The text is somewhat long, so here is a table of contents for your convenience:
[TOC coming soon…]
Our guiding principles
Our approach to data privacy is minimalist and transparent.
We consider data privacy to be a vital principle in the information age, and we stand with non-profit organizations fighting to strengthen digital rights around the world. To learn more about online privacy, we recommend you head over to the Electronic Frontier Foundation and use their tips and tools for a better browsing experience. (Note: EFF is not affiliated with GermanBureau in any way; some of us are donors, but that is a personal matter unrelated to the business.)
Our policies are designed for compliance with German and European privacy laws, specifically Telemediengesetz (TMG) and Bundesdatenschutzgesetz (BDSG) and most recently the EU General Data Protection Regulation (GDPR).
Limited data, transparent rules
Anyone can access the public pages on GermanBureau.com and affiliated websites without providing personally identifiable information. If you do decide to give us your name, e-mail address or any other type of information that is directly linked to your person, that is always your choice.
Your personal information belongs to you
GDPR Article 5 (1): “Personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals.”
GermanBureau will never sell, rent, swap, or otherwise authorize any third party to exploit your personal information without prior consent.
We will never ask you to turn off your ad blocker, disable your privacy plugins or take any other action that would compromise or circumvent your privacy rights. If such actions are deemed necessary for technical reasons, we will seek your permission first.
We make no attempt to identify or track individual visitors beyond our own pages, except on request or if it becomes technically necessary or unavoidable. We do, of course, use analytical tools such as Google Analytics or Facebook Insights to collect anonymous data on how visitors navigate to, from and within GermanBureau.com and affiliated pages. More on that below.
What does “personal information” mean, exactly?
Unsurprisingly, the GDPR is pretty clear on its definition of “personal information”. Basically, it’s anything that can be used to identify you as the unique human that you are.
Here’s the letter of the law:
GDPR Article 4 (1): “‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Please note that these principles only govern how we handle your personal information. It does not limit our ability to collect anonymous usage statistics and evaluate our web traffic using third-party platforms, which are explained in more detail below.
We only ask for what we need
GDPR Article 5 (2): “Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.”
Any personal information you provide to us via GermanBureau.com (or by any other means) is stored in our databases for the sole purpose of processing your specific, user-initiated query. This could be a contact request, podcast subscription or other web service.
If we need your information, we ask for it first. We have put automatic protocols in place to ensure that we process your data according to your stated preferences.
GDPR Article 5 (3): “Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”
If you choose to contact us by email, phone or any other means, we can only assume you’re fine with us storing your contact information for a limited amount of time so that we can communicate with you. If we need additional permissions, we’ll ask first.
You control your data
GDPR Article 5 (4): “Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
To view, update or delete the information you’ve shared with us, please send us a short message and tell us what to do with your personal information. At your request we can modify or remove individual portions of the data we have on you, or you can ask us to delete the entire data set.
Please note that any emails or messages you send us are retained for archival purposes indefinitely or for the maximum amount of time allowed by law. If for some reason you’d like to remove all traces of your interactions with us, just let us know and we’ll do what we can.
There are some rare and clearly defined instances in which we are required to keep your data without consent — for example, if we get a legitimate court order from law enforcement. In the unlikely scenario that we must retain your data for reasons other than our own, we will inform you as permitted by law.
Stay safe out there!
Verification and controls
In general, we reserve the right to verify your identity whenever someone requests a change in your data. This simple security measure acts as a safeguard against unauthorized access, which is good for you and helps us comply with the law.
In the near future, we will be offering web-based user controls for you to more easily manage your data on our site. We ask for your patience while we develop an adequate solution.
You decide how long we keep your data
GDPR Article 5 (5): “Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.”
Even with your consent, we cannot store your information forever. Here the law demands that we be a little more specific. There are generally two options for storing your information with us:
- Under our limited data retention policy, your information is automatically deleted after a specified time unless you renew your consent. Retention periods are clearly stated on each consent form (e.g., next to the appropriate checkbox).
- Under our unlimited retention policy, we store your data for the maximum amount of time allowed by law. This makes sense for returning customers and other long-term commitments, although there is currently no feature on GermanBureau.com that requires unlimited retention per se.
Either way, your options are explained clearly at the time of each request.
How we protect your data
GDPR Article 5 (6): “Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Even the most low-traffic site is subject to daily intrusion attempts by automated bots, fake crawlers, imposters and other shady online actors. That’s just how the Internet works. We employ several trusted plugins to protect our website and its visitors from spam and malicious attacks. It’s probably unwise to share too many details, so just rest assured that we’re doing everything in our power to keep your data safe.
In general, it must be said that the transfer of information over the Internet comes with inherent security risks. For this reason, GermanBureau.com is unable to guarantee unconditional protection from unauthorized access by third parties. To the best of our abilities, we have taken reasonable steps to protect the privacy rights and digital safety of our online visitors.
GermanBureau.com is powered by WordPress, and we rely on community programmers who have developed powerful open-source security tools that anyone can use. These professional-grade products are typically licensed to individuals and small businesses at low cost or free of charge. As such, we are endlessly grateful for the community resources that make this entire website possible (or at least affordable).
Analyzing our web traffic
The simple act of visiting our website — or any website, really — reveals a certain amount of information about you. This notably includes your IP address and general geographic location, which device and browser you’re using, your internet service provider, and a host of other metrics that aren’t directly linked to your person but may reveal an identifying pattern.
We’ll say it again: For our part, we make no effort whatsoever to identify individual visitors or harvest their personal data for immediate commercial gain. (We say “immediate” because web analytics might be considered commercial gain in the broader sense.)
Visitor statistics are not the same as personal information. Most websites these days collect anonymous data to analyze the traffic on their site, and GermanBureau.com is no exception. As such, we reserve the right to collect anonymous visitor data in aggregate form within our domain and on any affiliated websites.
We don’t use social media to track the online behavior of visitors after they leave our own website or affiliated pages. We do, however, maintain a presence on Facebook, where built-in analytics allow us to track web traffic on Facebook and GermanBureau.com. As with Google Analytics, we use data collected through Facebook only to analyze traffic patterns and improve usability.
In fact, the privacy settings for anonymous visitors are typically stored in a browser cookie. That’s why you only have to set your GDPR consent once when you visit a website for the first time!
Although GermanBureau.com contains no third-party advertising, analytical tools such as Google Analytics may use third-party cookies for the purpose of traffic evaluation. Any information gathered through cookies may be stored on a Google server located in the United States of America or anywhere else in the world where Google decides to store its data.
Google may use this information to analyze your usage of our site, create reports on related online traffic patterns for us, and provide its own services based on aggregate data collected from millions of users. Google may also transfer this information to third parties under applicable law for the purpose of further processing on behalf of Google.
How to revoke your cookie consent
You can disable third-party cookies in your browser settings at any time without affecting your access to GermanBureau.com.
We will soon create a new page with online privacy controls for our visitors. Until then, to withdraw your cookie consent simply close all instances of GermanBureau.com on your device and clear your browser cache including cookies. Please note that some data may be retained for a short period of time as your withdrawal is processed server-side. Once the cookies are gone from your device, you’ll be treated as a new visitor next time you return to our site.
Questions and feedback