Data Privacy

Sculpture Network Privacy Policy

Introduction

In this Privacy Policy, we explain which personal data (hereinafter also referred to as “data”) we process, for what purposes we do so, and to what extent the processing takes place. These notes apply to all processing operations of personal data carried out in connection with our services and our online presence. This includes in particular our websites, mobile applications, and our appearances on external platforms, for example in social networks (hereinafter collectively referred to as “online offering”). All terms used apply equally to all genders.

Scope of Application

This Privacy Policy applies to all websites and online offerings operated by us on which it is published. It provides information on the processing of personal data in connection with the use of these online offerings. The data protection provisions of the respective providers apply to linked websites of other providers. We have no influence on the processing of data by third parties on external websites.

Controller

Responsibility for the processing of your personal data in connection with this online offering lies with the following association, which determines the purposes and means of processing:

Sculpture Network e.V.
Osloer StraĂźe 102
13359 Berlin / Germany
Tel. +49 152 05167586
Email: info@sculpture-network.org

Internal Data Protection Coordinator: Karl Gadesmann
Email: karl.gadesmann@sculpture-network.org

Data Protection Officer

For all questions relating to the protection of your personal data as well as for the exercise of your data protection rights, our Data Protection Officer is available as your contact person:

DATENDO GmbH
Hohenzollernring 55
50672 Cologne
Email: dsgvo@datendo.de
Website: www.datendo.de

General Information on Data Processing

We generally process personal data of our users only insofar as this is necessary for providing a functional website as well as our content and services. Processing is carried out only on the basis of a legal permission or with the consent of the data subject. Personal data is processed in particular:

  • for the performance of contractual relationships (Art. 6(1)(b) GDPR),
  • based on your consent (Art. 6(1)(a) GDPR),
  • to safeguard legitimate interests (Art. 6(1)(f) GDPR), for example to ensure IT security, to improve our services, and for direct marketing,
  • and to fulfill legal obligations (Art. 6(1)(c) GDPR).

If we obtain your consent for certain processing operations, processing takes place solely on the basis of this consent and exclusively for the purposes specified therein. Consent given may be revoked at any time with effect for the future.

Security Measures

We take extensive technical and organizational security measures to protect your personal data as best as possible against loss, destruction, unauthorized access, alteration, or dissemination. Access to our systems is restricted to authorized persons only. These persons are obliged to handle personal data confidentially and receive regular data protection training. Our systems are protected against attacks and malware by up-to-date firewalls and antivirus programs. Personal data is regularly backed up to ensure data integrity and to allow quick recovery in case of data loss. Our security measures are continuously improved in line with technological developments. For data transmission, we use modern encryption methods, in particular SSL/TLS, to prevent unauthorized access during transmission. However, despite all due care, complete security of data transmission over the Internet cannot be guaranteed.

Web Hosting and Server Provision

To operate this website, we use the services of external hosting providers. The hosting provider provides the technical infrastructure for website operation, in particular server capacity, storage space, database services, security services, and maintenance services. In the course of providing these services, all data arising in connection with visits to our website are processed, in particular access data (e.g., IP address, date and time of access, browser information, referrer URL, visited pages and files) as well as metadata and communication data. Processing takes place based on our legitimate interest under Art. 6(1)(f) GDPR in providing our online offering securely and efficiently. We have concluded data processing agreements with our hosting providers pursuant to Art. 28 GDPR to ensure data is processed in compliance with data protection regulations.

Currently, hosting is provided by Hetzner Online GmbH. In addition, data backup takes place on servers of another data center in the Netherlands. Processing occurs within the European Union and is therefore fully subject to the GDPR. This backup structure ensures high reliability and data availability.

Access Data and Server Log Files

When you access our website, the browser used on your device automatically sends information to the server of our website, which is temporarily stored in so-called server log files. This includes, among other things, the IP address of the requesting device, the date and time of access, the accessed URL, the previously visited website (referrer URL), the browser used, the operating system, and other technical information. Processing of this data serves to ensure a smooth connection setup of the website, system security and stability, and administrative purposes. Storage of the log files is based on our legitimate interest under Art. 6(1)(f) GDPR, in particular to ensure the functionality of the website and to defend against attacks. No merging of this data with other data sources takes place. The log files are usually automatically deleted after no more than 30 days, unless longer storage is required for evidence purposes in individual cases.

Transfer of Personal Data

Your personal data is generally only shared with third parties if this is necessary to fulfill contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests, provided your interests worthy of protection do not prevail. In the context of data processing, we also use external service providers to perform specific tasks (e.g., IT service providers, hosting providers). These service providers are carefully selected, contractually bound under Art. 28 GDPR, and process the data exclusively in accordance with our instructions. Any further transfer of personal data to recipients outside our association only takes place where permitted or required by law — for example to authorities, tax advisors, banks, payment service providers, debt collection agencies, or legal advisors.

Transfer of Personal Data to Non-EU Countries

Transfer of personal data to countries outside the European Union (EU) or the European Economic Area (EEA) only takes place if it is necessary to fulfill contractual or legal obligations, if you have expressly consented, or if another legal basis permits it. In such cases, we ensure that an adequate level of data protection is guaranteed for the respective third country. This may be ensured by an adequacy decision of the European Commission (e.g., for the USA through the EU-U.S. Data Privacy Framework), by appropriate safeguards pursuant to Art. 46 GDPR — in particular through the conclusion of standard contractual clauses of the European Commission — or by further protective measures. A transfer only takes place if the necessary requirements are met and adequate protection of personal data is guaranteed.

Storage and Deletion of Personal Data

We store personal data only as long as necessary to fulfill the purposes for which it was collected, or as long as statutory retention periods require storage. After the purpose ceases or statutory retention periods expire, data is deleted or blocked in accordance with legal requirements.Deletion occurs in particular when the data is no longer required for the intended purposes, you have withdrawn your consent, or have legitimately objected to further processing — unless statutory retention obligations take precedence. Statutory retention periods may arise especially from commercial and tax law provisions and are usually between six and ten years. Further details on specific storage and deletion periods can be found in the respective data protection notices for each processing activity.

Use of Processors and External IT Service Providers

In the course of our business activities, we rely on external service providers to provide our services, for the technical maintenance of our systems, for the management of our IT infrastructure, and for the performance of administrative processes. These include, in particular, IT service providers, software vendors, data center operators, technical support service providers, as well as maintenance and service partners.These service providers receive access to personal data only to the extent necessary to perform their respective tasks. Where these service providers process personal data on our behalf, the engagement is based solely on data processing agreements pursuant to Art. 28 GDPR. The processing of data is carried out strictly according to our instructions and in compliance with all data protection regulations. Personal data is only transferred to additional recipients where this is required by law, necessary for the execution of contracts, you have given prior consent, or it is permissible in individual cases based on our legitimate interests. Processing in third countries takes place only in compliance with the legal requirements, particularly through appropriate safeguards pursuant to Art. 44 et seq. GDPR (e.g., EU standard contractual clauses or adequacy decisions).

Use of the Content Management System Zotonic

Our website uses the content management system Zotonic. This is an open-source software used for the creation, management, and presentation of website content. Through Zotonic, the content of our website is structured and displayed for visitors. When using the CMS, information automatically transmitted by your browser to our server is processed. This includes, in particular, the pages you visit, the address of the previously visited page (referrer URL), the operating system used, and the browser type and version. The IP address of the requesting device as well as the date and time of access are also stored for a limited time. Processing of this data takes place on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically correct presentation and optimization of our website as well as in ensuring system security. No data is shared with third parties. The data is deleted as soon as it is no longer required for the purposes stated above.

Newsletter

On our association’s website, you have the option to subscribe to a newsletter. To register, only your email address is required. Subscription takes place using the so-called double opt-in procedure (DOI). This means that after registration, you will receive an email asking you to confirm your subscription by clicking a confirmation link. Only after this confirmation will your email address be added to our distribution list. This procedure ensures security and that only you as the owner of the specified email address can subscribe to the newsletter. Processing of your personal data takes place based on your consent pursuant to Art. 6(1)(a) GDPR. Your email address is used exclusively for sending the newsletter and will not be shared with third parties. You can revoke your consent to receive the newsletter at any time with effect for the future by unsubscribing via the link included in each newsletter or by contacting us directly. Your data will then be deleted from the distribution list. Alternatively, members can deactivate the receipt of newsletters and informational emails directly in their membership profile (“Do not send mailings (opt out)”). After this setting is activated, no newsletters or other informational emails will be sent. This option complements the unsubscribe link included in each newsletter.

Contacting the Association by Telephone, Contact Form, or Email

If you contact our association by telephone, via contact form, or by email, the information you provide will be processed and stored for the purpose of handling your inquiry and for any follow-up questions. This typically includes details such as your name, email address, telephone number, and the content of your message. Processing of personal data transmitted in connection with your inquiry is carried out on the basis of Art. 6(1)(b) GDPR, if your inquiry is related to the fulfillment of a membership or the performance of pre-contractual measures, or on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in effectively handling inquiries and maintaining communication with members, interested parties, and volunteers. Your data will not be shared with third parties without your express consent unless this is necessary to process your request. Your data will be deleted once your inquiry has been conclusively processed and no statutory retention obligations prevent deletion.

Contact Between Members via the Member Area (“Contact Button”)

Members of our association have the option to contact each other through an internal communication feature (“Contact Button”). When using this function, the personal data you provide (in particular, the sender’s email address and the content of the message) are processed in order to transmit the contact request. The sender’s email address is visible to the recipient. Processing takes place on the basis of Art. 6(1)(b) GDPR insofar as the communication occurs within the scope of membership, or on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in promoting internal communication within the association. Messages are deleted after the communication has ended, provided there are no statutory retention obligations.

Use of Cookies on Our Association Website

Our website uses cookies. Cookies are small text files stored on your device that enable recognition of your browser. They serve to make the use of our website more user-friendly and effective. Some cookies are technically necessary to provide certain functions of the website, while others may be used for statistical analysis of site usage or to optimize our offering.Processing depends on the type of cookie and is carried out either on the basis of Art. 6(1)(f) GDPR due to our legitimate interest in providing a functional, secure, and user-friendly website, or based on your consent under Art. 6(1)(a) GDPR for cookies that are not strictly necessary for the operation of the site. You can object to the storage of cookies or revoke your consent at any time by adjusting your browser settings or modifying your preferences in our cookie banner. Already stored cookies can be deleted at any time via your browser settings.

Online Payments via Stripe

For processing online payments (e.g., membership fees, participation fees, donations, or other transactions via our website), we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”). Stripe is an international payment provider that processes payments technically and, in the course of doing so, processes personal data. The data processed generally includes your name, email address, billing and payment information (e.g., IBAN or credit card details), possibly your address, the payment amount, and technical metadata (e.g., IP address, browser information, and device identifiers) that Stripe requires for fraud prevention and secure payment processing. Processing takes place for the execution of the respective transaction and thus for the fulfillment of a contract pursuant to Art. 6(1)(b) GDPR. Furthermore, the association has a legitimate interest pursuant to Art. 6(1)(f) GDPR in ensuring secure and efficient payment processing via a professional service provider. Stripe may further process the data to meet legal obligations (e.g., retention obligations under financial law). Stripe also transfers personal data to servers outside the European Union, in particular to the United States. An adequate level of data protection is ensured by the EU-U.S. Data Privacy Framework and by the conclusion of the European Commission’s standard contractual clauses.Further information on data processing by Stripe can be found in Stripe’s Privacy Policy: https://stripe.com/privacy.

Stripe uses functional cookies during payment processing to ensure technical operations (e.g., authentication, fraud prevention, session management). These cookies are necessary for using the payment service and are set based on Art. 6(1)(f) GDPR in conjunction with §25(2) No. 2 TTDSG.Data processed by Stripe is deleted once it is no longer necessary for payment processing and no legal retention obligations exist. Payment data is generally subject to commercial and tax retention periods (six to ten years).

Integration of Vimeo Videos

Our website may include videos from the provider Vimeo to offer you audiovisual content directly on our site.
The provider is Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.

When you visit a page containing an embedded Vimeo video, a connection is established to Vimeo’s servers. Vimeo then receives information about which of our pages you have visited, your IP address, and possibly further technical data (e.g., browser type, operating system, device information). If you are logged in to Vimeo, Vimeo can assign your visit to your personal Vimeo user account. You can prevent this by logging out of your Vimeo account before visiting our website. Embedding videos serves to provide an appealing presentation of our online content and to offer multimedia information about our association’s activities. This constitutes a legitimate interest under Art. 6(1)(f) GDPR. If consent to display external media is obtained via a consent tool or cookie banner, processing is based on this consent under Art. 6(1)(a) GDPR. All visitors to our website who access a page containing an embedded Vimeo video are affected by this data processing. Vimeo also uses cookies and similar technologies to analyze user behavior and improve its services. These cookies are set under Vimeo’s own responsibility. We have no control over the storage duration of the collected data; it is governed by Vimeo’s policies. Data processing may also take place in the USA. Vimeo bases data transfers to the USA on the European Commission’s Standard Contractual Clauses pursuant to Art. 46 GDPR. Further information on Vimeo’s data processing and storage duration can be found in Vimeo’s Privacy Policy: https://vimeo.com/privacy.

Embedding of videos is voluntary and can be disabled via your browser settings or by adjusting your cookie preferences. If you deactivate the display of Vimeo videos, no data will be transferred to Vimeo; however, the corresponding video content will not be available.

Integration of YouTube Videos

Our website may also include videos from the YouTube platform to offer audiovisual content directly on our site.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”).
YouTube is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit a page with an embedded YouTube video, a connection is established to YouTube’s servers. YouTube receives information about which of our pages you have visited, your IP address, and possibly further technical data (e.g., browser type, operating system, device information). If you are logged in to your YouTube or Google account, YouTube can associate your visit with your personal account. You can prevent this by logging out of your YouTube or Google account before visiting our website. Embedding videos serves the appealing presentation of our online content and the provision of multimedia information about our association’s activities, which constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR.
If consent to display external media is obtained via a consent tool or cookie banner, processing is based on this consent under Art. 6(1)(a) GDPR. All visitors to our website who access a page with an embedded YouTube video are affected by this data processing. YouTube may use cookies or similar technologies to collect usage information for analysis and service improvement. These cookies are set under YouTube’s sole responsibility. We have no control over the storage duration of the collected data; it is governed by YouTube’s or Google’s policies. Data processing may also take place in the USA.
For transfers of personal data to the USA, Google relies on the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses of the European Commission pursuant to Art. 46 GDPR. Further information on data processing and storage duration by YouTube can be found in Google’s Privacy Policy: https://policies.google.com/privacy.

Embedding of videos is voluntary and can be disabled through your browser settings or cookie preferences. If you deactivate the display of YouTube videos, no data will be transferred to YouTube; however, the corresponding video content will then not be available.

Use of Google Tag Manager

Our website uses the service Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is used to manage website tags via a unified interface and allows us to efficiently integrate and control analytics and marketing services on our website. The Tag Manager itself generally does not process users’ personal data. It merely triggers other tags that may collect data. The Google Tag Manager does not have access to this data. Use of the Google Tag Manager takes place on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in a technically error-free, efficient, and optimized provision of our online services.
If consent to the use of analytics or marketing services has been given via a consent tool or cookie banner, the inclusion of the Google Tag Manager is based on this consent under Art. 6(1)(a) GDPR.

All visitors to our website are affected by this processing. Data transfers to servers of Google LLC in the USA may occur. Google bases these transfers on the EU-U.S. Data Privacy Framework and on the Standard Contractual Clauses of the European Commission pursuant to Art. 46 GDPR.Further information on Google’s data processing can be found at: https://policies.google.com/privacy.
The Google Tag Manager itself does not store personal data. Data collected by triggered tags is processed and deleted according to the respective privacy policies of the integrated services.

Use of Google Analytics 4

Our website uses the web analytics service Google Analytics 4 (GA4), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics 4 enables us to analyze user behavior on our website in order to better understand usage and optimize our online offering. Information about website usage is collected, including visited pages, time spent on the site, devices used, browser information, location data (anonymized), language settings, and interactions with our website. These data are generally pseudonymized and transmitted with an anonymized IP address to Google’s servers, where they are stored. Automatic IP anonymization is activated on this website, meaning your IP address is shortened within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to Google. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. Use of Google Analytics 4 takes place based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with §25(1) TTDSG, given via our cookie banner or consent tool. You may revoke your consent at any time with future effect by adjusting your cookie preferences or disabling data collection via the following link: https://tools.google.com/dlpage/gaoptout.

All website visitors who have consented to the use of analytics cookies are affected by this processing. Google processes data on our behalf to analyze website use, compile reports on website activities, and provide other services related to website and internet usage. Data collected via Google Analytics 4 is generally stored for 14 months, unless a longer retention period is legally required. Data transfers to Google servers in the USA may occur. Google bases such transfers on the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses of the European Commission pursuant to Art. 46 GDPR.Further information on Google’s data processing is available at: https://policies.google.com/privacy.

Use of Google Ads Conversion Tracking

Our website uses the online advertising program Google Ads with Conversion Tracking.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Ads Conversion Tracking, we can track and evaluate the success of our advertising measures. A so-called conversion cookie is set by Google when you access our website via a Google advertisement. This cookie does not serve personal identification but enables the assignment of a so-called conversion tag to a specific user action — for example, completing a registration, a purchase, or another defined action on our website.

In this way, we can statistically record the effectiveness of our advertisements and optimize our marketing measures. Data collected includes, among others, the pages visited, interactions on the website, IP address, browser information, device used, and time of visit.This information may be linked by Google with other usage data, especially if you are logged in to your Google account. However, we have no influence over Google’s further data processing. Use of Google Ads Conversion Tracking takes place based on your consent under Art. 6(1)(a) GDPR in conjunction with §25(1) TTDSG, granted via our cookie banner or consent tool. You may withdraw your consent at any time with effect for the future by adjusting your cookie settings or disabling tracking via the following link: https://adssettings.google.com.

All website visitors who have consented to the use of marketing cookies are affected by this processing. The data collected via Google Ads is usually deleted or anonymized by Google after 30 days. Data transfers to Google servers in the USA may occur. Google bases these transfers on the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses of the European Commission pursuant to Art. 46 GDPR. Further information about Google’s data processing is available at: https://policies.google.com/privacy.

Use of the Google Marketing Platform (Campaign Manager / DoubleClick)

Our website uses the Google Marketing Platform, an online marketing service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
A component of this platform is the Campaign Manager 360 (formerly DoubleClick Campaign Manager), which allows us to measure and optimize the effectiveness of our online marketing activities.

This service enables the collection, evaluation, and delivery of advertisements as well as the measurement of conversions — meaning whether users have performed a specific action on our website after clicking an ad.To this end, Google uses cookies and similar technologies to record visits and interactions on our website pseudonymously and to assign them to specific advertising campaigns. Data collected includes IP address, browser information, device data, referrer URL, visit time, and on-site interactions.These data can be combined by Google with other information from your Google account if you are logged in.

Use of the Google Marketing Platform takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with §25(1) TTDSG, granted via our cookie banner or consent tool. You can revoke your consent at any time with effect for the future by adjusting your cookie preferences or disabling tracking via https://adssettings.google.com.

All website visitors who have consented to the use of marketing cookies are affected by this processing. Data collected by Google is generally processed pseudonymously and used for evaluating the effectiveness of advertising campaigns and improving ad delivery.The cookies used are usually stored for up to 30 days, though the duration may vary depending on the campaign or individual settings.Data transfers to Google servers in the USA may occur. Google bases these transfers on the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses of the European Commission pursuant to Art. 46 GDPR.Further information about Google’s data processing in connection with the Google Marketing Platform can be found at: https://policies.google.com/privacy.

Donations

If you support our association by making a donation, we process the personal data you provide in connection with the donation. This generally includes your name, address, bank details, donated amount, and, if applicable, additional information you voluntarily provide. Processing of this data is carried out solely for the purpose of handling the donation, maintaining proper accounting records, and — if requested by you or legally required — issuing and sending a donation receipt.The legal basis for processing is Art. 6(1)(b) GDPR, insofar as the data is necessary for handling the donation, and Art. 6(1)(c) GDPR regarding legal documentation and retention obligations. Additionally, processing may be based on Art. 6(1)(f) GDPR, as we have a legitimate interest in the proper and transparent use of funds. Your data is only shared where necessary to process the donation, e.g., with our bank for transaction execution or with our tax advisor to fulfill statutory obligations. Your data will be deleted once it is no longer required for the stated purposes, but no later than after expiry of the tax and commercial retention periods.

Processing of Personal Data in Case of Complaints

If you submit a complaint to our association, we process the personal data you provide in this context. This typically includes your name, contact details such as telephone number, email address, or postal address, as well as the content of your complaint. Processing of this data is carried out solely for the purpose of handling your complaint, communicating with you, and, if necessary, clarifying the matter with other parties within the association.The legal basis for processing is Art. 6(1)(b) GDPR, insofar as the complaint is related to your membership, as well as Art. 6(1)(f) GDPR, since we have a legitimate interest in properly reviewing and responding to inquiries, reports, and complaints.Your data will only be shared with third parties if this is necessary to process the complaint or if a legal obligation to do so exists. The data will be deleted once the complaint has been fully processed and there are no statutory retention obligations or legitimate reasons preventing deletion.

Processing of Personal Data in Case of Press Inquiries

Our website provides a dedicated email address through which members of the press can contact the association directly. If you contact us as a journalist or media representative, we process the personal data you provide. This generally includes your name, email address, telephone number, information about the medium for which you work, and the content of your inquiry. Processing of this data takes place solely for the purpose of handling your press inquiry, communicating with you, and, where necessary, coordinating internally within the association.The legal basis for processing is Art. 6(1)(f) GDPR, as we have a legitimate interest in properly responding to press inquiries and ensuring communication with the media. Your data will not be shared with third parties unless this is strictly necessary to process your request or we are legally obliged to do so. Your data will be deleted once the inquiry has been fully processed and there are no statutory retention obligations or legitimate reasons for longer storage.

Publication of Photos, Names, and Roles of Team and Board Members

Our website may feature photos, names, and roles of team members as well as board members of the association. This serves the association’s public representation and transparent communication about the persons involved. Publication takes place solely on the basis of the affected person’s prior and voluntary consent pursuant to Art. 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future. In the event of a withdrawal, the relevant data will be removed from our website unless another legal basis for processing applies.

Communication by Regional Coordinators

To promote internal networking, regional coordinators may contact new members via email to inform them about events, meetings, or activities in their region. The contact details provided during membership registration are used for this purpose. Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in fostering internal communication and collaboration within the association. No data is shared with third parties.

Automated Decision-Making

Automated decision-making, including profiling pursuant to Art. 22 GDPR, does not take place in connection with the use of our website.

Member Login Area

Our website provides a secure login area accessible only to members of the association. This area gives access to internal content and association-related information. Use requires registration with personal access credentials, which we provide to members as part of their membership. When registering and using the login area, we process the necessary personal data, in particular your login credentials (e.g., username and password) and log data related to login activity. Processing of this data is based on Art. 6(1)(b) GDPR for the fulfillment of membership and the provision of agreed services.The data is used exclusively for managing access and securing our system. No data is shared with third parties. Data will be deleted once membership has ended and no statutory retention obligations apply.

Publication of Calls

Members have the opportunity to submit their own calls via our website, which may be published either internally or, after specific approval, publicly. If you submit a call, we process the personal data you provide — typically your name, contact details (e.g., email address, telephone number), and the content of the call. Processing takes place solely for the purpose of publishing and managing your call and communicating with you. The legal basis for this processing is Art. 6(1)(b) GDPR, insofar as publication is connected with your membership, and Art. 6(1)(f) GDPR, as we have a legitimate interest in providing our members with a platform for calls. Data is only shared with third parties where technically necessary for publication or when required by law. Your data will be deleted once the call has expired and there are no statutory retention obligations or legitimate reasons for further storage.

Advertising via the Association’s Website

Our website offers the possibility to promote content such as exhibitions, events, organizations, or services.
If you book such an offer or contact us for this purpose, we process the personal data you provide.
This generally includes your contact details (name, email address, telephone number) as well as the content of your promotional contribution. Processing takes place solely for the purpose of handling and executing the requested advertising measure, managing the related contract, and communicating with you.The legal bases for processing are Art. 6(1)(b) GDPR, insofar as the processing is necessary for the performance of a contract, and Art. 6(1)(f) GDPR, as we have a legitimate interest in offering advertising opportunities on our platform and handling related inquiries. Data is only shared with the technical service providers involved in implementation and only to the extent required. Your data will be deleted once the advertising measure has been completed and there are no statutory retention obligations or legitimate reasons for longer storage.

Event Registration via the Association’s Website

Our website provides information about events that take place either on-site or online.
You can register for participation via an online registration form.In the course of registration, we process the personal data you provide — in particular your first and last name, email address, indication of whether you are a member of the association, and, if applicable, the names of additional participants you are registering.Processing is carried out solely for the purpose of organizing, conducting, and managing the event as well as communicating with you. The legal basis is Art. 6(1)(b) GDPR, insofar as participation is part of your membership or a contractual relationship, and Art. 6(1)(f) GDPR, as we have a legitimate interest in the orderly planning and implementation of our events. Data is only shared with third parties to the extent necessary for conducting the event, for example with co-organizers, technical service providers, or operators of online conferencing systems. Your data will be deleted after the event has concluded, unless statutory retention obligations apply or longer storage is required for the establishment, exercise, or defense of legal claims.
Our data protection information for event participants can be found here: Download PDF.

Obligation to Provide Data

When using our website purely for informational purposes, there is generally no legal or contractual obligation to provide personal data.
However, certain functions of the website can only be used if the data required for that purpose is provided (e.g., when using contact or registration forms). Where data transfers to third countries occur, we ensure appropriate safeguards in accordance with Art. 46 GDPR.

Links to Social Networks

Our website contains links to our profiles on social networks such as Instagram, Facebook, and LinkedIn.
These links can usually be recognized by the respective provider’s logo. Please note that clicking these links redirects you to the respective external platforms. Only when you click does data transfer to the operator of the social network occur. In particular, information such as your IP address, the address of the currently visited page, and — if you are logged into your account with the provider — further personal data linked to your user profile may be transmitted.We would like to point out that, as the operator of our website, we have no influence over the type and scope of the data collected by the social networks or their subsequent processing. For more detailed information, please refer to the respective provider’s privacy policies:

  1. Meta Platforms Ireland Ltd. (Facebook & Instagram): https://www.facebook.com/privacy/policy
  2. LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy

Rights of Data Subjects

As a data subject, you have various rights under the General Data Protection Regulation (GDPR) regarding the processing of your personal data:

  • Right of Access (Art. 15 GDPR):
    You have the right to obtain information about whether and to what extent we process personal data about you, for what purposes this processing occurs, which categories of data are concerned, and to which recipients these data have been or will be disclosed.
  • Right to Rectification (Art. 16 GDPR):
    You have the right to request the correction of inaccurate or incomplete personal data in order to keep your information up to date.
  • Right to Erasure (Art. 17 GDPR):
    You have the right to request the deletion of your personal data, provided that no statutory retention obligations or other legal requirements prevent such deletion.
  • Right to Restriction of Processing (Art. 18 GDPR):
    You may request restriction of processing under certain circumstances, for example if you dispute the accuracy of the data or if the processing is unlawful but you prefer restriction over deletion.
  • Right to Data Portability (Art. 20 GDPR):
    You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format and to transmit those data to another controller, insofar as processing is based on your consent or on a contract and is carried out by automated means.
  • Right to Object (Art. 21 GDPR):
    You have the right to object to the processing of your personal data if it is based on our legitimate interests or is carried out for the purpose of direct marketing.
  • Right to Withdraw Consent (Art. 7(3) GDPR):
    If processing is based on your consent, you have the right to withdraw this consent at any time with effect for the future.
  • Right to Lodge a Complaint (Art. 77 GDPR):
    You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection law.

The supervisory authority responsible for our association is:
Berliner Beauftragte fĂĽr Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin, Germany
Tel.: +49 30 13889-0

Note on Gendered Language

For reasons of readability and clarity, this Privacy Policy occasionally omits gender-specific distinctions.
All personal designations apply equally to all genders.
This shortened form does not imply any value judgment and serves only editorial and linguistic simplicity.

Changes and Status of this Privacy Policy

We reserve the right to update this Privacy Policy in order to ensure that it always complies with current legal requirements or to reflect changes in our services — for example, when introducing new services or features on our website.
The version valid at the time of your visit shall apply.

Status of this Privacy Policy: October 2025

This Privacy Policy was created using the online privacy policy generator of the external data protection officers of DATENDO GmbH.