Privacy Policy

 

Data Protection at a Glance

Scope

This privacy policy applies exclusively to the website operated by Fundacja Instytut OM Noizzes at https://fdn.om-noizzes.com. It does not apply to other websites within the network of cooperating entities of OM Noizzes, such as the landing page (https://om-noizzes.com), Practice (https://care.om-noizzes.com), or Institute (https://edu.om-noizzes.com). Each of these areas has its own content, distinct areas of responsibility, and a separate privacy policy. Please review the privacy policy and the principles of personal data processing on the respective websites.

General Information

The following information provides a brief explanation of what happens to your personal data when you visit this website. Personal data encompasses all information that can be used to identify you personally. Detailed information on data protection can be found in our privacy policy below.

This privacy policy contains information on the processing of your personal data collected through the use of the website and its features, through electronic and traditional correspondence, as well as in connection with the provision of services and the carrying out of activities within the statutory purposes of the Institute OM Noizzes Foundation, located in Kraków, ul. Wadowicka 6, 30-415 Kraków, KRS No.: 0001119157.

In fulfillment of the obligation under Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, we hereby provide you with the following information:

Pursuant to the General Data Protection Regulation (GDPR) and the Polish Personal Data Protection Act (Act of 10 May 2018 – “UODO”), as a user, you have certain rights concerning your personal data. The competent data protection authority in Poland, to which complaints and inquiries can be addressed, is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych – UODO).

 

1. Collection of Data on This Website

Who is responsible for data processing on this website?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the “Information on the Data Controller” section of this privacy policy.

How do we collect your data?

Your data is collected when you provide it to us—for example, by entering it into a contact form.

Other data is automatically collected or only after you give consent while visiting the website. These are primarily technical data (e.g., browser information, operating system, time of page access). Such data is automatically collected as soon as you visit our website.

For what purposes do we use your data?

The collection of this data ensures the proper functioning of the website. If contracts are concluded or transactions initiated via the website, the provided data may also be used to prepare offers, process orders, or handle other inquiries related to the contract.

Data processing also takes place when there is a legal obligation to do so or when there is a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Are tracking, analysis, or profiling tools used?

We do not use any cookies on our website. When you visit our site, we only collect data recorded in the server log files (e.g., IP address, time of access) to ensure the secure and error-free operation of the website. No other tracking, analysis, or profiling tools are used; profiling is not conducted.

Which rights do you have regarding the processing of your data?

You have the right to request information free of charge about the origin, recipients, and purpose of your personal data stored with us. You also have the right to have this data corrected or deleted. If you have given consent to data processing, you can revoke it at any time with effect for the future.

Additionally, under Art. 173 of the Polish Telecommunications Act (Prawo Telekomunikacyjne, PT), you have the right to object to the use of certain technologies, such as cookies.

For users accessing the Foundation’s website from the territory of the Federal Republic of Germany, the Telecommunications-Telemedia Data Protection Act (TTDSG) applies, which concerns the use of cookies.

In that case, cookies (unless technically required) may only be used with your consent under §25 TTDSG.

In certain circumstances, you also have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the Polish data protection authority:

Urząd Ochrony Danych Osobowych (UODO)
Stawki 2, 00-193 Warszawa, Poland
Website: https://uodo.gov.pl

You can also contact the data protection authority responsible for your place of residence or country if you believe that your personal data is being processed unlawfully.

If you have further questions about data protection, you can contact us at any time.

 

2. Hosting

Our website is technically maintained by ION Research & Education Sp. z o.o. (“ION”). ION uses the infrastructure of Hetzner Online GmbH (“Hetzner”).

Hetzner

The service provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Detailed information on how your data is handled can be found in Hetzner’s privacy policy:
https://www.hetzner.com/de/legal/privacy-policy/

The use of Hetzner’s services is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in ensuring the greatest possible reliability of our website. If consent has been obtained, data processing is carried out solely on the basis of Art. 6(1)(a) GDPR and Article 173 of the Polish Telecommunications Act (Prawo Telekomunikacyjne, PT), provided that the consent covers the storage of cookies or access to information on the user’s device. Consent can be revoked at any time with effect for the future.

ION

The service provider is ION Research & Education Sp. z o.o., ul. Wadowicka 6, 30-415 Kraków, Poland.

ION serves as the technical service provider, responsible for the technical maintenance, upkeep, and administration of our website.

Data Processing by ION and Hetzner

A data processing agreement (AV-Vertrag under Art. 28 GDPR) exists between us and ION. This means that ION processes personal data of our website visitors exclusively according to our instructions and in compliance with legal data protection regulations. Hence, there is no joint controllership (Art. 26 GDPR) between us and ION, since we do not jointly determine the purposes and means of processing.

Hetzner acts as the hosting provider, providing the necessary server infrastructure. In its relationship with ION, Hetzner serves as a (sub-)processor. ION has entered into a data processing agreement (DPA) with Hetzner, ensuring that your data is processed on Hetzner’s servers in compliance with GDPR and Polish data protection regulations.

 

3. E-Mail Communication

Our email infrastructure is technically managed and maintained by our affiliated company ION Research & Education Sp. z o.o. (hereinafter “ION”). ION uses the infrastructure of Seohost Sp. z o.o. (hereinafter “Seohost”).

Seohost

The service provider is Seohost sp. z o.o., ul. Wróblewskiego 18, 93-578 Łódź, Poland.

Detailed information can be found in Seohost’s privacy policy:
https://seohost.pl/polityka-prywatnosci/.

ION

The service provider is ION Research & Education Sp. z o.o., ul. Wadowicka 6, 30-415 Kraków, Poland.

Responsibility

We (the Foundation) are the data controller for all personal data that is received by email (Art. 4(7) GDPR).

ION acts in this context as a processor (Art. 28 GDPR), since ION provides the technical infrastructure for our email system and administers it.

Data Processing by ION and Seohost

Between us and ION there is a data processing agreement (AV-Vertrag according to Art. 28 GDPR). This means that ION processes personal data from emails sent to us  exclusively according to our instructions and within the framework of applicable data protection regulations. Therefore, there is no joint controllership (Art. 26 GDPR) between us and ION, as we do not jointly determine the purposes and means of processing.

Seohost acts as the hosting provider and provides the required server infrastructure. In its relationship with ION, Seohost is a (sub-)processor. ION has concluded a data processing agreement (DPA) with Seohost, ensuring that your data is also processed on Seohost’s servers in compliance with the GDPR and Polish data protection regulations.

Legal Basis for Data Processing

Personal data contained in emails you send to us is processed under Art. 6(1)(b) GDPR (e.g., if you contact us regarding a request or pre-contractual measures) or based on our legitimate interest (Art. 6(1)(f) GDPR) in efficient communication.

If you have given us consent for specific purposes (Art. 6(1)(a) GDPR), we process your data solely on that basis and only for the purpose stated in the consent.
If there is a legal obligation to store or process emails, processing is carried out on the basis of Art. 6(1)(c) GDPR as well as Art. 10 of the Polish Act on the Provision of Electronic Services (UŚUDE).

Security of Email Communication

Our emails are by default encrypted via SSL/TLS. Please note that email communication may not be fully secure. For instance, unencrypted emails may be intercepted by third parties during transmission. If you wish to send confidential information, we generally recommend using encrypted communication channels.

Disclosure to Third Parties

We disclose emails or data contained therein only to third parties if permitted or required by law (e.g., official requests) or if you have expressly consented to such disclosure.

 

4. General Information and Mandatory Notices

Protection of Personal Data

The administrators of this website take the protection of your personal data very seriously. We process your data confidentially and in accordance with applicable data protection laws and this privacy policy.

Various personal data are collected when you use this website. Personal data are all information that can identify you as an individual. This privacy policy explains which data we collect, for what purpose, and how we use them.

Please note that data transmission over the internet (e.g., in email communication) may not be completely secure. Despite our efforts, we cannot guarantee absolute protection of your data against third-party access.

Information on the Data Controller

The controller for the processing of personal data on this website is:

Fundacja Instytut OM Noizzes
ul. Wadowicka 6
30-415 Kraków, Poland
Phone: +48 536 021 712
Email: fundacja@om-noizzes.com

A data controller is a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., name, email address, etc.).

We are currently not legally required to appoint a data protection officer. If you have any questions about data protection, particularly regarding your rights related to the processing of personal data by the Fundacja Instytut OM Noizzes, please contact us directly.

Retention Period of Personal Data

Unless otherwise specified in this privacy policy, your personal data remain with us until they are no longer needed for the purposes for which they were collected. If you submit a justified request for deletion of your data or revoke your consent for processing, the data will be deleted unless other legally permissible grounds for further storage exist (e.g., tax or accounting obligations). In such cases, the data will be deleted after the required retention period expires.

Legal Bases for Data Processing on This Website

• If you have given your consent for the processing of your data, we process them under Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR in the case of special categories of personal data (e.g., health data).
• If you have consented to the transfer of personal data to third countries, the processing is carried out under Art. 49(1)(a) GDPR.
• If you have agreed to the storage of cookies or the access to information on your device (e.g., device fingerprinting), processing takes place under Art. 173 of the Polish Telecommunications Act (Prawo Telekomunikacyjne, PT). You can revoke your consent at any time.
• If processing is necessary for the performance of a contract or pre-contractual measures, it is carried out under Art. 6(1)(b) GDPR.
• If processing is required to fulfill a legal obligation, it is based on Art. 6(1)(c) GDPR and Art. 10 of the Polish Act on the Provision of Electronic Services (UŚUDE).
• Processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. The respective legal bases are explained in more detail in the following sections of this privacy policy.

Recipients of Personal Data

In the course of our activities, we cooperate with external service providers, which may require the transfer of personal data. We only disclose data in the following cases:

• if it is necessary for contract fulfillment,
• if we are legally obligated to do so (e.g., to tax authorities),
• if we have a legitimate interest under Art. 6(1)(f) GDPR,
• if there is another legal basis permitting the transfer of the data.

If we transfer data to processors, this is done on the basis of a valid data processing agreement (DPA). If joint data processing occurs, we enter into an agreement defining the responsibilities of the parties involved.

Revocation of Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke any previously given consent at any time. The legality of the data processing carried out before the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

If the processing of your data is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.

This also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.

If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

In the event of GDPR violations, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or location of the alleged infringement.

The right to lodge a complaint exists independently of other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or for the fulfillment of a contract provided to you or a third party in a commonly used, machine-readable format.

If you request the direct transfer of data to another controller, this will only happen if it is technically feasible.

Right to Access, Rectification, and Erasure of Data

You have the right to obtain, free of charge, information on the origin, recipients, and purpose of your personal data stored by us. You also have the right to request their rectification or deletion.

If you have any questions about the processing of your personal data, you can contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You can do so by contacting us at any time. This right applies in the following cases:

• If you dispute the accuracy of your personal data stored by us, we need time to verify it. During the verification period, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data is unlawful, you can request the restriction of processing instead of erasure.
• If we no longer need your personal data, but you require them for the establishment, exercise, or defense of legal claims, you can request the restriction of processing instead of erasure.
• If you have objected under Art. 21(1) GDPR, a balancing of your and our interests is required. Pending verification of whose interests prevail, you have the right to request the restriction of the processing of your personal data.

To exercise this right or any other rights mentioned in this privacy policy, please contact us by post or email at:

Fundacja Instytut OM Noizzes
ul. Wadowicka 6
30-415 Kraków, Poland
Phone: +48 536 021 712
Email: fundacja@om-noizzes.com

If the processing of your personal data is restricted, these data—aside from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

The Data Controller also notes that no automated decisions are made concerning you, and you are not subject to profiling.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries), this website uses SSL or TLS encryption.

You can recognize an encrypted connection by the change in the address in your browser from “http://” to “https://” and by the lock icon in the address bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

If, after entering into a paid contract, you are obligated to provide us with your payment data (e.g., account number for direct debit), this data is required for processing the payment.

Payment transactions using commonly used payment methods (Visa/MasterCard, direct debit) are carried out solely via an SSL/TLS-encrypted connection.

You can recognize an encrypted connection by the address in your browser switching from “http://” to “https://” and by the lock icon in the address bar.

Through encryption, your payment data cannot be read by third parties.

Objection to Receiving Unsolicited Marketing Material

The contact details published as part of mandatory legal disclosures (e.g., in the site’s imprint) must not be used for sending unsolicited advertising or informational materials.

The administrators of this website reserve the right to take legal action in the event of unsolicited advertising information being sent, for instance in the form of spam emails.

 

5. Collection of Data on This Website

Server Log Files

The hosting provider of this website is Hetzner Online GmbH (see Section 2 - Hosting). Hetzner automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These files contain:

• Browser type and version
• Operating system used
• Referrer URL (the previously visited page)
• Host name of the accessing computer
• Time of the server request
• IP address

At Hetzner, IP addresses are stored in anonymized form, making it no longer possible to identify an individual. These data are not merged with other data sources and are automatically deleted after no more than one month.

The collection of this data is based on Art. 6(1)(f) GDPR and Article 18 of the Polish Act on the Provision of Electronic Services (UŚUDE). The website operator has a legitimate interest in the technically error-free display and optimization of their website – for this purpose, the server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, the data you enter there, including your contact details, will be stored by us in order to process the inquiry and for possible follow-up questions. These data will not be disclosed to third parties without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR if your inquiry is related to a contract’s performance or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in efficiently handling inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time.

The data you enter into the contact form remain with us until you request their deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed). Statutory provisions—particularly retention periods under the Polish Accounting Act (Ustawa o rachunkowości)—remain unaffected.

Inquiries by Email, Telephone, or Fax

If you contact us by email, phone, or fax, your inquiry, including any personal data resulting from it (e.g., name, content of the inquiry), will be stored by us for the purpose of processing your request. These data will not be passed on to third parties without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or pre-contractual measures. Otherwise, the processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in effectively handling inquiries or on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time.

Data transmitted by email, phone, or fax remain with us until you request their deletion, revoke your consent to storage, or until the purpose for storing them no longer applies (e.g., after your issue has been resolved). Statutory provisions—particularly tax-related retention obligations under Polish tax law (Ordynacja podatkowa)—remain unaffected.

 

6. Payment Services for Donations and Crowdfunding

Payment Services

On our website, we offer the possibility to make voluntary donations as well as payments for crowdfunding via external payment service providers. When you make a payment through our website, you will be redirected to the selected payment provider’s platform.

The processing of payment data (e.g., name, payment amount, account number, credit card number) is carried out exclusively by the respective payment service provider.

These transactions are governed by the respective provider’s contractual terms and privacy policies. The use of these services is based on Art. 6(1)(b) GDPR (contract fulfillment) as well as our legitimate interest in secure and user-friendly processing of donations and crowdfunding payments (Art. 6(1)(f) GDPR).

If certain processing operations require your consent, the processing is based on Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future.

We use the following payment service providers:

SumUp

We use SumUp’s services for donations.

The provider is SumUp Limited, Block 8, Harcourt Centre, Charlotte Way, Dublin 2, Ireland.

SumUp’s privacy policy can be found at the following link:
https://www.sumup.com/de-de/datenschutzbestimmungen/

LibraPay (Stripe)

For crowdfunding payments, we use LibraPay, which processes payments via Stripe.

The service provider for the European Union is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

Data transfers to the USA are based on the European Commission’s Standard Contractual Clauses.

Further information is available in the privacy policies:
Stripe: https://stripe.com/de/privacy
LibraPay: https://liberapay.com/about/privacy

Tax Obligations

Under Polish tax law (Ordynacja podatkowa), payment data may be subject to statutory retention requirements for tax purposes.

 

7. Audio and Video Conferences

Data Processing

For communication with our customers and for conducting online training sessions and workshops, we use videoconferencing tools. The list of tools we use is provided below.

If you take part in audio or video meetings via the internet, your personal data is processed both by us and by the provider of the conferencing tool.

These tools process all data you provide while using them (e.g., email address, telephone number). Additionally, the following data are collected:

• Duration of the conference
• Start and end time of the meeting
• Number of participants
• Other communication metadata

The providers of these tools also collect technical data required for the online connection:

• IP addresses
• MAC addresses
• Device IDs
• Types and versions of operating systems
• Versions of the client software
• Camera types, microphones, speakers
• Type of connection

If, during an online meeting, files, chat messages, recordings, images, or other materials are sent, these can be stored on the servers of the conferencing tools’ providers.

Please note that we do not have full control over the data processing by these providers. For more information on data processing, please refer to the privacy policies of the respective tools listed below.

Purpose and Legal Basis of Data Processing

Using conferencing tools serves communication with current or potential customers and the provision of specific services (Art. 6(1)(b) GDPR).

Using these tools facilitates and speeds up communication, which is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

If the use of these tools requires your consent, data processing is based on Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future.

Storage Period of the Data

We directly delete the data collected through videoconferencing tools as soon as:

• you request its deletion,
• you revoke your consent to storage,
• it is no longer needed for its original purpose.

Cookies associated with the conferencing tools remain on your device until you delete them.

Statutory retention obligations under applicable regulations remain unaffected.

We have no influence on how long your data is stored by the providers of these tools – please see their privacy policies for details.

Conferencing Tools Used

Zoom

We use the service Zoom.

Provider: Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

Zoom’s privacy policy:
https://explore.zoom.us/de/privacy/

Data is transferred to the USA based on the European Commission’s Standard Contractual Clauses. Details can be found here:
https://explore.zoom.us/de/privacy/

Zoom is also certified under the EU-US Data Privacy Framework (DPF). More information can be found at:
https://www.dataprivacyframework.gov/participant/5728

We have entered into a data processing agreement (AVV, DPA) with Zoom. This agreement is required by law and ensures that Zoom processes personal data exclusively in accordance with our instructions and in compliance with the GDPR.

 

8. Our Presence on Social Media

This privacy policy applies to the following social networks:

• https://www.facebook.com/de.om.noizzes
• https://www.facebook.com/pl.om.noizzes
• https://www.youtube.com/@de_om_noizzes
• https://www.youtube.com/@pl_om_noizzes
• https://t.me/de_om_noizzes
• https://t.me/pl_om_noizzes

Data Processing by Social Networks

We operate publicly accessible profiles on social networks. The social networks we use are listed below.

Our website only contains links (hyperlinks) to our profiles on social networks. No personal data is automatically transmitted to those networks when visiting our website. Only when you actively click on a link are you taken to the respective platform, where its own privacy policy applies.

Social networks such as Facebook, YouTube, etc., can extensively analyze your user behavior when you visit their websites or websites with integrated content from these networks (e.g., “Like” buttons or ad banners).

Visiting our social media presence triggers numerous data processing operations relevant to privacy.

In detail:

If you are logged into your social media account and visit our social media presence, the social network’s operator can associate this activity with your user account. However, your personal data can also be collected if you are not logged in or do not have an account with the social network. In this case, data collection may take place through cookies stored on your device or by recording your IP address.

The information collected in this way may be used by social network operators to create user profiles that store your preferences and interests. As a result, interest-based ads can be displayed to you inside and outside of these social networks. If you have an account with a social network, interest-based ads may be shown on all devices on which you are or were logged in.

Please note that we cannot track all data processing operations on the social network platforms. Depending on the provider, additional data processing may be carried out by the social network operators. For detailed information, please refer to the terms and privacy policies of the respective social networks.

Inquiries via Social Networks

Due to the nature of our operations and our compliance with data protection regulations, particularly Regulation (EU) 2016/679 (GDPR), we do not accept inquiries requiring the processing of personal data via social networks or messaging services (WhatsApp, Messenger, etc.).

Platforms like Facebook, Instagram, or LinkedIn collect and process user data independently, over which we have no control. This means we can neither guarantee complete confidentiality nor the enforcement of GDPR rights such as access, rectification, or erasure.

Therefore, we do not respond to private messages or inquiries sent via social networks. All questions about our services, including scheduling appointments, consultations, or training, must be submitted exclusively via secure communication channels (e.g., email or telephone).

Comments on our posts are public and visible to all users. We ask you not to share personal or confidential information in comments. If such data is published, we will delete it without prior notice to protect users’ privacy.

Legal Basis

Our presence on social networks aims at achieving the broadest possible presence on the internet. This is our legitimate interest under Art. 6(1)(f) GDPR. However, the analysis processes initiated by social networks may be based on various legal grounds defined by the operators of these networks (e.g., consent under Art. 6(1)(a) GDPR).

Controller for Data Processing and Exercising Your Rights

When you visit one of our social media pages (e.g., Facebook), we and the operator of the respective social media platform are jointly responsible for the data processing activities triggered during such a visit. You can exercise your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) against both us and the operator of the social media platform (e.g., Facebook).

Please note that despite our joint responsibility with the operators of these social networks, we do not have full influence over the data processing operations of the platforms. Our possibilities largely depend on the corporate policies of the respective provider.

Storage Duration of the Data

Data that we collect directly via social media are deleted from our systems as soon as you ask us to erase them, revoke your consent to their storage, or the purpose for storing the data no longer applies. Cookies remain on your device until you delete them. Statutory provisions—particularly retention periods—remain unaffected.

We have no control over how long data are stored by the social network operators for their own purposes. For detailed information, please contact the operators of the social networks directly (see their privacy policies below).

Your Rights

You have the right, at any time and free of charge, to request information about the origin, recipient, and purpose of your stored personal data. You also have the right to object, the right to data portability, and the right to lodge a complaint with a competent supervisory authority.

Moreover, you can request the rectification, blocking, erasure, and—in certain circumstances—the restriction of the processing of your personal data.

Social Networks in Detail

Facebook

We run profiles on Facebook. The service provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”). According to Meta, collected data may also be transferred to the USA and other third countries.

We have concluded a Controller Addendum with Meta regarding joint data processing. This addendum determines which data processing operations we or Meta are responsible for when you visit our Facebook page.

You can view the addendum at:
https://www.facebook.com/legal/terms/page_controller_addendum

You can manage your ad settings in your user account. For this, click the following link and log in:
https://www.facebook.com/settings?tab=ads

Data transfers to the USA are based on the European Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381

For more information on data processing, please refer to Facebook’s privacy policy:
https://www.facebook.com/about/privacy/

Meta is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards when data is processed in the USA.

Any company certified under the DPF undertakes to comply with these data protection standards. For more information, see:
https://www.dataprivacyframework.gov/participant/4452

YouTube

We have profiles on YouTube. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Detailed information on how your personal data is handled can be found in YouTube’s privacy policy:
https://policies.google.com/privacy?hl=de

The company is certified under the “EU-U.S. Data Privacy Framework” (DPF), an agreement between the European Union and the USA to ensure compliance with European data protection standards in the USA.

Any company certified under the DPF undertakes to adhere to these data protection standards. More information can be found at:
https://www.dataprivacyframework.gov/participant/5780

Telegram

We run profiles on Telegram. The service provider is Telegram Messenger LLP, Dubai, United Arab Emirates.

Please note that Telegram processes your personal data when using this service. This may include IP addresses, device information, user behavior, and communication content. If you interact with our profile on Telegram, Telegram’s privacy policy applies.

We use Telegram based on our legitimate interest (Art. 6(1)(f) GDPR) in modern and efficient communication with interested parties and users.

Please be aware that Telegram may transfer and store personal data in third countries outside the European Union. We have no control over such data processing.

For more information on how Telegram processes data, please refer to their privacy policy:
https://telegram.org/privacy

Note on User Comments on Social Media Platforms

Our social media profiles allow you to comment on content. Please note that the respective platform operators (Facebook, YouTube, Telegram) are responsible for compliance with the Digital Services Act (DSA, Regulation (EU) 2022/2065). These platforms provide mechanisms for reporting illegal content.

To report content, please use the relevant functions of the social media platform or contact the respective provider:

• Facebook: https://www.facebook.com/help/www/263149623790594
• YouTube: https://support.google.com/youtube/answer/2802027?hl=de
• Telegram: https://telegram.org/faq

Additional Information for Polish Users

In accordance with the Polish Personal Data Protection Act (“Ustawa o ochronie danych osobowych”) and the GDPR, the same data protection rights apply to social media platforms.
If you wish to lodge a complaint, you can contact the Polish data protection authority Urząd Ochrony Danych Osobowych (UODO):
https://uodo.gov.pl/