What are you looking for?

Privacy Policy

1. Responsible:

The address of our website is: https://wannseeforum.de

Status of the data protection information: 01.10.2025

Responsible within the meaning of the General Data Protection Regulation (GDPR) is
Stiftung wannseeFORUM
Hohenzollernstraße 14
14109 Berlin,

see also imprint

The wannseeFORUM Foundation has appointed a data protection officer who can be contacted as follows:

WannseeFORUM Foundation, Data Protection Officer, Hohenzollernstraße 14, 14109 Berlin

Email the data protection officer: datenschutz@wannseeforum.de

2. Purposes and legal bases of data processing

We process personal data for the following purposes:

  • Transfer of data to service providers and, if applicable, transmission to third countries (see sections "Recipients/Categories of Recipients" and "Transfer to Third Countries"). Legal basis, depending on the case: Art. 6 (1) (f) GDPR (legitimate interest) or (a) (consent), or other, if applicable.
  • Provision of our website, web hosting, storage of log and usage data; legal basis: Art. 6 (1) (f) GDPR (legitimate interest).
  • Processing of data within the scope of contact and inquiry forms (e.g., name, email, message); legal basis: Art. 6 para. 1 lit. b GDPR (contract/initiation) or lit. f (legitimate interest) or lit. a (consent) where indicated.
    Furthermore, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the temporary processing of access data. Our legitimate interests here are to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
  • Sending newsletters, provided data has been collected for this purpose; legal basis: Art. 6 (1) (a) GDPR (consent).
  • Use of cookies, analysis, and tracking tools (see section "Technical and organizational measures / Cookies & Tracking"). Legal basis: Art. 6 (1) (a) GDPR (consent) where necessary.

3. Types of personal data processed

Depending on the service or function, we may process:

  • Meta/communication data (e.g. time and scope of communication)
  • Additional data in the context of the use of special tools (see section “Processing in the context of tools & applications”)
  • Inventory data (e.g. name, address, contact details)
  • Contact details (e.g. email, telephone number)
  • Content and usage data (e.g., submitted messages, form contents)
  • Usage data of our website (e.g. IP address, browser type, access data, length of stay, log data)

4. Recipients / categories of recipients

Your data may, if necessary, be passed on to:

  • Hosting and IT service providers who provide us with technical infrastructure
  • Newsletter service provider (see MailPoet below)
  • Provider or operator of the tools and plugins used (see section WordPress Plugins and External Services )
  • Public bodies only in case of legal obligations

When passing on data, we ensure that these service providers only act within the framework of a contract for order processing (Art. 28 GDPR). Depending on the service or function, we may process

5. Transfer to third countries

If personal data is transferred outside the European Economic Area (EEA) (e.g., by third parties based in non-EEA countries), this will only occur if an appropriate level of data protection is guaranteed (e.g., through EU standard contractual clauses) or if explicit consent has been obtained. Information on this can be found in the respective tools/applications.

6. Storage period

We only store personal data for as long as necessary for the purposes or as long as statutory retention periods apply. As soon as the purpose for storage no longer applies or a statutory retention period expires, the data is deleted or anonymized.

7. Your rights

As a data subject, you have the following rights under the GDPR:

  • Right to information (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (“right to be forgotten”) (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent (Article 7 (3)) – however, this does not affect the legality of the processing carried out up to the point of withdrawal.
  • Right to lodge a complaint with a supervisory authority (Article 77) – in Berlin, for example, this is the Berlin Commissioner for Data Protection and Freedom of Information.

If you wish to exercise any of your rights, please contact datenschutz@wannseeforum.de

8. Revocation and objection

If the processing is based on your consent, you can revoke this consent at any time with future effect. If data processing is based on legitimate interests, you have the right to object to the processing; we will then immediately examine whether there are compelling legitimate grounds for the processing.

9. Cookies and tracking technologies

Our website uses cookies and possibly other technologies for analysis and optimization.

  • You have the option of deactivating cookies or adjusting your settings via your browser or via a provided cookie banner.
  • If tracking and analysis tools are used, this will generally only be done with your consent (Art. 6 (1) (a) GDPR).
  • Note: If deactivated, the functionality of the website may be limited.

10. Hosting & technical provision

Our website is provided by a hosting service provider. Technical data (e.g., access data, IP address, browser type, date/time) is automatically collected and stored. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest). This data is deleted or anonymized after a certain period of time.

11. Tools & Applications

On our website and in the course of our activities, we use the tools, plugins, and services listed under WordPress Plugins and External Services . For each tool, the purpose, data types, legal basis, and, if applicable, third-country transfers are specified.

12. Security measures

We take appropriate technical and organizational measures to ensure a level of protection for personal data appropriate to the risk (e.g. encryption, access controls, data backup).

13. Automated decision-making

We do not use automated decision-making as defined in Article 22(1) and (4) of the GDPR.

14. Changes and updates to this privacy policy

This privacy policy is current as of October 30, 2025.

Due to the ongoing development of our website, products, and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. In this case, we will update this privacy policy accordingly on our website.

WordPress plugins and external services

This website uses Borlabs Cookie to manage cookies and tracking technologies in compliance with the GDPR. The plugin allows you to grant or deny your consent to various cookie categories. Your cookie settings are stored locally in your browser and retrieved each time you visit. No personal data is transferred to external servers. You can change your settings at any time via the cookie banner or in the cookie settings . The legal basis is Art. 6 (1) (a) GDPR (consent).

MailPoet

We use the MailPoet plugin to send newsletters. When you register for the newsletter, we collect your email address and, optionally, other data you provide (last name, first name). This data is used exclusively for sending the newsletter and stored on our server. You will receive a confirmation email (double opt-in process) to verify your registration. You can unsubscribe from the newsletter at any time:

After unsubscribing, your data will be deleted unless there is another legal basis for storage. The legal basis is Art. 6 (1) (a) GDPR (consent).

WPForms

Contact forms on this website are created and managed with WPForms. When you fill out and submit a form, the data you enter (e.g., name, email address, message) is transmitted to us and stored to process your request. The data will only be used for the specified purpose and will not be shared with third parties. The storage period depends on the purpose of the request and statutory retention periods. Your IP address is temporarily stored to protect against spam. The legal basis is Art. 6 (1) (b) GDPR (performance of contract) or Art. 6 (1) (f) GDPR (legitimate interest).

hCaptcha

To protect the contact forms provided via WPForms from spam and automated attacks, we use the hCaptcha service provided by Intuition Machines, Inc. (USA). When you use the forms, data such as your IP address, browser information, mouse movements, and other interaction data are transmitted to hCaptcha to verify that you are a genuine user. This data is used for spam prevention and security analysis. The data is transferred to the USA. Further information on data processing can be found in hCaptcha's privacy policy at: https://www.hcaptcha.com/privacy . The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in securing the website against misuse).

Linguise (website translation)

This website uses the Linguise translation service to provide content in various languages. Linguise processes the page content accessed to automatically translate it. Technical data such as your IP address, browser information, and the URL accessed may be transferred to Linguise's servers. Your language selection is stored in a cookie to display your preferred language on future visits. Further information on data processing can be found in Linguise's privacy policy at: https://www.linguise.com/privacy-policy . The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in providing the website in multiple languages).

Embedded content from other websites

Articles on this website may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves exactly as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking services, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content.

YouTube (Google)

This website embeds videos from the YouTube platform, which is operated by Google Ireland Limited. When YouTube videos are loaded, data is transferred to Google, including your IP address and cookie information. Google can use this data to analyze user behavior, for personalized advertising, and to improve services. We use YouTube's enhanced privacy mode, which means data is only transferred when you play the video. The data is transferred to the USA, where an adequate level of data protection exists due to an adequacy decision of the EU Commission. For more information, see Google's privacy policy: https://policies.google.com/privacy . The legal basis is Art. 6 (1) (a) GDPR (consent via cookie banner).

Vimeo

This website embeds videos from the Vimeo platform, which is operated by Vimeo LLC (USA). When Vimeo videos are loaded, data is transferred to Vimeo, including your IP address, browser information, and usage data. Vimeo may use this data for analysis, service improvement, and advertising purposes. Data is transferred to the USA. Further information on data processing can be found in Vimeo's privacy policy: https://vimeo.com/privacy . The legal basis is Art. 6 (1) (a) GDPR (consent via cookie banner).

Flickr (Yahoo)

This website embeds images from Flickr, a service provided by Yahoo Inc. (USA). When you load Flickr content, data is transferred to Yahoo, including your IP address and technical information. Yahoo may use this data to analyze and improve its services. Data is transferred to the USA. Further information on data processing can be found in Yahoo's privacy policy: https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html . The legal basis is Art. 6 (1) (a) GDPR (consent via cookie banner).

Instagram

This website integrates content from Instagram, a service provided by Meta Platforms Ireland Limited. When Instagram content is loaded, data is transferred to Meta, including your IP address, browser information, and usage data. Meta may use this data to analyze user behavior, provide personalized advertising, and improve services. Data is transferred to the USA and other countries. Further information on data processing can be found in Meta's privacy policy: https://www.facebook.com/privacy/policy/ . The legal basis is Art. 6 (1) (a) GDPR (consent via cookie banner).

Note on external content

All external media content (YouTube, Vimeo, Flickr, Instagram) will only be loaded after your explicit consent via our cookie banner. Prior to your consent, only placeholders will be displayed. You can revoke your consent at any time in the cookie settings.

How long we store your data

The data collected via contact forms and newsletter registrations are stored in accordance with the respective purpose and statutory retention periods. Newsletter data is deleted after unsubscribing, and contact requests are deleted after processing is complete and any warranty or limitation periods have expired.

What rights you have to your data

You can request an export of your personal data, including any data you have provided to us via contact forms or newsletter subscriptions. You can also request the erasure of any personal data we hold about you. This does not include any data we are obliged to retain for administrative, legal, or security purposes.

Where your data is sent

Automated spam detection services may be used when processing form data.