Information on data processing as part of our supervisory activities and the encryption of e-mails

Name and contact details of the data controller

Brandenburg Commissioner for Data Protection and Access to Information
(Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg - LDA Brandenburg)
Stahnsdorfer Damm 77
14532 Kleinmachnow
GERMANY

Phone: +49 33203 356-0
Fax: +49 33203 356-49
E-mail: Poststelle@LDA.Brandenburg.de

Please find the contact details of the person responsible for your request in our letter.

Contact details of the Data Protection Officer

Data Protection Officer at the
Brandenburg Commissioner for Data Protection and Access to Information
(Behördliche Datenschutzbeauftragte bei der LDA Brandenburg)
Stahnsdorfer Damm 77
14532 Kleinmachnow
GERMANY

Phone: +49 33203 356-0
Fax: +49 33203 356-49
E-mail: bdsb@LDA.Brandenburg.de

Categories of data being processed, source of data

As part of our activities, we process information on persons and, if necessary, further personal data on the matter. The data respectively categories of data are the following:

(a) Complainant/requester

If you submit a complaint or request, or if your complaint or request is sent to us by another body because we are the competent authority, we process your name and contact details, as well as the details of the matter we receive from you or the transmitting body, to the extent necessary for the handling of your complaint or request. As we usually approach the respondent in order to deal with your complaint, we also process, if necessary, contact details and facts about you related to the matter of your complaint communicated by the respondent or other data controllers.

(b) Respondents/third parties/bodies under supervision

We also process personal data of respondents, third parties or - in case of investigations and checks carried out without specific cause - of data controllers. The categories of data being processed include names, contact details and facts of the case. The source of these data may be:

• information provided by the complainant,
• generally accessible sources such as: press, trade register or publically accessible websites,
• other supervisory authorities within the framework of the cooperation procedures provided by law,
• information from public bodies in accordance with the applicable rules.

Data processing is limited to the extent necessary for case handling.

Data recipients

The data mentioned above are processed by the LDA Brandenburg. If necessary for the complaint handling, we transmit the data to the relevant body (respondent or data controller). In special cases, e. g. if you complain about your employer within the context of your employment, we ask for your consent.

Should another supervisory authority be competent, we transmit the data to the appropriate authority in accordance with the legal provisions. The complainant will be notified thereof. We also transmit the data to EU data protection supervisory authorities and other EU bodies as international organisations within the framework of procedures provided by the General Data Protection Regulation (GDPR) and the Brandenburg Police, Correction and Ordered Treatment Data Protection Act (Brandenburgisches Polizei-, Justizvollzugs- und Maßregelvollzugsdatenschutzgesetz - BbgPJMDSG).

In the context of administrative offences, criminal or administrative proceedings, we transfer data to the public prosecutor's office or to the courts.

Purposes of data processing

We process data for the following purposes:

• handling all complaints and requests,
• monitoring and enforcement of compliance with data protection regulations,
• control of compliance with the legal requirements for access to information,
• fulfilment of other legal obligations.

Legal basis of data processing

The following legal bases apply: " point (e) of Article 6(1) in conjunction with Article 6(3) GDPR, " Article 37(7) GDPR, " Section 5(1) in conjunction with Section 18 Brandenburg Data Protection Act (Brandenburgisches Datenschutzgesetz - BbgDSG), Section 40 Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) and Section 34-36 BbgPJMDSG, " Section 11(8) Act on the Inspection of Files and Access to Information (Akteneinsichts- und Informationszugangsgesetz - AIG).

Period of data storage

As a rule, data will be stored for a period of two years after a complaint handling procedure is completed, unless legal regulations - in particular budget, financial and accountancy regulations - stipulate a longer duration of storage. The period shall commence on 1 January of the year following that in which the procedure was completed.

Right of access by the data subject (Article 15 GDPR, Section 11 BbgDSG)

Within the framework of the legal provisions, you have the right at any time to request confirmation as to whether personal data relating to you are being processed by us. If this is the case, you may, upon request and within the framework of the legal provisions, obtain free information about or access to the personal data we record about you free of charge, as well as about the origin, recipient and purpose of data processing, insofar as this does not conflict with legal provisions. As a rule, the data can be found both in an electronic file management system and in the file that we create in order to process the complaints or administrative procedures.

Right to rectification (Article 16 GDPR)

You also have the right to have your data rectified or completed if the inaccuracy or incompleteness of the personal data relating to you has been determined.

Right to erasure (Article 17 GDPR, Section 9 BbgDSG)

Irrespective of the period of storage mentioned above, you may request the erasure of your data stored with us, provided that the legal requirements pursuant to Article 17(1) and (3) GDPR in conjunction with Section 9 BbgDSG are fulfilled.

Right to restriction of processing (Article 18 GDPR)

If the respective legal requirements are fulfilled, you have the right to restrict the processing of your data. This can be considered for a period of time which enables us to check the accuracy of the personal data insofar as you are disputing the accuracy, or under certain circumstances also if you have objected to the processing and it has not yet been determined whether our legitimate reasons for further storage override your reasons for erasure. After processing has been restricted, these personal data - apart from their storage - may only be processed with your consent or in order to assert, exercise or defend legal claims or in order to protect the rights of another person or for reasons of an important public interest.

Right to object (Article 21 GDPR, Section 13 BbgDSG)

You may object to the processing of personal data by us if there are reasons arising from your particular situation. In such cases, no further processing will take place unless we demonstrate compelling legitimate reasons for processing which override your interests, rights and freedoms or if the processing serves the assertion, exercise or defence of legal claims. There is no right to object to the processing of personal data if there is a compelling public interest in the processing which overrides the interests of the data subject, or if there is a legal provision obliging the processing.

Note on the encryption of e-mails

Please note that the transmission of unencrypted e-mails is insecure. Unauthorized persons can take note of the transmitted information and manipulate it. We thus recommend that you send messages worthy of protection to us either by post or as an encrypted e-mail. Therefor you need suitable software that implements the Pretty Good Privacy (PGP) encryption concept, e.g. as an extension to your e-mail program. Your e-mail service provider may also provide a way to use PGP in your web browser. You can find our public PGP key on our homepage www.LDA.Brandenburg.de. For complaints you can also use the secure complaint form on our homepage.