Language
1. Responsible Entity
Responsible for data processing on this website is:
Science4People e.V.
Prof. Ferenc Krausz
Hans-Kopfermann-Str. 1
85748 Garching (Munich), Germany
Email: info@science4people.org
2. Collection and Storage of Personal Data
When filling out the petition, we collect the following personal data:
- First name
- Last name
- Email address
- Country of origin
These data are stored exclusively in a MySQL database without a CMS. IP addresses are not stored.
Purpose of Processing
Data is processed solely to support and verify the petition.
Disclosure of Personal Data
The data collected through this petition will not be shared with third parties.
However, in justified cases, data access may be granted solely to verify the authenticity of signatures — exclusively for this purpose and while maintaining confidentiality.
Additionally, personal data collected through the petition may be shared with institutions of the European Union or national governments if necessary for the submission of the petition. The data sharing is strictly tied to the objectives of the petition and limited to necessary information (e.g., name, country of origin).
Legal Basis
Processing and potential sharing of data is based on your consent pursuant to Art. 6(1)(a) GDPR, which you provide via a checkbox. Additionally, we ensure only confirmed entries are considered by using a double opt-in process.
Data Deletion Periods
Personal data will be deleted after the petition concludes and in consideration of statutory retention periods. If no such periods apply, deletion will occur no later than 12 months after the petition ends.
3. Access Protection
The server is password-protected and only accessible via encrypted SFTP connection.
Access is restricted to four authorized individuals.
Two-factor authentication has been activated for the hosting backend (Alfahosting).
4. Data Transmission Security
Our website uses SSL encryption (HTTPS).
A valid SSL certificate from Let’s Encrypt is active and is automatically renewed on a regular basis.
5. Data Security and Backups
Daily backups of the database are performed by Alfahosting.
Backups are stored in encrypted form and accessible only through a secure backend.
Backups are retained for 30 days and then automatically deleted.
6. Special Protective Measures
As the petition text may potentially be considered a form of political expression, the following special precautions apply:
- No storage of IP addresses
- No profiling or personal analysis
7. Data Processing Agreement
A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider Alfahosting.
8. Server Log Files
When visiting our website, the hosting provider Alfahosting automatically stores information in server log files, including:
- Access time
- Accessed pages/resources (access log)
- Error messages (error log)
- User agent (browser type, operating system)
- Referrer URL
These data are not personally identifiable and are not merged with other data sources. The log files are used solely for technical monitoring, error analysis, ensuring operations, and potentially for defense against attacks (e.g., DDoS).
Storage is handled by Alfahosting and subject to their deletion periods. A DPA with Alfahosting is in place.
Note: Although IP addresses are technically captured in the log files by Alfahosting, we do not actively use or analyze them. They are used solely for security and error diagnosis at the hosting level.
9. Your Rights as a Data Subject
In connection with the processing of your personal data as part of this petition, you have the following rights under the GDPR. These rights can generally be exercised free of charge.
Note: In the case of clearly unfounded or excessive requests, we reserve the right to charge a reasonable fee based on administrative costs (Art. 12(5) GDPR).
9.1 Withdrawal of Consent
You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. The legality of processing prior to the withdrawal remains unaffected.
9.2 Access and Confirmation
You may request confirmation as to whether your personal data is being processed. If so, you have the right to access information pursuant to Art. 15 GDPR, particularly regarding:
- The data being processed
- The purposes of processing
- The recipients
- The planned storage period
- Your additional rights
9.3 Rectification and Erasure
You have the right to correct inaccurate data and complete incomplete data (Art. 16 GDPR). Additionally, under Art. 17 GDPR, you may request the deletion of your data, especially if they are no longer necessary for the petition or if you have withdrawn your consent.
9.4 Restriction of Processing
Under certain conditions (e.g., disputing the accuracy of data), you can request restriction of data processing pursuant to Art. 18 GDPR.
9.5 Objection to Processing
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to processing for reasons arising from your specific situation. We will then cease processing unless we can demonstrate compelling legitimate grounds that override your interests or if the processing serves to assert, exercise, or defend legal claims.
9.6 Right to Data Portability
You have the right to receive personal data provided to us in a structured, commonly used, and machine-readable format. Upon request and if technically feasible, this data can be transferred directly to another controller. This right applies only when the processing is based on your consent (Art. 6(1)(a) GDPR) or a contract (Art. 6(1)(b) GDPR) and is carried out by automated means. It does not apply if the rights and freedoms of other persons (e.g., third parties or trade secrets) would be affected.
To exercise your rights, please contact the address listed above.
10. Right to Lodge a Complaint with the Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.