#4225: privacy-policy.md

site/misc/privacy-policy.md

Path: site/misc/privacy-policy.md · Lines: 92 · Language: German · Layout: page with width: small

Purpose: GDPR/DSGVO-compliant privacy policy for the ProjectForge website (projectforge.org). Required by German law (TMG, DSGVO) for any website operated by a German company (Micromata GmbH) that collects user data.

Source: GitHub

92 lines · 43 code · 10 comments · 39 blank

11 sections of German data protection law

Commit	Message
`ac75fabf3`	2021-08-10 Jekyll site migration

This document is structured as a formal privacy policy under German/EU law, organized into 11 numbered sections. Each section addresses a specific legal requirement:

§	Topic	Key content
1	Definitions	Defines "Cookies" and "personenbezogene Daten" (personal data) — foundational legal terms
2	Data collection	Server logs: IP, timestamp, URL, data volume, browser/OS, referrer, ISP. Stored temporarily, deleted automatically. IP only analyzed during attacks.
3	Usage & sharing	No third-party sharing. Only to authorities if legally required or during network attacks.
4	Contact form	Minimum: first/last name + email. Additional fields voluntary. Requires explicit consent.
5	Cookies	Only session cookies for technical session control. Deleted on browser close. Site works without cookies.
6	Web analytics	Pseudonymous usage profiles via tracking software. No personal identification. Opt-out via email to Micromata or by disabling JS/cookies.
7	Social plugins	Facebook, Twitter, Google+, XING. Direct browser-to-provider connections. Data stored in US/other countries. Marketing purposes.
8	Security	Technical/organizational measures against data manipulation, loss, destruction, unauthorized access.
9	External links	Disclaimer: policy only covers Micromata domains. No control over linked sites.
10	Your rights	Right to information, correction, blocking, deletion of personal data. Contact: info@micromata.de
11	Validity	Consent by using the site. Policy may change. Recommendation: re-read periodically.

Legal framework — TMG and DSGVO

§15 Abs. 3 TMG (Telemediengesetz — German Telemedia Act) is explicitly cited in section 6. This section allows pseudonymous usage profiles for advertising, market research, and demand-oriented design — but only if the user doesn't object. The policy provides an opt-out mechanism.

DSGVO (Datenschutz-Grundverordnung — GDPR) compliance is implicit throughout: data minimization (only collect what's needed), purpose limitation (only use for stated purposes), storage limitation (auto-delete server logs), transparency (11-section explanation), and user rights (access, correction, deletion).

Micromata GmbH is the legal entity. The policy states that personal data is NOT shared with third parties, NOT used for profiling beyond pseudonymous analytics, and users can opt out at any time by emailing info(at)micromata.de.

Technical implementation details

Server logs: The site stores standard Apache/nginx access logs: IP, timestamp, URL, data volume, status code, browser/OS, referrer, ISP. These are "temporarily stored and automatically deleted."
Session cookies only: "Nur ausnahmsweise Cookies" — cookies are used only exceptionally for technical session control. No tracking cookies, no third-party cookies. Deleted on browser close.
Web analytics via pseudonymous profiles: The site uses analytics software that creates usage profiles under a pseudonym. Users are NOT personally identified. The data is NOT merged with personal data. Cross-site tracking is NOT performed.
Social plugins: Facebook, Twitter, Google+, XING buttons create direct connections from the user's browser to the social network's servers. The policy warns that the provider learns which ProjectForge page was visited, and if the user is logged into the social network, the visit can be linked to their account.

Key takeaways

German-language only: No English translation exists. This is a legal document under German jurisdiction — translations could introduce ambiguity.
Standard legal template: Much of this reads like a standard German privacy policy template. Sections 1-3, 5, 8-11 are generic. Section 7 (social plugins) is the most site-specific.
Contact form requirements: First name, last name, and email are mandatory. Additional fields voluntary. Data used only with explicit consent.
Opt-out by email: No automated cookie consent banner or preference center — users must email Micromata to opt out of analytics. This may not meet modern GDPR standards (which require explicit opt-in, not opt-out).