Cookies

Cookies are text files that are automatically stored locally in the visitor's browser when a website is accessed.
Bonsai Blog Forum (hereinafter referred to as "website") uses cookies to make the website more user-friendly and functional.
Thanks to these files, it is possible, for example, to display information on a page that is tailored to individual interests.
Security relevant functions to protect your privacy are also possible by the use of cookies.
The sole purpose is therefore to adapt our offer to your customer wishes in the best possible way and to make the use of the site as convenient as possible.
By applying the GDPR 2018, webmasters are obliged to comply with the basic regulations published at https://eu-datenschutz.org/ and to inform their users accordingly about the collection and evaluation of data. The lawfulness of the processing is justified in Chapter 2, Article 6 of the GDPR.

b]What kind of cookies does Bonsai Blog Forum use ?
Cookies fulfil various functions:
1. Required cookies
Some cookies are necessary for the correct operation of Bonsai Blog Forum. These cookies activate services that you have specifically requested (e.g. "Stay logged in").

2. Performance Cookies
These cookies may collect anonymous information about pages visited. For example, data can be collected about which parts of Bonsai Blog Forum are frequently used or why some pages generate errors.

3. Functionality Cookies
These cookies remember your choices to improve the user experience.

Can a user block cookies?
You can find out how to manage cookies and how to turn them off partially or completely in the user manual of your browser. Alternatively, you can obtain information on the following pages:

www.aboutcookies.org
www.allaboutcookies.org

Please note: If you decide to disable cookies, some parts of Bonsai Blog Forum may not work properly anymore. There may be malfunctions.
Privacy policy in Bonsai Blog Forum

I. Information on the handling of personal data and your rights.
I.1 Preliminary remark
This forum is privately managed. Even if the operator operates other websites and / or companies, this forum serves exclusively private purposes. It is about the common hobby of all members: possession, maintenance, preservation and care of small motorcycles based on the vehicles of Honda from the 70s. The forum consists of more than one person. Personal data are collected and stored for registration purposes. By the general forum operation these data become again visible at different places.
In this context, the collection, processing and use of personal data is indispensable.
The protection of your personal data has the highest priority for the operator(s) of this forum. The processing of your personal data is governed by the General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG). Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person.
In order to make the following text easier to understand, the term "operator" will in future be used briefly when referring to persons with administrative authority in the forum. The actual operator of the forum (owner of the domain; responsible party) is included here.
Furthermore, for the same reason, in the following text, "forum" is used as a synonym for "Bonsai Blog Forum", i.e. this forum.

I.2 Use of data
The personal data you provide when registering for the forum will be used exclusively for the purpose of membership.
Your data will be stored in a database to which only members of the administration have access. Such members can be identified by the red colour of the user name.
Contact data which you provide to us unsolicited in connection with contacting us via the contact form, private messages, e-mails or via contact options mentioned in third sources will only be used by us to answer your enquiries and will not be permanently stored. Mail or correspondence is regularly deleted by us unless it has to be considered necessary in connection with the operation of the forum (see I.1.).

I.3 Your consent to data collection, processing and use
There is currently no further use of the data for the purposes of the data collection required for the operation of the forum and membership. Should data have to be collected additional in the future through additional functions, you have the possibility to consent to the use of some of your personal data for processing. Your personal data will be stored and used permanently on the basis of your voluntary consent, but at the latest until you revoke this consent or your membership ends. With your consent, you expressly consent to the use of the data by the operators of the forum within the scope of the purpose described here. The operators of the forum and their authorised administrators are obliged to comply with data protection regulations.

I.4 Use of your data for advertising purposes
The operator of the forum uses your personal data exclusively for member administration and for its own information purposes. Further use for advertising purposes does not take place.

I.5 Your rights to information, correction, deletion, blocking. Right of objection.
In accordance with § 34 BDSG you are entitled at any time to request the operator to provide you with extensive to request information about the data stored about your person.
According to § 35 BDSG you can request the operator to correct your personal data, deletion and blocking of individual personal data at any time.
In addition, you can exercise your right of objection at any time without stating reasons and change or completely revoke the consent given with effect for the future.
You can send the revocation either by post or by e-mail to the contractual partner.
You will not incur any costs other than the postage costs or the transmission costs according to the existing basic tariffs.
You are aware that if your membership data is deleted, the forum membership ends automatically and access is no longer possible. Your personal data will be stored for the purpose of deletion confirmation until the necessary communication has been completed. A renewed confirmation of the data deletion does not take place after the same, since technically no storage is possible after deletion without violating the corresponding guidelines.

II. explanations on data protection in the forum
II.1 Who is responsible for data protection in the forum?
Responsible in the forum is the operator, currently
(May 2018) Christopher Lotzkat (user "Graschi"). Contact details see Footer.

II.2 Is there a data protection officer in the forum?
Since no special data categories are processed in the forum, and
a maximum of 2 persons are entrusted with the processing of the data, a data protection officer is not required.

II.3 What is the legal basis for the processing of personal data in the Forum?
The processing takes place on the basis of Art. 6 GDPR and § 28 Para. 1 Sentence 1 No. 1 BDSG.

II.4. Are there order processing entities in the Forum, i.e. natural or legal persons who have been commissioned to process orders for the purpose of the forum process or record personal data?
The hosting of the forum currently takes place on a server operated by the operator of the forum. The hosting itself is done by the provider "Server4You". As the operator has sole access to these servers, a regulation on order processing is not necessary.

The data protection of the provider is regulated separately. The privacy policy of Server4You can be found (May 2018) here:

https://www.server4you.de/agb

https://www.server4you.de/server4you_da ... ion_EN.pdf

II.5 What personal data is collected and processed and who is the responsible data controller?
Processor?
The data necessary for the processing of the forum membership will be collected and processed if voluntarily provided by the user.
Required in any case are: user name, e-mail address.
Voluntary data are: Place of residence, date of birth (for display in the birthday list), voluntary information on vehicle data and social media accounts such as Facebook, Twitter, Skype, YouTube and Google+.
The administrative members listed in the supplement to the list of processing activities under II 1) are responsible for processing the above-mentioned data.

II.6 Is it ensured that the security of the data is guaranteed by suitable technical and organisational data processing measures?
The security of the data is ensured by access control on the server, as well as password protection in the forum and encryption of the connection. Virus protection and other measures are ensured by the provider. Details are listed in the supplement to the list of processing activities under II 8.) and 11.).

II.7 What happens if Forum becomes aware of data breaches?
In the case of data protection violations, a reporting chain comes into force:
The first step is to inform the operator without delay. Depending on the severity of the violation of the protection of personal data a report to the supervisory authority may then be followed immediately and within of 72 hours. The report to the supervisory authority shall be made by a registration form completed by the operator, including all the necessary information in accordance with Art. 33 GDPR.
The procedure is set out in the supplement to the list of processing activities under II 13.) and II 14.).
Template for the reporting form: See here.

II.8 Is there a specific risk assessment or data protection impact assessment?
The Data Protection Impact Assessment Guidelines set out criteria against which the following can be assessed whether a DSFA must be performed or not. This should be more presumable if
at least two or more of the following criteria are fullfilled, which are classified as extra risky:
- Scoring and evaluation, including profiling and forecasting
- Automated decisions with legal or weight comparable effect
- Systematic observation (e.g. of workspaces)
- Sensitive data
- Data processing on a large scale
- Records that are matched or combined
- Data on particularly vulnerable persons (e.g. workers, children)
- Innovative use or application of technological and organisational solutions (e.g. a combination of fingerprint scanning and facial recognition)
- Data subjects may not exercise a right or service without prior data processing (e.g., a bank requires the screening of data of a potential data subject): A bank requires the screening of data from a potential credit customers before a decision on a contract is taken)

No data protection impact assessment is currently required in the Forum, as neither the use of new technologies nor the nature, circumstances or purpose of the processing are likely to pose a high risk to the rights and freedoms of members.

II.9. What measures are taken to ensure that responsible persons and members to raise awareness of data protection issues for tasks and responsibilities?
The topic of data protection is anchored as an "announcement" at a fixed place in the forum. It is available for public discussion. Furthermore, all members must agree to the data protection agreement when registering. In the case of relevant new topics, a further announcement will enable a renewed exchange between the members.

Responsible persons

Christopher Lotzkat
Bodelschwinghstraße 30
50389 Wesseling
Phone: 02236 5097745
info@bonsai-blog.de

I. List of processing activities pursuant to Art. 30 GDPR - Wesseling in May 2018.

Date of creation: 14.05.2018
Date of last change: 14.05.2018

a)Name of the processing activity, purpose of the processing:
Collection and updating of member data after registration of the member.
Use of the e-mail address for the transmission of forum information.

b) Persons concerned:
All members of the forum.
Personal data collected:

Username
email address

Place of residence (optional)
Date of birth (optional)
Voluntary information on vehicle data (voluntary information)
Facebook username (optional)
Twitter username (optional)
Skype username (optional)
YouTube username (optional)
Google+ username (optional)
IP address (not permanently stored)

(c) Categories of recipients to whom the personal data have been or will be disclosed to, including recipients in third countries or international organizations:
The personal data will not be passed on by those responsible. Data, which are passed on by opening linked strange sides (these are opened without exception in own Browserfenster, independently of the forum) to these (e.g. the IP address) do not lie within the sphere of influence of the operator, since these are raised of the respective goal of the call independently of the forum on basis of the data made available at the time of the call by the user (over the calling program).

d) Data is not transferred to third parties or third countries outside the EU, and it is not planned either.

e) Deadlines for deletion of data categories
When a member resigns from the forum (deletion of the account), the member data listed under b) and c) will be deleted immediately, unless the member expressly requests otherwise.

f) General description of the technical and organizational measures according to article 32 paragraph 1:

The electronically recorded personal member data shall be stored in a separate password-protected storage area of the database. The database is part of the provider's software package. It can be assumed that the data is physically protected in accordance with the provider's general terms and conditions by measures administered by him in accordance with the current state of the art.
The operator ensures sufficient password security by using combinations of letters, numbers, special characters and a corresponding length of the password. The recommendation of the German Federal Office for Information Security (BSI) is adhered to:
https://www.bsi-fuer-buerger.de/BSIFB/D ... _node.html(Date of retrieval: 14.05.2018 18:32h)

Paper-related processing of the data does not take place.

Written consent in accordance with data protection

The personal data stated in the application for membership and the e-mail address, which are necessary and required solely for the purpose of the implementation of the resulting membership relationship, are collected in accordance with Art. 6 GDPR.
Any further use of personal data and the collection of additional information requires the regular consent of the person concerned. Such consent can be given separately and voluntarily at the request of the operator.

Rights of the data subject: Information, correction, deletion and blocking, right of objection

You are entitled to request the forum for extensive information to the data stored to your person free of charge.
You have the right, at any time, to ask the forum to correct, delete or block your personal and of individual personal data. In the case of a complete deletion of your data, an existing membership relationship in the forum (deletion of the account) also ends.

You have the right to data transferability, i.e. to have the personal data concerning you, which you have provided to us, made available in a common format or to pass it on to another responsible person.
In addition, you can exercise your right of objection at any time without stating reasons and change or completely revoke the given declaration of consent with effect for the future.
You can send the revocation either by post or by e-mail to the operator. It do not incur any costs other than the postage costs or the transmission costs according to the existing basic tariffs.
You have the right to complain to the supervisory authority.

List of processing activities according to Art. 30 GDPR

Index_processing_activities.pdf

---------------------------------------------------------------------------
Notification of violations of personal data protection to the supervisory authority acc. to Art. 33 GDPR

Template_Notification.pdf