Privacy Policy

"Note: This text has been translated to English and supplemented and adapted by the data controller to include specific details (in particular regarding Campai and its partners)."

Preamble

With the following privacy policy, we wish to inform you about the types of personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Date: 22 March 2026

Table of contents

Preamble
Data Controller
Overview of processing activities
Relevant legal basis
Security measures
Transfer of personal data
International data transfers
General information on data storage and deletion
Rights of data subjects
Performance of duties in accordance with the Articles of Association or Rules of Procedure
Payment procedures
Provision of the online service and web hosting
Use of cookies
Registration, login and user account
Community features
Contact and enquiry management
Newsletters and electronic notifications
Surveys and questionnaires
Customer reviews and rating systems
Social media presence
Plug-ins, embedded functions and content
Management, organisation and support tools
Amendments and updates
Definitions

Data controller

Conzentric Club – Association for the Promotion of Art & Culture, Education & Research and Public Health; Registered office: Kundl, Austria; ZVR number: 1600842821

Authorised representatives: Katharina Königsbauer (President), Margarete Königsbauer (Vice-President)

Email address: presidium@conzentric-club.com

Legal notice: www.conzentric-club.com/legal-notice

Overview of data processing

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed

Master data.
Employee data.
Payment data.
Location data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication and process data.
Event data (Facebook).
Log data.
Member data.

Categories of data subjects

Service recipients and clients.
Employees.
Prospective clients.
Communication partners.
Users.
Members.
Business and contractual partners.
Participants.
Third parties.
Whistleblowers.

Purposes of processing

Provision of contractual services and fulfilment of contractual obligations.
Communication.
Security measures.
Direct marketing.
Audience measurement.
Tracking.
Office and organisational procedures.
Target group identification.
Organisational and administrative procedures.
Feedback.
Surveys and questionnaires.
Marketing.
Profiles containing user-related information.
Provision of our online services and user-friendliness.
IT infrastructure.
Public relations and information purposes.
Whistleblower protection.
Public relations.
Business processes and operational procedures.

Relevant legal basis

Relevant legal bases under the GDPR: Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or our country of domicile. Should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject's request.
Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Membership agreement (Articles of Association) (Art. 6(1)(b) GDPR).

National data protection regulations in Austria: In addition to the data protection provisions of the GDPR, national data protection regulations apply in Austria. These include, in particular, the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains, in particular, specific provisions on the right of access, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes and transfer, as well as automated decision-making in individual cases.

Security measures

In accordance with legal requirements, and taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, and safeguarding the availability of the data, and its segregation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the erasure of data and responses to data breaches. Furthermore, we take the protection of personal data into account right from the development and selection of hardware, software and procedures, in accordance with the principle of data protection by design and through privacy-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect users' data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.

Transfer of personal data

In the course of our processing of personal data, it may happen that such data is transferred to or disclosed to other bodies, companies, legally independent organisational units or individuals. Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

Data transfer within the organisation: We may transfer personal data to other departments or units within our organisation or grant them access to it. Where data is transferred for administrative purposes, this is based on our legitimate business and operational interests, or takes place where necessary to fulfil our contractual obligations, or where the data subject has given their consent or where there is a legal basis for doing so.

International data transfers

Data processing in third countries: Where we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in the context of using third-party services or the disclosure or transfer of data to other persons, organisations or companies (which can be identified by the postal address of the respective provider or if the privacy policy expressly refers to data transfers to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the European Commission dated 10 July 2023. In addition, we have entered into standard contractual clauses with the respective providers that comply with the requirements of the European Commission and set out contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, whilst the standard contractual clauses serve as additional security. Should changes arise within the framework of the DPF, the standard contractual clauses act as a reliable fallback option. In this way, we ensure that your data remains adequately protected at all times, even in the event of any political or legal changes.

For individual service providers, we will inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English).

Appropriate security measures apply to data transfers to other third countries, in particular standard contractual clauses, explicit consent or transfers required by law. Information on transfers to third countries and applicable adequacy decisions can be found on the European Commission's website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General information on data storage and deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are withdrawn or there are no further legal grounds for processing. This applies to cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule apply where legal obligations or specific interests require the data to be retained or archived for a longer period.

In particular, data that must be retained for commercial or tax law reasons, or where storage is necessary for legal proceedings or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

Where there are multiple specifications regarding the retention period or deletion deadlines for a particular date, the longest period shall always apply. We process data that is no longer retained for the originally intended purpose, but rather due to legal requirements or other reasons, exclusively for the purposes that justify its retention.

Commencement of the period at the end of the year: If a period does not expressly commence on a specific date and lasts for at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships within the scope of which data is stored, the event triggering the retention period is the date on which the termination or other termination of the legal relationship takes effect.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
Right of access: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data, as well as to receive further information and a copy of the data in accordance with legal requirements.
Right to rectification: In accordance with legal requirements, you have the right to request that data concerning you be completed or that incorrect data concerning you be rectified.
Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without delay, or alternatively, in accordance with legal requirements, to request a restriction on the processing of the data.
Right to data portability: You have the right, in accordance with legal requirements, to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request that it be transmitted to another controller.
Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the provisions of the GDPR.

Performance of duties in accordance with the Articles of Association or Rules of Procedure

We process the data of our members, supporters, prospective members, business partners or other individuals (collectively "data subjects") where we have a membership or other business relationship with them and are performing our duties, as well as where they are recipients of services and grants. Furthermore, we process the data of data subjects on the basis of our legitimate interests, e.g. in the case of administrative tasks or public relations work.

The data processed in this context, the nature, scope and purpose of the processing, and the necessity thereof, are determined by the underlying membership or contractual relationship, from which the necessity of providing any data also arises (we will otherwise indicate which data is required).

We delete data that is no longer required for the fulfilment of our statutory and business purposes. This is determined in accordance with the respective tasks and contractual relationships. We retain data for as long as it may be relevant for the conduct of business, as well as in relation to any warranty or liability obligations based on our legitimate interest in their resolution. The necessity of retaining the data is reviewed on a regular basis; otherwise, the statutory retention obligations apply.

Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact details (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); Membership data (e.g. personal data such as name, age, gender, contact details (email address, telephone number), membership number, information on membership fees, participation in events, etc.); payment data (e.g. bank details, invoices, payment history). Content data (e.g. textual or visual messages and posts, as well as related information such as details of authorship or the time of creation).
Data subjects: Members; prospective members; communication partners.
Purposes of processing and legitimate interests: Communication; organisational and administrative procedures; public relations and information purposes. Business processes and business management procedures.
Retention and erasure: Erasure in accordance with the information in the section "General information on data storage and erasure".
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Membership agreement (Articles of Association) (Art. 6(1)(b) GDPR). Legal obligation (Art. 6(1)(c) GDPR).

Further information on processing operations, procedures and services:

Membership administration: Procedures required for membership administration include the recruitment and admission of new members, the development and implementation of strategies for member retention, and the ensuring effective communication with members. These processes involve the careful collection and maintenance of member data, the regular updating of member information, and the administration of membership fees, including invoicing and accounting; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), membership agreement (Articles of Association) (Art. 6(1)(b) GDPR).
Membership fee management: The processing activities required for the management of membership fees include the recording of membership fee data following a member's enrolment, tracking membership fee payments and systematically updating payment status, executing payment transactions, processing reminders for overdue payments, reconciling accounts in the context of receivables and payables, and maintaining the relevant books and records; Legal basis: Legal obligation (Art. 6(1)(c) GDPR), legitimate interests (Art. 6(1)(f) GDPR), membership agreement (Articles of Association) (Art. 6(1)(b) GDPR).
Events and organisational operations: Planning, execution and follow-up of events, as well as the general operation of statutory activities. Planning involves the collection and processing of participant data, coordination of logistical requirements and setting the event agenda. Execution comprises the management of participant registration, updating participant information during the event, and recording attendance and participant activities. Follow-up includes the analysis of participant data to evaluate the success of the event, the preparation of reports, and the archiving of relevant information relating to the event. General organisational operations include the administration of member data, communication with members and interested parties, and the organisation of internal meetings and sessions; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), Membership agreement (Articles of Association) (Art. 6(1)(b) GDPR).
Public relations: Procedures include the creation and distribution of information materials, the maintenance of contact details for press and media relations, and the organisation and conduct of press conferences and public events. The creation of information materials involves the collection and preparation of information for press releases, newsletters, reports and other publications. Distribution takes place via digital and traditional channels, including email distribution lists, websites and social media. The maintenance of contact details involves the collection and updating of data relating to media contacts and other relevant stakeholders. The organisation of press conferences and events involves the planning and execution of these events, invitation management and the coordination of event logistics. Interaction with the media and stakeholders takes place through direct communication with journalists, bloggers and other opinion leaders, responding to enquiries and providing information; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), membership agreement (Articles of Association) (Art. 6(1)(b) GDPR).
Cooperation and shipping logistics (Tanglekunst Shop): To fulfil our statutory duties (e.g. dispatch of course materials or welcome packs) , we transmit the necessary address and contact details to our cooperation partner Tanglekunst Shop Katharina Königsbauer, Forstanger 18a, 86911 Diessen, Germany. They process the data for logistical purposes and pass it on to shipping service providers (e.g. Post, DHL, DPD). Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Payment methods

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and, for this purpose, engage further service providers in addition to banks and credit institutions (collectively "payment service providers"). In accordance with the state of the art, payment transactions are carried out exclusively via encrypted connections, so that the data entered is protected against unauthorised access during transmission.

The data processed by the payment service providers includes master data, such as name and address; bank details, such as account numbers or credit card numbers; passwords, TANs and checksums; as well as details relating to the contract, amounts and recipients. This information is required to carry out the transactions. However, the data entered is processed and stored solely by the payment service providers. This means that we do not receive any account or credit card-related information, but only information confirming or rejecting the payment. In certain circumstances, the data may be transmitted by the payment service providers to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness. In this regard, we refer you to the terms and conditions and privacy policies of the payment service providers.

The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions; these are available on the respective websites or within the transaction applications. We also refer to these for further information and for the exercise of rights of withdrawal, access and other data subject rights.

The technical integration and management of payment transactions is handled via our main administration software, Campai. The actual payment processing is carried out via the service providers listed below (PayPal, Stripe).

Types of data processed: Personal details (e.g. full name, home address, contact details, customer number, etc.); payment details (e.g. bank details, invoices, payment history); contract details (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, , communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: Service recipients and clients; business and contractual partners. Prospective clients.
Purposes of processing and legitimate interests: Provision of contractual services and fulfilment of contractual obligations. Business processes and operational procedures.
Retention and erasure: Erasure in accordance with the information in the section "General information on data storage and erasure".
Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, methods and services:

PayPal: Payment services (technical integration of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); Website: https://www.paypal.com/de. Privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full.
Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); Website: https://stripe.com; Privacy policy: https://stripe.com/de/privacy. Basis for transfers to third countries: Data Privacy Framework (DPF).

Provision of the online service and web hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of data processed: Usage data (e.g. page views and duration of visit, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); Log data (e.g. log files relating to logins, data retrieval or access times); Content data (e.g. textual or visual messages and posts, as well as related information such as details of authorship or time of creation).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); security measures. Provision of contractual services and fulfilment of contractual obligations.
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a relevant server provider (also known as a "web host"); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Collection of access data and log files: Access to our website is recorded in the form of so-called "server log files". Server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, confirmation of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g. to prevent server overload (particularly in the event of malicious attacks, so-called DDoS attacks), and, on the other hand, to ensure server capacity and stability; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and is then deleted or anonymised. Data that must be retained for evidential purposes is exempt from deletion until the relevant incident has been fully resolved.
Email dispatch and hosting: The web hosting services we use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders, as well as further information relating to email dispatch (e.g. the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that emails are generally not sent in encrypted form over the internet. Although emails are usually encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We cannot therefore accept any responsibility for the transmission of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Webnode: Hosting and software for the creation, provision and operation of websites and online shops; Service provider: Webnode AG, Gartenstrasse 3, 6304 Zug, Switzerland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.webnode.com/de/. Privacy policy: https://www.webnode.com/de/datenschutzerklaerung/.

Use of cookies

The term "cookies" refers to functions that store and retrieve information on users' end devices. Cookies may also be used for various purposes, such as ensuring the functionality, security and convenience of online services, as well as for analysing visitor traffic. We use cookies in accordance with legal requirements. To this end, we obtain users' consent in advance where necessary. If consent is not required, we rely on our legitimate interests. This applies where the storage and retrieval of information is essential to provide expressly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online service. Consent may be withdrawn at any time. We provide clear information regarding the scope of this and which cookies are used.

Notes on the legal basis under data protection law: Whether we process personal data using cookies depends on consent. Where consent has been given, this serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest once a user has left an online service and closed their device (e.g. browser or mobile application).
Persistent cookies: Persistent cookies remain stored even after the device is closed. This allows, for example, the login status to be saved and preferred content to be displayed directly when the user visits a website again. Similarly, user data collected via cookies may be used for audience measurement. Unless we provide users with explicit information regarding the type and storage duration of cookies (e.g. when obtaining consent), they should assume that these are permanent and that the storage period may be up to two years.

General information on withdrawal and objection (opt-out): Users may withdraw the consent they have given at any time and may also object to the processing in accordance with legal requirements, including via their browser's privacy settings.

Types of data processed: Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: Users (e.g. website visitors, users of online services).
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further information on processing operations, procedures and services:

Processing of cookie data on the basis of consent: We use a consent management solution through which we obtain users' consent to the use of cookies or to the procedures and providers specified within the consent management solution. This procedure serves to obtain, log, manage and revoke consents, in particular with regard to the use of cookies and similar technologies used to store, read and process information on users' end devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers mentioned in the consent management procedure. Users also have the option to manage and withdraw their consents. The declarations of consent are stored to avoid repeated requests and to be able to provide proof of consent in accordance with legal requirements. Storage takes place on the server and/or in a cookie (a so-called opt-in cookie) or by means of comparable technologies, in order to be able to assign the consent to a specific user or their device. Unless specific details regarding the providers of consent management services are available, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, details of the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the end device used; legal basis: consent (Art. 6(1)(a) GDPR).

Registration, login and user account

Users may create a user account. During registration, users are informed of the required mandatory details, which are processed for the purpose of providing the user account on the basis of contractual obligations. The data processed includes, in particular, login details (username, password and an email address).

When you use our registration and login functions, as well as when you use your user account, we store your IP address and the time of the respective user action. This data is stored on the basis of our legitimate interests, as well as those of the users, in protecting against misuse and other unauthorised use. This data is not disclosed to third parties as a matter of principle, unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by email about processes relevant to their user account, such as technical changes.

Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact details (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts, as well as related information such as details of authorship or time of creation); Usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Log data (e.g. log files relating to logins, data retrieval or access times).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of contractual services and fulfilment of contractual obligations; security measures; organisational and administrative procedures. Provision of our online offering and user-friendliness.
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Deletion following termination.
Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Registration using real names: Due to the nature of our community, we ask users to use our service only under their real names. This means that the use of pseudonyms is not permitted; Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).
User profiles are public: User profiles are publicly visible and accessible.
Deletion of data following termination: Once users have terminated their user account, their data relating to that account will be deleted, subject to any legal authorisation, obligation or consent from the user; Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).
No obligation to retain data: It is the responsibility of users to back up their data prior to the end of the contract following termination. We are entitled to irrevocably delete all user data stored during the term of the contract; Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).

Community features

The community features we provide allow users to engage in conversations or otherwise interact with one another. Please note that use of the community features is permitted only in compliance with applicable law, our terms and conditions and guidelines, and the rights of other users and third parties.

Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.). Usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of contractual services and fulfilment of contractual obligations; security measures. Provision of our online offering and user-friendliness.
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Performance of a contract and pre-contractual enquiries (Article 6(1)(b) of the GDPR). Legitimate interests (Article 6(1)(f) of the GDPR).

Further information on processing operations, procedures and services:

User contributions are public: Contributions and content created by users are publicly visible and accessible; Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).
Storage of data for security purposes: Users' posts and other inputs are processed for the purposes of community and conversation functions and, subject to legal obligations or legal authorisation, are not disclosed to third parties . An obligation to disclose may arise in particular in the case of unlawful posts for the purposes of legal proceedings. Please note that, in addition to the content of the posts, their time of posting and the user's IP address are also stored. This is done to enable us to take appropriate measures to protect other users and the community; Legal basis: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).
Protection of personal data: Users decide for themselves what data they disclose about themselves within our online service. For example, when users provide personal details or participate in conversations. We ask users to protect their data and to publish personal data only with caution and only to the extent necessary. In particular, we ask users to note that they must take special care to protect their login details and use secure passwords (i.e. primarily combinations of characters that are as long and random as possible); Legal basis: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).

Contact and enquiry management

When contacting us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the details of the enquirers are processed to the extent necessary to respond to contact enquiries and any requested actions.

Types of data processed: Contact details (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts, as well as related information such as details of authorship or the time of creation). Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: Communication partners.
Purposes of processing and legitimate interests: Communication; organisational and administrative procedures; feedback (e.g. collecting feedback via an online form). Provision of our online services and user-friendliness.
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).

Further information on processing procedures, processes and services:

Contact form: When you contact us via our contact form, by email or through other communication channels, we process the personal data provided to us in order to respond to and handle your enquiry. This generally includes details such as your name, contact information and, where applicable, any further information provided to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Newsletters and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletters") exclusively with the consent of the recipients or on a legal basis. Where the content of the newsletter is specified during the subscription process, this content is decisive for the user's consent. To subscribe to our newsletter, providing your email address is usually sufficient. However, in order to offer you a personalised service, we may ask you to provide your name so that we can address you personally in the newsletter, or to provide further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for erasure is possible at any time, provided that the prior existence of consent is confirmed at the same time. In the event of obligations to permanently comply with objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving that it has been carried out correctly. Where we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure delivery system.

Content:

Information about our association's activities.

Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact details (e.g. postal and email addresses or telephone numbers); Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved). Usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Data subjects: Communication partners. Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Direct marketing (e.g. by email or post). Provision of contractual services and fulfilment of contractual obligations.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Right to object (opt-out): You may unsubscribe from our newsletter at any time, i.e. withdraw your consent or object to receiving further issues. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you may use one of the contact options listed above, preferably by email.

Further information on processing procedures, methods and services:

Measurement of open and click rates: The newsletters contain so-called 'web beacons', i.e. a pixel-sized file that is retrieved from our server or that of the newsletter provider (if we use a mailing service provider) when the newsletter is opened. As part of this retrieval, technical information – such as details about your browser and system – as well as your IP address and the time of retrieval are initially collected. This information is used to improve our newsletter technically, based on the technical data or the target groups and their reading behaviour according to their location (the – This text section must be unlocked with a Premium licence.
Use of the mailing service provider Campai: Our emails and newsletters are sent to members via the Campai platform (campai GmbH, Berlin). In this process, the email addresses and, where applicable, the names of the recipients are processed on the provider's servers to technically enable the dispatch and to evaluate statistics (e.g. open rates). We have concluded a data processing agreement with the provider in accordance with Article 28 of the GDPR. Legal basis: Legitimate interests (Article 6(1)(f) GDPR) or consent (Article 6(1)(a) GDPR). Legal basis: Consent (Article 6(1)(a) GDPR).
Condition for using free services: Consent to the sending of mailings may be made a condition for using free services (e.g. access to certain content or participation in certain promotions). If users wish to use the free service without subscribing to the newsletter, please contact us.

Surveys and questionnaires

We conduct surveys and questionnaires to collect information for the respective purpose of the survey or questionnaire as communicated. The surveys and questionnaires we conduct (hereinafter "surveys") are evaluated anonymously. Personal data is processed only to the extent necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address to display the survey in the user's browser or to enable the survey to be resumed using a cookie).

Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact details (e.g. postal and email addresses or telephone numbers); Content data (e.g. text or image-based messages and posts, as well as related information such as details of authorship or the time of creation). Usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Data subjects: Participants.
Purposes of processing and legitimate interests: Feedback (e.g. collecting feedback via online form). Surveys and questionnaires (e.g. surveys with input fields, multiple-choice questions).
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Customer reviews and rating procedures

We participate in review and rating procedures to evaluate, optimise and promote our services. When users rate us via the participating rating platforms or procedures, or provide feedback in any other way, the providers' general terms and conditions or terms of use and privacy policies also apply. As a rule, the rating also requires registration with the respective providers.

To ensure that the reviewers have actually used our services, we transmit the necessary data regarding the customer and the service used to the respective review platform (including name, email address and order number or item number) with the customer's consent. This data is used solely to verify the user's authenticity.

Types of data processed: Contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: Service recipients and clients. Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Feedback (e.g. collection of feedback via online form). Marketing.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, processes and services:

Review widget: We incorporate so-called "review widgets" into our online service. A widget is a functional and content element integrated into our online service that displays variable information. It can, for example, be displayed in the form of a seal or similar element, sometimes also referred to as a "badge". Whilst the relevant content of the widget is displayed within our online offering, it is retrieved at that moment from the servers of the respective widget provider. This is the only way to ensure that the current content is always shown, particularly the current rating. To do this, a data connection must be established from the webpage accessed within our online service to the widget provider's server, and the widget provider receives certain technical data (access data, including IP address) necessary for the widget's content to be delivered to the user's browser. Furthermore, the widget provider receives information indicating that users have visited our online service. This information may be stored in a cookie and used by the widget provider to identify which online services participating in the rating process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes; legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Social media presence

We maintain online presences on social media platforms and, in this context, process user data in order to communicate with users active on these platforms or to provide information about us.

We would like to point out that user data may be processed outside the European Union in this context. This may entail risks for users, as it could, for example, make it more difficult to enforce user rights.

Furthermore, users' data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on users' behaviour and the resulting interests. These profiles may in turn be used, for instance, to display advertisements within and outside the networks that are presumed to correspond to users' interests. Consequently, cookies are usually stored on users' computers, in which their usage behaviour and interests are recorded. Furthermore, data may also be stored in the user profiles regardless of the devices used by the users (particularly if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the options for objecting (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.

We would also like to point out that requests for information and the exercise of data subjects' rights are most effectively made directly to the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, please do not hesitate to contact us.

Types of data processed: Contact details (e.g. postal and email addresses or telephone numbers); Content data (e.g. text or image-based messages and posts, as well as related information such as details of authorship or the time of creation); Usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Communication; feedback (e.g. collecting feedback via online form). Public relations.
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, processes and services:

Instagram: Social network enabling the sharing of photos and videos, commenting on and favouriting posts, sending messages, and following profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF).
Facebook Pages: Profiles within the Facebook social network – We are jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data relating to visitors to our Facebook page ('Fan Page'). This includes, in particular, information about user behaviour (e.g. content viewed or interacted with, actions taken) as well as device information (e.g. IP address, operating system, browser type, language settings, cookie data). Further details can be found in the Facebook Data Policy: https://www.facebook.com/privacy/policy/. Facebook also uses this data to provide us with statistical analyses via the "Page Insights" service, which provide information on how people interact with our page and its content. This is based on an agreement with Facebook ("Information on Page Insights": https://www.facebook.com/legal/terms/page_controller_addendum), which governs, among other things, security measures and the exercise of data subjects' rights. Further information can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Users may therefore address requests for information or erasure directly to Facebook. Users' rights (in particular the right to access, erasure, objection and to lodge a complaint with a supervisory authority) remain unaffected by this. Joint responsibility is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Meta Platforms Ireland Limited is solely responsible for further processing, including any possible transfer to Meta Platforms Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).

Plug-ins, embedded functions and content

We incorporate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos or city maps (hereinafter collectively referred to as "content").

This integration always requires the third-party providers of this content to process the user's IP address, as they would be unable to send the content to the user's browser without it. The IP address is therefore necessary for the display of this content or these functions. We endeavour to use only such content where the respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as 'web beacons') for statistical or marketing purposes. These 'pixel tags' enable information, such as visitor traffic on the pages of this website, to be analysed. The pseudonymous information may also be stored in cookies on the user's device and may include, amongst other things, technical information about the browser and operating system, referring websites, the time of visit and further details regarding the use of our online service, but may also be linked to such information from other sources.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for data processing is this consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. an interest in providing efficient, cost-effective and user-friendly services). In this context, we would also like to draw your attention to the information regarding the use of cookies in this privacy policy.

Types of data processed: Usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); Location data (information regarding the geographical position of a device or a person); Event data (Facebook) ("Event data" refers to information sent to the provider Meta via Meta pixels (whether via apps or other channels), for example, and relating to individuals or their actions. This data includes, for example, details of website visits, interactions with content and features, app installations and product purchases. Event data is processed with the aim of creating target groups for content and advertising messages (Custom Audiences). It is important to note that Event Data does not include actual content such as written comments, login details, or contact information such as names, email addresses or telephone numbers. "Event Data" is deleted by Meta after a maximum of two years, and the target groups created from it are deleted when our Meta user accounts are deleted.); Contact details (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and posts, as well as related information such as details of authorship or the time of creation).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of our online services and user-friendliness; audience measurement (e.g. access statistics, identification of returning visitors); tracking (e.g. interest-based/behavioural profiling, use of cookies); target group formation; marketing. Profiles containing user-related information (creation of user profiles).
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
Legal basis: Consent (Article 6(1)(a) of the GDPR). Legitimate interests (Article 6(1)(f) of the GDPR).

Further information on processing operations, procedures and services:

Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from servers operated by other providers (e.g. function libraries that we use to enhance the presentation or user-friendliness of our online offering). In doing so, the respective providers collect the users' IP addresses and may process these for the purposes of transmitting the software to the users' browsers, for security purposes, and for the evaluation and optimisation of their services. - We integrate software into our online offering that we retrieve from servers operated by third-party providers (e.g. function libraries that we use to enhance the presentation or user-friendliness of our online offering). In doing so, the respective providers collect the users' IP addresses and may process them for the purposes of transmitting the software to the users' browsers, for security purposes, and for the evaluation and optimisation of their services; legal basis: legitimate interests (Art. 6(1)(f) GDPR).
Facebook plugins and content: Facebook social plugins and content – this may include, for example, content such as images, videos or text and buttons that allow users to share content from this online service within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ - We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt, in the context of a transfer (but not the further processing), of "event data" which Facebook collects via the Facebook social plugins (and content embedding functions) running on our online service, or which it receives in the context of a transfer, for the following purposes: a) Displaying content and advertising information that corresponds to users' presumed interests; b) Delivering commercial and transaction-related messages (e.g. contacting users via Facebook Messenger); c) Improving ad delivery and personalising features and content (e.g. improving the identification of which content or advertising information is likely to correspond to users' interests). We have concluded a specific agreement with Facebook ("Addendum for Controllers", https://www.facebook.com/legal/controller_addendum), which specifically sets out the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfil data subjects' rights (i.e. users may, for example, submit requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses and reports (which are aggregated, i.e. do not contain any information on individual users and are anonymous to us), this processing does not take place within the framework of joint controllership, but on the basis of a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Terms" (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). Users' rights (in particular to access, erasure, objection and lodging a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for transfers to third countries: Data Privacy Framework (DPF).
Google Fonts (hosted on our own server): Provision of font files to ensure a user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server; no data is transmitted to Google ; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Google Fonts (fetched from Google's server): Retrieval of fonts (and icons) for the purpose of ensuring the technically secure, maintenance-free and efficient use of fonts and icons, taking into account their up-to-date status and loading times, their consistent display, and compliance with any licence restrictions. The font provider is notified of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server belonging to the font provider in the USA – When visiting our website, users' browsers send HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and subsequently the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analysed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wishes to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must match the font generated for the respective browser type. The user agent is primarily logged for debugging purposes and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the 'Analytics' page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to Google's own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to serve targeted advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for transfers to third countries: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
Google Maps: We integrate maps from the "Google Maps" service provided by Google. The data processed may include, in particular, users' IP addresses and location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://mapsplatform.google.com/; Privacy policy: https://policies.google.com/privacy. Basis for transfers to third countries: Data Privacy Framework (DPF).
Instagram plugins and content: Instagram plugins and content – this may include, for example, content such as images, videos or text, as well as buttons that allow users to share content from this website on Instagram. - We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt, in the context of a transfer (but not the further processing), of 'event data' which Facebook collects via Instagram functions (e.g. content embedding features) executed on our online service, or which it receives as part of a transfer for the following purposes: a) displaying content and advertising information that corresponds to users' presumed interests; b) delivering commercial and transaction-related messages (e.g. contacting users via Facebook Messenger); c) improving ad delivery and personalising features and content (e.g. improving the identification of which content or advertising information is likely to correspond to users' interests). We have concluded a specific agreement with Facebook ("Addendum for Controllers", https://www.facebook.com/legal/controller_addendum), which specifically sets out the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfil data subjects' rights (i.e. users may, for example, submit requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses and reports (which are aggregated, i.e. do not contain any information on individual users and are anonymous to us), this processing does not take place within the framework of joint controllership, but on the basis of a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Terms" (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). Users' rights (in particular the right to access, erasure, objection and to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com. Privacy policy: https://privacycenter.instagram.com/policy/.
YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for transfers to third countries: Data Privacy Framework (DPF). Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of adverts: https://myadcenter.google.com/personalizationoff.
YouTube videos: Our website embeds videos that are hosted on YouTube. These YouTube videos are integrated via a dedicated domain using the 'youtube-nocookie' component in what is known as 'enhanced privacy mode'. In "enhanced privacy mode", until the video starts playing, only information – including your IP address, , details of your browser and your device – that YouTube requires for the display, control and optimisation of the video may be stored on your device in cookies or via similar methods. Once you play the videos, additional information may be processed by YouTube for the analysis of usage behaviour, storage in the user profile, and the personalisation of content and advertisements. The storage period for the cookies can be up to two years; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for transfers to third countries: Data Privacy Framework (DPF). Further information: https://support.google.com/youtube/answer/171780?hl=de-DE#zippy=%2Cturn-on-privacy-enhanced-mode%2Cerweiterten-datenschutzmodus-aktivieren.
Vimeo video player: Integration of a video player; Service provider: Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://vimeo.com; Privacy policy: https://vimeo.com/legal/privacy; Data processing agreement: https://vimeo.com/legal/enterprise-terms/dpa. Basis for transfers to third countries: Standard contractual clauses (https://vimeo.com/legal/enterprise-terms/dpa).

Management, organisation and support tools

We use services, platforms and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organising, managing, planning and delivering our services. When selecting third-party providers and their services, we comply with the legal requirements.

In this context, personal data may be processed and stored on the third-party providers' servers. This may affect various types of data that we process in accordance with this privacy policy. Such data may include, in particular, users' master data and contact details, as well as data relating to transactions, contracts, other processes and their contents.

Where users are referred to third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, to optimise services or for marketing purposes. We therefore ask you to observe the privacy policies of the respective third-party providers.

Types of data processed: Content data (e.g. text or image-based messages and posts, as well as related information such as details of authorship or the time of creation); usage data (e.g. page views and time spent on site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: Communication partners. Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of contractual services and fulfilment of contractual obligations. Office and organisational procedures.
Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Services used and service providers:

Campai Club Management: We use the Campai platform for the central management of our membership data, for organising club operations and for communication. All information listed under 'Types of data processed' is stored on the provider's servers. Service provider: campai GmbH, Oranienburger Str. 91, 10178 Berlin, Germany. Website: https://campai.com/ Privacy policy: https://campai.com/datenschutz Legal basis: Fulfilment of the membership relationship (Art. 6(1)(b) GDPR) and the conclusion of a data processing agreement.

Changes and updates

We ask you to check the content of our privacy policy regularly. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require action on your part (e.g. consent) or any other individual notification.

Where we provide addresses and contact details of companies and organisations in this privacy policy, please note that these details may change over time and we ask you to check them before making contact.

Definitions

This section provides an overview of the terms used in this privacy policy. Where the terms are defined by law, their legal definitions apply. The explanations below, however, are primarily intended to aid understanding.

Employees: Employees are defined as persons who are in an employment relationship, whether as staff members, employees or in similar positions. An employment relationship is a legal relationship between an employer and an employee, established by an employment contract or agreement. It entails the employer's obligation to pay the employee remuneration whilst the employee performs their work. The employment relationship comprises various phases, including the establishment phase, in which the employment contract is concluded; the performance phase, in which the employee carries out their work; and the termination phase, when the employment relationship ends, whether through dismissal, a termination agreement or otherwise. Employee data comprises all information relating to these individuals and arising in the context of their employment. This includes aspects such as personal identification details, identification numbers, salary and bank details, working hours, holiday entitlements, health data and performance appraisals.
Master data: Master data comprises essential information required for the identification and management of contractual partners, user accounts, profiles and similar assignments. This data may include, amongst other things, personal and demographic details such as names, contact information (addresses, telephone numbers, email addresses), dates of birth and specific identifiers (user IDs). Master data forms the basis for any formal interaction between individuals and services, institutions or systems by enabling unique identification and communication.
Content data: Content data comprises information generated in the course of creating, editing and publishing content of all kinds. This category of data may include text, images, videos, audio files and other multimedia content published on various platforms and media. Content data is not limited to the actual content itself, but also includes metadata that provides information about the content, such as tags, descriptions, author information and publication dates
Contact data: Contact data is essential information that enables communication with individuals or organisations. It includes, amongst other things, telephone numbers, postal addresses and email addresses, as well as communication channels such as social media handles and instant messaging identifiers.
Meta, communication and process data: Meta, communication and process data are categories that contain information about the manner in which data is processed, transmitted and managed. Meta-data, also known as data about data, comprises information that describes the context, origin and structure of other data. It may include details on file size, creation date, the author of a document and change histories. Communication data captures the exchange of information between users via various channels, such as email correspondence, call logs, social media messages and chat histories, including the individuals involved, timestamps and transmission routes. Process data describes the processes and procedures within systems or organisations, including workflow documentation, transaction and activity logs, as well as audit logs used to track and verify operations.
Member data: Member data comprises information relating to individuals who are part of an organisation, an association, an online service or any other group. This data is used to manage memberships, facilitate communication and provide services or benefits associated with membership. Member data may include personal identification information, contact details, information regarding membership status and duration, payment of membership fees, participation in events and activities, as well as preferences and interests. It may also include data on the use of the organisation's offerings. The collection and processing of this data is carried out in compliance with data protection regulations and serves both administrative purposes and the promotion of member engagement and satisfaction.
Usage data: Usage data refers to information that records how users interact with digital products, services or platforms. This data encompasses a wide range of information that reveals how users utilise applications, which features they prefer, how long they spend on specific pages, and the paths they take when navigating through an application . Usage data may also include frequency of use, timestamps of activities, IP addresses, device information and location data. It is particularly valuable for analysing user behaviour, optimising user experiences, personalising content and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences and potential problem areas within digital offerings
Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiles containing user-related information: The processing of "profiles containing user-related information", or "profiles" for short, encompasses any form of automated processing of personal data that involves using such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information regarding demographics, behaviour and interests, such as interaction with websites and their content, etc.), or to predict them (e.g. interests in specific content or products, click behaviour on a website or location). Cookies and web beacons are frequently used for profiling purposes.
Log data: Log data is information about events or activities that have been logged in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages and other details regarding the use or operation of a system. Log data is often used to analyse system issues, for security monitoring or to generate performance reports.
Audience measurement: Audience measurement (also known as web analytics) is used to analyse visitor traffic to an online service and may include the behaviour or interests of visitors regarding specific information, such as website content. With the help of audience analysis, operators of online services can, for example, identify at what times users visit their websites and what content they are interested in. This enables them, for example, to better tailor the content of their websites to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are frequently used to identify returning visitors and thus obtain more accurate analyses of the use of an online service.
Location data: Location data is generated when a mobile device (or another device with the technical capabilities for location determination) connects to a mobile network cell, a Wi-Fi network or similar technical means and functions for location determination. Location data serves to indicate the geographically determinable position on Earth at which the respective device is located. Location data can, for example, be used to display map functions or other location-dependent information.
Tracking: The term 'tracking' refers to the ability to track users' behaviour across multiple online services. As a rule, in the context of the and the online services used, behavioural and interest-based information is stored in cookies or on the servers of the providers of tracking technologies (so-called profiling). This information can subsequently be used, for example, to display advertisements to users that are likely to match their interests.
Controller: The term "controller" refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, be it collection, evaluation, storage, transmission or deletion.
Contract data: Contract data is specific information relating to the formalisation of an agreement between two or more parties. It documents the terms under which services or products are provided, exchanged or sold. This data category is essential for the administration and fulfilment of contractual obligations and encompasses both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may include the start and end dates of the contract, the nature of the agreed services or products, pricing agreements, payment terms, termination rights, renewal options and special conditions or clauses. It serves as the legal basis for the relationship between the parties and is crucial for clarifying rights and obligations, enforcing claims and resolving disputes.
Payment data: Payment data comprises all information required to process payment transactions between buyers and sellers. This data is of crucial importance for e-commerce, online banking and any other form of financial transaction. It includes details such as credit card numbers, bank details, payment amounts, transaction dates, verification numbers and billing information. Payment data may also include information on payment status, chargebacks, authorisations and fees.
Target audience creation: The term 'Custom Audiences' refers to the process of defining target audiences for advertising purposes, such as the display of advertisements. For example, based on a user's interest in certain products or topics on the internet, it can be concluded that this user is interested in advertisements for similar products or the online shop where they viewed the products. The term "Lookalike Audiences" (or similar target groups) is used, on the other hand, when content deemed suitable is displayed to users whose profiles or interests are presumed to correspond to those of the users on whose profiles the groups were based. Cookies and web beacons are generally used for the purpose of creating Custom Audiences and Lookalike Audiences.

Created using the free Datenschutz-Generator.de by Dr Thomas Schwenke
Erstellt mit kostenlosem Datenschutz-Generator.de von Dr. Thomas Schwenke