Privacy Policy

Controller

The entity responsible for data processing on this website is:

I.K.Z. Hidaje e.V. Gärtnerstraße 41 80992 Munich, Germany

Phone: +49 89 219 329 12 Email: info@hidaje.de

Your Rights

You have the right to receive, free of charge, information about your personal data stored with us, including its origin, recipients, and the purpose of processing. You can also request the correction, deletion, or restriction of your data, receive your data in a machine-readable format (data portability), withdraw consent at any time with effect for the future, and object to processing based on reasons arising from your particular situation (Art. 21 GDPR).

To exercise these rights, please contact us using the details above. You also have the right to lodge a complaint with the competent data protection supervisory authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht — BayLDA).

Retention

We store personal data only as long as necessary for the respective processing purpose or as required by statutory retention obligations. Specific retention periods are noted in the individual processing descriptions below.

Consent Banner

When you first visit our website, our consent banner asks whether you agree to certain data processing. Technically necessary processing takes place without consent based on legitimate interests (Art. 6(1)(f) GDPR). Your consent decision is stored locally in your browser.

Hosting by Vercel

Our website is hosted by Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, USA. When you access the website, technical data (including IP address, browser type, operating system, and access time) is processed in order to deliver the website and ensure its stability and security.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in reliably providing the website). Data is stored only as long as necessary for this purpose. A transfer to the United States takes place; Vercel is certified under the EU-U.S. Data Privacy Framework. A data processing agreement is in place with Vercel.

More information: https://vercel.com/legal/privacy-policy

Payment Processing via Stripe

For donation payments, we use the payment service Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. When you make a donation, the required payment data (e.g. name, email address, billing address, card data) is collected directly in a form provided by Stripe and transmitted to Stripe. We do not ourselves receive or store your full payment data.

Stripe sets technically necessary cookies for fraud prevention (__stripe_mid, __stripe_sid). These are required for the secure processing of the payment and are therefore set without separate consent, based on § 25(2) No. 2 TDDDG (the German implementation of the ePrivacy Directive's "strictly necessary" exemption).

The legal basis is Art. 6(1)(b) GDPR (performance of a contract) in conjunction with Art. 6(1)(f) GDPR (legitimate interest in fraud prevention). A transfer to the United States may take place; Stripe is certified under the EU-U.S. Data Privacy Framework.

More information: https://stripe.com/de/privacy

Analytics with Umami

For statistical analysis of website usage, we use Umami Analytics, a privacy-friendly web analytics software that we self-host on a server in Germany. Anonymized usage data is collected, including pages visited, time on page, referrer URL, browser type, screen resolution, and approximate geographic origin (country).

Umami does not set cookies and does not store data on your device. To distinguish sessions, a hash value is calculated from your IP address, user agent, and a daily rotating salt; the IP address itself is not stored.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in statistical analysis of website usage to improve our service). Since no data is stored on your device and no personal data is permanently processed, no consent is required for the use of Umami.

Meta Conversion API

We use the Conversion API provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When you perform a specific action on our website (e.g. make a donation), relevant data is transmitted server-side directly from us to Meta in order to optimize our advertising. The following data in particular is transmitted: the action performed, timestamp, IP address, user agent, value and currency of the donation, and the source URL.

The purpose is measuring the success of our advertising campaigns (conversion tracking), creating custom audiences, and optimizing ad delivery on Meta platforms (Facebook, Instagram).

The legal basis is exclusively your consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG), which you provide via our consent banner under the "Marketing" category. Without your consent, no data is transmitted to Meta.

A transfer to the United States takes place; Meta is certified under the EU-U.S. Data Privacy Framework. The transfer is additionally based on Standard Contractual Clauses. A data processing agreement is in place with Meta.

More information: https://www.facebook.com/privacy/policy/

Last updated: April 2026

In case of discrepancies between language versions, the German version prevails.