Mastodon: Data protection

Our Mastodon channel is hosted on the  Mastodon instance (opens in a new tab) of the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI). The  LfDI Baden-Württemberg (opens in a new tab), Lautenschlagerstraße 20, 70173 Stuttgart, (hereinafter "Mastodon") is therefore responsible for the technical platform and the services of Mastodon as a whole. Further information on data protection for the Mastodon instance can be found at  https://bawü.social/privacy-policy. (opens in a new tab) The state capital Stuttgart is responsible for our own Mastodon channel, see the contact details in detail at  https://www.stuttgart.de/datenschutzerklaerung.php. (opens in a new tab)

During the use of Mastodon, the Mastodon instance collects and processes the data described below.

When accessing, registering or using offers from the instance, an encrypted connection is established to the web server on which the instance is operated. The following data is processed in the process

• IP address of the user
• Operating system, operating system version, display resolution of the end device
• Browser identification (user agent, i.e. name and version number of the browser)
• Date and time of access to the website
• Status of the call (HTTP status code)
• Requested file, amount of data transferred
• Encryption used

The IP addresses are personal data within the meaning of Article 4 No. 1 GDPR, even if we cannot identify you from this data. The processing of the data is necessary to correctly display content on the end device, to investigate errors or to detect misuse and attacks.

The data is stored for seven days and then deleted.

If you have Mastodon access yourself and therefore follow a Mastodon channel, it is necessary to process and store the following information as part of the registration process and to display some of it on the profile page:

• Username
• Access address (e-mail address)
• password
• Voluntary information: Display name, profile and background picture, biography

The user name, display name, biography, profile and background picture are displayed publicly.

However, you can also follow the messages if you do not have Mastodon access yourself, for example via RSS feed.

In principle, you can access our Mastodon channel without providing any additional personal data. However, in the event of an interaction (e.g. a comment), the associated data (e.g. your own contribution, user name, profile picture, type of interaction) will be processed and stored. If you provide us with information about third parties, we assume that you have the necessary consent for this.

We process the data you enter (e.g. user name, published content = tokens) by replying to your tokens, if necessary, or by writing tokens that refer to your account. All posts (including "followed posts") are stored and processed on the server, included in our offering and made accessible to followers. "Followed posts" are delivered to your followers and to people mentioned in the posts. In addition to your account's own posts, posts from your followers and accounts that you follow yourself are processed and displayed publicly. When a message is sent, the date and time are saved. Messages including media attachments such as images or videos are always publicly available.

Other Mastodon instances also transmit information (e.g. comments and other interactions) that is stored, processed and deleted according to this Mastodon instance.

Posts, direct messages and account profile pages remain stored on the instance until they are deleted by the account holder. If the entire account is deleted, all content, including the associated metadata, is automatically deleted.

The Mastodon instance of the LfDI uses cookies that allow users to be recognized. This makes it possible, for example, for registered users to navigate to different subpages of the instance without having to log in again each time. None of the cookies used serve to analyze and/or track the usage behavior of the data subject. All cookies used are exclusively so-called session cookies that are deleted at the latest when the browser is closed.

The Mastodon instance operated by the LfDI Baden-Württemberg and our Mastodon channel are a service for the purpose of targeted and balanced press and public relations work to inform the public about news from the city administration and to communicate with citizens. Democratic decisions require informed citizens. Social media are a contemporary extension of this public relations work. This includes processing to implement the necessary technical and organizational security measures.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR, insofar as you have consented to the processing. The processing is also carried out for the performance of tasks in the public interest in accordance with Art. 6 para. 1 sentence 1 lit. e GDPR in conjunction with § 4 LDSG Baden-Württemberg or is based on a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest results from the above description of the purpose.

If you actively contact us, e.g. via posts, comments or chat functions, we process your personal data, e.g. name, contact details, concerns, etc., as the sole responsible party for processing your request and communicating with you. For this purpose, we store your data in our system for customer data. Depending on the nature of your request, the legal basis for this data processing is the performance of a public task pursuant to Art. 6 para. 1 sentence 1 lit. e GDPR, § 4 LDSG or our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to process a general request with you, or Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract.

Your personal data will only be stored on our systems for as long as this is necessary in accordance with the purposes described, statutory retention obligations exist or you do not revoke your consent.

The recipient of the posts and content is every user of Mastodon, i.e. potentially the entire public. If you share or recommend a post on Mastodon, this is visible to everyone who follows you. With regard to your posts, you can set yourself who can see them. Further information can be found at  https://joinmastodon.org/de. (opens in a new tab)

Within the state capital of Stuttgart, only departments that need your data to fulfill their contractual or legal duties will have access to it. As a matter of principle, we do not pass on your data to other bodies unless there is a corresponding contractual or legal basis.

The City of Stuttgart uses service providers as processors in accordance with Art. 28 GDPR in the areas of IT services, telecommunications, consulting, marketing and sales. We remain responsible for the protection of your data. The service provider works exclusively according to our instructions, which we ensure through contractual regulations in accordance with Art. 28 GDPR, through technical and organizational measures and through additional controls.

You use the Mastodon short messaging service offered and the interactive functions such as commenting, sharing etc. at your own risk. You are under no legal or contractual obligation to provide personal data. However, you cannot use our Mastodon channel without processing your personal data. The use of Mastodon is not required in order to contact us or receive our information. Alternatively, you can access most of the information offered via Mastodon in the same or a similar form via our internet portal  www.stuttgart.de (opens in a new tab).

In addition, the  official gazette (opens in a new tab) of the state capital Stuttgart is published weekly on Thursday. You can contact us at any time via  internetredaktionstuttgartde.

Further information on how we process personal data and what rights you have in this regard can be found in the  data protection information (opens in a new tab) on our websites. This offer is based on a  social media concept (opens in a new tab)that we review annually for the scope of services and necessity. Further information on this offer can be found in  the usage concept of the Mastodon instance (opens in a new tab) of the LfDI Baden-Württemberg. Our  netiquette (opens in a new tab) contains general terms of use and rules of conduct for our social media pages.

With regard to data processing by the LfDI Baden-Württemberg, please use the LfDI's  e-mail address or  contact options (opens in a new tab) to exercise your rights directly.

With regard to our data processing, you will find the contact options of the state capital Stuttgart in the  data protection information (opens in a new tab) on our websites. You can reach our data protection officer at Data  Protection and Information Security Officer (opens in a new tab). There you can also assert your rights as a data subject in accordance with Art. 15 ff. GDPR can be asserted.

The LfDI operates the Mastodon instance on a non-binding basis; it reserves the right to partially or completely discontinue the availability of the offer at any time and to revoke permission for an account (as of 09.05.2024).