Data Privacy at a Glance

Data privacy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data privacy regulations as well as this data privacy statement.

When using this site, various personal data are collected. Personal data are any data that can identify you personally. This data privacy statement explains what data we collect and what we use it for. It also explains how and for what purpose this takes place.

Please note that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. Complete data protection against third-party access is not possible.

Information on the responsible party
The responsible party for data processing on this website is:

Wikimedia Deutschland –
Association for the promotion of Free Knowledge e. V.
Tempelhofer Ufer 23-24
10963 Berlin

Phone: +49 (0)30-577 11 62-0
E-mail: datenschutz@wikimedia.de

Revocation of the consent for data processing
Many data-processing operations are only possible with your express consent. You can revoke your previously given consent at any time. For this purpose, you can simply send us an informal message by e-mail. The legality of the data processing up to the time of the revocation remains unaffected by the revocation.

Right to issue an appeal to the competent supervisory authority
In the event of any violation of data-privacy law, the person concerned has a right to issue an appeal to the competent supervisory authority. The responsible supervisory authority for data-privacy matters is the data-privacy officer of the federal state in which our company is located. A list of data privacy officers and their contact details can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.htm

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection when the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.
If the SSL or TLS encryption is enabled, the data that you provide to us cannot be read by third parties.

Encrypted payment transactions on this website
If you are required to provide us with your payment details (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract, this data will be needed for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.

Automated decision-making
We do not make use of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR.

Obligation to provide data
Under no circumstances are you legally or contractually obliged to provide us with personal data. However, without its provision as part of the services listed below, we cannot provide you with the functionality described there.

Cookies
Some of the Internet pages use “cookies.” Cookies do not cause any damage to your computer and do not contain any viruses. They serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your computer until you delete them. These cookies allow us to recognize your browser the next time you visit.

You can adjust your browser settings so that you are informed about cookie settings and only allow cookies in individual cases. You can also decline cookies in certain cases or generally and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this site may be restricted.

Cookies, which are required to carry out the electronic communication process or to provide certain functions requested by you (e.g. shopping cart function), are stored pursuant to Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technical, error-free, and optimized delivery of the related services. Insofar as other cookies are stored (e.g. cookies for the analysis of your surfing behavior), they are treated separately in this data privacy statement.

Server log files
The provider of the pages automatically collects and stores information in server log files, which your browser automatically sends to us. These are:

This data is not compiled together with other data sources.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. The data is only stored for a period of 24 hours. All log files created by our systems are then automatically deleted.

Registration on this website
You can register on our website to utilize our additional features. We only use the data entered for the purpose of the application of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will cancel the registration.

For important changes, for instance, to our services or technically necessary changes, we inform you using the e-mail address you provided during registration. The legal basis for this is Art. 6 para. 1 lit. b GDPR.

To permit these changes, you can simply send us an informal message by e-mail. The legality of the data processing already carried out remains unaffected by the revocation.

We store the data collected during the registration for as long as you are registered on our website and then subsequently deleted. Legal retention periods remain unaffected.

Comment function on this website
For the comment function on this page, your comment will be stored, along with information about the time the comment was made, your e-mail address and, if you do not post anonymously, your chosen user name.

Subscribe to comments
As a user of the site, you can subscribe to comments after registering. You will receive a confirmation e-mail to ensure that you are the owner of the given e-mail address. You can cancel this function at any time via the link provided in the info e-mails. In this case, the data entered when subscribing to comments will be deleted; if this data has been sent to us for other purposes (e.g. newsletter subscription), it will remain in our system.

Storage period of comments
The comments and the associated data (e.g. IP address) are stored and remain on our website until the commented content has been completely deleted or the comments need to be deleted for legal reasons (e.g. offensive comments).

Newsletter
There are several ways in which you can register for one of our newsletters. In this case, we use your e-mail address to send you information about current topics and our work. The legal basis for the processing is your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time with effect for the future, e.g. by sending an e-mail to news@wikimedia.de or by clicking on an unsubscribe link in one of the e-mails sent to you. The revocation shall not affect the lawfulness of the processing operations carried out on the basis of the consent up to the time of the revocation.

We also analyze your use of our newsletter, e.g. the link or button you clicked. This serves to improve our offers.

The processing for these purposes is based on Art.  6 para. 1 lit. f GDPR, whereby our legitimate interest lies in the aforementioned purposes. If you do not agree with the analysis, you can object at any time by unsubscribing the e-mails.

We operate a portal for active and new volunteers of the Wikimedia projects in the German-language Wikipedia at  https://de.wikipedia.org/wiki/Wikipedia: Support (hereinafter “funding portal”). We only collect via the funding portal the data entered into the corresponding form (https://de.wikipedia.org/wiki/Wikipedia:Förderung/Projektplanung and https://foerderung.wikimedia.de/). In all other respects, the pages are operated by the Wikimedia Foundation, and their data protection regulations apply to de.wikipedia.org: https://meta.wikimedia.org/wiki/Privacy_policy/de and the information on the use of cookies: https://wikimediafoundation.org/wiki/Cookie_statement.

Collected data
In general, we collect the following data:

In the context of certain funding (see also examples below), it may be necessary to collect, process, and use the following additional data. These may be:

Purposes and legal basis of data processing
This data is processed in order to complete your funding application and, if necessary, to carry out the funding. The approval of certain funding measures (e.g. literature grants) will be published on the respective Wikipedia user page of the applicant. Funded persons are also asked to publish their project results under their username on a Wikipedia page or to provide links to project results (e.g. Wikipedia articles).

For certain funded projects, especially those that involve funding of more than € 500, the project page will publish that you have received the funding. Typically, more extensive funding projects must also be applied for publicly. Wikimedia may also publish in its regular activity and financial reports the results of funding activities, together with the username of the funded person, if appropriate. For all funded projects, Wikimedia also processes user data for internal evaluation (e.g.  names, details of volunteer projects, funding amounts, evaluation results, project durations).

In the case of overnight stays and hotel bookings, personal data may have to be passed on to the respective hotel or accommodation, which, depending on the destination country of the trip, may involve data transmission to a third country. The legal basis for these processing operations is Art. 6 para. 1 lit. b DS-GVO.

In addition to the above-mentioned purposes, this data is processed in order to inform you of further funding and participation opportunities, project ideas or changes in funding guidelines. Wikimedia also uses personal data, in particular first and last name and address, to send funded persons an invitation to take part in a survey to improve the funding, greetings or thank-you messages or information, to inform the respective person about further funding and participation opportunities, and to notify them of project ideas or changes to the funding guidelines. For networking purposes, Wikimedia generally uses the usernames published in the Wikimedia projects, unless otherwise requested. If you contact us at the e-mail address provided on our website, you share with us at a minimum your e-mail address and any other information you may provide in your e-mail. In order to be able to handle your request, we are required to process this data. In each case, the legal basis for this is our legitimate interests in processing for the purposes mentioned in Art. 6 para. 1 lit. f DS-GVO.

Storage duration
We store your personal data for a period of 3 years from the date of your application for inspection and verification purposes (e.g. multiple applications) and then delete them. Please note that funding published on Wikipedia remains publicly available there even after this period. We store your e-mails and contacts as long as it is necessary to process your request and then store them for a period of 3 years in the event that you contact us again in reference to your original request.

Occasionally, we make it possible to register for events we organize. This can usually be done online, but in certain cases also offline. To successfully register, you will need to provide certain personal data, which can vary depending on the event. Where applicable, mandatory and voluntary information is indicated on the respective registration form.

We primarily use the data to organize the participation of the registering person at the event and to implement the event. This includes contacting the participant to the extent required within the scope of the event’s organization. The legal basis for the processing of these personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. We store this data for the aforementioned purposes until the event is completed.

We then store the data for an additional period of three years. This storage takes place due to our legitimate interest in being able to defend ourselves against any legal claims that may arise from the event or to assert such claims. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

The data collected during registration will be processed internally by the department responsible for the organization of the event. The data can also be passed on to external recipients. This includes, above all, service providers who support us in the organization and implementation of the event. In addition to our general service providers and the service providers listed below, we may also use additional service providers apart from the general service providers listed below for online elections in connection with the event and its organization. Some events are supported by the Wikimedia Foundation. If this is the case, we may transmit data for reporting purposes in order to protect our legitimate interests and the interests of the Wikimedia Foundation.

If we provide additional services for you at your request, such as travel or hotel bookings or the organization of childcare, we transmit the data to the recipients that are required for rendering the service in question. These may include in particular: Hotels, travel agencies, foreign offices, other authorities of foreign countries for issuing visas. Depending on where you live and where the event takes place, these recipients may also be located in third countries outside the EU or the EEA for which no EU Commission decision on adequacy exists. In such cases we will only carry out transmissions which are either necessary for the fulfilment of the contract between you and us or for the conclusion or fulfilment of a contract entered into in your interest between us and the recipient.

Twitter
We include tweets from Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) on our site. Our plug-in used for this purpose works according to the so-called two-click solution. In contrast to the usual integration of tweets, if you visit a page where tweets are integrated, no connection to Twitter will be established. This means that initially no data will be transmitted to Twitter, nor will cookies be set on your device. This will only occur if you actively click on the respective tweet, for example to comment on it or to open it in Twitter. If you click on integrated content, a direct connection is established between you and Twitter. As a result, data can be transferred and cookies set. During this process, Twitter is informed in particular about the page of our website you are currently on. This may be linked to an existing Twitter account. We have no influence here on the data that Twitter processes. Further information can be found in Twitter’s data privacy statement at: http://twitter.com/privacy

You can change your privacy settings in your account settings at: http://twitter.com/account/settings

Vimeo
Our website uses plug-ins for the video portal Vimeo. The provider is Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA.

Social Plug-Ins
We use so-called “social plug-ins” on our website. These plug-ins allow you to share content, link our posts or interact in any other way on your favorite social media services in a quick and easy way. To prevent you from unintentionally transferring data to the respective social media services when visiting our website, we use the so-called Shariff solution from Heise Medien GmbH & Co. KG. This means that you must actively click on the respective plug-ins before any data transfer takes place between you and the respective provider.
If you activate the respective plug-in by clicking on it, a direct connection is established between your browser and the social network server without you having to be logged in or access the page. The provider of the social network is thus at least informed that you have visited our site, but depending on the network, also receives additional information. If you are logged in to the social network when you click on the button, the social network provider may also associate your visit to our pages with your user account. The data processing taking place in the social network is solely under the control of the respective operators. We do not process personal data.
Information on the networks linked to our site, their operators and the processing of personal data taking place there can be found in the following list:

Embetty
We use the Embetty tool. Embetty is an open source software tool from Heise Medien GmbH & Co. KG that enables the integration of social media elements such as tweets, videos, etc. with minimal data usage. You can recognize Embetty content by the Embetty logo in the lower right corner. Embetty works according to the so-called two-click solution. Unlike the usual integration of services, if you visit a page where content is integrated using Embetty, no connection to the server of the service provider is initially established. As a result, no data is at first transferred to the service provider and no cookies are set on your device. This only happens when you actively click on the content, for example to view it. If you click on integrated content, a direct connection is established between you and the service and data can be transferred and cookies set. You alone therefore decide whether you want to transmit your data to the integrated services. Further information about the Embetty tool and its source code can be found at: https://heise.de/-4060362 and https://github.com/heiseonline/embetty

The departments within Wikimedia that are responsible for processing your requests have access to your data. In addition, we employ external service providers to the extent that we are unable to provide services ourselves or are unable to do so effectively. These external service providers are primarily providers of IT services and telecommunications services. Where the legal requirements are met, we have concluded order processing agreements with these service providers.
In general, transfers to third countries do not take place. We do, however, use the Google Workspace service of Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for our operations. An adequate level of data protection is ensured by the standard contractual clauses.

Conclusion of contract for order-data processing
We have concluded a contract with our service provider in which we require them to protect our customers’ data and to not to pass it on to third parties.

Office

Wikimedia Deutschland
Gesellschaft zur Förderung Freien Wissens e. V.
PO Box 61 03 49
10925 Berlin

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Phone: +49 (0)30-577 11 62-0
Fax: +49 (0)30-577 11 62-99
E-mail: info@wikimedia.de