The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Hans-Georg Walter (Chairman)
Aufbruch am Arrenberg e. V.
Fröbelstraße 1a
42117 Wuppertal
Phone: 0202-49575051
Email: info@aufbruch-am-arrenberg.de
When you visit this website, the server automatically processes information that is technically necessary to deliver the website and ensure its stability and security. In particular, the following may be processed:
The legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in ensuring the secure, stable, and functional operation of the website.
Hosting provider: STRATO AG
Server location: Germany / EU
Transfer to third countries: No
Data Processing Agreement (DPA): Yes
We process personal data only to the extent necessary to provide a fully functional website and our content and services, or where there is a legal basis for doing so. Where we obtain consent, processing is based on Article 6(1)(a) of the GDPR. To the extent that processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is based on Article 6(1)(b) of the GDPR. To the extent that processing is necessary to comply with legal obligations, it is based on Article 6(1)(c) of the GDPR. In all other cases, processing is based on Article 6(1)(f) of the GDPR.
Our website uses a language system. When you select a language, we store your language preference in a cookie.
Our legitimate interest is to display the website to you in your preferred language on an ongoing basis.
If you are logged in, your language preference may also be associated with your user account.
Our website uses its own privacy settings for certain functional areas. Your selection is stored in a cookie.
Legal basis: Art. 6(1)(c) GDPR, Art. 6(1)(a) GDPR, and Art. 6(1)(f) GDPR
If you are logged in, your selections may also be associated with your user account so that your privacy settings are retained across different sections of the site.
6.1 User Account
On our website, you can create a user account and log in.
In doing so, we process the following information in particular:
Registration and login are handled via WordPress as well as through a custom authentication flow in the frontend.
Purposes of processing:
Legal basis:
6.2 Security Check During Registration and Login
To prevent automated requests and abuse, we use a security check powered by ALTCHA.
This process involves processing challenge data and the solution submitted by your browser. Validation takes place on the server side. The challenge is provided via our website.
The legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in protecting our systems from spam, bot registrations, and unauthorized access.
6.3 Rate Limiting and Abuse Prevention
For login and registration attempts, we use rate limiting based on technical characteristics, in particular the IP address and the identifier used in each case, such as an email address or username.
The purpose is to protect against brute-force attacks and fraudulent registrations.
The legal basis is Article 6(1)(f) of the GDPR.
6.4 Email Confirmation
The code includes a mechanism for user accounts that require verification. If this feature is enabled, your email address will be used to verify your account.
The legal basis is Article 6(1)(b) of the GDPR.
Logged-in users can add additional information to their profile. Depending on how the site is used, this may include, in particular:
The visibility of individual details can be set in the system to “public” or “members only.”
The legal basis is Article 6(1)(b) of the GDPR.
Our website offers community features such as comments, likes, and, where applicable, polls.
8.1 Comments
When you post a comment, we process the following information in particular:
Depending on the configuration, comments may be restricted to logged-in users.
The legal basis is Article 6(1)(b) of the GDPR for registered accounts and Article 6(1)(f) of the GDPR for the provision of interactive community features.
8.2 Likes
When you like content or comments, we store information about which user account liked which content or comment.
The legal basis for this is Article 6(1)(b) of the GDPR or Article 6(1)(f) of the GDPR.
8.3 Moderation and Combating Abuse
To ensure a respectful and legally compliant exchange, posts and comments may be moderated. The code includes moderation, spam filtering, and flagging features, including mechanisms for tracking problematic content.
The legal basis is Article 6(1)(f) of the GDPR.
Contact forms are available on our website.
In particular, we process the following:
The message is sent to the recipients configured for the respective form. Additionally, a copy can be sent to the sender upon request.
The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.
If you are logged in, you can enable web push notifications for your browser.
In doing so, we process the following in particular:
Data is stored on a user-specific basis so that notifications can be sent to the specific registered browser.
Purposes of processing:
The legal basis is Article 6(1)(a) of the GDPR.
You may revoke your consent at any time with future effect by disabling push notifications in your profile and, if applicable, also revoking the browser permission in your browser.
Our website uses a service worker for PWA features and push notifications.
In particular, the following data may be processed or stored locally on your device:
The PWA feature is designed to improve the website’s availability, performance, and usability.
The legal basis is Article 6(1)(f) of the GDPR; for push notifications, Article 6(1)(a) of the GDPR also applies.
Our website may include videos and other external media, particularly from:
This content will not be loaded until you have given your consent for the “External Media” category.
When external media is loaded, personal data may be transmitted to the respective providers, specifically:
The legal basis is Article 6(1)(a) of the GDPR.
Our website uses map features based on OpenStreetMap and Leaflet.
In doing so, map data is loaded from OpenStreetMap servers. When map tiles are retrieved, your IP address and technical connection data, in particular, may be transmitted to OpenStreetMap or the integrated tile servers.
The legal basis for this is Article 6(1)(f) of the GDPR, insofar as the maps are necessary for displaying our content and locations.
The system displays profile pictures from the user’s own media library if the user has uploaded a picture and the visibility settings allow it.
If no personal image has been uploaded or the visibility check fails, the standard WordPress avatar logic may still apply from a technical standpoint.
The system includes a translation plugin that can automatically translate content via the DeepL API as needed. The text to be translated can be sent to DeepL. According to the current code, this applies in particular to editorial content fields. Depending on usage, this may also include user-generated content, provided that such content is incorporated into translated content areas.
Purposes of processing:
The legal basis is Art. 6(1)(f) of the GDPR.
For embedded videos, thumbnails can be automatically retrieved from external providers and cached locally, specifically:
This primarily concerns server-side processing for the display of thumbnails.
The legal basis is Article 6(1)(f) of the GDPR.
Logged-in users can upload, crop, and manage images in certain areas, particularly for profile pictures or content posts.
The following may be processed:
The legal basis is Article 6(1)(b) of the GDPR.
According to the current code, local browser storage (localStorage and sessionStorage) is also used, particularly for:
To the extent that these storage mechanisms are used for purely technical and functional purposes and no server-side profiling takes place, the processing is based on Article 6(1)(f) of the GDPR.
Recipients of personal data may include, in particular:
(the service providers actually used and, where applicable, their locations will be added)
We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention obligations.
Subject to the statutory requirements, you have the following rights in particular:
If certain information is required for registration, login, contacting us, or community features, we will mark it as required. Without this information, you will not be able to use the respective features, or will only be able to use them partially.
To the best of our current knowledge, there is no fully automated decision-making within the meaning of Article 22 of the GDPR.
