Terms of Service and DPA

My Country Talks – General Terms and Conditions

1. Scope

1.1 My Country Talks (“MCT”) is a Platform that connects people with opposing views. Using a matching algorithm, the Platform's software pairs Participants that hold contrasting opinions and introduces them for a one-on-one conversation.

1.2 The Platform is operated by ZEIT Online GmbH, Buceriusstraße, Eingang Speersort 1, 20095 Hamburg ("DIE ZEIT"). Partners of DIE ZEIT may register on the Platform to host their own Events or participate in Events hosted by other Partners of DIE ZEIT. Every Partner is an independent Controller.

1.3 These General Terms and Conditions ("GTC") govern the use of the MCT Platform by Partners. Deviating terms will only apply if explicitly agreed to in writing by DIE ZEIT.

1.4 The partner can view these GTC at any time and save them in electronic form.

2. Conclusion of Contract

2.1 Upon request, DIE ZEIT will send the partner an online link by e-mail, which the partner can use to register on the MCT platform. The process of registration is offered in English. For successful registration, an e-mail address, password, name of the organization, address, name of an authorized representative and e-mail address of the organization must be provided. It is also necessary to agree - via opt-in - to the terms and conditions and the data processing agreement. By clicking on the “Register” button, the partner submits a binding offer to conclude a contract for the use of the MCT platform with DIE ZEIT (“Main Agreement”).

DIE ZEIT shall confirm the partner's application for registration of its order electronically without delay

Successful registration requires 2-factor authentication, which requires the entry of a cell phone number.

A contract is only concluded when DIE ZEIT expressly accepts the registration by providing access to the MCT platform.

DIE ZEIT reserves the right to reject partners without justification and to deny access to the MCT platform.

2.2 Partners may invite other Partners to co-host an Event, who must also apply to use the Platform via www.mycountrytalks.com. DIE ZEIT reserves the right to reject applications without explanation.

3. Code of Ethics

3.1 General Conduct

The Partner agrees to uphold anti-discrimination principles. Discrimination based on gender, age, race, ethnicity, nationality, disability, mental health, sexual orientation, gender identity, religion, or political views is prohibited. Offensive or threatening communication will not be tolerated. All Event content must comply with these principles.

3.2 Eligibility of Partners

DIE ZEIT approves only the following entities as Partners:

  • Independent media outlets (excluding corporate PR publications);
  • Non-profit organizations with outreach to independent audiences;
  • Public-interest institutions (e.g. ministries, local governments) with non-partisan aims.

DIE ZEIT may reject applications or terminate the Main Agreement for good cause, including:

  • Lack of independence;
  • Restricted participation based on membership or employment;
  • Evidence of discrimination or incitement.

DIE ZEIT also has a separate offer for companies (“My Company Talks”), if you are interested, please contact https://www.mycompanytalks.de/en-eu.

3.3 Use of Participant Data

3.3.1 General

The Partner is soley responsible for data processing.

The Partner must comply with applicable data protection laws (GDPR or other data protection requirements applicable to the Partner).

In particular, the Partner is obliged to inform the participants transparently about the data processing. The Partner shall, at the time when personal data are obtained, provide the Participants with all of the following information:

  1. his identity, the representative and the contact details;
  2. the contact details of the data protection officer, where applicable;
  3. the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
  4. the recipients of the personal data, if any;
  5. the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  6. the existence of the Participant's legal rights;
  7. his intent to further process the personal data for a purpose other than that for which the personal data were collected and all information on that other purpose, including any changes with regard to the information pursuant to numbers 1 to 6.

The obligation to comply with further legal obligations remains unaffected by this.

3.3.2 Use for MCT-Event

The Partner must use Participant Data solely for organizing and promoting the Event and related reporting.

3.3.3 Further Use

Should the Partner wish to use the data for any additional purposes, the Participant must be explicitly asked for consent.

Contacting the Participants for information about follow-up events and the associated data processing are not considered further use and are therefore excluded from the consent requirement, subject to statutory provisions to the contrary.

4. Event Hosting and Partner Obligations

4.1 Event Guidelines

Events must include up to 10 yes/no questions and details such as the date. The registration widget (“iFrame”) must be embedded into the Partner’s website or a website of the Partner’s choosing that DIE ZEIT has approved.

Financial compensation for participation or promotion is not permitted.

Each Event has 4 phases:

  1. Registration Phase – Participants register via the iFrame, answer questions, and provide personal information. Registration must be open for at least 2 weeks.
  2. Matching Phase – The Platform pairs Participants with opposing views. Matches are confirmed via email.
  3. Conversation Phase – Confirmed pairs engage in a one-on-one discussion.
  4. Feedback Phase – Participants submit feedback.


    Promotional Requirements

The Partner must promote the Event as part of the MCT series and include the logo and website link. Acceptable wording includes:

"[Event Name] is powered by My Country Talks"

A copy of promotional materials must be provided to DIE ZEIT.

5. Platform Functionality

5.1 Participants answer yes/no-questions and submit information (e.g. answers to these questions, name, age, gender, postcode, email). This data is used to create matches and enable communication. Additional open questions provide context for the conversation.

5.2 The Platform matches Participants and notifies them. Actual dialogue – via video call and/or in a cafe e.g.) is the responsibility of the Participants. During the Feedback Phase (up to 3 months), Participants are asked for feedback and may submit screenshots for publication.

6. Data Protection

6.1 The Partner is the data controller. If there is more than one partner, each partner sees only their own participants' data and acts as an independent controller.

DIE ZEIT is not obliged to check the legality of the Data Protection Content used by the Partner. DIE ZEIT will provide Standard Data Protection Content "Privacy Policy" and "Consent Declaration". The provision is voluntary and not a contractual service and is made to the exclusion of any warranty and liability.

6.2 DIE ZEIT provides technical access to the Platform and supports Event setup. DIE ZEIT processes Participant Data only on behalf of and in accordance with the Data Processing Agreement ("DPA").

6.3 DIE ZEIT deletes the Participant Data and registration answers 9 months after the last matching round. The Data can be exported by the Partner during that time.

7. Marketing and Communication

DIE ZEIT may use the Partner’s name and logo globally and without time limits to promote the Event and the MCT series. Partners may use the MCT branding during the Main Agreement term.

8. Termination

The Main Agreement is terminated upon the end of the Feedback Phase. DIE ZEIT may terminate for good cause, including violations of the Code of Ethics.

9. Liability

9.1 DIE ZEIT provides the Platform "as is" an makes no guarantee of availability or error-free operation.

9.2 DIE ZEIT shall be liable without limitation

- for intent or gross negligence,

- for injury to life, limb or health,

- in accordance with the provisions of the Product Liability Act.

9.3 If DIE ZEIT violates an obligation that is provided in return for payment and that is also essential for achieving the purpose of the contract (cardinal obligation), the liability is limited to typical, foreseeable damage under German law. Liability for data loss is also limited to typical, foreseeable damage under German law.

9.4 DIE ZEIT shall have no further liability.

DIE ZEIT shall not be liable for any damages resulting from the conduct of Participants or third parties in particular.

9.5 The above limitation of liability also applies to the personal liability of DIE ZEIT's employees, representatives and bodies.

10. Final Provisions

10.1 Invalid provisions do not affect the validity of the GTC. They will be replaced by provisions with similar economic effect.

10.2 DIE ZEIT may amend the GTC at any time. The contract is governed by German law. Place of jurisdiction is Hamburg.

_________________________________________________________________________________




Data Processing Agreement - Article 28 GDPR


Data Processing Agreement

between the Partner of the Main Agreement (“Controller”)

and ZEIT Online GmbH, Buceriusstraße, Eingang Speersort 1, 22095 Hamburg, represented by the Managing Directors Dr. Rainer Esser, Christian Röpke, and Enrique Tarragona (“Processor” or “DIE ZEIT”)

1. Subject of the Data Processing Agreement

1.1 This Data Processing Agreement (“DPA”) specifies the data protection obligations of the contracting parties arising from the provision of the MCT Platform. It applies to data processing carried out as part of a commissioned processing where employees of DIE ZEIT or Sub-Processors commissioned by DIE ZEIT process personal data the controller is responsible for.

1.2 This DPA describes the nature and purpose of the processing, the categories of personal data and data subjects, as well as the duties and rights of the contracting parties.

2. Nature and Purpose of Data Processing

2.1 The Nature and Purpose of the processing of personal data arise from the Main Agreement for the provision of the MCT Platform and its specific functions. In addition, the following standardized description applies:

  • Storing and providing personal data as part of hosting the Platform and providing its functions
  • Viewing personal data for the purpose of providing support services
  • Collecting and storing technically necessary personal data when providing the Platform and its functions
  • Reproducing personal data for the purpose of performing backups
  • Collecting personal data for the purpose of matching Participants of the Partner

2.2 The Partner is responsible for the accuracy and completeness of the description. The processor will adjust it at the Partner’s request.

3. Categories of Personal Data and Data Subjects

3.1 The categories of processed personal data and data subjects arise from the Main Agreement and specific functions of the Software. In addition, the following standardized description applies:

Personal Data

Data Subjects

Usage data: Information processed when accessing and using the Platform

Internet Protocol addresses, browser type, Internet service provider (ISP), referring URL, exit pages, operating system, and date/time stamp

Website Visitors

Registered Participants

Registration data: Information processed when registering for an Event

Salutation, first name, last name, email address, password

Registered Participants

Content data: Information left by users on the Platform or sent via the Platform

Opinions, views, ideas, and other information provided during registration, chat messages to matched Participants

Registered Participants

3.2 The Partner is responsible for the accuracy and completeness of the description. DIE ZEIT will adjust it at the Partner’s request.

4. Partner's Right to Issue Instructions

4.1 DIE ZEIT processes personal data on behalf of and only according to the Partner’s instructions. Instructions deviating from or exceeding this DPA must generally be in text form (e.g., email). Oral instructions must be confirmed by the Partner in text form without delay.

4.2 If DIE ZEIT believes that an instruction from the Partner violates data protection regulations, DIE ZEIT will inform the Partner. DIE ZEIT is entitled to suspend the execution of an instruction until it is confirmed by the Partner in text form.

4.3 If DIE ZEIT is legally obliged to process the Partner’s personal data, DIE ZEIT will inform the Partner of the reason for the processing and the corresponding legal requirements in a timely manner, unless the relevant law prohibits such notification.

5. Partner's Obligations

5.1 The Partner is responsible for the lawfulness of the processing and for safeguarding the rights of the data subjects. This includes compliance with the information obligation under Art. 13 GDPR, obtaining any necessary consents, and implementing the data protection principles under Art. 5 GDPR (or other data protection requirements applicable to the controller).

5.2 If DIE ZEIT wishes to defend itself against a claim for damages under Art. 82 GDPR, against an impending or already imposed fine under Art. 83 GDPR, or other sanctions within the meaning of Art. 84 GDPR by legal means, the Partner allows DIE ZEIT to disclose details of the commissioned processing, including issued instructions, for the purpose of defense.

5.3 The Partner supports DIE ZEIT in inspections by a supervisory authority, in administrative or criminal proceedings, in asserting a liability claim by a data subject or a third party, or in asserting another claim, insofar as there is a connection with this commissioned processing.

6. DIE ZEIT's Obligations

6.1 If a data subject exercises their rights directly with the Processor, DIE ZEIT will forward this request to the Partner without delay and support the Partner within reasonable limits with appropriate technical and organizational measures.

6.2 DIE ZEIT supports the Partner, taking into account the nature of the processing and the available information, in complying with the obligations mentioned in Articles 32 to 36 GDPR.

6.3 DIE ZEIT is obliged to hand over all data within the Partner 's area of responsibility upon request. Data carriers received from the Partner must be specially marked and continuously managed. Copies and duplicates of personal data may only be made with the Partner 's prior consent, unless they are necessary for the proper execution of this DPA or the respective project order or for compliance with legal retention obligations.

6.4 DIE ZEIT has appointed an external data protection officer: Sebastian Herting, Herting Oberbeck Datenschutz GmbH, Hallerstraße 76, 20146 Hamburg, dsb@zeit.de.

7. Security of Processing

7.1 DIE ZEIT takes measures required under Art. 32 GDPR to ensure a level of protection appropriate to the risk of processing. The contracting parties understand the technical and organizational measures listed in Annex 1 as appropriate to the risk of processing.

7.2 DIE ZEIT ensures that persons authorized to process personal data are committed to confidentiality or are subject to an appropriate statutory duty of confidentiality.

7.3 If DIE ZEIT becomes aware of a data breach, DIE ZEIT will inform the Partner without delay. As part of the notification, DIE ZEIT will inform the Partner, if possible, of the time, nature, and extent of the incident, the affected IT system, the affected persons, the time of discovery, and the measures taken.

8. Partner's Right to Audit

8.1 DIE ZEIT grants the Partner the right to audit to verify data processing and compliance with this DPA. DIE ZEIT provides the Partner with all the information necessary to demonstrate compliance with the obligations laid down in this DPA and enables the conduct of audits, including inspections. The audit actions can be carried out by a third party bound to confidentiality, provided that the third party is not a competitor of DIE ZEIT.

8.2 The parties agree that the Partner conducts an audit by instructing DIE ZEIT to present, at its choice, a suitable attestation, report, or excerpts from reports of independent bodies (e.g., auditors, internal audit, data protection officer, information security officer, data protection auditor, or quality auditor) or a suitable certification by an IT security or data protection audit (e.g., according to ISO 27001 or BSI Basic Protection. In justified exceptions, the Partner may conduct independent inspections.

8.3 DIE ZEIT supports the conduct of such audits. This includes granting all necessary access, information, and inspection rights. The same applies to public audits by the competent supervisory authority in accordance with applicable data protection regulations.

8.4 The Partner must inform DIE ZEIT in good time (usually at least 4 weeks in advance) of all circumstances related to the conduct of the audit. The Partner may usually conduct one audit per calendar year. This does not affect the Partner 's right to conduct further audits in the event of special incidents.

9. Use of Sub-Processors

9.1 The Partner grants DIE ZEIT general permission to use additional processors (“Sub-Processors”). In this case, it is the responsibility of DIE ZEIT to impose the obligations from this DPA on the Sub-Processor.

9.2 Currently, DIE ZEIT employs the Sub-Processors listed in Annex 2. The Partner will be informed of any intended change regarding the involvement or replacement of Sub-Processors, giving them the opportunity to object to such changes within 2 weeks, provided this is not without a significant data protection reason. If the Partner does not raise justified objections within 2 weeks of notification of the change, it is deemed approved by the Partner. DIE ZEIT will inform the Partner at the beginning of the period of this significance of their behavior.

9.3 In the event of an objection, DIE ZEIT may provide the service without the intended change or – if the provision of the service without the intended change is not reasonable for DIE ZEIT – terminate the service to the Partner within 2 weeks of receipt of the objection and terminate the Main Agreement without notice and with immediate effect.

10. Transfer to Third Countries

The Sub-Processors used by DIE ZEIT process personal data partly in third countries outside the EU and the EEA. DIE ZEIT only uses such additional processors where the requirements of Art. 44 et seq. GDPR are met. The Partner agrees to the processing in third countries.

11. Return and Deletion

11.1 DIE ZEIT must hand over all Partner data after the completion of the processing services and after the termination of the Main Agreement to the Partner and then delete it in compliance with data protection regulations (including existing copies). Data carriers received from the Partner must be returned or destroyed in compliance with an appropriate level of protection. The same applies to test and scrap material. This does not apply if there is an obligation to store personal data under Union law or the law of the Member States.

11.2 Documentation and logs that serve as evidence of proper and lawful data processing or legal retention periods must be retained beyond the end of the Main Agreement in accordance with the respective retention periods.

12. Duration and Termination

The duration and termination of this DPA are governed by the provisions on the duration and termination of the Main Agreement. Termination of the Main Agreement automatically terminates this DPA. Isolated termination of this DPA is excluded.

13. Standard Data Protection Content

13.1 The Platform is provided to the Partner with the Standard Data Protection Content "Privacy Policy" (Annex 3) and "Consent Declaration" (Annex 4).

13.2 The Standard Data Protection Content represents non-binding recommendations and does not serve to fulfill a contractual obligation of DIE ZEIT from this DPA for commissioned processing or the Main Agreement. DIE ZEIT does not guarantee the accuracy, completeness, and legality of the Standard Data Protection Content. The Partner can provide their own content at any time. DIE ZEIT will replace these immediately after transmission by the Partner with the content reproduced in Annex 3 and Annex 4.

13.3 It is solely the Partner 's responsibility to check the Standard Data Protection Content for accuracy, completeness, and legality before use.

14. Priority Clause

If this DPA does not contain any special provisions, the provisions of the Main Agreement apply. In the event of contradictions between this DPA and the provisions from the Main Agreement the provisions of this DPA take precedence.

Annex 1: Technical and Organizational Measures

Annex 2: Sub-Processors

Annex 3: Proposal for a Privacy Policy

Annex 4: Proposal for a Consent Declaration



Annex 1

Technical and Organizational Measures

The following description contains the measures generally taken by DIE ZEIT. Since the Partner 's data is primarily processed in data centers, the contractual assurances of the Sub-Processors also apply.

A. Measures to Ensure Confidentiality

1. Physical Access Control

DIE ZEIT

  • Entrance doors are always kept locked
  • Chip cards for all entrances
  • Visitors/externals are accompanied or picked up and always supervised
  • Video surveillance with recording at the entrance door
  • Electronic door openers
  • Security service and/or security personnel at the entrance
  • Alarm system
  • Laptops are locked or stored away after work
  • Fire doors, fire extinguishers, surge protection

Makandra GmbH

  • Access to the aiti-Park (office building) is only possible with an aiti-Park ID
  • It is documented on the aiti-Park side which card can open which door
  • All employees have the same permissions
  • Security regularly inspects all premises
  • Access to the IT (server) premises is only possible for a limited group of people
  • Access to the server rooms is further restricted

2. Electronic Access Control

DIE ZEIT

  • Standardized, documented process for managing user access
  • Deletion/inactivation upon termination of employment
  • Regular review of all existing accounts and accesses
  • Granular assignment of accesses per service
  • No external admins, service, or maintenance
  • Administration accesses for each service are limited to a minimum
  • Admin accesses only for persons who have proven to be professionally and personally suitable in the past
  • No use of production data in local test systems
  • Training on handling personal data and securing devices
  • Standard encryption of all hard drives
  • No sharing of computers: each employee has their own device and knows the access alone
  • Whenever possible, data transmission through encrypted connections
  • Use of a password manager is mandatory for all employees
  • Division of visibility into several pools within the tool so that only employees who absolutely need the passwords for work can access them
  • Generation of secure passwords with a minimum length and use of special characters
  • Employees are encouraged to use long passwords without repetitions and including special characters
  • Prohibition of sharing passwords and instruction to keep them secret
  • It is always traceable which persons have access to which passwords
  • Former employees lose access to all passwords from the last working day

Makandra GmbH

  • Automatic locking occurs on computers within the domain
  • All computers within the domain are encrypted
  • All employees are encouraged to use randomly generated passwords and store them in encrypted form

3. Internal Access Control

DIE ZEIT

  • Use of role and access rights management in all software products that allow it
  • Restriction of each person's access to data that is not necessary for daily work
  • Use of role systems with granular permissions to restrict access to relevant and necessary data for work
  • Own passwords/accesses for each person / no account sharing
  • Regular control of assigned access rights by several people
  • Access rights are stored in the applications until the end of the employment relationship and can be viewed by administrators at any time
  • If possible, purchase of software packages for access logging
  • SSH and SFTP if possible, during data transmission
  • Encryption of the HTTP connection via TLS whenever possible
  • Encryption of all computers via FileVault
  • Deletion of files that are no longer needed (e.g., exports)
  • Access to sensitive data is always limited to as few people as possible
  • When passing on data, if possible, through password-protected files and communication of the access password exclusively to the recipient on a second channel
  • Start meeting on data security, in which roles and access rights are defined
  • Analog data is destroyed with a document shredder of security level 4 with particle cut

Makandra GmbH

  • A role concept is in use
  • In some cases, roles are defined for individuals
  • Program-based permissions are currently assigned individually

4. Separation Control

DIE ZEIT

  • Separation of access rules via database principle
  • Software-based tenant separation
  • Separation of production and test systems (in separate databases)

Makandra GmbH

  • All data is only entered and processed in the system separately for each individual Partner
  • Data storage is carried out separately for each Partner according to their contract and instructions

B. Measures to Ensure Integrity

1. Transfer Control

  • All systems accessible externally over the Internet are only accessible via encrypted protocols.
  • The mentioned security requirements and encryption techniques apply to devices issued to employees
  • Additionally, a separate IT user policy applies

2. Input Control

  • Changes to data are logged within the system
  • In some systems, document-related logging of the logged-in user is implemented
  • In the file system, it is logged who created or last edited a file, based on the application
  • These logs are evaluated only in specific individual cases

C. Measures to Ensure Availability

  • A backup concept is in place, and an emergency plan is available
  • A procedure for handling information security incidents is defined

D. Procedures for Regular Review, Assessment, and Evaluation

1. Selection of Sub-Processors

DIE ZEIT

  • Sub-Processors are selected carefully
  • Clear and unambiguous contractual agreements regarding data processing are in place
  • Formalized instruction management is implemented
  • Instructions are generally issued in writing
  • Sub-Processors are monitored by management or the data protection officer
  • Pre-assessment is mandatory

Makandra GmbH

  • Regular internal audits and additional measures are conducted
  • Processing of personal data on behalf of a controller is performed only based on a data processing agreement in accordance with Article 28 GDPR

2. Data Protection Management

  • DIE ZEIT has developed a Data Protection Management Manual, which serves as a guideline for the company

Annex 2

Sub-Processors

Name

Subject-matter of the Processing

MailJet GmbH

Friedrichstraße 68

10117 Berlin

Germany

SaaS-Service for Mail delivery

Makandra GmbH

Werner-von-Siemens-Str. 6

86159 Augusburg

Germany

Hosting and Security

Twilio Ireland Ltd

25-28 North Wall Quay

Dublin 1

Ireland

Voice and messaging functions via Cloud-APIs

HERE Global B.V.

Kennedyplein 222- 226

5611 ZT Eindhoven

Netherlands

Map Services via API

Village One e.G.

Holzweidepfad 9

13403 Berlin

Germany

Software Support-Service


Annex 3

Proposal for a Privacy Policy

Who is responsible for data processing?

When it comes to data processing at [name of Event], the [Partner’s name and address] is responsible. You can reach the controller at [Partner’s email address and telephone number].

How can I contact the data protection officer?

You can reach the data protection officer of [Partner’s name] at [data protection officer’s contact details].

What happens when I access the iFrame?

When you access the iFrame of the Event, data is automatically sent to our server. This is a normal process, as a connection would otherwise not be possible. The technical usage data usually includes the following: Date and time of access, name of the sub-page accessed, IP address, referrer URL (origin URL), operating system used, host name of the accessing computer and product and version information of your browser.

The data processing described is permitted by law to protect our legitimate interests (Art. 6 para. 1 f) GDPR). We want to bring people together at [name of Event] and provide a Platform for this. The processing described is necessary to make this possible. The technical usage data is processed automatically because otherwise you would not be able to access the iFrame.

The data is anonymized or deleted after the page view and can no longer be traced back to a person.

Why should I answer questions about myself?

The purpose of [name of Event] is to bring together people with diverse perspectives and opinions for one-on-one conversations. To make this possible, we ask you to share your views on various (political) topics as well as some personal information.

The software we use takes care of the rest and matches the Participants.

The data processing that takes place answering yes/no-questions is only permitted with your consent, as in addition to general information, special categories of data such as your political views may also be processed (Art. 6 para. 1 a), Art. 9 para. 2 a) GDPR). The provision of your data is necessary to participate in the Event. Otherwise, we will not be able to bring you together with other Participants for a discussion - and that is what [name of Event] is all about.

The data you enter will be stored by us until the end of the Event and then deleted.

How do I get in touch with other Participants?

The [name of Event] is an online Event, but Participants can also arrange to meet in person or by other means (e.g. telephone) after making initial contact. Once a match has been triggered in the software, both matched individuals receive an email requesting them to confirm the match.

Once one person has confirmed the match, they can send a short message to the other party via the chat function—for example, to encourage them to confirm as well. As soon as the second person confirms the match, both parties will receive an email containing the other person's name, age, answers to the open questions, and email address. They can then use email to arrange a time and/or location for their dialogue. The disclosure of the answers from the open text fields as well as the matching are dependent on your consent, as special categories of data such as your political views are also disclosed depending on the input (Art. 6 para. 1 a), Art. 9 para. 2 a) GDPR). Establishing contact is necessary for the implementation of [name of Event]. However, what you enter in the free text fields is entirely up to you.

The chat history will not be saved.

Are cookies set using the iFrame?

When you access the iFrame, register for [name of Event] and use the other functions, no cookies are set and no other data is processed on your end device.

Will my data be passed on?

Other Participant: Your matched conversation Partner can view your answers from the open text fields and take note of what you write in the chat. As part of the 1-to-1-exchange, you decide for yourself what information you disclose and in what form.

We have no influence on and are not responsible for the processing of your personal data by the other Participant.

Processor: the Platform for the implementation of [name of Event] is operated by ZEIT Online GmbH. The company is subject to instructions with regard to the processed personal data and is therefore a data processor. We have concluded a Data Processing Agreement with DIE ZEIT GmbH for order processing in accordance with Art. 28 GDPR and have placed the company under special obligation. If further outsourcing of data processing takes place, DIE ZEIT GmbH is obliged to comply with the standard agreed with us and passes this on contractually. Third-country transfers to countries outside the EU/EEA are usually legitimized by standard data protection clauses.

What rights do I have?

The GDPR grants data subjects the following rights:

Right of access (Art. 15 GDPR): upon request, we will inform you which of your personal data we store, what purposes we pursue with the processing and whether we have passed on your data (this creates transparency and enables you to assert your rights with the recipients).

Right to rectification (Art. 16 GDPR): if we have stored incorrect information about you, we will rectify it (we can only contact you if the information is correct).

Erasure (Art. 17 GDPR): if there is no reason to continue storing your personal data, we will erase it (we only store personal data for as long as necessary).

Restriction of processing (Art. 18 GDPR): if you no longer wish to accept something specific, you can request a restriction of processing (e.g. for specific purposes)

Data portability (Art. 20 GDPR): You can request that we transfer your data set to you or a third party (if it concerns data from a contract or consent, you will receive the data set in digital form).

We have checked whether we are allowed to process your personal data. This applies in particular to all processing for the protection of legitimate interests (Art. 6 para. 1 f) GDPR). If you are of the opinion that a certain processing is not permitted, you can inform us of this. If we come to the conclusion in your individual case that we are actually not allowed to process your data, we will no longer do so. If your objection is directed against advertising, we will of course implement it directly.

You can exercise your rights at any time. However, this does not mean that they must be fulfilled. For example, statutory retention obligations and confidentiality interests may prevent deletion. In such a case, we will inform you why we cannot comply with your request. If you wish to assert your rights, please use the email address [Partner’s email address for receiving data protection requests].

If you have given us your consent to process your data, you can revoke this at any time with effect for the future. You do not need to provide a reason for this. Please note that some data processing operations cannot be reversed even after a revocation (e.g. the disclosure of data to other Participants).

You have the right to lodge a complaint with a data protection supervisory authority at any time.


Annex 4

Proposal for a Consent Declaration

  • Consent of processing of special categories of personal data: “My answers will be processed for the purpose of bringing me together with another participant. The information I provide in the open text fields will be disclosed to my conversation Partner to facilitate the start of the discussion. Special categories of data such as political views (“Yes/No-questions”) or ideological convictions may also be processed. I hereby give my consent. I can withdraw my consent at any time with effect for the future."
  • Consent of processing of personal data for marketing purposes: “I agree that my personal data may be shared with selected third parties for marketing purposes. I also agree that we and these third parties may send me advertising offers to the contact details I provided when registering. I can withdraw my consent at any time with effect for the future."