WECHANGE

Menü

Privacy Policy

Below we inform you about the type, scope and purpose of the processing of your personal data when using our website www.wechange.de (hereinafter "platform"). Personal data is all information that relates to an identified or identifiable natural person.

1. Person responsible

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data. The controller within the meaning of the GDPR for the personal data processed when you visit our platform is wechange eG, c/o Thinkfarm, Oberlandstraße. 26-35, 12099 Berlin, Germany (hereinafter "provider" or "we").

Imprint: https://wechange.de/cms/impressum/

Info and Support: support@wechange.de

As data protection officer we have appointed lawyer Sven Gumbrecht (email: datenschutz@wechange.de) named.

2. When you visit our websites

When you visit our website, our server collects the following information from your device: browser type and version, operating system, the previously visited website (“referrer”), IP address and time of page access. We collect and process this data to ensure the trouble-free operation of our website and to be able to detect, prevent and track misuse of our services. We also use the data collected anonymously for statistical purposes, for example to evaluate which devices and browsers are used to access our platform in order to use this as a basis to continuously adapt and improve our offering to the needs of users. This data processing is carried out on the basis of Article 6 Paragraph 1 Letter f GDPR. We store all server log files mentioned in the first paragraph for 7 days and then delete the IP address. All other data in Paragraph 1 is stored anonymously. We use essential cookies on our website.

We do not use marketing or tracking cookies and have therefore not implemented a cookie banner on our homepage.

3. User profile

(1) Description and scope of data processing

On our website we offer you the opportunity to register and create a user profile by providing personal data. If you create a user profile on our platform, we collect your email address and a user name of your choice (pseudonym); without this data we cannot set up a user profile for you. In addition, you can voluntarily add further information to your user profile, e.g. a profile photo. By registering, a user account is created for you. You can manage this user account yourself on our platform. The following information is also permanently stored in your user account:

  • date of registration
  • IP address during registration
  • Date of last login
  • Date of any failed login attempts

If you have a user profile with us, we can keep you up to date with news from our platform by email if you wish. You can set which notifications you would like to receive in your user profile. You can revoke your consent at any time with effect for the future by adjusting the settings.

(2) Legal basis for data processing

If consent has been given, the legal basis for processing the data is Art. 6 (1) (a) GDPR. If the registration serves to fulfil a contract to which you are a party or to carry out pre-contractual measures, the legal basis for processing the data is also Art. 6 (1) (b) GDPR.

(3) Purpose of data processing

Registration by you is necessary to fulfill a contract with you or to carry out pre-contractual measures. Your registration is also necessary to provide certain content and services on our website. We also use the data collected to contact the registered users for whom we maintain a user account for processing purposes, for example to change the terms of use.

(4) Duration of storage

We keep the personal data associated with the user profile stored until the contractual relationship with us regarding the user profile has ended.

You can delete your user profile at any time using the function in the “Edit profile” menu.

By clicking the “Delete Profile” button, your entire user account, user profile and personal information will be irrevocably deleted.

Your pads, news, uploaded files and other content will remain on the website. However, your name will no longer be displayed as the creator and your profile will no longer be associated with the content. On Rocket Chat, your profile direct messages will be deleted, but the content will remain within discussions and channels. If you still want to delete your content, please do so by deleting the content on the relevant pages.

Your profile will first be deactivated and completely removed from the platform. Only after 30 days will it be permanently deleted from our database. The account may be stored in our backup systems for up to 6 months. If that is too long for you, please contact the support of this platform to have it deleted immediately.

4. Processing of content

(1) Scope of processing of personal data

On the platform you have the opportunity to post your own content (e.g. groups, projects, events, etc.).

(2) Legal basis for the processing of personal data

The entry of personal data in this context is voluntary. The legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.

(3) Purpose of data processing

The processing of personal data serves solely to display the data you have provided.

(4) Duration of storage

Storage ends when you delete the data yourself. When you delete your profile, the assignment of the content is only anonymized and not automatically removed. The background to this is the ongoing collaboration of other users in the projects and groups.

5. Payment options

(1) Voluntary contribution

Depending on the offer, we offer you different payment methods. Depending on which method you choose, different data is collected. Your data is stored on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). We process this data solely for the purpose of processing the payment and for the purpose of creating and delivering invoices. You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing operations that have already taken place remains unaffected by the revocation. Please note that we use the services of Better Payment Germany GmbH (see section 6 "Processors" below) for the various payment options (listed below under (a) to (c)).

(a) Direct debit (SEPA) via Better Payment

If you choose to pay by direct debit (SEPA direct debit), we will collect and process your name, your first name, the amount to be collected, your email address, your postal address, the name of the account holder, your IBAN and your BIC.

(b) Credit card via Better Payment

If you choose to pay by credit card, we will collect and process your name, first name, the amount to be collected, your email address and your postal address. Other payment data (credit card number, name of the cardholder, expiration date and credit card verification number) will be collected by Better Payment Germany GmbH (see section 6 "Processor" below); we will not process this data.

(c) Paypal

If you choose to pay via PayPal, we will collect and process your name, first name, the amount of money to be collected, your email address and your postal address. Other payment data (Paypal log-in data) is collected by Better Payment Germany GmbH (see below under section 6 "Processor"); we do not process this. Please note that the operator of this service, PayPal (Europe) S.à rl et Cie, SCA (see below under section 6 "Processor"), is solely responsible for the data processing that takes place when paying via PayPal. To pay via PayPal, you must log in to your PayPal user account using your access data.

(2) Services subject to payment

If you want to use paid services on our platform, we will collect your email address and user name as well as your actual name or company name and your home or registered office address. This data is essential for concluding a contract with us; we process it for the purpose of fulfilling the contract in accordance with Article 6 Paragraph 1 Letter b GDPR. We keep the data stored until all mutual claims arising from the contractual relationship have been finally settled and all commercial and tax retention periods have expired.

6. No automated decision-making, no profiling

When deciding whether to conclude a contract, we do not use automated decision-making or profiling.

7. Processor

To operate our platform, we use the services of the following processors in accordance with Article 28 GDPR:

  • for web hosting: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany,
  • for the processing of payments: Better Payment Germany GmbH, Rosenthaler Straße 34/35, 10178 Berlin, Germany,
  • for the processing of payments: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg,
  • for email sending and email management: Mailjet SAS, 13-13 bis, rue de l'Aubrac – 75012 Paris, France,
  • for the operation of the servers for push notifications for users who use Fairkom apps: fairkom, Society for the Promotion of Medial Communication and Intangible Common Goods, Badgasse 3 | 6850 Dornbirn | Austria | +43 508020 | www.fairkom.eu,
  • to support our accounting in connection with paid services: Haufe-Lexware GmbH & Co. KG, Munzinger Str. 9, 79111 Freiburg, Germany and M-Ds, Max-Sabersky-Allee 65, 14513 Teltow,
  • for technical support: sinnwerkstatt Medienagentur GmbH, Glogauer Str. 21, 10999 Berlin, Germany.
  • for sending the newsletter: Mailjet SAS, 13-13 bis, rue de l'Aubrac – 75012 Paris, France.

8. Contributions

If you write a post on our platform, e.g. a discussion post or the announcement of an event, we save and publish your post in the appropriate place on our platform together with your user name. You can specify in your user profile which information from your user profile should be disclosed to whom.

By submitting a contribution to us, you can also select on which partner platforms your contribution may be made publicly available. If your user profile is deleted, certain of your contributions will remain on our platform so that other users can continue to work on them and continue to follow the course of a discussion (see Section 3, Paragraph 3 of our Terms of Use). However, we anonymize the user name previously displayed with your contributions. Personal data contained within a contribution text - for example, if you have written your own name in it - will remain even if a user profile is deleted.

9. Contact form and communication via email

If you send us a message via the contact form on our platform or by email, we will save your message with the sender data transmitted with it (name, email address and any additional information added by your email program). To receive and save your messages and to send our emails to you, we use the services of our email provider (see above), who acts as a processor for us in accordance with Article 28 GDPR.

The legal basis for this data processing is our legitimate interest in answering your message and also being able to respond to any follow-up questions you may have (Article 6 Paragraph 1 Letter f GDPR). We will delete the data collected with your message at the latest by the end of the calendar year following the last communication with you regarding your request, subject to the provisions in the following paragraph.

If you send us a legally relevant declaration regarding a contractual relationship with us, the legal basis for processing, regardless of the method of transmission, is also Article 6 Paragraph 1 Letter b of the GDPR. In such a case, we will delete the data related to your declaration as soon as all mutual claims arising from our contractual relationship with you have been finally settled and the retention periods under commercial and tax law have expired.

The email servers we use work with TLS and SSL, so that the transmission between your mail server and ours is encrypted if your email provider supports at least one of these encryption techniques. The data you enter in our contact form is also transmitted to our server using SSL encryption.

10. Use of cookies

When you have logged into your user profile, we place "cookies" on your device. These are small text files that allow us to recognize your device when you visit our platform again at a later date. This includes a cookie that remembers your login status and remains for 60 days after each login so that you do not have to log in again with your data during this time (login cookie).

With the help of other cookies, we can also prevent misuse of our services (cross-site cookies) and analyze certain user behavior (web analysis cookies), e.g. which parts of our platform you use, how long you stay on our platform and when and how often you return to our platform. We do not use web analysis cookies if you have activated the "Do not track" option in your browser settings.

This data processing is carried out on the basis of Article 6 paragraph 1 letter f GDPR for the purpose of enabling you to use our platform securely and conveniently, to align our platform even better with the interests of our visitors and the technology they use, and to analyze and optimize the technical functions of our site.

A stored cookie expires at the latest twelve months after your last visit to the platform, which means that your device automatically deletes it after this time.

You can prevent cookies from being saved by going to the cookie settings of your internet browser and objecting to the creation of cookies for our platform or generally for all websites. You can also delete cookies that have already been saved there.

11. Web analysis tool Matomo

If you have logged into your user profile, we use the web analysis tool "Matomo" to provide needs-oriented services and to optimize the functions of our platform. Matomo helps us to evaluate anonymous usage information for statistical purposes. The following information is recorded:

  • IP address,
  • referrer URL,
  • URLs accessed on the platform,
  • time spent on the respective pages of the platform,
  • entered search terms,
  • Information transmitted by your device (operating system, screen resolution, browser, browser language setting).

We have integrated the software into our web server. No data is passed on.

Matomo is a data protection-friendly web analysis software that is used without cookies and which recognizes returning users with the help of a so-called "digital fingerprint" that is stored anonymously and changed every 24 hours. With the "digital fingerprint", user movements within our online offering are recorded with the help of pseudonymized IP addresses in combination with user browser settings in such a way that conclusions about the identity of individual users are not possible. The user data collected as part of the use of Matomo is only processed by us and is not shared with third parties. Legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

The last two octets of the IP address are masked. This means that it is no longer possible to assign it to your device.

If you do not agree to the anonymous processing and evaluation of data from your use of the platform, you can prevent this in most browsers, for example by using a Do-Not-Track option or by surfing in a private mode; active ad blockers or deactivating JavaScript for your browser also prevent Matomo from collecting data.

More information about Matomo here: https://piwikpro.de/impressum/

13. Your Rights

You have the following rights with regard to the personal data we process about you:

You have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, we will inform you of the personal data stored about you and the other information in accordance with Article 15 (1) and (2) GDPR.

You have the right to have inaccurate personal data concerning you rectified immediately. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary statement.

You can request that we immediately delete the personal data concerning you under the conditions of Article 17 Paragraph 1 GDPR, unless their processing is necessary in accordance with Article 17 Paragraph 3 GDPR.

You can request that we restrict the processing of your data if one of the conditions of Article 18 paragraph 1 GDPR applies. In particular, you can request restriction instead of deletion.

We will notify any rectification or erasure of your personal data and any restriction of processing to all recipients to whom we have disclosed personal data concerning you, unless doing so should prove impossible or involve disproportionate expenditure. We will also inform you about these recipients if you request this.

You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format and you can request that we transmit this data to another controller without hindrance, where technically feasible.

If data processing is based on your consent, you have the right to revoke your consent at any time. The revocation of your consent does not affect the legality of the data processing that has taken place up to the time of your revocation.

RIGHT OF OBJECTION: FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, YOU MAY OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU AT ANY TIME; this right of objection applies to data processing carried out on the basis of Article 6 paragraph 1 letter f GDPR to protect the legitimate interests of ours or a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data prevail. If you exercise your right of objection, we will no longer process the data in question unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

IN THE EVENT THAT WE PROCESS PERSONAL DATA FOR DIRECT MARKETING (E.G. NEWSLETTER), YOU CAN OBJECT AT ANY TIME TO THE PROCESSING OF THE PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.

If you believe that the processing of your personal data violates the GDPR, you can lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement. This does not preclude other administrative or judicial remedies.

The local supervisory authority responsible for data protection is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.

Status: April 2024

AVV – Data processing agreement with wechange eG

We want to offer you an alternative so that you can use online tools with peace of mind and trust that your data is in good hands in our hands. At the same time, we want to support you in complying with data protection regulations in your actions. If you, as an initiative, work with sensitive, i.e. personal data and want to store it on our servers, i.e. in the Nextcloud or in a pad, then you need a data processing agreement.

We would like to offer you a simple and quick solution for this. We have prepared a data processing agreement (AVV) for you, which is already pre-signed by us - the wechange cooperative - as a blank document to fill out as a PDF document. All you have to do is click the download button, fill out the contract for yourself, sign it yourself and voilà! The whole thing is completely free of charge for you!

Download AVV