Privacy policy – Wikibase.Cloud

The Wikimedia Deutschland – Gesellschaft zur Förderung Freien Wissens e. V. (hereinafter referred to as "Wikimedia" or "we") operates the website and its services available on the Internet at wikibase.cloud including the respective sub-directories (hereinafter referred to as the "Website").

With this privacy policy, we would like to inform you which data we will process when you visit the website or use its services. By providing this information we also comply with our duty to inform you in accordance with Art. 13 and Art. 14 of the EU-General Data Protection Regulation (GDPR).

Please be aware: Wikibase.cloud is a platform that enables everyone to create and run their own open knowledge base as an instance on wikibase.cloud (the “Instance”). While Wikimedia is also the controller for the technical provision of these Instances and the processing of personal data when you visit and use an Instance, Wikimedia is not the controller of any personal data available on the Instance. The controller for this data is exclusively the person named in the imprint of the Instance. If you have any questions regarding this kind of personal data, please refer to the person mentioned in the imprint.

Controller

The controller for the processing of personal data as described in this privacy policy:

Wikimedia Deutschland – Gesellschaft zur Förderung Freien Wissens e. V.

Tempelhofer Ufer 23-24

10963 Berlin

Telephone: 49 (0)30-577 11 62-0

Email: datenschutz@wikimedia.de

We have appointed a Data Protection Officer whom you can contact under the following addresses:

Thorsten Feldmann, LL.M.

JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB

Christinenstr. 18/19

10119 Berlin

Telephone: +49 30 443 765 0

E-Mail: datenschutz@wikimedia.de

The controller for any personal data uploaded to and available on the platform is the person named in the imprint. With regard to this data Wikimedia acts only as a processor.

Purposes, legal bases and storage period

1. General use of the platform

   We automatically record the accesses to our websites. Therefore, when you visit our website, you transmit certain technical data to us, namely:

   • IP address,
   • accessed content,
   • information about the transmission,
   • date of access,
   • the amount of data transmitted,
   • the referrer,
   • the web browser/user agent.
   
   

   Where the GDPR applies, the processing of the IP address when establishing a connection is based on Art. 6 par. 1 lit. b) GDPR to provide the website you requested.

   Our host also creates so-called log files to maintain system security, in order to guarantee the security and integrity of our IT systems in which the information above (excluding the amount of data transmitted) is stored. These purposes also represent the legitimate interest for which the processing is carried out (Art. 6 par. 1 lit. f) GDPR). We store the logs for a period of 30 days and delete them afterwards.

2. Registering for a user account

   To create wikis you have to sign up and create a user account. For this purpose we collect and process your email address and a password. We will send you a validation email to the address you have provided. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. We process your personal data for as long as you have your account with us and delete it thereafter.

   If you register with us, we need to ensure that you have no malicious intentions. Hence, it is necessary that we check your IP Address against a few internationally recognized spam and abuse prevention services, namely combined.abuse.ch, xbl.spamhaus.org, cbl.abuseat.org, http.dnsbl.sorbs.net, opm.tornevall.org, all.s5h.net, dnsbl.dronebl.org. The processing is based as well on Art. 6 par. 1 lit. b) GDPR since without this verification we cannot enter into a contractual relationship with you. Some of the services mentioned above reside in countries outside of the EU. Spamhaus and combined.abuse reside in Andorra and Switzerland. The European Commission has adopted an adaquacy decision for both countries. Dnsbl.sorbs.net and dnsbl.dronebl.org may process personal data in countries without such a decision. In this case (ans also any other case where one of the service providers may process personal data in a third country without an adaquacy decision) the transfer is based on Art. 49 par. 1 lit. d) GDPR.

3. Creating a wikibase or mediawiki

   On our Website you can easily set up a Wikibase or mediawiki instance where you can create collaborative knowledge bases and publish data. You have to choose a site name, a site domain and an initial admin username. This information as well as any data published on your wikibase or mediawiki will be publicly available once your wiki is published. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. We process your personal data for as long as you have your account with us and delete it thereafter.

4. Contact

   You can contact us via email. We will then process your email address and, if applicable, your name, a subject and the content of your request to answer your enquiry due to our legitimate interests (Art. 6 para. 1 lit. f) GDPR).

   We will store your enquiry until we have answered it and fulfilled your request. We will delete it afterwards unless legal provisions prevent deletion. We may store data in accordance with Art. 6 para. 1 lit. f) GDPR where it is necessary for providing evidence or to comply with legal retention periods in accordance with Art. 6 para. 1 lit. c) GDPR. If the request is made within the framework of an existing or prospective contractual relationship with us, the storage period shall be based on the underlying contractual relationship.

Categories of recipients

We use external service providers if we are unable to provide services ourselves or if it is not reasonable to do so. These external service providers are primarily providers of IT services, such as our hosting service provider Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4.

To ensure the encryption of your wikibase or mediawiki, and provide the Website with an HTTPS/SSL certificate we will transfer the domain name to the Let's encrypt certification agency, 548 Market St, PMB 57274, San Francisco, CA 94104-5401, which is necessary to create the certificate.

For sending emails, we use the service mailgun of the Mailgun Technologies, Inc., 112 E Pecan St. #1135, San Antonio, TX 78205. We have concluded Standard Contractual Clauses with mailgun as appropriate safeguards to ensure an adequate level of protection of your personal data.

General rights of data subjects

The GDPR guarantees you certain rights, which you can assert against us - if the legal requirements are met.

• Art. 15 GDPR - Right of access: You have the right to obtain confirmation from us as to whether personal data relating to you are being processed and, if so, what these data are and the detailed circumstances of the processing.
• Art. 16 GDPR - Right of rectification: You have the right to ask us to rectify incorrect personal data concerning you immediately. You also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
• Art. 17 GDPR - Right to deletion: You have the right to demand that we delete any personal data relating to you immediately.
• Art. 18 GDPR - Right to restriction of processing: You have the right to request us to restrict processing.
• Art. 20 GDPR - Right to data portability: You have the right, in the event of processing based on consent or for the fulfilment of a contract, to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format and to transfer this data to another responsible party without hindrance from us or to have the data transferred directly to the other responsible party, insofar as this is technically feasible.
• Art. 77 GDPR in conjunction with Section 19 BDSG - Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State in which you are resident, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection law.

In particular right to object and right to withdraw consent

• Art. 21 GDPR - Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is necessary on the basis of a legitimate interest on our part or in order to carry out a task in the public interest, or which is carried out in the exercise of official authority.

If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If we process your personal data for direct marketing purposes, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

In order to exercise your right of objection, you can, for example, send us an email to the email address mentioned above.

• Withdrawal of consent: If you have given us your informed consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out until your withdrawal remains lawful.

Obligation to provide data

You have no contractual or legal obligation to provide us with personal data. However, we then might not be able to offer you the requested services.

The existence of automated decision-making (including profiling)

We will not make you subject to any automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 GDPR, which has legal effects on you or affects you.

Internet-specific data processing and cookies

Cookies

On our website, we use cookies and similar technologies. Cookies are small text files that are stored on your hard drive and are assigned to the browser and/or device you are using. The provider who stores the cookie on the device can collect certain information through the cookie. The purpose of the cookies set on our website is to enable you to use the website and its functions safely. The specific cookies we or third parties store on your device and their purposes are listed in the table below.

Google reCaptcha

We use the Google reCaptcha service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google reCaptcha uses the following data to check whether you are a human or a computer: IP address of the end device used, the website that you visit with us and on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, mouse movements and possibly other technical data. In addition, Google sets cookies on your device. We do not gain any knowledge of the data collected and processed by Google. The legal basis for the data processing described above is Art. 6 para. 1 lit. f) DS-GVO. We have a legitimate interest in ensuring the security of our website and protecting ourselves against automated entries (attacks). For this reason, we cannot offer you the option to object here, but must point out that you should not use the function protected by the reCaptcha function in this case and should not call up the associated page.