1. Data Privacy at a Glance
The following information provides a simple overview of what happens to your personal information when you visit our website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data privacy can be found in our data privacy statement, which is provided below this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the legal notice of this website.
How do we collect your data?
One way your data is collected is when you share it with us. For instance, this may involve data that you enter in a contact form. Other data is automatically collected by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time page is accessed). We collect this data automatically when you visit our website.
What do we use your data for?
Some of the data is collected to ensure an error-free use of the site. Other data may be used to analyze your user behavior.
What rights do you have with regard to your data?
You have the right at any time and without charge to receive information about the origin, recipient, and intended use of your stored personal data. You also have the right to request the correction, blockage, or deletion of this data. You can contact us at any time at the address given in the legal notice regarding this and any further questions on the subject of data privacy. Furthermore, you have the right to file a complaint to the responsible supervisory authority.
Analysis tools and third-party tools
When you visit our website, your surfing behavior can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; your surfing behavior cannot be traced back to you. You may opt out of this analysis or prevent it by not using certain tools. You can find detailed information on this in the following data privacy statement. We inform you about the possibilities for opting out in this data privacy statement
2. General Information and Mandatory Information
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data privacy regulations as well as this data privacy statement.
When using this site, various personal data are collected. Personal data are any data that can identify you personally. This data privacy statement explains what data we collect and what we use it for. It also explains how and for what purpose this takes place.
Please note that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. Complete data protection against third-party access is not possible.
Information on the responsible party
The responsible party for data processing on this website is:
Wikimedia Deutschland –
Association for the promotion of Free Knowledge e. V.
Tempelhofer Ufer 23-24
Phone: +49 (0) 30-21915826-0
Revocation of the consent for data processing
Many data-processing operations are only possible with your express consent. You can revoke your previously given consent at any time. For this purpose, you can simply send us an informal message by e-mail. The legality of the data processing up to the time of the revocation remains unaffected by the revocation.
Right to issue an appeal to the competent supervisory authority
In the event of any violation of data-privacy law, the person concerned has a right to issue an appeal to the competent supervisory authority. The responsible supervisory authority for data-privacy matters is the data-privacy officer of the federal state in which our company is located. A list of data privacy officers and their contact details can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.htm
Right to data portability
You have the right to have the data we process, either automatically on the basis of your consent or in fulfilment of a contract, issued to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done if it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection when the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.
If the SSL or TLS encryption is enabled, the data that you provide to us cannot be read by third parties.
Encrypted payment transactions on this website
If you are required to provide us with your payment details (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract, this data will be needed for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.
With encrypted communication, the payment information that you provide to us cannot be read by third parties.
Information, restriction of processing, deletion
You have the right, free of charge, to information about your stored personal data, their origin and recipients, the purpose of data processing and, if necessary, a right to correction, restriction of the processing or deletion of these data at any time within the scope of the applicable legal provisions. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of your personal data.
We do not make use of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR.
Obligation to provide data
Under no circumstances are you legally or contractually obliged to provide us with personal data. However, without its provision as part of the services listed below, we cannot provide you with the functionality described there.
3. Data Privacy Officer
Statutory data privacy officer
We have appointed a data privacy officer for our company.
Thorsten Feldmann, LL.M.
JBB Rechtsanwälte Jaschinski Biere Brexl Partnerschaft mbB
Phone: +49 30443765 0
4. Data Collection on Our Website
Some of the Internet pages use “cookies.” Cookies do not cause any damage to your computer and do not contain any viruses. They serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your computer until you delete them. These cookies allow us to recognize your browser the next time you visit.
You can adjust your browser settings so that you are informed about cookie settings and only allow cookies in individual cases. You can also decline cookies in certain cases or generally and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this site may be restricted.
Cookies, which are required to carry out the electronic communication process or to provide certain functions requested by you (e.g. shopping cart function), are stored pursuant to Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technical, error-free, and optimized delivery of the related services. Insofar as other cookies are stored (e.g. cookies for the analysis of your surfing behavior), they are treated separately in this data privacy statement.
Server log files
The provider of the pages automatically collects and stores information in server log files, which your browser automatically sends to us. These are:
- Browser type and browser version
- Operating system
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not compiled together with other data sources.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. The data is only stored for a period of 24 hours. All log files created by our systems are then automatically deleted.
Registration on this website
You can register on our website to utilize our additional features. We only use the data entered for the purpose of the application of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will cancel the registration.
For important changes, for instance, to our services or technically necessary changes, we inform you using the e-mail address you provided during registration. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
To permit these changes, you can simply send us an informal message by e-mail. The legality of the data processing already carried out remains unaffected by the revocation.
We store the data collected during the registration for as long as you are registered on our website and then subsequently deleted. Legal retention periods remain unaffected.
Comment function on this website
For the comment function on this page, your comment will be stored, along with information about the time the comment was made, your e-mail address and, if you do not post anonymously, your chosen user name.
Saving the IP address
Our comment function stores the IP addresses of users who post comments. As we do not moderate comments on our site before they are published, this data is required so that we can take legal action against the author in the event of legal infringements such as offensive comments or the spread of propaganda.
Subscribe to comments
As a user of the site, you can subscribe to comments after registering. You will receive a confirmation e-mail to ensure that you are the owner of the given e-mail address. You can cancel this function at any time via the link provided in the info e-mails. In this case, the data entered when subscribing to comments will be deleted; if this data has been sent to us for other purposes (e.g. newsletter subscription), it will remain in our system.
Storage period of comments
The comments and the associated data (e.g. IP address) are stored and remain on our website until the commented content has been completely deleted or the comments need to be deleted for legal reasons (e.g. offensive comments).
Comments are stored on the basis of legitimate interest (Art. 6 para. 1 lit. b GDPR). Our legitimate interest lies in the aforementioned purpose.
There are several ways in which you can register for one of our newsletters. In this case, we use your e-mail address to send you information about current topics and our work. The legal basis for the processing is your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time with effect for the future, e.g. by sending an e-mail to firstname.lastname@example.org or by clicking on an unsubscribe link in one of the e-mails sent to you. The revocation shall not affect the lawfulness of the processing operations carried out on the basis of the consent up to the time of the revocation.
We also analyze your use of our newsletter, e.g. the link or button you clicked. This serves to improve our offers.
The processing for these purposes is based on Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in the aforementioned purposes. If you do not agree with the analysis, you can object at any time by unsubscribing the e-mails.
5. Registration for Events
Occasionally, we make it possible to register for events we organize. This can usually be done online, but in certain cases also offline. To successfully register, you will need to provide certain personal data, which can vary depending on the event. Where applicable, mandatory and voluntary information is indicated on the respective registration form.
We primarily use the data to organize the participation of the registering person at the event and to implement the event. This includes contacting the participant to the extent required within the scope of the event’s organization. The legal basis for the processing of these personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. We store this data for the aforementioned purposes until the event is completed.
We then store the data for an additional period of three years. This storage takes place due to our legitimate interest in being able to defend ourselves against any legal claims that may arise from the event or to assert such claims. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
The data collected during registration will be processed internally by the department responsible for the organization of the event. The data can also be passed on to external recipients. This includes, above all, service providers who support us in the organization and implementation of the event. In addition to our general service providers and the service providers listed below, we may also use additional service providers apart from the general service providers listed below for online elections in connection with the event and its organization. Some events are supported by the Wikimedia Foundation. If this is the case, we may transmit data for reporting purposes in order to protect our legitimate interests and the interests of the Wikimedia Foundation.
If we provide additional services for you at your request, such as travel or hotel bookings or the organization of childcare, we transmit the data to the recipients that are required for rendering the service in question. These may include in particular: Hotels, travel agencies, foreign offices, other authorities of foreign countries for issuing visas. Depending on where you live and where the event takes place, these recipients may also be located in third countries outside the EU or the EEA for which no EU Commission decision on adequacy exists. In such cases we will only carry out transmissions which are either necessary for the fulfilment of the contract between you and us or for the conclusion or fulfilment of a contract entered into in your interest between us and the recipient.
6. Analysis Tools and Advertising
Matomo (formerly Piwik)
This website uses the open source web analysis service Matomo. Matomo uses “cookies.” These are text files that are stored on your computer and permit the analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.
Matomo cookies remain on your device until you delete them.
The storage of Matomo cookies is based on Art. 6 para. 1 lit. f GDPR. The website owner has a legitimate interest in the anonymous analysis of user behavior in order to optimize both its website and its advertising.
If you do not agree to the storage and use of your data, you can deactivate its storage and use. In this case, an opt-out cookie is stored in your browser which prevents Matomo from saving usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated the next time you visit our site.
7. Plug-ins and Tools
We include tweets from Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) on our site. Our plug-in used for this purpose works according to the so-called two-click solution. In contrast to the usual integration of tweets, if you visit a page where tweets are integrated, no connection to Twitter will be established. This means that initially no data will be transmitted to Twitter, nor will cookies be set on your device. This will only occur if you actively click on the respective tweet, for example to comment on it or to open it in Twitter. If you click on integrated content, a direct connection is established between you and Twitter. As a result, data can be transferred and cookies set. During this process, Twitter is informed in particular about the page of our website you are currently on. This may be linked to an existing Twitter account. We have no influence here on the data that Twitter processes. Further information can be found in Twitter’s data privacy statement at: http://twitter.com/privacy
You can change your privacy settings in your account settings at: http://twitter.com/account/settings
Our website uses plug-ins for the video portal Vimeo. The provider is Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages equipped with a Vimeo plug-in, a connection to the Vimeo servers will be established. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies even if you do not have a Vimeo account or are not logged in. The information collected from Vimeo is transmitted to the Vimeo server in the US.
If you are logged into your Vimeo account, you allow Vimeo to assign your surfing habits directly to your personal profile. You can prevent this by logging out of your Vimeo account.
For further information on the handling of user data, please refer to Vimeo’s data privacy statement at: https://vimeo.com/privacy.
We use videos from YouTube and YouTube plug-ins on our website. YouTube is a service of YouTube LLC (“YouTube”), 901 Cherry Ave, San Bruno, CA 94066, USA and is provided by YouTube LLC. YouTube LLC is a subsidiary of Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The integration of YouTube takes place by embedding the service on our website using a so-called “iFrame.” When you load this iFrame, YouTube, or Google may collect and process information (including personally identifiable information) about you. The possibility cannot be ruled out that YouTube or Google may also transmit the information to a server in a third country. Google and its subsidiaries are certified under the EU-US Privacy Shield to ensure an adequate level of protection during processing. For more information, see: https://www.google.de/policies/privacy/frameworks/.
If you are signed in to your Google Account, Google may add the processed information to your account and treat it as personal information, depending on your account preferences; see in particular: https://www.google.de/policies/privacy/partners. You can prevent this information from being directly added by logging out of your Google Account before opening a page, or by changing the account settings in your Google Account.
We have integrated YouTube in order to present you various videos on our website and to allow you to watch them directly on our website. The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the great benefit that YouTube offers. The integration of external videos relieves the load on our servers and allows us to use the corresponding resources elsewhere. Among other things, this can improve the stability of our servers. In addition, YouTube or Google has a legitimate interest in the collected (personal) data to improve its own services.
You can find information about Google’s privacy settings at: https://privacy.google.com/take-control.html?categories_activeEl=sign-in
We use the Embetty tool. Embetty is an open source software tool from Heise Medien GmbH & Co. KG that enables the integration of social media elements such as tweets, videos, etc. with minimal data usage. You can recognize Embetty content by the Embetty logo in the lower right corner. Embetty works according to the so-called two-click solution. Unlike the usual integration of services, if you visit a page where content is integrated using Embetty, no connection to the server of the service provider is initially established. As a result, no data is at first transferred to the service provider and no cookies are set on your device. This only happens when you actively click on the content, for example to view it. If you click on integrated content, a direct connection is established between you and the service and data can be transferred and cookies set. You alone therefore decide whether you want to transmit your data to the integrated services. Further information about the Embetty tool and its source code can be found at: https://heise.de/-4060362 and https://github.com/heiseonline/embetty
8. Other Recipients
The departments within Wikimedia that are responsible for processing your requests have access to your data. In addition, we employ external service providers to the extent that we are unable to provide services ourselves or are unable to do so effectively. These external service providers are primarily providers of IT services and telecommunications services. Where the legal requirements are met, we have concluded order processing agreements with these service providers.
In general, transfers to third countries do not take place. We do, however, use the G Suite service of Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for our operations. Google LLC is certified under the EU-US Privacy Shield to ensure an adequate level of data privacy.
Conclusion of contract for order-data processing
We have concluded a contract with our service provider in which we require them to protect our customers’ data and to not to pass it on to third parties.
Gesellschaft zur Förderung Freien Wissens e. V.
PO Box 61 03 49
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Phone: +49 (0)30-219 158 26-0
Fax: +49 (0) 30-219 158 26-9