Privacy Policy

1. Responsible:

Wannsee Forum Foundation,
Hohenzollernstraße 14, 14109 Berlin, Germany.
Telephone: +49 30 806 80 0.
Email: info@wannseeforum.de
. Website: www.wannseeforum.de

Should you have any questions about our privacy policy, you can contact our data protection officer :

Wannsee Forum Foundation
Data Protection Officer
Hohenzollernstraße 14, 14109 Berlin
Email: datenschutz@wannseeforum.de

---

2. Purposes and legal bases for data processing

2.1 Visiting our website

When you visit our website, various personal data are processed depending on the type and extent of your use. Personal data is information relating to an identified or identifiable natural person; a natural person is considered identifiable if they can be identified directly or indirectly (e.g., by reference to an online identifier).

For the purpose of technically providing the website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information (the "access data") is automatically collected each time you access our website and automatically stored in so-called server log files. Access data may include, among other things:

• Browser type and browser version
• Device identifier and operating system used
• IP address of the requesting device
• Website from which access is made (origin or referrer URL)
• Date, time and duration of access

The processing of access data is technically necessary for providing a functional website and for system security. Beyond the purposes mentioned above, we use server log files solely for the needs-based design and optimization of our website, purely for statistical purposes and without drawing any conclusions about your identity. This data is not combined with other data sources, nor is it used for marketing purposes, unless you have given your explicit consent (see section 2.2).

Insofar as you visit our website to find out about our educational offerings, events or the conference center, or to use offers on a contractual basis, the basis for the temporary storage of access data is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures.

Furthermore, Article 6(1)(f) GDPR serves as the legal basis for the temporary processing of access data. Our legitimate interests here are to provide you with a technically functional and user-friendly website and to ensure the security of our systems. You have the right to object to this processing for the purposes of legitimate interests (see section 7).

The storage period and deletion of your access data are governed by section 5 of this privacy policy. Your IP address will be stored for a maximum of 7 days for IT security purposes.

2.2 Use of cookies and similar tracking technologies

We use cookies and similar tracking technologies, such as tracking pixels or fingerprinting technologies (collectively referred to as "tracking"), on some parts of our website. Depending on the purpose, tracking serves to make our services more user-friendly, effective, and secure, as well as to personalize content and advertising – where applicable. Tracking allows us to analyze how and, if applicable, which visitors use our website. This enables us to tailor website content to individual needs, for example, by measuring the effectiveness of specific content.

Cookies managed via a consent management tool (e.g., Borlabs Cookie).

a) Functional tracking

The legal basis for accessing your device, collecting information, and further processing any personal data in these cases is Section 25 Paragraph 2 No. 2 of the German Telemedia Act (TDDG) and Article 6 Paragraph 1 Letter f) or b) of the GDPR. This essential tracking helps us to make the website technically usable and secure by enabling basic functions such as page navigation, login data, watchlists, and access to protected areas of the website. This also includes storing your preferences in the consent management system, in particular whether and to what extent you wish to allow consent-based tracking. Without this type of tracking, the website cannot function properly. It is therefore necessary to implement the functions you have selected or to protect our legitimate interests in the functionality, security, and efficiency of our website.

b) Tracking for marketing, personalization or analytics purposes

For all other purposes mentioned, your voluntary consent is required. The legal basis for this is Section 25 Paragraph 1 of the German Telemedia Act (TDDG) and Article 6 Paragraph 1 Letter a) of the GDPR. You can grant your consent for all purposes at once by selecting "Accept all". In the consent management section, you can also individually specify for which purposes tracking is permitted by selecting each category. You can consent to tracking, for example, to automatically apply your preferences on future visits (personalization) and/or to understand your user behavior in order to optimize our website (analytics).

Once you have given your consent, you can withdraw it at any time with effect for the future. To do so, click on the relevant cookie /privacy settings at the bottom of the website and select either "Reject all" or deactivate individual categories. You can also reject tracking from the outset using the same selection, so that only functional tracking takes place.

c) List of individual tracking technologies

Borlabs Cookie

• Provider: Borlabs GmbH, Germany
• Purpose: To store cookie consent and selected cookie settings
• Storage period: 12 months

MailPoet (Newsletter)

• Provider: MailPoet Inc., USA
• Purpose: Sending newsletters, managing subscribers, and verifying consent (double opt-in)
• Storage period: Until you unsubscribe from the newsletter or withdraw your consent.

WPForms

• Provider: WPForms LLC, USA
• Purpose: Processing of contact and inquiry forms
• Storage period: Until the request is fully processed, then deleted.

Padlet (only when integrated)

• Provider: Wallwisher, Inc., USA
• Purpose: Displaying external interactive content
• Storage period: As long as the Padlet exists or until it is deleted by the provider.

WordPress (user account) (only upon login)

• Provider: Self-hosted WordPress
• Purpose: User account management and authentication
• Storage period: As long as the user account exists, then deleted.
• WordPress does not process any personal data for visitors without a user account.

External media embedding (Vimeo, YouTube, Instagram, Flickr) requires two-factor consent.

• Provider: Vimeo Inc.; Google Ireland Ltd.; Meta Platforms Ireland Ltd.; SmugMug, Inc.
• Purpose: Integration of videos and images from external providers
• Storage period: Data transfer only after two-factor authentication has been granted; storage period according to the provider.

Two-factor consent for external content :
External content from Vimeo, YouTube, Instagram, and Flickr not loaded on this website . A connection to the servers of the respective provider is only established after the user has actively consented via a two-factor authentication process (e.g., via the cookie banner and an additional confirmation when accessing the content). In this process, personal data (e.g., IP address) may be transmitted to the respective provider.

2.3 Contact via website contact form

Our website includes contact forms that we offer for easy and quick electronic communication with us. When you send us inquiries via a contact form, your inquiries, including the contact details you provide (e.g., name, email address, telephone number, message), will be stored and processed by us for the purpose of handling and responding to your inquiry and for any follow-up questions. This also applies to your IP address and the date and time you sent your message to us. We will not share this data with third parties unless this is necessary for processing and responding to your inquiry or you have given us your consent (Art. 6 para. 1 lit. a) GDPR).

If you contact us within the framework of an existing or pending contractual relationship (e.g. seminar registration, booking of our conference center, cooperation request), the data and information you provide will be processed for the purpose of processing and responding to your contact request on the basis of Art. 6 para. 1 lit. b) GDPR.

Otherwise, the processing is carried out by us to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR in providing a contact form and in properly answering inquiries.

You are under no obligation to contact us via the contact form or to provide personal data. If you do not provide your personal data, we may not be able to process your request. Otherwise, there will be no consequences for you.

The storage period and deletion of your corresponding data are governed by section 5 of this privacy policy.

2.4 Sending newsletters

a) Newsletter subscription

If you have given your consent, we will use your email address to send you our newsletter regularly. Providing an email address is the only requirement for receiving the newsletter; any further information is voluntary. We use the double opt-in procedure: After registering, you will receive an email asking you to confirm your newsletter subscription. Without this confirmation, your registration will not be completed, and your request will be automatically deleted. If you wish to receive our newsletter at a later date, you will need to register and confirm your subscription again. To verify your registration and to investigate potential cases of misuse, we store your IP address, the times of registration and confirmation, and the respective status. The legal basis for this is Article 6(1)(a) GDPR.

We use the newsletter service MailPoet , which processes the data on our behalf (see section 3).

b) Newsletter after participation in our offers

If you provide your email address in connection with our services (e.g., seminars, events, use of the conference center), we may use it – even without separate consent – ​​to send you our newsletter, unless you have objected to receiving it. This newsletter contains exclusively direct marketing and information for similar or related services offered by the wannseeFORUM Foundation. The legal basis for sending the newsletter in this case is Section 7 Paragraph 3 of the German Unfair Competition Act (UWG) in conjunction with Article 6 Paragraph 1 Letter f) of the GDPR. We have a legitimate interest in informing you about similar and comparable services as direct marketing, unless you have objected to receiving them.

c) Unsubscribing from the newsletter: Revocation of consent or objection

You can unsubscribe from the newsletter at any time – regardless of whether you received it based on consent or legitimate interests. To do so, use the unsubscribe link at the end of each newsletter or send us your unsubscribe request to the contact details listed in section 1. No costs other than the standard transmission costs charged by your communication provider will be incurred.

The storage period and deletion of your newsletter data are governed by section 5 of this privacy policy. After unsubscribing, the data stored for the newsletter will be deleted unless other legal grounds require further storage. Data stored by us for other purposes remains unaffected.

2.5 Social media presence and embedded content

We maintain a presence on various social media platforms (e.g., Instagram, and possibly others) and integrate content from external services such as YouTube, Vimeo, and Flickr into our website. We use these platforms to present our work, explain and promote events and educational programs, and enhance your user experience. Furthermore, you can contact us directly through the respective network and learn more about our offerings.

a) Purposes and legal basis of processing by us

We process data from the use of our social media presence and embedded content for the following purposes:

• Communication: When you interact with us via a social network or embedded content (e.g., through comments, messages, "likes" or following our page), we process your personal data to respond to your requests and provide information.
• Statistical evaluations: To the extent that the networks provide us with aggregated usage statistics, we use these to improve our content and to target our audiences more effectively.

Your personal data is processed on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR, namely to communicate with interested parties and participants, to analyze and optimize our online presence and our educational offerings, and in connection with inquiries about our offers pursuant to Art. 6 para. 1 lit. b) GDPR.

When loading embedded content (e.g., YouTube or Vimeo videos, Instagram feeds, Flickr images), the necessary data (in particular IP address, browser information, and possibly cookie information) is transmitted directly to the respective provider. This only occurs after you have given your consent via the cookie /consent banner (Art. 6 para. 1 lit. a GDPR); see the detailed information at www.wannseeforum.de/datenschutz.

For further information on data processing by the respective platforms, please refer to their privacy policies (e.g. Google/YouTube, Vimeo, Yahoo/Flickr, Meta/Instagram).

2.6 Participation in educational programs, use of the conference center and handling of business relationships

Within the scope of our existing or future business and sponsorship relationships, we process personal data that is either collected directly from you or transmitted to us by your employer or other organizations (e.g., schools, youth welfare agencies, cooperation partners). This applies in particular to:

• Participants in our seminars, projects and events,
• requesting organizations (e.g. for group bookings of the conference center),
• Employees of business partners (e.g. suppliers, service providers, sponsors, cooperation partners) or other persons involved in the fulfillment of the contract.

The provision of certain personal data may be required by law or contract, or necessary for entering into a contract. If there is an obligation to provide such data, we will inform you separately. In this case, failure to provide the data may result in the requested service (e.g., seminar participation, room booking) not being able to be provided.

We primarily process personal data that you provide to us yourself within the context of our relationship or that we receive from business partners (e.g., from colleagues with whom we are already in contact, for example, in connection with an inquiry or order). In addition, we process information from publicly accessible sources (e.g., association registers, press, internet) or data transmitted to us by third parties (e.g., other project partners). The scope of the data processed depends on your role and the nature of the relationship.

As part of the processing, we process in particular the following personal data:

• Name and, if applicable, function/organization
• Address (e.g. billing address)
• Contact details (phone numbers, email address)
• Booking and contract details (e.g. seminar, period, room occupancy, catering requirements, participation fees)
• Payment details (e.g. bank details or payment methods)

The processing of personal data serves the purpose of preparing, executing and processing contracts (e.g. participation and usage contracts, service and work contracts, funding agreements) as well as the general support of our participants, guests and business partners.

Your personal data is processed for the performance of a contract or for taking steps prior to entering into a contract, based on Article 6(1)(b) GDPR, and for the purposes of legitimate interests, based on Article 6(1)(f) GDPR. These legitimate interests include, in particular: processing inquiries, ensuring compliance with the law (e.g., asserting and defending against legal claims, internal and external compliance measures), ensuring the availability, operation and security of technical systems, and technical data management.

The storage period and deletion of your contract data are governed by section 5 of this privacy policy.

2.7 Use of other digital services and tools from third parties

Insofar as we use digital tools and services from third-party providers in the context of our educational work or for the organization of our offerings (e.g., online forms, translation services, spam protection services, newsletter software, translation plugins, video conferencing systems), this is done either:

• as the independent responsible party of the respective provider (e.g., for embedded content or external platforms), or
• within the framework of commissioned data processing, when the service provider processes data exclusively on our behalf.

Specific tools used on our website (e.g. WPForms, hCaptcha, Linguise, MailPoet) and any associated transfers to third countries are described in detail at www.wannseeforum.de/datenschutz in the section “WordPress Plugins and external services”.

If a third-party provider is independently responsible, its privacy policy also applies. In this case, we will inform you separately, if necessary.

2.8 Compliance with legal regulations

In connection with all the aforementioned processes, we also process your personal data to fulfill legal obligations that apply to us in connection with our activities as a foundation and educational institution. These include, in particular, information obligations and retention periods under commercial, non-profit, trade, or tax law.

We process your personal data in accordance with Art. 6 para. 1 lit. c) GDPR to fulfill a legal obligation to which we are subject.

2.9 Enforcement of rights

In connection with all the aforementioned processes, we also process your personal data to assert our rights and enforce our legal claims or defend against legal claims. Finally, we process your personal data to the extent necessary for the prevention or prosecution of criminal offenses.

We process your personal data in this context to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we need to prevent or clarify the infringement of our property or similar legal positions.