, origin of the data (if not collected directly from the data subject) | The data comes from the data subject himself. | |
| If applicable, categories of personal data (if not collected directly from the data subject) | The data comes from the data subject himself. | |
| Change of purpose if necessary | A change of purpose does not take place in principle and is not planned. | |
| Opt out | ||
| Privacy info | ||
Google Distance Metrics Api
| Data type | Purpose of collection | |
| Purpose of the processing of general data | Geo data | We save the completed tasks and the associated points of the participants. In the Mobility section, participants have the option of calculating the kilometers they have traveled by entering their start and destination. We do not store any of the addresses entered, only the number of kilometers traveled. To calculate the distance, we use a service called Google Distance Metrics API. No user-specific data is shared during the query. We store completed tasks under an anonymous ID (without link to participation date, team, username or mail address) even beyond the end of the contest so that we can evaluate how the contest is working. The tasks entered cannot be traced back to individuals. |
| Legal basis (according to Art. 6 DSGVO) | Consent, according to Art. 6 para. 1 a) DSGVO | |
| Purpose of the processing of special categories of personal data | ||
| Legal basis (according to Art. 9 DSGVO) | ||
| Recipient (if applicable) | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland | |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | none | |
| If known: Duration of data storage | See General deadlines for data deletion | |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | There is no obligation. | |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data provided, the data processing described cannot be carried out. | |
| If applicable, existence of an automated decision-making process | Automated decision-making does not take place and is not planned. | |
| If applicable, origin of the data (if not collected directly from the data subject) | The data comes from the data subject himself. | |
| If applicable, categories of personal data (if not collected directly from the data subject) | The data comes from the data subject himself. | |
| Change of purpose if necessary | none | |
