Privacy Policy

Hereinafter we inform you about the nature, scope, and purpose of the processing of your personal data when using our website “” (hereinafter “Platform”). Personal data is any information that relates to an identified or identifiable natural person.

1. Controller

The person responsible (“Controller”) within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controller within the meaning of the GDPR for the personal data processed by the Platform is MitOst e.V., Herzbergstr. 82-84, 10365 Berlin, Germany, Phone: +49 (0)30 31 51 74 79, E-mail: (hereinafter “we”).

Uta Protzmann, MitOst e.V., Herzbergstraße 82-84, 10365 Berlin, Phone: +49 (0)30 31 51 74 79, E-Mail:

2. When you visit our Platform

When you visit our Platform, our server collects the following information from your end device: browser type and version, operating system, the previously visited Internet page (“referrer”), IP address, and time of the page call.

We collect and process this data in order to ensure trouble-free operation of our Platform and to detect, prevent, and track any misuse of our services. Furthermore, we use the collected data for statistical purposes, for example to evaluate which end devices and browsers are used to call up our Platform, in order to continuously adapt and improve our services to the needs of users on this basis.

This data processing is based on Article 6 par. 1 f GDPR. We anonymize all personal technical data mentioned in the first paragraph 24 hours after their collection. We delete the information on the operating system, browser type and version 30 days after it has been collected.

3. User account, notifications by e-mail, submission of project ideas

If you create a user account on our Platform, we collect your e-mail address and a user name of your choice (pseudonym); without this data we cannot create a user account for you.

To set up a user account you can – instead of using our registration form – also enter the access data of an existing account on Facebook or Google. In such a case, the respective service provider will provide us with your e-mail address or other service-specific identification and, if applicable, the user name used there. The data transmitted in this way will then be used to create your user account with us. If the service provider has not provided us with an e-mail address for you, we will also ask you for it.

Legal basis for the data processing is Article 6 par. 1 b GDPR (fulfillment of the rights and obligations from the usage contract). We keep the personal data associated with the user account stored until the end of the user relationship.

If you have a user account with us, we can keep you up to date on news from our Platform by e-mail on request (e.g. on new contributions of an Idea Challenge in which you participate, on newly published Ideas and on new functions of our Platform). You can set which notifications you would like to receive in your user account. You can revoke your consent at any time by adjusting the settings in your user account accordingly. The legal basis for the use of your e-mail address for notifications is Article 6 par. 1 a GDPR (consent).

If you are an organization that publishes content on our Platform, we will collect your actual name or company name and address in addition to the e-mail address and user name. This data is indispensable for concluding a contract with us; we process it for the purpose of fulfilling the contract in accordance with Article 6 par. 1 b GDPR. We keep the data stored until all mutual claims arising from the contractual relationship have been finally settled and the association and tax retention periods have expired.

When you submit a project idea as a registered user, we will collect, in addition to the data set out before, your first name and last name as well as, where applicable, data about the organization of which you form part or that you intend to establish such as the organization’s name, the organization’s legal status, the organization’s details, the organization’s online presence, the organization’s email, the organization’s year of registration, country, and location in which you or your organization has its registered seat.

This data processing takes place according to Article 6 par. 1 b GDPR. We shall store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and all commercial and fiscal retention periods to which we are subject have expired.

When deciding on the conclusion of a contract, we refrain from automated decision-making and profiling.

4. Processors

As technical service providers for the operation of our Platform on the Internet (web hoster), we make use of the services of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen and Liquid Democracy e.V., Am Sudhaus 2, 12053 Berlin and for mail hosting the Heinlein Support GmbH, Schwedter Straße 8/9B, 10119 Berlin as Processors according to Article 28 GDPR.

5. Contact by e-mail

If you send us a message by e-mail, we will save your message along with the sender details (name, e-mail address, and, if necessary, other information added by your e-mail program and the transmitting servers) in order to be able to answer it and also to respond to possible subsequent questions (legal basis: Article 6 par. 1 f GDPR). For the reception, storage, and sending of e-mails, we use an e-mail provider that acts for us as a processor in accordance with Article 28 GDPR. We will delete the data collected with your message at the latest by the end of the calendar year following the last communication with you concerning your request, subject to the provisions of the following paragraph.

If you send us a message with information legally relevant for the contractual relationship (e.g. a complaint), the legal basis for the processing is Article 6 par. 1 b GDPR, regardless of how you transmitted your message to us. In such a case, we will erase the data related to your message as soon as all mutual claims arising from the contractual relationship have been completely settled and the commercial and fiscal retention periods have expired.

The mail servers used by us work with TLS and SSL, so that the transmission between your and our mail server is encrypted, even if your e-mail provider supports at least one of these encryption techniques.

For your security, we also offer PGP encrypted e-mail communication. To do this, ask for the PGP key for the e-mail address to which you would like to write. If you want us to reply to you in the same encrypted way, include your PGP public key in your email.

6. Contributions, Comments

If you submit a contribution (Idea, comment) on our Platform, it will be published at the appropriate place on our Platform together with your user name. In order to prevent misuse of our offer, we store the IP address of the terminal from which you are writing for a period of 24 hours (Article 6 par. 1 f GDPR). We reserve the right to delete contributions that are not objective or thematically inappropriate at any time. If you delete your user account with us, your contributions remain on our Platform so that other users can continue to follow the course of a participation process, but we anonymize the user name previously displayed with your contributions as author identification. Personal data contained within a contribution text – e.g. if you have written your own name in it – remain unaffected by the deletion of the user account.

7. Newsletter

If you have subscribed to our newsletter, we will inform you by e-mail about events, competitions, and other activities of our Platform. You will not receive more than one newsletter a week. You can object to the use of your e-mail address for advertising purposes at any time in any form, without incurring any costs other than transmission costs at the basic rate.

This data processing is based on your consent in accordance with Article 6 par. 1 a GDPR. If you revoke your consent to the use of your e-mail address for advertising purposes, we will delete your e-mail address from our mailing list.

We use the service of the company Sendinblue GmbH (Köpenicker Str. 126, 10179 Berlin) as a technical service provider for the dispatch of our newsletter (processor in accordance with Article 28 GDPR).

8. Social Media

You may find Social Media buttons on our website; they can be recognized by the logos of the social media platforms (Facebook: “f” logo). Clicking on such a button calls the respective platform’s website; at the same time, the IP address of your device and the address of the page where the link is placed (“Referrer”) will be transmitted to the platform. However, we neither collect nor otherwise process any data related to the use of these social media buttons.

9. Use of Cookies

When you visit our Platform, we place a “cookie” on your end device. This is a small text file that allows us to recognize your device when you return to our site at a later time. With the help of cookies, we can prevent misuse of our services and analyze certain user behavior, e.g. which parts of our Platform you use, how long you stay on our site and when and how often you return to our site. A stored cookie is deleted at the latest twelve months after your last visit to our platform.

This data processing is carried out on the basis of Article 6 paragraph 1 letter f GDPR for the purpose of enabling you to operate our platform safely and conveniently, to align our platform even better with the interests of our visitors and the technology they use (terminal device and browser types) and to analyze and optimize the technical functions of our site and the efficiency of any advertising measures.

You can prevent the creation of cookies by going to the cookie settings of your Internet browser and opposing the creation of cookies for our platform or for all websites in general. You can also delete cookies that have already been placed there.

10. Your Rights

With regard to your personal data that we process, you have the following rights:

a) You have the right to obtain a confirmation from us as to whether we process personal data concerning you. If this is the case, we will inform you about the personal data stored about you and the further information in accordance with Article 15 par. 1 and 2 GDPR.

b) You have the right to have your inaccurate personal data rectified without undue delay. Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

c) You can demand the erasure of your personal data concerning you under the conditions of Article 17 par. 1 GDPR without undue delay, as far as their processing is not necessary according to Article 17 par. 3 GDPR.

d) You may demand that we restrict the processing of your data if one of the requirements of Article 18 par. 1 GDPR applies. In particular, you can request the restriction instead of an erasure.

e) We will communicate any rectification or erasure of your personal data and a restriction of processing to all recipients to whom we have disclosed your personal data unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you request it.

f) You have the right to receive the personal data you provide to us in a structured, commonly used, and machine-readable format. You may also request that we transmit the data to another controller without hindrance, where technically feasible.

g) As far as a data processing is based on your given consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the data processing based on consent before its withdrawal.

RIGHT TO OBJECT: ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA; this right applies to a processing, according to Article 6 par. 1 f DPRG, necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular where the data subject is a child. If you exercise your right to object, we will no longer process the personal data in question unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of you, or for the establishment, exercise, or defense of legal claims.


If you believe that the processing of your personal data is in breach of the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. This does not exclude other administrative or judicial remedies.

Table of Contents