Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Hans-Georg Walter (Chairman)

Aufbruch am Arrenberg e. V.
Fröbelstraße 1a
42117 Wuppertal

Phone: 0202-49575051
Email: info@aufbruch-am-arrenberg.de

When you visit this website, the server automatically processes information that is technically necessary to deliver the website and ensure its stability and security. In particular, the following may be processed:

• IP address
• Date and time of access
• URL accessed
• Referrer URL
• Browser type and version
• Operating system
• Amount of data transferred
• Status codes

The legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in ensuring the secure, stable, and functional operation of the website.

Hosting provider: STRATO AG
Server location: Germany / EU
Transfer to third countries: No
Data Processing Agreement (DPA): Yes

We process personal data only to the extent necessary to provide a fully functional website and our content and services, or where there is a legal basis for doing so. Where we obtain consent, processing is based on Article 6(1)(a) of the GDPR. To the extent that processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is based on Article 6(1)(b) of the GDPR. To the extent that processing is necessary to comply with legal obligations, it is based on Article 6(1)(c) of the GDPR. In all other cases, processing is based on Article 6(1)(f) of the GDPR.

Our website uses a language system. When you select a language, we store your language preference in a cookie.

• Cookie name: arrenberg_site_lang
• Purpose: To store the language you selected
• Retention period: up to 1 year
• Legal basis: Art. 6(1)(f) GDPR

Our legitimate interest is to display the website to you in your preferred language on an ongoing basis.

If you are logged in, your language preference may also be associated with your user account.

Our website uses its own privacy settings for certain functional areas. Your selection is stored in a cookie.

• Cookie name: project_core_consent
• Purpose: To store your selection regarding
  • external media
  • statistics
  • external payment services
  • Retention period: up to 1 year

Legal basis: Art. 6(1)(c) GDPR, Art. 6(1)(a) GDPR, and Art. 6(1)(f) GDPR

If you are logged in, your selections may also be associated with your user account so that your privacy settings are retained across different sections of the site.

On our website, you can create a user account and log in.

In doing so, we process the following information in particular:

• First name
• Last name
• Display name / public name
• Email address
• Username
• Password
• Technical security data, if applicable, as part of the registration process

Registration and login are handled via WordPress as well as through a custom authentication flow in the frontend.

Purposes of processing:

• Setup and management of user accounts
• User authentication
• Provision of protected areas and community features
• Detection of abuse and attacks

Legal basis:

• Art. 6(1)(b) GDPR for the provision of the user account
• Art. 6(1)(f) of the GDPR for security measures and abuse prevention

To prevent automated requests and abuse, we use a security check powered by ALTCHA.

This process involves processing challenge data and the solution submitted by your browser. Validation takes place on the server side. The challenge is provided via our website.

The legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in protecting our systems from spam, bot registrations, and unauthorized access.

For login and registration attempts, we use rate limiting based on technical characteristics, in particular the IP address and the identifier used in each case, such as an email address or username.

The purpose is to protect against brute-force attacks and fraudulent registrations.

The legal basis is Article 6(1)(f) of the GDPR.

The code includes a mechanism for user accounts that require verification. If this feature is enabled, your email address will be used to verify your account.

The legal basis is Article 6(1)(b) of the GDPR.

Logged-in users can add additional information to their profile. Depending on how the site is used, this may include, in particular:

• Profile picture / avatar
• Biography
• Contact email
• Phone number
• Website
• Visibility settings for individual profile details

The visibility of individual details can be set in the system to “public” or “members only.”

The legal basis is Article 6(1)(b) of the GDPR.

Our website offers community features such as comments, likes, and, where applicable, polls.

When you post a comment, we process the following information in particular:

• Comment content
• Name or account reference
• Timestamp
• Relationship to the commented content
• Nested reply relationships, if applicable

Depending on the configuration, comments may be restricted to logged-in users.

The legal basis is Article 6(1)(b) of the GDPR for registered accounts and Article 6(1)(f) of the GDPR for the provision of interactive community features.

When you like content or comments, we store information about which user account liked which content or comment.

The legal basis for this is Article 6(1)(b) of the GDPR or Article 6(1)(f) of the GDPR.

To ensure a respectful and legally compliant exchange, posts and comments may be moderated. The code includes moderation, spam filtering, and flagging features, including mechanisms for tracking problematic content.

The legal basis is Article 6(1)(f) of the GDPR.

Contact forms are available on our website.

In particular, we process the following:

• Name
• Email address
• Message content
• If applicable, the page reference / URL from which the form was submitted
• Optionally, a request for a copy of the message
• Confirmation of the privacy policy
• Security check via ALTCHA

The message is sent to the recipients configured for the respective form. Additionally, a copy can be sent to the sender upon request.

The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

If you are logged in, you can enable web push notifications for your browser.

In doing so, we process the following in particular:

• Push endpoint
• cryptographic keys for the browser subscription
• Content encoding information used
• Timestamps
• User-Agent
• User-specific push preferences

Data is stored on a user-specific basis so that notifications can be sent to the specific registered browser.

Purposes of processing:

• Sending notifications about comments and other events
• Managing your push settings
• Technical delivery and opt-out for individual devices

The legal basis is Article 6(1)(a) of the GDPR.

You may revoke your consent at any time with future effect by disabling push notifications in your profile and, if applicable, also revoking the browser permission in your browser.

Our website uses a service worker for PWA features and push notifications.

In particular, the following data may be processed or stored locally on your device:

• Cached content for static files, images, and navigation
• PWA installation status
• Locally stored settings for display and notification features

The PWA feature is designed to improve the website’s availability, performance, and usability.

The legal basis is Article 6(1)(f) of the GDPR; for push notifications, Article 6(1)(a) of the GDPR also applies.

Our website may include videos and other external media, particularly from:

• YouTube in enhanced privacy mode (youtube-nocookie.com)
• Vimeo

This content will not be loaded until you have given your consent for the “External Media” category.

When external media is loaded, personal data may be transmitted to the respective providers, specifically:

• IP address
• Technical browser data
• Usage data

The legal basis is Article 6(1)(a) of the GDPR.

Our website uses map features based on OpenStreetMap and Leaflet.

In doing so, map data is loaded from OpenStreetMap servers. When map tiles are retrieved, your IP address and technical connection data, in particular, may be transmitted to OpenStreetMap or the integrated tile servers.

The legal basis for this is Article 6(1)(f) of the GDPR, insofar as the maps are necessary for displaying our content and locations.

The system displays profile pictures from the user’s own media library if the user has uploaded a picture and the visibility settings allow it.

If no personal image has been uploaded or the visibility check fails, the standard WordPress avatar logic may still apply from a technical standpoint.

The system includes a translation plugin that can automatically translate content via the DeepL API as needed. The text to be translated can be sent to DeepL. According to the current code, this applies in particular to editorial content fields. Depending on usage, this may also include user-generated content, provided that such content is incorporated into translated content areas.

Purposes of processing:

• Provision of multilingual content
• Automatic completion of missing translations

The legal basis is Art. 6(1)(f) of the GDPR.

For embedded videos, thumbnails can be automatically retrieved from external providers and cached locally, specifically:

• YouTube (i.ytimg.com)
• Vimeo (oEmbed interface)

This primarily concerns server-side processing for the display of thumbnails.

The legal basis is Article 6(1)(f) of the GDPR.

Logged-in users can upload, crop, and manage images in certain areas, particularly for profile pictures or content posts.

The following may be processed:

• uploaded image files
• technical file information
• alternative text
• Image credits

The legal basis is Article 6(1)(b) of the GDPR.

According to the current code, local browser storage (localStorage and sessionStorage) is also used, particularly for:

• PWA Notices / Installation Instructions
• certain feed or UI states
• administrative simulator functions

To the extent that these storage mechanisms are used for purely technical and functional purposes and no server-side profiling takes place, the processing is based on Article 6(1)(f) of the GDPR.

Recipients of personal data may include, in particular:

(the service providers actually used and, where applicable, their locations will be added)

We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention obligations.

• Account data: for the duration of the user account
• Comments and community content: until deleted by us or the data subject, or until the purpose no longer applies
• Contact requests: until the request is fully processed and subsequently in accordance with our internal deletion routine
• Push notifications: until revoked, deleted, or technically invalid
• Consent and language cookies: typically up to 1 year

Subject to the statutory requirements, you have the following rights in particular:

• Right of access under Article 15 of the GDPR
• Right to rectification under Article 16 of the GDPR
• Right to erasure under Article 17 of the GDPR
• Right to restriction of processing under Article 18 of the GDPR
• Right to data portability under Article 20 of the GDPR
• Right to object under Article 21 of the GDPR
• Right to withdraw consent with future effect
• Right to lodge a complaint with a data protection supervisory authority

If certain information is required for registration, login, contacting us, or community features, we will mark it as required. Without this information, you will not be able to use the respective features, or will only be able to use them partially.

To the best of our current knowledge, there is no fully automated decision-making within the meaning of Article 22 of the GDPR.