Jump to content

Privacy Policy

The GFF's Privacy Policy

Below we inform visitors to our website, our (supporting) members, participants in events and surveys, donors, applicants and team members about how the Gesellschaft für Freiheitsrechte e.V. (GFF) handles their personal data. Personal data is data that directly or indirectly allows conclusions to be drawn about your identity. We thus fulfill the information obligation according to Art. 13 of the General Data Protection Regulation (GDPR).

A separate privacy policy applies to the processing of data within the AfD document database. You can find it here (in German).

1. Responsible party

The data controller within the meaning of Article 13 (1) a GDPR is the Gesellschaft für Freiheitsrechte e.V., Boyenstraße 41, 10115 Berlin, Germany, reachable by phone at 030-549 08 10 0, by e-mail at info@freiheitsrechte.org, PGP/GPG Key ID FA2C23A8 ( Download). The GFF is represented by its Board of Directors: Prof. Dr. Boris Burghardt, Prof. Dr. Nora Markard, Dr. John Philipp Thurn, Prof. Dr. Dana-Sophia Valentiner, Felix Reda, Prof. Dr. Leonie Steinl, LL.M. (Columbia).

2. Data protection officer

The GFF's data protection officer is David Werdermann, c/o Gesellschaft für Freiheitsrechte e.V., Boyenstraße 41, 10115 Berlin, Germany, who can be contacted by e-mail at datenschutz@freiheitsrechte.org, PGP/GPG Key ID CD68E0EB ( Download).

3. Purposes and legal bases of processing

The GFF processes the following personal data:

  • For (supporting) membership administration: name, first name, address, e-mail address of the (supporting) members, if applicable, bank account information, including the IBAN and BIC of the (supporting) members, as well as payment receipts. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. The GFF deletes the data ten years after the completion of the last transaction related to association membership or supporting membership. Individual payment records are deleted after ten years. For more information, see Donations & Supporting Membership.
  • For donation management: name, first name, address, email address, if applicable, bank details incl. IBAN and BIC of the donors. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. The GFF deletes the data ten years after completion of the last transaction. For more information, see Donations & Supporting Membership.
  • To advertise the GFF's work and donations by e-mail or mail: Surname, first name, address and, if applicable, e-mail address of the donors and supporting members, unless the respective donors or supporting members have objected to this (see Section 7 para. 3 no. 3 UWG). The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. The GFF deletes the data ten years after the last transaction.
  • To fulfill transparency obligations: Transmission of surname, first name and place of residence as well as the amount of the donation(s) and a brief description of the contribution to the lobby register for the representation of interests vis-à-vis the German Bundestag and the Federal Government, insofar as the donation(s) exceed(s) 20,000 euros in the past financial year. The legal basis for this is Art. 6 (1) sentence 1 lit. c in conjunction with (3) the GDPR and Section 3 (1) no. 7 LobbyRG.
  • For applications: Surname, first name, address and all other data of the applicants submitted with the application and arising in the course of the application process. The legal basis for this is § 26 BDSG. The GFF deletes the data at the latest six months after completion of the application process, but in the case of employment only six months after the end of the employment. Personnel records and references are deleted within ten years after the end of employment in the case of employment. In order to document the diversity of the applications received, the GFF keeps an anonymized version of the applicant information in both cases.
  • For payroll accounting: surname, first name, address, religious affiliation if applicable, tax number, social security number, health insurance number, bank details incl. IBAN and BIC of the employees. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR. The GFF deletes the data ten years after termination of the employment relationship.
  • For external presentation: Image and sound recordings of the GFF members and staff as well as participants in the GFF events on the website freiheitsrechte.org and accompanying publication formats on social networks and online and offline to document our work. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest is to provide public information about our activities. GFF deletes the data as soon as its use is no longer necessary, for example because newer recordings are available. If you, as a participant in an event, do not wish to have any recordings made, please inform us in advance at events@freiheitsrechte.org.
  • For the operation of the websites freiheitsrechte.org, mach-meldung.org, bea-aber-sicher.de and nopner.eu: Data automatically transmitted to us is not stored. We delete security log data stored on the basis of Art. 6 Para. 1 Sentence 1 lit. f within six months.
  • For event management: Information and personal data that you have provided to us in the course of registering for an event or online event, usually surname, first name, email address and event-related information such as selection of event blocks or meal requests are stored for the duration of the event organization and follow-up. The data will be deleted no later than 24 months after the end of the event, unless there are legal reasons (esp. accounting) that require a longer storage of the list of participants for documentation purposes. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.
  • For individual communication, e.g. via the Internet (e-mail): All data voluntarily submitted to us, such as surname, first name, e-mail address and any other specified personal data or special categories of personal data, insofar as this is necessary to process your request. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR. The GFF deletes the data within 24 months after the end of the respective form of communication or, if the data is part of ongoing proceedings, 24 months after the conclusion of the proceedings. In the event of support for legal proceedings, the details of data processing shall be governed by a separate agreement.
  • For the distribution of our newsletter: We process your email address and, if you have provided it, your first and last name. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. a GDPR. For more information, in particular on the revocation option, please see Newsletter.
  • Regarding the distribution of press releases and mass emails to politicians and their staff: We process the last names, first names, and email addresses of journalists, politicians, and their staff. The legal basis for this processing is Article 6(1)(f) of the GDPR.

You may revoke your consent at any time with effect for the future, in particular by sending an email to  info@freiheitsrechte.org. In the event of revocation, the GFF will delete the relevant data immediately.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) may be subject to security gaps. Complete protection of data against unauthorized access by third parties is not possible. However, our website uses the SSL/TLS encryption method with optimal security settings. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser input line. When SSL/TLS encryption is activated, the data that is transmitted is particularly protected during transport. For a high standard of protection in e-mail communication, we also offer the option of secure communication with PGP/GPG.

4. Recipient of the data

We do not transmit any data to third parties without your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR), except for the purpose of managing membership contributions, wages or donations, as well as for sending out newsletters (see “Donations and Supporting Membership” and “Newsletter” for more information). If this is required or necessary, this is done within the framework of commissioned data processing. Our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in commissioned data processing lies in the outsourcing of this resource-intensive processing. The data is transferred to Lohn24 for payroll administration.

The GFF is registered in the lobby register for the representation of interests towards the German Bundestag and the Federal Government (Link: https://www.lobbyregister.bund...). Therefore, we are legally obliged to disclose the names and place of residence of donors as well as the amount of the donation(s) in the register, if the donation(s) exceed 20,000 euros in the past fiscal year.

We do not use any social media plug-ins. Instead, the buttons present at some points on the website represent a link to the website of the respective social media service (in our case Facebook, Twitter, YouTube, Instagram). The existing buttons alone do not result in the collection and transmission of data to these services. Only when you click on a button will you be directed to the page of the respective provider.

We have created a separate privacy policy (in German) for the use of Zoom.

5. Cookies

Internet pages partly use so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure; this is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in their use.

The cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit to our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of Internet pages may be limited.

6. Third country transfer

The GFF does not transmit any data outside the scope of the GDPR. The exception is communication via social media based in the USA, for example Instagram and X, where personal data is only processed by third parties who are themselves customers of these networks.

7. Donations and supporting memberships

We provide a form for donations and supporting memberships. The data entered there is transmitted to twingle GmbH, Prinzenallee 74, 13357 Berlin, which processes the data on behalf of the GFF.

For direct debit transactions, the necessary data (name, IBAN, payment amount) is transmitted to GLS Gemeinschaftsbank eG, Christstraße 9, 44789 Bochum, which processes the data on behalf of the GFF.

If you select PayPal as your payment method, you will be redirected to the payment provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Further information on data protection at PayPal can be found here.

8. Newsletter

The GFF operates various newsletters. In these newsletters, you register yourself and give consent by confirming the activation link sent to you, which we store as part of the registration and confirmation. To receive the newsletter, we will process the email address you provided and, if you have provided them, your first and last name. You can unsubscribe from the newsletter, so your data will be deleted immediately. You can also send us by e-mail the revocation of consent to use the e-mail address for the newsletter at info@freiheitsrechte.org. In this case, the GFF will delete your e-mail address immediately.

Our info newsletter provides you with general information on the work of the GFF. Supporting members receive additional e-mails with appeals for further support of our work and invitations for special events.

We use the DialogMail software to send our newsletters. To do this, your data is transmitted to dialog-Mail eMarketing Systems GmbH, which processes the data on our behalf.

The software uses a tracking pixel that statistically analyzes interactions with our mailings. This is a pixel embedded in the email that establishes a connection with the DialogMail server when the email is opened. This determines whether you have opened the email. You can prevent this transmission by disabling the “Load external content” function in your email program. Additionally, clicks on links in our newsletter are statistically recorded. Both the data regarding the opening of the email and the clicks are stored anonymously and processed solely for statistical purposes

9. Webanalytics

The GFF operates its internet offers on its own servers. It uses the AWStats application to evaluate page visits; this evaluation takes place onthe GFF servers, and no personal data is processed for this purpose. The same applies to the use of Matomo.

10. Surveys

The GFF operates surveys on its own servers. For this purpose, it uses the LimeSurvey application to conduct these surveys. The processing takes place on servers of the GFF and only if you enter personal data. In this case, the personal data you enter and the date and time of entry are processed.

11. Video streaming and data traffic via video-stream-hosting.de (Steinmann GbR)

Our website freiheitsrechte.org incorporates content and services provided by the company Linda und Sören Steinmann GbR (Video-Stream-Hosting), Sören und Linda Steinmann GbR, Am Sennehügel 20, 32052 Herford. In particular, a video player, but also related services (media library, chat, feedback module, etc.). Hereinafter referred to as VSH. See also https://www.video-stream-hosting.com/

This video player and other provided data enable us to display content transmitted via VSH on this website.

When displaying the transmitted data and content (streaming videos, video player, chat, etc.) on our website, a direct connection is established between your browser and the servers that provide these services from VSH. To do this, your browser sends a request including your IP address and receives the requested data in return. Examples include loading the video player when the website loads, video content, or chat messages as soon as you access them.

The IP address required for this purpose is stored by VSH only temporarily and is used for data transmission and for the technical and security-related provision of the service. If the IP address is to be stored for a longer period, it is anonymized—this prevents VSH from tracing it back to your connection (i.e., it is not personally identifiable).

If you enter text, your name, or personal data via chat, feedback forms, etc., this information is used for the purpose of providing the service and is stored. VSH deletes this data after no later than 7 days, but may offer the option to have this data retained.

In addition, VSH stores so-called cookies in your browser. These cookies enable VSH to recognize your browser between individual requests and during your next visit to the website. This allows, for example, the number of page views to be counted. This serves technical and security-related purposes (detection of attacks and unauthorized access) and the pseudonymized collection of statistical data.

In addition, VSH stores so-called cookies in your browser. These cookies enable VSH to recognize your browser between individual requests and when you next visit the website. This allows, for example, the number of page views to be counted. This serves technical and security-related purposes (detection of attacks and unauthorized access) and the pseudonymized collection of statistical data.

You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block the acceptance of cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. Disabling cookies may limit the functionality of this website. Cookies remain on your device until you delete them.

The use of video stream hosting services is in the interest of ensuring uninterrupted provision and optimizing our offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Further information on this can be found in VSH’s privacy policy at https://www.video-stream-hosting.com/datenschutz/.

12. Rights of data subjects

You have the right

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • pursuant to Art. 21 GDPR to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Art. 6 (1) GDPR (see above);
  • to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future, and
  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our association headquarters.

To exercise your data subject rights, please contact us by e-mail at info@freiheitsrechte.org or also by post at: Gesellschaft für Freiheitsrechte e.V., Boyenstraße 41, 10115 Berlin. You may use e-mail encryption: PGP/GPG Key ID FA2C23A8 ( Download).

You may consult the GFF's data protection officer (see 2. above) on all matters relating to the processing of your personal data and the exercise of your rights. The data protection officer is obliged to maintain confidentiality about the identity of the data subject and about circumstances that allow conclusions to be drawn about the data subject, unless he or she is released from this obligation by the data subject.

Competent supervisory authority for a complaint:

Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, mailbox@datenschutz-berlin.de

13. Changes to this privacy policy

We reserve the right to change this privacy policy at any time with effect for the future. A current version is available at this point. Please visit the website regularly and inform yourself about the applicable data protection declaration.

Status: 05/2025

Grundrechte verteidigen.
Fördermitglied werden!