1. Controller
The controller responsible for the processing of personal data on this website is:
WeiterZusammen e.V.
Breite Straße 63
66115 Saarbrücken
Germany
Represented by:
Mariam Mikare
Wasim Al Eez Al Dien
Khaled Alkhouli
E-Mail: info@weiterzusammen.de
If you have questions regarding data protection, your rights, or the withdrawal of consent, you may contact us at any time using the contact details above.
2. General Information
We process personal data only to the extent necessary for operating the website, handling membership requests, communicating with interested persons and members, administering the association, ensuring system security, or fulfilling legal obligations.
Personal data includes all information relating to an identified or identifiable natural person. This may include names, addresses, e-mail addresses, phone numbers, dates of birth, IP addresses, message contents, membership information, and photos in which individuals may be identifiable.
The relevant legal bases arise in particular from the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).
3. Legal Bases for Processing
Depending on the purpose, we process personal data on the following legal bases:
- Art. 6(1)(a) GDPR – consent
- Art. 6(1)(b) GDPR – performance of membership-related or pre-contractual measures
- Art. 6(1)(c) GDPR – compliance with legal obligations
- Art. 6(1)(f) GDPR – legitimate interests in secure and proper operation of the website and association activities
Where special categories of personal data pursuant to Art. 9 GDPR are involved, processing only takes place on an appropriate legal basis or with explicit consent.
4. Website Access and Server Logs
When visiting our website, technically necessary data may be processed to ensure secure and stable operation of the website.
This may include:
- IP address
- date and time of access
- accessed pages and files
- browser type and browser version
- operating system
- technical error and security logs
Processing is based on Art. 6(1)(f) GDPR.
5. Hosting via Vercel
Our website is hosted using the service Vercel provided by Vercel Inc.
Vercel may process technical access data and log data to ensure the availability, security, and operation of the website.
Where personal data is processed, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.
Processing in third countries, especially the United States, cannot be excluded. Appropriate safeguards pursuant to Chapter V GDPR are used where required.
6. Database, Authentication and Storage via Supabase
We use Supabase for database services, administrator authentication, and media storage.
This may include processing of:
- membership requests
- administrator profiles
- roles and permissions
- website content
- media metadata
- technical administration data
Access to administrative data is restricted to authorized administrators.
Technically necessary cookies may be used for secure administrator authentication.
Publicly accessible media content may be available through the website. Therefore, media is only published after prior review.
Where Supabase processes personal data, this is based on a data processing agreement pursuant to Art. 28 GDPR.
7. Cookies, Local Storage and Similar Technologies
We currently do not use advertising, tracking, or analytics cookies.
Technically necessary authentication cookies may be used in the administrator area.
The selected website language may be stored locally in the user’s browser.
If analytics, marketing, or social media functions are introduced in the future, this privacy policy will be updated accordingly.
8. Fonts
The website uses fonts that are technically integrated into the website itself. According to the current technical setup, no direct browser-side connection to Google Fonts occurs during normal website access.
9. Membership Requests and Membership
Users may submit membership requests through the website.
The submitted data may include:
- first and last name
- date of birth
- address
- e-mail address
- phone number
- preferred language
- membership type
- optional message
- request status
- submission and processing timestamps
For security reasons, technical information such as IP addresses may be temporarily stored.
Processing is based on Art. 6(1)(b) GDPR.
If a membership request is accepted, the required data will be transferred into a membership record.
IBAN and banking information are currently not collected directly through the website.
10. Communication and E-Mail
We use e-mail communication for association-related communication with interested persons, members, and administrators.
Processed information may include:
- e-mail address
- name
- message content
- delivery status
- technical delivery information
E-mail delivery may currently take place through SMTP services such as STRATO.
At present, no tracking pixels or e-mail opening tracking technologies are used.
11. Contact and External Links
If you contact us via e-mail or other contact options, we process the submitted information to handle your request.
Our website may contain links to external platforms such as Instagram or Facebook.
We currently do not use embedded social media plugins.
The respective platform provider is solely responsible for data processing on external platforms.
12. Photos, Media and Public Relations
We may publish photos and media from association activities, workshops, projects, and events.
Before publication, we review whether privacy or personal rights could be affected.
Particular care is taken regarding images of children, minors, or sensitive situations.
Where required, publication only takes place with appropriate consent.
Consent may be withdrawn at any time with future effect.
13. Administrator Area, Roles and Logs
The administrator area is accessible only to authorized administrators.
This may involve processing of:
- administrator profiles
- roles and permissions
- status information
- usage timestamps
- administrative activity logs
Administrative logs are currently deleted automatically after 28 days.
14. Legal Texts and Website Content
Legal texts and website content may be versioned and managed internally.
This allows tracking of which authorized person created or modified content.
15. Recipients and Service Providers
Personal data is only disclosed where necessary.
Recipients may include:
- authorized association representatives
- technical service providers
- hosting and e-mail providers
- authorities or courts where legally required
Where necessary, data processing agreements pursuant to Art. 28 GDPR are concluded with service providers.
16. Transfers to Third Countries
Some technical services may involve data processing outside the European Union, especially in the United States.
Where applicable, appropriate safeguards pursuant to Art. 44 et seq. GDPR are used.
17. Storage Duration and Deletion
Personal data is stored only as long as necessary or legally required.
- Rejected membership requests are deleted after no later than 12 months.
- Membership data is stored for the duration of membership.
- Communication and delivery logs are generally deleted after 12 months.
- Rate-limit data is deleted after a maximum of 30 days.
- Administrative logs are deleted after 28 days.
- Publicly published media may remain stored as long as required for association purposes.
18. Data Security
We implement technical and organizational measures to protect personal data.
These measures include:
- encrypted HTTPS connections
- access restrictions
- role-based permissions
- logging of security-related actions
- technical security measures within the administrator area
19. Obligation to Provide Data
No membership-related information is required to visit the public website.
However, certain required information must be provided when submitting a membership request.
20. No Automated Decision-Making
We do not make legally binding decisions based solely on automated processing.
Membership requests are reviewed by authorized persons.
21. Your Rights
Under the GDPR, you have the following rights in particular:
- right of access
- right to rectification
- right to erasure
- right to restriction of processing
- right to data portability
- right to object
- right to withdraw consent
- right to lodge a complaint with a supervisory authority
22. Right to Lodge a Complaint
Responsible supervisory authority:
Unabhängiges Datenschutzzentrum Saarland
Fritz-Dobisch-Str. 12
66111 Saarbrücken
Germany
E-Mail: poststelle@datenschutz.saarland.de
23. Changes to this Privacy Policy
We may update this privacy policy if technical functions, legal requirements, or processing procedures change.
The current version is always available on this website.
Last updated: May 2026
Privacy policy