Data protection OLAV

General information

We take the protection of your fundamental rights (right to informational self-determination under Article 2 (1) in conjunction with Article 1 (1) of the German Basic Law (GG)) very seriously. We treat your personal data with the utmost care and in accordance with the applicable data protection regulations.

We would like to inform you in detail and transparently about the processing of your personal data. The following information is intended to give you an overview of how we process your personal data when you use this online service.

The term "application" is used here as a representative term for concerns of any kind.

1. person responsible for data processing

Responsible for data processing within the meaning of Article 4 No. 7 of the General Data Protection Regulation (GDPR) is

City of Rodgau

Address: Hintergasse 15, 63110 Rodgau

Phone: 06106 693-0

Fax: 06106 693-200

E-mail: stadt@rodgau.de

Hereinafter referred to as "controller" or "we".

2. contact details of the data protection officer

SDS Schüllermann Dataservice GmbH

Address: Robert-Bosch-Str. 5, 63303 Dreieich

E-mail: datenschutzbeauftragter@rodgau.de

3. what technical data do we collect when you access our online administration services?

When you use an online service via our website, the following technical data is collected on the servers of our service provider ekom21 - KGRZ Hessen:

• - Name of the website accessed,
• - File, date and time of access,
• - Amount of data transferred,
• - Notification of successful retrieval,
• - Browser type and version,
• - The user's operating system
• - Referrer URL (the previously visited page).

The data is written to so-called log files (technical log files) and stored there for a period of 90 days. They are then automatically and irretrievably deleted. The data stored in the log files is assigned an automatically generated technical ID. This ID is linked to a process ID that is generated when you use our online service. This results in a link between the data in the log files and the personal data that you provide to us as part of the online service. Access to the log files is only possible for a defined group of appropriately authorised administrators due to technical and organisational measures.

Furthermore, the servers of ekom21 - KGRZ Hessen record the IP address of the requesting user, which is stored for a period of 7 days in the Web Application Firewall (WAF) of ekom21 - KGRZ Hessen. After 7 days, the IP address of the requesting user is automatically and irretrievably deleted. Access to the WAF is also only possible for a defined group of appropriately authorised administrators.

Information on the purposes of the processing and the legal basis

The collection of the above technically necessary data serves the purpose of enabling you to use the website from a technical point of view and to ensure the stability and security of the website. This processing is carried out on the basis of Article 6(1)(e) GDPR in conjunction with Section 3(1) of the Hessian Data Protection and Freedom of Information Act (HDSIG).

The storage of the technically necessary data in the log files and in the WAF as well as the potential possibility of access to the log files and the WAF by administrators serve the purpose of enabling the administrators to take note of the technical data recorded when using one of our online services in order to identify the causes of errors (e.g. a failed application transmission). This measure is intended to ensure the availability of our online services to the user and is carried out on the basis of Article 6(1)(c) GDPR in conjunction with Article 32(1)(b) GDPR.

The purpose of linking the automatically generated technical ID with the process ID is to enable the administrators to assign the technical data collected when using one of our online services to a specific user in order to determine a user-specific cause of error in the event of an error message regarding the use of one of our online services (e.g. in the event of a failed application submission) and then to be able to suggest suitable technical remedial measures to the user (e.g. software optimisations). This measure is intended to ensure the availability of our online services to the user and is carried out on the basis of Article 6(1)(f) GDPR.

Failure to collect the technical data would mean that we would not be able to enable you to use our online services or identify technical errors that prevent you from using our online services.

Without the storage of the technically necessary data in the log files and in the WAF and without potential access to the log files and the WAF by administrators, the technical data collected when using one of our online services could not be taken into account in order to identify the causes of errors.

Not linking the two IDs would mean that we would not be able to determine a user-specific cause of error in the event of an error message regarding the use of one of our online services (for example, in the event of a failed application submission).

4. cookies

Cookies are small pieces of information that are stored locally by a website in the memory of your Internet browser on the computer you are using. They contain so-called identifiers (randomly generated identification numbers), which the server can use to clearly assign requests from your access device. In this way, a request can also be assigned to a specific user.

Information on the purposes of the processing and the legal basis

When using an online service via our website, session cookies are used for the technical provision and optimal functioning of the website: Processing is carried out on the basis of Article 6(1)(e) GDPR in conjunction with Section 3(1) HDSIG.

Note: You can use any Internet browser to display when cookies are set and what they contain. Depending on which browser you use, you can already set in your browser whether you generally allow cookies, whether you only want to accept certain cookies or whether you want to reject all cookies. You can usually also use your browser to see which cookies are stored on your access device and you can then delete them in full or in part. If you refuse to accept all or some of the cookies mentioned above, you may not be able to use the website you have accessed and may therefore not be able to submit an online application for an administrative service.

5. information on the purpose of processing your application data and the legal basis

Data processing is used to process the following online services:

Deregistration of a secondary residence - § 17 Para. 2 Federal Registration Act in conjunction with § 21 Para. 4 Federal Registration Act

Registration of a secondary residence - § 17 Para. 1 Federal Registration Act in conjunction with § 21 Para. 4 Federal Registration Act

Applying for a registration certificate - § 18 Para. 1 Federal Registration Act

Application for an extended registration certificate § 18 para. 2 Federal Registration Act

Applying for an information block - § 51 Federal Registration Act

Application for transmission blocks - § 42 para. 3 sentence 2 Federal Registration Act, § 50 para. 5 in conjunction with § 50 para. in conjunction with Section 50 (1), (2) and (3) of the Federal Registration Act, Section 36 (2) of the Federal Registration Act

Status enquiry about the passport or ID card applied for - Art. 6 para. 1 lit. c GDPR

Change of status - § 21 Federal Registration Act

Declaration of loss of a passport or identity card - Section 15 (1) sentence 3 Passport Act; Section 27 (1) no. 3 Identity Card Act

Election assistants - declaration of willingness - § 4 European Election Act, §§ 9-11 Federal Election Act, §§ 6-9 Federal Election Code, §§ 15-17 State Election Act, §§ 22-26 State Election Code, §§ 6-6b Hessian Local Election Act, § 4 Local Election Code

As part of the application process, it is necessary for you to provide us with certain data. We distinguish between mandatory and voluntary information. Mandatory information is required for the application and is marked accordingly with * in the application process. If you provide incomplete mandatory information, your application for an administrative service cannot be processed. The provision of voluntary information is not mandatory for the application, but may speed up the processing of your application. The legal basis for the collection of personal data for the processing of applications is Art. 6 para. 1 sentence 1 lit. c, e GDPR in conjunction with Section 3 para. 1 HDSIG and the legal bases listed above for the respective online service.

According to Art. 4 No. 1 GDPR, "personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

6. information on recipients of personal data or categories of recipients

If you apply for an administrative service, the personal data you provide during the application process will be disclosed to our administration, which will process your application.

After submitting your application, your personal data will be collected and processed by the servers of our IT service provider and processor ekom21 - KGRZ Hessen, so that your personal data will be disclosed to ekom21 - KGRZ Hessen. The personal data may also be disclosed to other IT service providers in compliance with the applicable data protection regulations.

If you select a payment method in the application for the provision of the administrative service, your data required for the execution of the payment process will be transmitted to payment service providers who process the transaction for this selected payment method.

7. information on the storage period

The data listed under section 3 of this privacy policy, which is not the IP address, is automatically deleted from the log files after 90 days. The IP address of the requesting user is automatically and irretrievably deleted after 7 days.

In principle, the personal data processed in accordance with section 5 of this privacy policy will be deleted if we no longer need the data for the fulfilment of our legal tasks and the deletion does not conflict with any statutory retention obligations and periods.

8. your rights

8.1 Right of access (Article 15 GDPR) 

You can request information about your personal data processed by us. In your request for information, you should specify your request in sufficient detail to enable us to compile the necessary information. Please note that your request for information under Article 15 GDPR may be restricted by the provisions of Article 23 GDPR.

8.2 Right to rectification (Article 16 GDPR)

If the information concerning you is not (or no longer) correct, you can request a correction. If your personal data is incomplete, you can request that it be completed.

8.3 Right to erasure (Article 17 GDPR)

You can request the erasure of your personal data under certain conditions. Your right to erasure depends, among other things, on whether the personal data concerning you is still required by us to fulfil our statutory duties or whether statutory retention periods and obligations prevent the erasure of your personal data.

8.4 Right to restriction of processing (Article 18 GDPR)

Under certain conditions, you have the right to request that the processing of your personal data be restricted.

8.5 Right to object (Article 21 GDPR) 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR. Please note that your right to object may be restricted or not exercisable due to the provisions of Section 35 HDSIG if the processing of your personal data is based on Article 6(1)(e) GDPR. Please address your objection to the data controller named above.

8.6 Right to lodge a complaint (Article 77 GDPR)

If you are of the opinion that we have not complied with data protection regulations when processing your personal data, you can lodge a complaint directly with the competent supervisory authority.

*OLAV is an add-on module to the specialised procedure emeld 21, which provides citizens with online applications and online processes under the domain https://onlineantrag.ekom21.de/olav from the area of registration, operated and provided by ekom21 - KGRZ Hessen (public corporation).