Privacy Policy for GoodCrowd.org
We take the protection of personal data and therefore your privacy very seriously. We would like to explain here how we protect your data. The privacy policy fulfills the information requirements pursuant to Art. 12 ff. of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") and provides you with an overview of the processing of your personal data (hereinafter referred to as "data") on this website/platform.
Table of contents
1. Who is responsible for processing my data?
Good Crowd GmbH
Schlesische Straße 26
D-10997 Berlin
Telephone: +49 30 7676 4488 0
Fax: +49 30 7676 4488 40
is responsible for processing your data on this website (hereinafter referred to as "website" or "GoodCrowd.org"). GoodCrowd.org processes personal data in accordance with the provisions of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") and the Federal Data Protection Act (hereinafter referred to as "BDSG").
You can contact the data protection officer of GoodCrowd.org at the above postal address, with the addition "To the data protection officer," or at the email address: [email protected].
2. What data is collected?
When you visit the website, information is automatically collected by the requesting computer (hereinafter referred to as "access data"). This access data includes server log files, which usually consist of information about the browser type and browser version, the operating system, the Internet service provider, the date and time of use of the website, the websites previously visited and the websites newly accessed via the website, and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned when using the Internet connection and the Internet provider can assign it to a person.
If you continue to use the services of the website, pseudonymous usage profiles and the data you enter on the website (e.g., search terms, login data, comments, form or registration entries) will be processed.
Some services on the website require you to provide personal data to GoodCrowd.org. In these cases, the data you provide will be used to provide you with the requested service or to process your request. The following personal data is processed on the website or on the platform:
- Information about campaign creators: first and last name, campaign title and description, target amount, campaign category, address, email address, thank you message (optional), profile picture (optional)
- Information about donors: Name, email address, donation amount, date of donation, donation status, messages to the campaign creator (optional), profile picture (optional)
- Information about unregistered users of the website who send messages to the campaign creator or report a campaign to us: First and last name, email address, message text, campaign title, IP address (optional)
- User data such as email address and name (depending on the type of newsletter) for sending newsletters.
Under no circumstances will personal bank details be stored or displayed on the platform.
4. What data is collected and for what purposes?
The purposes of data processing may arise from technical, contractual, or legal requirements, as well as from consent, where applicable.
We use the data specified in section 2 for the following purposes:
- to provide the website and ensure technical security, in particular to correct technical errors and to ensure that unauthorized persons do not gain access to the website's systems
- to provide the platform's online services and fulfill contracts in accordance with our currently valid terms of use
- to improve our services and for market research
- to communicate with users, initiate contracts, and provide customer support
- to send program communications via email
- to register a user of the platform
- to enable donations from donors to the campaign creator
- to receive donations to support GoodCrowd.org
- for the technical administration of campaigns by the campaign creator through GoodCrowd.org as the operator of the platform
- to check campaign content and messages for legal violations based on corresponding reports
- to send newsletters and program communications via email
- for quality assurance of our newsletters and for statistical evaluation
Further information on these purposes of data processing can be found in the following sections of this privacy policy.
4.1 Technical provision of the website
4.1.1 Description and scope of data processing
For the functionality of the website, the performance of security analyses, and the prevention of attacks, the server log files are automatically collected and temporarily stored as part of the access data in accordance with Section 2 from the computer system of the accessing computer when entering and during the use of the website. The server log files are not stored together with other data. GoodCrowd.org uses the server log files for statistical evaluations to analyze and remedy technical malfunctions, to defend against attacks and fraud attempts, and to optimize the functionality of the website.
4.1.2 Purposes and legal basis of data processing
The legal basis for the collection of server log files is Art. 6 para. 1 lit. f GDPR. The legitimate interests of GoodCrowd.org lie in the functionality of the website, the performance of security analyses, and the prevention of risks.
4.1.3 Duration of storage or criteria for determining this duration
When you visit the website, log files are stored by the French hosting service provider. Due to national legal requirements, the hosting service provider must retain these log files for a period of one year. They are then deleted. goodcrowd.org does not access these log files at any time. goodcrowd.org itself does not store any IP addresses when you access the site (for technical purposes).
4.1.4 Right to object and right to erasure
You have the right to object to the processing of your data in server log files if there are reasons for doing so that arise from your particular situation. If you wish to exercise your right to object, please contact the address specified in section 1.
4.2 Email and telephone contact
4.2.1 Description and scope of data processing
The website offers the option of contacting GoodCrowd.org via email address or telephone number. If you take advantage of this option, your email address, telephone number, and your request will be transmitted to GoodCrowd.org. Depending on the nature of your request (e.g., questions about the functionality of GoodCrowd.org, assertion of your rights as a data subject, such as the right to information), your contact details will be processed further.
4.2.2 Purposes and legal basis of data processing
The legal basis for the processing of your contact data is Art. 6 para. 1 lit. f GDPR. The legitimate interests lie in the processing of your request and further communication. If your contact is aimed at concluding a contract with GoodCrowd.org, the legal basis for the processing of your contact data is Art. 6 para. 1 lit. b GDPR.
4.2.3 Duration of storage or criteria for determining this duration
After your request has been processed in full and further communication has been terminated, your contact details will be deleted, unless statutory retention periods prevent deletion. Your contact details will also not be deleted if you contact us with the aim of concluding a contract with GoodCrowd.org or if you assert your rights as a data subject, such as the right to information. In this case, the data will be stored until the contractual and/or legal obligations have been fulfilled and there are no legal retention periods preventing deletion.
4.2.4 Objection and removal options
You have the right to object to the processing of your contact data if there are reasons for doing so arising from your particular situation. If you wish to exercise your right to object, please contact the address specified in section 1. If you object, communication cannot be continued. This does not apply if the storage of your contact data is necessary for the initiation or fulfillment of a contract or for the assertion of your rights as a data subject.
4.4 Data processing by the platform www.GoodCrowd.org
4.4.1 Data processing in the context of use as a campaign creator
You can register on the platform as a user and then create and manage a campaign as a campaign creator. Your data will also be processed in order to allocate donations to your campaign.
4.4.1.1 Description and scope of data processing
Your profile data is collected during registration and stored in the closed area of the platform. Your first and last name, the title of the campaign, the amount of donations received so far and the target amount, as well as the category of your campaign, your campaign location and your profile picture (optional) are displayed to all visitors on the public campaign page. In the event of a repayment claim by the donor against the campaign creator as a result of a campaign being terminated, GoodCrowd.org may pass on your contact details to the donor.
4.4.1.2 Purposes and legal basis of data processing
The purpose of the above-mentioned processing of personal data is to enable you to create, publish, and manage campaigns. Another purpose of data processing is to enable you to receive donations for your campaign and to notify you in the event of reports of infringing content posted by you on the platform. In addition, all visitors to the website and potential donors should be able to see who the initiator of a campaign is. For GoodCrowd.org, this is an important part of our efforts to ensure transparency in the donation process. The disclosure of contact details in the event of a campaign being terminated is intended to enable the assertion of a claim for repayment.
The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, i.e. the fulfillment of the contract between the campaign creator and GoodCrowd.org on the basis of the current Terms and Conditions. The legal basis for the disclosure of contact details in the event of a campaign being terminated is Art. 6 para. 1 lit. b GDPR. The legitimate interest lies in enabling the donor to assert their claim for repayment against the campaign creator. The legal basis for processing in connection with a reported violation is Art. 6 para. 1 lit. b GDPR.
4.4.1.3 Duration of storage and deletion of data
Personal data will be stored until the purpose for which it was collected has been fulfilled and there are no further legal obligations to retain it.
4.4.2 Data processing in the context of use as a donor
As a user of the platform, you can donate to campaigns.
4.4.2.1 Description and scope of data processing
Your data as a donor is collected during the donation process and stored on the platform. The campaign creator always has access to the following donor data: name, amount, date, status.
During the donation process, you can decide whether your name and the amount will be displayed publicly. If you add a profile picture to your donation, it will always be displayed publicly on the campaign page.
4.4.2.2 Purposes and legal basis of data processing
The purpose of the above-mentioned processing of personal data is to enable you to make your donation to the campaign creator and to display it on the campaign page (if desired by the donor), i.e., for example, to assign it to the correct campaign. This ensures transparency for the campaign creator and for users of the platform as to who is donating to the campaign. For GoodCrowd.org, this is an important part of its efforts to ensure transparency in the donation process.
With regard to donations to support GoodCrowd.org (optional in addition to the donation to the campaign creator), the purpose of data processing is to process these donations. This is because GoodCrowd.org is the recipient of these donations.
The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, i.e. the fulfillment of the contract between the donor and GoodCrowd.org based on the current terms of use.
4.4.2.3 Duration of storage and deletion of data
Personal data will be stored until the purpose for which it was collected has been fulfilled and there are no further legal obligations to retain it.
4.4.3 Data processing in the context of use as an unregistered user (message to the campaign creator and reporting form)
As an unregistered user of the website, you have the option of writing private messages to individual campaign creators on the website and sending them via the website. You can also contact us via a reporting form if you discover any content on a campaign page that violates the law.
4.4.3.1 Description and scope of data processing
When you use the message feature, your name, email address, and the text of the message will be processed. The recipient of the message (campaign creator) will receive an email containing the data you entered. If they wish to reply to you, they will do so via their email provider, not via this platform. If you use the reporting form, your name, email address, and message text will be transmitted to us.
4.4.3.2. Purposes and legal basis of data processing
The purpose of the above processing of personal data is to give you the opportunity to contact the campaign creator directly and to give the campaign creator the opportunity to respond to your message. For GoodCrowd.org, this is an important part of our efforts to ensure transparency in the donation process. The purpose of the above-mentioned processing of personal data in connection with the use of the reporting form is to investigate the reported violation and to contact you if necessary.
The legal basis for this processing in connection with the message feature is Art. 6 para. 1 lit. f GDPR. The legitimate interest is to offer you the possibility to contact the campaign creator transparently via the platform. The legal basis for processing in connection with a reported violation is Art. 6 para. 1 lit. f GDPR.
4.4.3.3 Duration of storage and deletion of data
Personal data will be stored until the purpose for which it was collected has been fulfilled and there are no further legal obligations to retain it. We only store the personal data from the reporting form if we determine that a legal violation or suspicion of a legal violation has occurred. The duration of storage corresponds to the relevant limitation periods. If we do not determine that a legal violation or suspicion of a legal violation has occurred, we will delete the data immediately after making the corresponding determination.
4.5 Web tracking
The website incorporates services that optimize user-friendliness and enable the measurement of the website's reach. Your access data (see section 2) is collected and your usage behavior is evaluated using analysis cookies (see section 3). Personal identification is not required for web tracking, so when your access data is collected, the IP address stored is either not used or only used in abbreviated form and pseudonymous usage profiles are created. These are not merged with other data, and you have the option to revoke your consent at any time. Personalized usage profiles are only created in exceptional cases and if you have given your prior consent.
The web tracking services are usually provided by service providers who process the data only on behalf of the responsible parties and not for their own purposes as so-called contract processors. This is ensured by means of contracts for order processing. If the service providers process your data outside the European Union or the European Economic Area (hereinafter referred to as "EU" or "EEA"), a so-called third-country transfer takes place. This is permissible if you have given your consent, GoodCrowd.org has provided guarantees for a level of data protection that meets European standards, or the EU Commission has classified the respective third country as a safe third country. Any third-country transfer of the respective service is indicated below.
The individual web tracking services of the website are described in more detail below.
4.5.1 PostHog
The website uses the PostHog service. The provider is PostHog, Inc., 2261 Market Street, Unit 4008, San Francisco, CA 94114, USA. PostHog enables us to record and evaluate your user behavior on our website. This serves exclusively to improve and further develop our website and our offering.
Important: The processing, storage, and evaluation of data will only take place with your prior consent and then exclusively in pseudonymized form. The storage of this data is limited in time and will only be used to improve our service based on your usage needs. The data will not be passed on to third parties.
The following personal (pseudonymized) data is processed and evaluated:
- User activity (which pages and projects have been visited, which elements have been clicked on, which functions have been used),
- Usage history (only for logged-in users, in pseudonymized form),
- Information on donation behavior (donation amount, so-called co-donation, payment method, recurring donation, date/time),
- Device and browser information (IP address, operating system of the end device)
- Tracking code (pseudonymized user ID).
Aggregated (anonymized) data is evaluated to determine how many users have used the website and how many users have progressed through the donation process.
The information collected in this way is transmitted by PostHog to a server in the EU and stored there in pseudonymized form.
4.5.1.1 Legal basis
We only use the PostHog service described above if you have given your prior consent (Art. 6 para. 1 lit. a GDPR).
4.5.1.2 Duration of storage and criteria for determining the duration
The pseudonymous data will be stored for a maximum of 5 years and then automatically deleted.
4.5.1.3 Right to revoke consent and delete data
You can revoke your consent to web tracking via PostHog at any time. To do so, please use the "cookie consent" mechanism.
4.5.2 Google Ads conversion tracking and statistical analysis
We use the conversion tracking function within the Google Ads service. The conversion tracking function allows us to evaluate which functions and parts of our website are successful, where we need to make improvements to the website, and which advertising via Google Ads is particularly relevant for which recipient group.
To do this, we analyze user interaction on our website, e.g., which users complete the donation process or subscribe to a newsletter at which point on our website.
We only evaluate user interaction with our website statistically, in a form that cannot be traced back to individual users. We cannot identify individual users of our website through the use of Google Ads Conversion Tracking.
The following data is included in the statistical analysis of user behavior:
- Reaching a specific page of our website (e.g., completing the donation process)
- Time
- Date
- Based on the statistical analysis, our website is improved and further developed.
The platform uses the PostHog service (see above) for the technical implementation of Google Ads Conversion.
The platform uses the PostHog service (see above) for the technical implementation of Google Ads Conversion. For the use of Google Ads Conversion Tracking, PotHog stores cookies on the end devices of users after obtaining their prior consent. These cookies are used to record the actions of the user and statistically evaluate them by Google (Google Ads Conversion).
4.5.2.1 Legal basis
We only use the Google Ads Conversion Tracking services described above if you have given your prior consent (Art. 6 para. 1 lit. a GDPR).
4.5.2.2 Duration of storage and criteria for determining the duration
The statistical (non-personal, anonymous) evaluations stored by us are deleted as soon as the responsible department no longer needs this data. The cookies used by Google Ads Conversion Tracking are valid for 180 days. The pseudonymous data stored in the Google service is automatically deleted after 6 months. (We do not have access to this pseudonymous data.)
4.5.2.3 Revocation and removal options
You can revoke or prevent the use of Google Ads services in various ways:
- by revoking your consent via the cookie consent mechanism on our website; you can access and change your cookie consent at any time via the corresponding link in the footer of the page,
- by adjusting your browser software settings accordingly,
- via the Google ad settings at https://www.google.com/ads/preferences/?hl=de,
- by selecting the appropriate cookie settings on the website, or
- by deactivating them on the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org
Further information on data protection at Google can be found here: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.
5. Event-related review of messages (potentially infringing content)
As an unregistered user or registered donor, you have the option of sending messages to the campaign creator via our website. If a campaign creator notifies us of (potentially) infringing content in such a message (e.g., hate speech, insults, harassment, harassing advertising), we will review the message in question and any future messages for the respective campaign and investigate accordingly. If we find any infringing content, we will block these messages and will not forward them to the campaign creator. In such cases, we reserve the right to impose sanctions based on our Terms and Conditions (e.g., blocking the user account) and to take legal action (e.g., filing a criminal complaint).
The purpose of processing personal data in this context is to ensure the proper operation of the website in accordance with our current Terms of Use.
The following data is processed during the ad hoc review of messages:
- Name, email address (optional), content of the message, date/time of the message, IP address, donation campaign
The legal basis for the processing of this data is our legitimate interest in the proper operation of our website (Art. 6 para. 1 lit. f GDPR).
The personal data processed in the context of this event-related review will be stored until the purpose for which it was collected has been fulfilled and there are no further legal obligations to retain it, without such a legal obligation exceeding a maximum period of one year after its collection. We only store personal data in the context of event-related reviews if we determine that a violation of the law or a suspicion of a violation of the law has occurred. The duration of storage corresponds to the relevant limitation periods. If we do not identify any legal violations or suspected legal violations, we will delete the data immediately after such determination.
6. Use of Google Fonts
External fonts, Google Fonts, are used on this website. Google Fonts is a service provided by Google Inc. ("Google"). These web fonts are integrated via a server call, usually a Google server in the US. This tells the server which of our web pages you have visited. The IP address of the browser of the visitor's device is also stored by Google. For more information, please refer to Google's privacy policy, which you can access here:
7. Cloudflare
This website uses the Cloudflare service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare"). Cloudflare offers a globally distributed content delivery network with DNS. Technically, this means that the information transfer between your browser and our website is routed through Cloudflare's network. This enables Cloudflare to analyze the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet.
Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR) and in protecting the website against malicious attacks.
Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.
8. Friendly Captcha
This website uses Friendly Captcha to verify and prevent interactions by automated access, e.g. by so-called bots.
This is a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany, hereinafter referred to as "FriendlyCaptcha".
This service enables Friendly Captcha to determine from which website a request is sent and from which IP address you are using our website. In addition to your IP address, FriendlyCaptcha processes statistical information about your browser, which is not personal.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted automated access in the form of spam or similar.
9. Use of Stripe as a payment service provider
If the campaign creator chooses Stripe as their payment service provider, payment processing will be handled by Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, and Stripe Payments UK, Ltd, 7th Floor, The Bower Warehouse, 211 Old Street, London EC1V 9NR, United Kingdom ("Stripe"). As a campaign creator, you will then create an account with Stripe during the registration process, through which you can receive donations. Your data (name, address, account number, bank code, credit card number, if applicable, donation amount, currency, and transaction number) will be passed on to Stripe for the sole purpose of payment processing and fraud prevention. Stripe is responsible for data processing at Stripe. You can find more information about Stripe's privacy policy at the following URL stripe.com/de/privacy.
The legal basis for the transfer of data to Stripe for the purpose of payment processing is Art. 6 para. 1 lit. b GDPR (fulfillment of a contract with you). The legal basis for the transfer of data for the purpose of fraud prevention is Art. 6 para. 1 lit. f GDPR. The legitimate interest here lies in the prevention of economic damage caused by criminal offences and in the protection of the donor(s).
10. Use of PayPal as a payment service provider
PayPal is used as the payment service provider on the platform. Payment processing is handled by PayPal (PayPal (Europe) S.Ã r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg). As a campaign creator, you will be redirected to PayPal's website to complete the necessary steps to use PayPal in the context of your campaign. As a donor, you make your donation via the PayPal website. Data processing for both campaign creators and donors is carried out by PayPal as the responsible party. You can view PayPal's privacy policy at the following links: www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.
11. Who receives my data?
Within goodcrowd.org, those departments that require your data to fulfill the purposes outlined in section 4 will have access to it. Service providers employed by goodcrowd.org may also have access to your data (so-called "processors," e.g., data centers, newsletter dispatch, customer service, or accounts receivable management). Contracts for order processing ensure that these service providers are bound by instructions, data security, and the confidential handling of your data.
Data will only be passed on to other recipients, such as advertising partners, social media service providers, or credit institutions (so-called "third parties"), if this is required by law or if you have given your consent. The following third parties are covered by the data transfer:
- Providers of measurement and web analysis services that measure the reach of websites and create usage profiles for their own purposes
- Credit institutions that collect your data for the purpose of payment processing via the website and further process it on their systems
- Campaigners, to the extent described above
- Public authorities and institutions such as law enforcement agencies that have access to your data due to compliance with legal or official obligations
Further information on data transfer to the respective third parties can be found under the individual purposes in section 4.
12. Will my data be processed outside the EU or the EEA (third country transfer)?
Insofar as the service providers and/or third parties outside the EU or the EEA referred to in section 10 process your data for the purposes set out in section 4, this may result in your data being transferred to a country where no adequate level of data protection can be guaranteed in accordance with EU or EEA standards. However, such a level of data protection can be ensured by means of appropriate safeguards. Standard contractual clauses provided by the EU Commission are considered appropriate safeguards. You can request a copy of these safeguards from the contact details listed in section 1 upon request. In exceptional cases, safeguards may be waived if you consent or if the transfer to a third country is necessary for the fulfillment of your contract with GoodCrowd.org. The EU Commission has also recognized certain third countries as safe third countries, so that GoodCrowd.org can also refrain from providing appropriate guarantees in this case.
The following service providers process your data outside the EU or the EEA:
- Service providers whose data centers are located within the EU are used to host the platform. However, in certain operational situations (e.g., in the event of serious disruptions), these service providers can also access the data centers within the European Union or the EEA from a branch in a third country. Betterplace.org has agreed with these service providers on standard contractual clauses to ensure compliance with European data protection standards. The service providers currently used are also (self-)certified in the context of the EU-US Data Privacy Framework (DPF), insofar as they are service providers based in the US.
- For the use of web tracking services and services for performance monitoring and security of the website, service providers are used whose data centers are located in a third country or who can access data centers within the European Union or the EEA from a branch in a third country. Good Crowd has agreed with these service providers on standard contractual clauses to ensure compliance with European data protection standards. The service providers currently used are also (self-)certified under the EU-US Data Privacy Framework (DPF) if they are service providers based in the USA.
- For the sending of emails sent via the platform, service providers are used whose data centers are located in a third country or who can access data centers within the European Union or the EEA from a branch in a third country. Good Crowd has agreed with these service providers on standard contractual clauses to ensure compliance with European data protection standards. The service providers currently used are also (self-)certified in the context of the EU-US Data Privacy Framework (DPF), insofar as they are service providers based in the USA.
- Service providers whose data centers are located in a third country or who can access data centers within the European Union or the EEA from a branch in a third country are used to process customer inquiries. Good Crowd has agreed with these service providers on standard contractual clauses to ensure compliance with European data protection standards. The service providers currently used are also (self-)certified in the context of the EU-US Data Privacy Framework (DPF), provided that they are service providers based in the USA.
- To secure the website and provide design elements on it, service providers are used whose data centers are located in a third country or who can access data centers within the European Union or the EEA from a branch in a third country. Good Crowd has agreed with these service providers on standard contractual clauses to ensure compliance with European data protection standards. The service providers currently used are also (self-)certified in the context of the EU-US Data Privacy Framework (DPF), provided that they are service providers based in the USA.
- For the evaluation of user activities for the improvement and further development of our services, we use service providers whose data centers are located in a third country or who can access data centers within the European Union or the EEA from a branch in a third country. GoodCrowd.org has agreed with these service providers on standard contractual clauses to ensure compliance with European data protection standards. The service providers currently used are also (self-)certified in the context of the EU-US Data Privacy Framework (DPF), provided that they are service providers based in the USA.
13. What are my data protection rights?
You have the right to access the personal data we have stored about you at any time. If any of your personal data is incorrect or no longer up to date, you have the right to request that it be corrected. You also have the right to request the deletion or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may also have the right to receive the data you have provided in a common and machine-readable format (right to data portability).
If you have given your consent to the processing of personal data for specific purposes, you can revoke this consent at any time with future effect. The revocation must be sent to GoodCrowd.org at the contact address specified in section 1. Consent given on the website can also be revoked at [email protected].
In accordance with Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your data based on the legal basis of Art. 6 para. 1 lit. f GDPR. You also have the right to object at any time to the processing of your personal data for direct marketing purposes. The same applies to automated procedures using individual cookies, unless these are absolutely necessary for the provision of the website.
In addition, you have the option of contacting a data protection authority and lodging a complaint there. The authority responsible for GoodCrowd.org is:
Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
However, you can also contact the data protection authority responsible for your place of residence.
14. What is the source of the data?
All data is collected directly from the individuals concerned.
15. To what extent is decision-making automated?
We do not use fully automated decision-making for the purposes specified in section 4.
16. Is profiling taking place?
Profiling in accordance with Art. 22 para. 1 and 4 GDPR does not take place.
17. Checking sanctions lists
We compare data from the campaign creator/donation recipient with sanctions lists. We are legally obliged to do so, and goodcrowd.org has a legitimate interest in doing so: to fulfill our contractual obligations to our payment service providers and to prevent money laundering/terrorist financing. Accordingly, the legal basis here is Art. 6 para. 1 lit. c GDPR or Art. 6 para. 1 lit. f GDPR.
18. Conclusion/Version information
As we continue to develop our website and implement new technologies to improve our service to you, changes to this privacy policy may be necessary. We therefore recommend that you review this privacy policy from time to time.
Version 6.0 dd. 17/04/2025