Data privacy policy

Last updated on 07.12.2022

As a political dialogue platform, we have a high responsibility in dealing with your particularly sensitive data on political attitudes and opinions. We want to explain to you openly and comprehensibly which data we collect and how we handle it securely. This fulfils our duty to provide information when collecting personal data at openPetition in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Server in Germany and encrypted transmission

Your data is stored on servers in ISO/IEC 27001 certified data centers in Germany. The data transfer to our servers is encrypted with SSL throughout.

What personal information do we collect?

  • name, address
  • Age (only in Austria)
  • Telephone number (if specified)
  • E-mail address (if specified)
  • Profile picture (if specified)
  • "About me" text (if specified)
  • Representative of an organization (if specified)
  • Language, determined from the browser language or the set language
  • IP address
  • launched petitions
  • Widgets created for a petition
  • Signed petitions related to a region and category
  • Comments, urgency and concern for signatories (if specified)
  • Debate contributions, assessments of debate contributions
  • Mandates are created by the user and verified by openPetition or researched directly by openPetition.
  • Statements for public elected representatives
  • Salutation (for elected representatives, if indicated)
  • Transparency declaration for public elected representatives (if indicated)

How do we use your data?

  • We use your address to determine the assigned administrative levels and constituencies at all levels.
  • We use age (only in Austria) to ensure that petition starters and supporters meet the minimum age
  • We use your address to recommend petitions from the administrative levels assigned to you.
  • We use the category of your last signed petition to recommend petitions with similar topics.
  • We represent public signatures with name, place and country.
  • We show the distribution of signatures on geographical maps with the maximum resolution of the postal code districts.
  • We allow the petitioner to contact his supporters via our platform (if you have agreed).
  • We'll send you recommendations from petitions (if you've consented) that have been signed in your region.
  • We will send you newsletters about the work of openPetition (if you have agreed).
  • We may occasionally send you petition recommendations from cooperating partner NGOs (if you have agreed to this).
  • We enable the petitioner to generate and download signature lists with all signatures and collective forms.

Who can see what of your data and for how long?

  • Petent: The petitioner must provide the full name, address and a valid e-mail address. Only the name and location of the petitioner is publicly visible on the website and to search engines. One year after the petition is closed, the name of the petitioner will be made anonymous on the website.
  • Supporters: If you support a petition by signing, your full name and address must be provided. In order to stay informed about the petition, you must provide a valid email address. Should a pro or con argument be created for a petition's debate room, the supporter must enter a valid email address. When signing publicly, only the name and location of supporters are shown on the website. Three days after signing, search engines will see the last name shortened to one letter. Six months after the end of the subscription, the data of supporters can no longer be viewed publicly. Five years after the petition is closed, the signatures will be deleted.
  • Supporters of non-public signatures are at no time publicly visible on the website or to search engines.
  • Petitioners and Petitionsempfänger see from all supporter data, including non-public signatures the name, the age (only in Austria), the post code, the city and a reduced to 4 characters street and house number and possibly the comment
  • Signature lists and collection sheets may not be forwarded by the petitioner to anyone other than the petition recipient.
  • After handing over the petition, the petitioner is obliged to destroy all signature data provided to him in digital or printed form.
  • After the decision on a petition request, the petitioner is obliged to destroy all signature data made available to him digitally or in printed form.
  • Cooperating partner NGOs that collect signatures on their own page using the openPetition widget can export their signature data and contact you directly (if you have agreed). We have no influence over the frequency and content with which the cooperating partner NGO contacts you.
  • Profile pictures and profiles of mandate holders are publicly visible on the website and to search engines.
  • Statements are publicly visible on the website and to search engines with the name of the mandate holder, the name of the political group/party and the time of the statement or the last processing of the statement.
  • Profile pictures and profiles of petitioners are visible to the public on the website and not visible to search engines.
  • Profile pictures and profiles of supporters are visible on the website through a hidden link. Profiles are never visible to search engines.
  • Comments from supporters of public signatures are visible with name and location on the website, but not to search engines.
  • Comments from supporters of non-public signatures are only visible with the location on the website, but not to search engines.

How can you determine your data?

  • If you have entered an e-mail address, you can have a confirmation link sent to you. Confirm your email address and you will become a confirmed supporter.
  • You will be recognized as a confirmed supporter by a cookie. You can enter a password to log in to openPetition at any time.
  • As a confirmed supporter, you can edit the visibility of your signatures or revoke your signature during the subscription period.
  • You can register at any time with your signature email to be able to process your signature.
  • As a confirmed supporter or registered user you can edit your profile.
  • As a confirmed supporter or registered user, you can edit your notification settings.
  • As a petitioner, you can transfer your petition to a new spokesperson (see FAQ).
  • As a mandate holder, you can edit your mandates and resign prematurely if necessary.
  • As a mandate holder, you can take on mandates already created by openPetition or proposed by users after you have verified yourself to openPetition as a mandate holder.

No spying on other people's e-mail addresses

With openPetition it is not possible to determine whether the owner of this e-mail address has an account on openPetition or has signed a petition by entering a different e-mail address.

e-mail double-opt-in

openPetition only sends newsletters and other e-mails to people who have actively agreed to receive them. We check every stored e-mail address by a so-called double opt-in procedure. We will send you a confirmation e-mail. Only after you have activated the confirmation link contained therein will we use the e-mail address for further communication with you. In this way we effectively ensure that we do not send unsolicited e-mails to people.

Forward email

Users have the opportunity to recommend petitions to friends by e-mail. As a recipient you will only ever receive the first recommendation mail for each petition.
The recipient can permanently block the further receipt of recommendation mails for all petitions by means of a unsubscribe link in the recommendation mail.


The social media buttons on openPetition are simple share links or links to the openPetition pages of the respective portal.


We integrate videos on our pages which are available on the YouTube platform (embedded content). YouTube is a service of YouTube LLC, a subsidiary of Google Inc, and is governed by Google's privacy policy.

However, it is possible to associate information with you if you are signed in to YouTube or another Google service. If you don't want to, please sign out of your Google Account before clicking an embedded video to play.

Google search

This website uses "Google Custom Search". When using the search box on the Search page, the data in the search box will be passed to Google. Google' s Privacy Policy applies.


The Google reCAPTCHA version 3 function helps us to detect malicious attacks on our website and services. Therefore, this function is used in some of our pages, especially in forms. Device and application data is sent to Google for this check, but not the information entered in the form. Under no circumstances will collected data be used for advertising purposes. The data protection regulations of Google apply.


Cookies are small files that are stored on a visitor's hard drive. They allow information to be held for a certain period of time and to identify the visitor's computer. For better user guidance we use permanent cookies. We also use session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies.

Mozilla Firefox:
Google Chrome:
Internet Explorer:

We only use technically necessary cookies. We do not use cookies to track or analyze user behavior.

local storage

For local caching of form input, openPetition uses the local storage of your web browser. The form entries are protected in the local storage against accidental deletion until the form is sent or you log off.

Matomo (formerly Piwik)

Our website uses the web analysis service Matomo, which openPetition uses to analyze the use of the website. With the help of cookies general usage information is transmitted to our server. No personal usage behavior is stored. Your IP address is anonymized.

Storing the IP address

For reasons of legal security, the IP address of the visitor in combination with the date and time is stored whenever he or she participates in the content of openPetition. As a rule, the visitor's Internet provider can be inferred from the IP address. The identity of the connection owner can be inferred from the Internet provider at any time. In accordance with the German Data Storage Act (Vorratsdatenspeichergesetz, VDS), connection holders can be identified retroactively on the basis of their IP address for up to 10 weeks.

duty to give information

According to §21 Paragraph 1 TTDSG we will provide information about personal data in individual cases on the orders of the responsible authorities, insofar as this is necessary for the purposes of criminal prosecution, to avert danger by the police authorities of the federal states, to fulfill the statutory tasks of the federal constitutional protection authorities and of the states, the Federal Intelligence Service or the Military Counterintelligence Service or to enforce intellectual property rights.

server logfiles

Every time you visit the openPetition platform or pages containing an openPetition banner or petition widget, visitor browser information is automatically forwarded to us. This includes information on browser type, operating system, IP address, time and the last previously visited page (referrer). With openPetition, this data is not assigned to specific persons. The log files are statistically evaluated and help to ensure error-free operation of the pages.


For our online donation option we use the FundraisingBox service. FundraisingBox guarantees complete data protection and legally compliant data storage. FundraisingBox takes over the payment processing for us. The data of the donation transactions are transmitted securely encrypted via SSL at any time and stored in European data centers. Further information on data protection at FundrainsingBox can be found here:


For our online donation option in countries that do not use the euro as their currency, we use the FundraiseUp service. FundraiseUp guarantees complete data protection and legally compliant data storage. FundraiseUp handles payment processing for us. The data of the donation transactions are always securely encrypted via SSL and stored in US data centers. Further information on data protection at FundraiseUp can be found here: .

Facebook company page

We operate an official Facebook page under the URL on the basis of Art. 6 para. 1 lit. f GDPR. We do not collect, store or process personal data of our users on this site at any time. Furthermore, no other data processing is carried out or initiated by us. The data you enter on our Facebook page, such as comments, videos or pictures, will never be used or processed by us for any other purpose.

Facebook uses so-called web tracking methods on this page. Please be aware that Facebook may use your profile information to evaluate your habits, personal relationships or preferences. We have no influence on the processing of your data by Facebook.

Your rights as a user

right to information: You have the right to request confirmation as to whether personal data concerning you are being processed; if this is the case, you have a right of access to this personal data and to the information specified in Article 15 of the GDPR. Start data information

Right to correction: You have the right to immediately request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.

Right of deletion: You have the right to request that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies in detail, for example if the data are no longer required for the purposes pursued. Delete openPetition account

Right to limitation of processing: You have the right to request a restriction on processing for the duration of any examination if one of the conditions listed in Art. 18 GDPR is met, for example, if you have filed an objection to the processing.

Right to data transferability: In certain cases, which are detailed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transmission of this data to a third party.

Right of objection: If data are collected on the basis of Art. 6 para. 1 lit. f (data processing to protect legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons worthy of protection for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. Revoke a given consent

Right of appeal to a supervisory authority: According to Art. 77 GDPR, you have the right of appeal to a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The responsible supervisory authority for data protection issues is the Berliner Beauftragter für Datenschutz und Informationsfreiheit.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in the person responsible, Article 6 (1) (e) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.


This data protection declaration applies to all content on our pages , and . It does not include the websites linked from our site.


New technical developments and developments on the Internet make adjustments or additions to the openPetition data protection declaration necessary from time to time. You will be informed about the new features at this point.


The "Last update" indicator at the top of the privacy policy indicates when the privacy policy was last revised. Changes will take effect when we publish the revised Privacy Policy on our platform.

Responsible authority

Responsible body is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data.

Responsible for data processing on this website is:
openPetition gemeinnützige GmbH
Werkstatt Digitale Demokratie
Am Friedrichshain 34
10407 Berlin

Represented by:
Geschäftsführer Jörg Mitzlaff
Werkstatt Digitale Demokratie
Am Friedrichshain 34
10407 Berlin


If you want to exercise your rights as a user or have further questions about data protection at openPetition, please contact us at the e-mail address

Help us to strengthen citizen participation. We want to support your petition to get the attention it deserves while remaining an independent platform.

Donate now