DATA PROTECTION INFORMATION

1) General information

This data protection information provides you with details about the collection and processing of your personal data by Michael Hose, Member of the German Bundestag (MdB). The data protection information informs you about your rights and enables you to make an informed decision about the handling of your personal data.

a) Data controller

Michael Hose MdB

German Bundestag
Platz der Republik 1
11011 Berlin

Tel.: +49 (0) 30 227 718 04
E-Mail: michael.hose@bundestag.de

b) Data protection officer

Datenschutzbeauftragter des Herrn Michael Hose MdB
Deutscher Bundestag
Kompetenzzentrum Datenschutz
Platz der Republik 1
11011 Berlin

E-Mail: datenschutz.mdb@bundestag.de

c) Purpose and legal basis of processing

I process the data you provide, including your communication data (name, address, telephone number, email address, IP address), on the basis of your consent (Art. 6(1)(a) GDPR) in order to be able to contact you, to perform mandate-related tasks (Art. 6(1)(e) GDPR, Section 3 BDSG) and to fulfil legal obligations (Art. 6(1)(c) GDPR).

d) Recipients of the data

As a matter of principle, I will not pass on your data to third parties unless this is unavoidable in order to process your enquiry or I am legally obliged to do so.

Data will be forwarded to the following parties:

Parliamentary groups, other Members of Parliament, relevant public authorities, in particular federal ministries or pension insurance funds, etc.

If your data is forwarded to these or other parties/organisations for the purpose of processing your request, I will obtain your consent and inform you immediately before forwarding the data, specifying the party/organisation. Upon request, the data will be forwarded in anonymised form.

e) Duration of storage

Unless otherwise stated in this privacy policy, I will delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. Unless otherwise stated, your data will be deleted at the latest at the end of my term of office when I leave the Bundestag.

f) Rights of data subjects

You may contact the data controller using the contact details above to request information about the data stored about you in accordance with Art. 15 GDPR and, under certain conditions, to request the correction of your data in accordance with Art. 16 GDPR or the deletion of your data in accordance with Art. 17 GDPR. You may also have the right to restrict the processing of your data in accordance with Art. 18 GDPR.

If the data processing is based on Art. 6 (1) (e) GDPR, you also have the right to object to lawful and legally based data processing for reasons arising from your particular situation (Art. 21 GDPR). The right to object does not apply if there is an overriding public interest in the processing that outweighs your interests or if a legal provision requires the processing.

If the data processing is based on Art. 6 (1) (a) GDPR, you also have the right to withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR). The data processing carried out up to that point remains unaffected by the withdrawal.

Furthermore, you may have the right to receive the data you have provided in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR.

g) Supervisory authority

You also have the option of contacting a data protection supervisory authority (Art. 77 GDPR). The authority responsible for me is:

Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

Graurheindorfer Str. 153
53117 Bonn

Telefon: +49 (0) 228 997799-0
E-Mail: poststelle@bfdi.bund.de

h) Enquiries by e-mail, telephone or fax

If you contact me by e-mail, telephone or fax, your enquiry, including all personal data arising from it (name, enquiry), will be stored and processed by me for the purpose of processing your request. I will not pass on this data without your consent.

Please note that communication via email, telephone or fax is generally not encrypted and is therefore not protected from access by third parties.

This processing is based on Art. 6 (1) (a) GDPR (your consent).

i) Newsletter

If you would like to receive the newsletter offered on the website, I require your email address and information that allows me to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data is not collected or is collected on a voluntary basis only. I use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, your email address and its use for sending the newsletter at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by me or my processor until you unsubscribe from the newsletter and will be deleted from the distribution list after you unsubscribe. Data stored for other purposes remains unaffected.

2) Website

a) Hosting and Content Delivery Networks (CDN)

i) Cloudflare

The service ‘Cloudflare’ from the provider Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter ‘Cloudflare’) is used.

Cloudflare offers a globally distributed content delivery network with DNS. Technically, this means that the transfer of information between your browser and my website is routed through the Cloudflare network. This enables Cloudflare to analyse the data traffic between your browser and my website and to act as a filter between my servers and potentially malicious data traffic from the internet.

The use of Cloudflare enables the provision of my website with as few errors as possible. With the help of Cloudflare, availability can be guaranteed in the event of my web server failing or targeted attacks.

Data transfer to the USA is based on the adequacy decision (EU-US Data Privacy Framework; commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en) and the EU Commission's standard contractual clauses. Details can be found here: www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf

Further information on security and data protection at Cloudflare can be found here: www.cloudflare.com/privacypolicy/

In order to ensure data protection-compliant processing, I have concluded a data processing agreement with Cloudflare.

The processing of data by Cloudflare is based on Article 6(1)(e) of the GDPR.

ii) External Hosting

This website is hosted by an external service provider (host). Personal data collected on this website is processed on the host's servers. This primarily involves

IP-Addresses,
Contact requests,
Meta and communication data,
Contract details,
Names,
Website traffic,
Other data generated via a website.

The following host is used:

Keyweb AG
Neuwerkstraße 45/46
D-99084 Erfurt

In order to ensure data protection compliance, I have concluded a data processing agreement with the host.

The processing of data by the external host is based on the data processing agreement.

iii) Server log files

Information is automatically collected and stored in so-called server log files. This information is automatically transmitted to me by your browser and consists of the following:

Browser type
Operating system
Referrer URL
Host name of the accessing computer
Time of the server request
IP-address

This data is not merged with other data sources.

I collect and process the log files on the basis of Art. 6 (1) lit. e GDPR. The server log files are deleted after 14 days.

iv) SSL or TLS encryption

SSL or TLS encryption is used for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the fact that the address line of your browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to me cannot be easily read by third parties.

b) Cookies

i) General information

Cookies are small files that are stored on your device. A distinction is made between temporary (‘session cookies’) and permanent cookies.
In addition, cookies may also be set on your device by third-party providers (‘third-party cookies’).
Cookies are also differentiated according to their function. Technically necessary cookies are mandatory for the smooth operation of the website. Analysis or advertising cookies, on the other hand, are optional and require your consent.

f I use technically necessary cookies, this is done on the basis of Art. 6 (1) lit. e GDPR and § 25 (2) TDDDG. If, on the other hand, optional cookies are used, their use is based on Art. 6 (1) lit. a GDPR (your consent).

ii) Consent to the use of cookies

I inform you about the use of cookies in a so-called ‘cookie banner’. This cookie banner appears when you first visit the website and allows you to consent to the use of optional cookies.

You can revoke this consent at any time.

c) Contact form

If you send me enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by me for the purpose of processing the enquiry and in case of follow-up questions. I will not pass on this data without your consent.

This processing is based on Art. 6 para. 1 lit. a GDPR (your consent).

3) Soziale MediA

I maintain publicly accessible profiles on social networks. The specific social networks I use are listed below.

Social networks such as Facebook, X (formerly Twitter), etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting my social media pages triggers numerous data processing operations that are relevant to data protection. Specifically:

If you are logged into your social media account and visit my social media page, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of social media portals can create user profiles that store your preferences and interests. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that I cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

a) Legal basis

My social media presence is intended to ensure the most comprehensive presence possible on the internet and to enable contact with citizens and voters. This is a task within the scope of my mandate in accordance with Art. 6(1)(e) GDPR. The analysis processes initiated by social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) GDPR).

b) Responsible party and assertion of rights

When you visit one of my social media sites (e.g. Facebook), I am jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against me and against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite joint responsibility with the social media portal operators, I do not have full control over the data processing operations of the social media portals. My options are largely determined by the corporate policy of the respective provider.

c) Storage period

The data collected directly by me via social media will be deleted from our systems as soon as the purpose for its storage no longer applies, you request deletion, you revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

I have no influence on the storage period of your data stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

d) Social media in detail

i) Facebook

I have a profile on Facebook. This service is provided by Meta Platform Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the data collected is also transferred to the United States and other third countries.

I have entered into an agreement with Facebook regarding joint processing (Controller Addendum). This agreement specifies which data processing operations I or Facebook is responsible for when you visit my Facebook page. You can view this agreement at the following link: www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: www.facebook.com/settings.

Data transfer to the USA is based on the adequacy decision (EU-US Data Privacy Framework; commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en) and, alternatively, on the standard contractual clauses of the EU Commission. Details can be found at www.facebook.com/legal/EU_data_transfer_addendum.

and

de-de.facebook.com/help/566994660333381.

For details, please refer to Facebook's privacy policy: www.facebook.com/about/privacy/.

ii) X (formerly: Twitter)

I use the short message service X. The provider is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your X privacy settings yourself in your user account. To do so, click on the following link and log in: twitter.com/personalization.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: gdpr.twitter.com/en/controller-to-controller-transfers.html.

For details, please refer to the X privacy policy: twitter.com/de/privacy.

iii) Instagram

I have a profile on Instagram. The provider is Meta Platform Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfer to the USA is based on the adequacy decision (EU-US Data Privacy Framework; commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en) and, alternatively, on the standard contractual clauses of the EU Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum

and

de-de.facebook.com/help/566994660333381.

For details on how they handle your personal data, please refer to Instagram's privacy policy: help.instagram.com/519522125107875.

iv) Vimeo

I have a profile on Vimeo. The provider is Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, USA.

Data transfer to the USA is based on the adequacy decision (EU-US Data Privacy Framework; commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en) and the EU Commission's standard contractual clauses, as well as, according to Vimeo, on ‘legitimate business interests’. Details can be found here: vimeo.com/privacy.

For details on how they handle your personal data, please refer to Vimeo's privacy policy: vimeo.com/privacy.

v) YouTube

I have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

I use YouTube with the 2-click solution. This procedure means that YouTube does not store any information about visitors to this website before they watch the video. To do this, you must actively confirm that you want to connect to YouTube and transfer your data. However, this solution does not prevent data from being passed on to YouTube partners once you have agreed to its use.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts.

After a YouTube video has been started, further data processing operations may be triggered over which I have no control.

Processing is based on your consent (Art. 6(1)(a) GDPR); consent can be revoked at any time.

For details on how they handle your personal data, please refer to YouTube's privacy policy: policies.google.com/privacy.