Privacy Policy

1. Introduction

PoliCAT UG provides the platform as a service to its users. In the terms of the General Data Protection Regulation (GDPR) of the European Union, PoliCAT UG is the “processor” and the user the “controller” of any data uploaded, edited, posted, managed and collected in order to set up and manage petitions or other type of e-action (hereafter named “petition”), including personal data of petition signers.

We can provide a written agreement for contract data processing in German language. Download it here, sign it and fill it in for your side. We will return a signed copy to you.

2. Scope

This Policy regulates how we handle personal data. It specifies which personal data we collect when you visit our website, and how we use it. Personal data means any information relating to person which allow to identify that person. This includes information such as your name, email or postal address, telephone number or date of birth. Statistical information that cannot be directly or indirectly associated with you - such as the number of emails sent to a petition target - is not personal data.

Each petition on has its own privacy policy, which can be edited by the campaigner using to set up and manage their petition. PoliCAT UG does not take responsibility for the lawfulness and accuracy of these policies.

3. What data is processed

The following types of data are regularly transmitted, processed and stored at

4. Signing petitions and sending petition emails

PoliCAT UG provides the platform as a service to its users. Users can set up and manage petitions and collect, export and download personal data of signers (supporters, e-activists, subscribers). This data is exclusively and entirely owned by the users. PoliCAT UG does not own nor use this (your) data in any way.

Each petition on has its own privacy policy, which can be edited by the campaigner using to set up and manage their petition. PoliCAT UG does not take responsibility for the lawfulness and accuracy of these policies. It is the sole responsibility of the administrator (DPO) of a campaign account, to ensure that each petition tied to this account has a privacy policy that is accurate and in conformity with the General Data Protection Regulation (GDPR) of the European Union and other applicable laws.

You always find a link to the privacy policy of the petition you want to sign under the respective sign-up. Read the privacy policy carefully – you have to agree with it when signing-up to a petition. Campaigners who use for their petitions can write their own privacy policy. We recommend that they use our standard policy; it obligates them to hold your personal data safe and to use it only for the direct purposes of the respective petition and, in case you tick the checkbox to subscribe, to keep you informed about this and similar campaigns.

PoliCAT UG is the “processor” and the user the “controller” of any data collected and processed by petitions in the terms of the General Data Protection Regulation (GDPR) of the European Union. That implies that campaigners who set up and manage petitions on are solely responsible for complying with legal requirements relating to data protection, in particular regarding the collection and processing of your personal data.

PoliCAT UG might access, edit or delete your data in order to ensure functioning of the platform, to provide user support, and to enforce compliance with legal requirements and our Terms of Service. We will never disclose, sell or otherwise distribute your data and strive to ensure the best possible protection of your data at any time.

5. Setting-up and managing petitions

PoliCAT UG provides the platform as a service to its users. In the terms of the General Data Protection Regulation (GDPR) of the European Union, PoliCAT UG is the “processor” and the user the “controller” of any data you upload, edit, post, manage and collect via your petition widgets, in particular any personal data of petition signers. That implies that as a user, you are solely responsible for complying with the legal requirements relating to data protection, in particular regarding the collection and processing of personal data of petition signers.

You are responsible to handle any requests from affected persons, e.g. petition signers or targets, and ensure their rights regarding their data; this includes but not ends with providing transparency about the what data is held on them and editing or deleting their data promptly upon request. To ensure affected persons can contact you, e.g. to request transparency about their personal data stored, to have it modified or deleted, you are obliged to appoint a natural person as data privacy officer (DPO) for your campaign and include this person’s name and contact details, e.g. email address, in the privacy policies of any of your petitions.

PoliCAT UG will not and never disclose any personal data of users. But there are two exceptions. Firstly, we are working with external service providers in some areas so that we can concentrate fully on servicing as a platform for your petitions. For example, your name and email address might be provided to our mailing service provider to add to the return-path of emails sent to signers on your behalf. Such partner companies are contractually bound by us to use this data exclusively for the narrowly defined tasks. The second exception is cases where data sharing is necessary to combat attacks on our IT infrastructure that constitute criminal offenses or compromise the functionality of our website.

6. Cookies and data tracking

We do not use cookies, in order to ensure maximum data protection for signers of petitions anywhere in the world. We may periodically analyse web logs, in order to measure and improve the performance of the platform.

We do not use third-party services, such as Google Analytics. Instead, we invite users and signers to help us identify bottlenecks or problems on our site. However note that our customer chat app ( on has inbuilt tracking functionalities; we do not use or distribute this information other than to find out from what page a chat request comes from, and from whom only if the visitor has logged in; this affects only direct visitors on – we do not track visitors of petition widgets wherever they are embedded.

Note that petition widgets may be embedded in third-party sites that use cookies and tracking services. Also note that when you sign a petition, your personal data is submitted and stored together with a time-stamp and the URL of the webpage where you signed the petition, i.e. where the petition widget is embedded (“URL referer”).

7. Advertising

PoliCAT UG and users may place online advertising with third-party vendors, including Google, which will be shown on other sites on the internet. In some cases, those third-party vendors may decide which ads to show you based on your prior visits to the site. At no time will you be personally identified to those third-party vendors, nor will any of the personal information you share with us be shared with those third-party vendors. If you prefer to opt out of the use of these third-party cookies on the site, you can do so by visiting the Network Advertising Initiative opt out page.

8. Third-party web sites

We may link directly to other sites. For example, on our page you will find links to Facebook, Twitter or YouTube. This Privacy Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our websites. petitions can be embedded into other websites in the form of “widgets”. These sites will have their own policies which may be different from ours and we recommend that you check the privacy policy of each site that you visit.

Petition on have their own, specific privacy policies, which can be edited by the campaigner using to set up and manage their petition. Read more about this in the section “Signing petitions and sending petition emails”.

9. Third-party service providers uses service providers to provide certain services and to process your data (e.g. we host our server at HostEurope and send emails with Mailjet) (order processing in accordance with Art. 28 of the General Data Protection Regulation). The service providers process the data exclusively on the instructions of PoliCAT UG and have been obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services. Users may request to see the data processing agreements we have with our service providers.

Please note that some countries outside of the European Economic Area (“EEA”) have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We strive to only work with providers in the EEA who offer the best privacy protection. However, in some cases we might work with service providers outside the EEA and may transfer and/or store personal data collected from you to and/or at a destination outside the EEA. If we transfer and/or store your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data.

10. Data security

We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information. However, we cannot guarantee complete security.

In addition to securing the operating environment, we use a state-of-the-art encryption method when transporting your data over the Internet. You can recognize this by the fact that the lock symbol in the address bar of your browser is closed and the address line starts with https:// The most important approach to secure your personal data is “data scarcity”. In practice that means that we store only as little personal information as possible to provide a smooth and robust service, and we ask our users to also minimise the amount of data they ask and require activists or supporters to provide when signing a petition or other type of e-action (hereafter named “petition”).

Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent.

For highly sensitive informations (such as the ones collected for a European Citizen Initiative according to specific legal requirements, that might e.g. include your ID number), we also encrypt the data before storing it.

11. Disclosure of information

PoliCAT UG will challenge any attempt to gain access to the information you give us by government agencies or private organizations. In the unlikely event that we are required by law to disclose any of your information we will do our best to contact you first so that you may have the opportunity to object to the disclosure. We will also independently object to any requests for access to information about users of our site that we believe to be improper.

12. Data retention

In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records no later than five years after the data it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.

13. Your rights

As a user, you have the right to request information about what data about you is stored by us and for what purpose it is stored and processed. In addition, you may ask that we correct incorrect data, or request to have your data deleted (data which is no longer necessary to be stored). You have the right to data portability. You also have the right to complain to a supervisory authority about the data processing taking place. You have the right of appeal to a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right of appeal may be exercised in particular before a supervisory authority in the Member State where you are living, working or where the infringement is suspected to occur.

14. Children

There is no age restriction for the use of However, if you are under the age of 16, you may not use the or enter your personal data, unless under the supervision and with the consent of your parent or legal guardian.

We do not knowingly collect data from persons under 16. If you are a parent or legal guardian of a person under 16 and you become aware that your child is using our websites, please contact us at the contact details listed below and arrange for the data in question to be removed.

15. Policy amendments

We keep this Privacy Policy under regular review and reserve the right to update from time-to-time by posting an updated version on our websites, not least because of changes in applicable law. We recommend that you check this Privacy Policy occasionally to ensure you remain happy with it.

16. Contact

For inquiries about data protection and privacy matters contact Daniel Pentzlin-Kordecki, appointed data protection officer by PoliCAT UG (haftungsbeschränkt), Akazienstraße 6, 39126 Magdeburg, Germany.

As of: 4.5.2018