Jump to content

Privacy Policy

Privacy Policy of the Gesellschaft für Freiheitsrechte e.V.

In the following, we inform the visitors of our website, interested parties, subscribers to our newsletters, our (supporting) members, participants in events, campaigns and surveys, as well as donors, about how the Gesellschaft für Freiheitsrechte e.V. (GFF) handles their personal data. Personal data are data that allow direct or indirect conclusions to be drawn about your identity. In doing so, we fulfil the duty to inform under Art. 13 of the General Data Protection Regulation (GDPR).

The transparent and secure handling of personal data is an important concern for the GFF.

A separate privacy policy. applies to the processing of data within the framework of the evidence database on the AfD ban. In addition, we inform you here about the processing of your data if you have applied to us for an open position or on your own initiative.

1. Controller

The controller responsible for data processing within the meaning of Art. 4 no. 7 GDPR is the Gesellschaft für Freiheitsrechte e.V., Boyenstraße 41, 10115 Berlin, reachable by phone at 030-549 08 10 0, by email at info@freiheitsrechte.org, PGP/GPG Key ID FA2C23A8 (  Download).

2. Data Protection Officer

You can reach the GFF's Data Protection Officer at datenschutz@freiheitsrechte.org, PGP/GPG Key ID CD68E0EB (  Download).

3. Purposes and Legal Bases of Processing

The GFF processes personal data in order to carry out the association's work and fulfil its substantive tasks. This concerns data of interested parties and (supporting) members for the fulfilment of our statutory purposes, data of claimants within the framework of specific strategic litigation, data of donors for fundraising, recipients of our newsletters, participants in surveys and campaigns, or visitors to our events. This involves the processing of various types of personal data:

  • For (supporting) membership administration: surname, first name, address, telephone number, interests, contact and activity history, email address, and where applicable bank details including IBAN and BIC or other payment options of the (supporting) members, as well as incoming payments. The legal basis for this is Art. 6(1)(1)(b) GDPR (performance of a contract). The GFF deletes the data ten years after completion of the last transaction within the framework of the association or supporting membership, at the end of the year. The individual incoming payments are each deleted after ten years. Further information can be found under Donations and Supporting Membership.
  • For donation administration: surname, first name, address, email address, telephone number, interests, contact and activity history, and where applicable bank details including IBAN and BIC or other payment options of the donors. The legal basis for this is Art. 6(1)(1)(b) GDPR (performance of a contract). The GFF deletes the data ten years after the transaction. Further information can be found under Donations and Supporting Membership.
  • For carrying out donations and supporting memberships: For donations and supporting memberships we provide a form. We use the donation form of twingle GmbH, Prinzenallee 74, 13357 Berlin. twingle GmbH provides the technical platform for the donation process for this donation form. The data you enter when making a donation (e.g. address, bank details, etc.) are stored by twingle on behalf of the GFF on servers in Germany in order to process the donation. To optimise our communication, we individualise the donation pages for each communication channel. We can therefore trace which channel donors used to reach the donation form. We have concluded a data processing agreement with twingle. Depending on the chosen payment method, twingle uses further payment service providers. With the direct debit procedure, the data required for this (name, IBAN, payment amount) are transmitted to GLS Gemeinschaftsbank eG, Christstraße 9, 44789 Bochum. If you select PayPal as the payment method, you will be redirected to the payment provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Further information on data protection at PayPal can be found here. If you select American Express, Mastercard, VISA, Apple Pay or Google Pay as the payment method, you will be redirected to the payment provider Stripe Payments Europe, Limited, The One Building, 1 Grand Canal Street Lower, Dublin 2, Co. Dublin, Ireland.
  • For carrying out campaigns such as email campaigns to members of parliament, petitions or surveys: surname, first name, address, email address, time of participation, interests, contact and activity history. To optimise our communication, we individualise the campaign pages for each communication channel. We can therefore trace which channel participants used to reach the campaign form. The legal basis for this is Art. 6(1)(1)(a) GDPR (consent).
  • For promoting the work of the GFF and donation appeals by email or post: surname, first name, interests, and where applicable address and email address of donors, supporting members, newsletter subscribers and participants in campaigns, unless they have objected to this. The legal basis for this is Art. 6(1)(1)(f) GDPR (safeguarding legitimate interests, based on our interest in fulfilling our statutory purposes and communicating with you in this context). The GFF deletes the data three years after the last interaction.
  • To fulfil transparency obligations: transmission of surname, first name, amount of the donation(s) in tiers of EUR 10,000, and a brief description of the service to the Lobby Register for interest representation vis-à-vis the German Bundestag and the Federal Government, insofar as we are legally obliged to do so. This is the case if the total value of donations per financial year exceeds EUR 10,000 and 10 percent of the total sum of gifts and other lifetime contributions to the GFF in the respective financial year. The legal basis for this is Art. 6(1)(1)(c) GDPR in conjunction with § 3(1) no. 8 of the German Lobby Register Act (LobbyRG).
  • For external presentation and public relations: image and sound recordings of the members and staff of the GFF as well as of the participants in GFF events on the website freiheitsrechte.org and accompanying publication formats on social networks and online as well as offline, to document our work. The legal basis for this is Art. 6(1)(1)(f) GDPR. The legitimate interest lies in informing the public about our activities. The GFF deletes the data as soon as their use is no longer necessary, for example because more recent recordings are available. If, as a participant in an event, you do not wish to be recorded, please inform us in advance at events@freiheitsrechte.org. You may also subsequently object to future processing (see below under section 7).
  • For the operation of the websites: When you visit our websites, our web server records so-called usage data. The usage data consist of the name and address of the requested content, the date and time of the request, the volume of data transferred, the access status (content transferred, content not found), the description of the web browser and operating system used, the referral link indicating the page from which you reached our websites, and the IP address of the requesting computer. The legal basis for processing the usage data is Art. 6(1)(1)(f) GDPR. The processing takes place in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimised presentation.
  • To ensure the security of our websites: the complete IP address transmitted by your web browser is also stored by us for a specific purpose for a period of 14 days, in the legitimate interest of being able to detect, contain and remedy attacks on our websites. After this period has elapsed, we delete or anonymise the IP address. The legal basis for the processing is Art. 6(1)(1)(f) GDPR.
  • To analyse usage behaviour on our websites: on our websites we carry out an anonymous visitor measurement using Matomo („Matomo Log Analytics“). For this purpose, the log data of the web server (server log files) as well as the shortened IP address are evaluated. No conclusions can be drawn about you personally. Furthermore, we neither store information on your device nor read information from your device in this process. The legal basis for the processing (shortening of your IP address) is Art. 6(1)(f) GDPR (safeguarding legitimate interests, based on the interest in designing our websites to meet needs, continuously optimising them, and thereby ensuring the anonymity of the visitors to our websites).
  • For carrying out surveys: the GFF operates surveys on its own servers. For this purpose it uses the application LimeSurvey to conduct these surveys. The processing takes place on the GFF's servers and only if you enter personal data. In this case, the personal data you enter as well as the date and time of entry are processed. The legal bases for the processing are, for anonymous surveys, Art. 6(1)(f) GDPR (safeguarding legitimate interests in conducting surveys and thereby gathering relevant insights into the work of the GFF) and, for personalised surveys, Art. 6(1)(a) GDPR (consent).
  • For event management: information and personal data that you have provided to us in the course of registering for an event or online event, generally surname, first name, email address and event-related information such as the selection of event blocks or meal preferences, are stored for the duration of the event organisation and follow-up. The data are deleted at the latest two years after the end of the event, unless there are legal grounds (in particular accounting or external auditing) that require longer storage of the participant list for documentation purposes. For registration and processing we use the application Pretix. The legal basis for this is Art. 6(1)(1)(b) GDPR (performance of a contract).
  • For individual communication, e.g. via the internet (email): all data voluntarily transmitted to us, such as surname, first name, email address and any other personal data provided or special categories of personal data, insofar as this is necessary to deal with your request. The legal basis for this is Art. 6(1)(1)(f) GDPR (safeguarding legitimate interests, based on our interest in fulfilling our statutory purposes, dealing with your enquiries and communicating with you in this context). The GFF deletes the data within two years of the end of the respective form of communication, unless they are required to support legal proceedings (see below) or take place within the framework of donation and membership communication (see above).
  • For conducting online meetings: we use the Zoom service for conducting online meetings. The service is provided to us by Zoom Communications, Inc., based in the United States, as a data processor. When participating in an online meeting in which Zoom is used, we process within Zoom information about the user (name, email address, profile picture), communication content (text, audio and video data; in the case of recordings, an MP4 file of all video, audio and presentation recordings, an M4A file of all audio recordings, a text file of all online meeting chats), as well as meeting metadata (subject, description, device information, IP address). In order to enable the display of video and the playback of audio, the data of the microphone and/or the video camera of your device are processed for the duration of an online meeting. You can deactivate or mute the camera and/or the microphone at any time. For further information on the data processing, please refer to Zoom's privacy notices: https://explore.zoom.us/de/pri.... The legal basis for the described data processing is Art. 6(1)(f) GDPR (safeguarding legitimate interests, based on our interest in carrying out internal and external corporate communication as well as ensuring a location-independent and flexible business operation). Insofar as we record an online meeting, this is done on the basis of Art. 6(1)(a) GDPR (consent).
  • To support legal proceedings (e.g. lawsuit, constitutional complaint, complaint, criminal charge): surname, first name, address, email address, telephone number and further data connected with the proceedings (facts, evidence or similar). The legal basis is Art. 6(1)(1)(b) GDPR (performance of a contract) and Art. 6(1)(1)(f) GDPR (safeguarding legitimate interests, based on our interest in fulfilling our statutory purposes); in addition, Art. 9(2)(f) GDPR (establishment, exercise or defence of legal claims) and Art. 9(2)(d) GDPR (processing by a not-for-profit organisation), insofar as special categories of personal data are concerned. The data are deleted within ten years of the conclusion of the proceedings.
  • For the dispatch of our newsletters: we process your email address and, if you have provided them, your surname and first name as well as the time of registration and interests. The legal basis for this processing is Art. 6(1)(1)(a) GDPR (consent). The declaration of consent is given via an online form on our website in combination with confirmation via a link, or solely by clicking a link that we have sent by email. It is a personalised newsletter. Based on interactions (e.g. participation in a campaign or a donation), we provide you with targeted information on topics that match your interests and that are important to you. You can unsubscribe from the newsletter yourself. Your data will then be deleted after a period of three months. Our info newsletter provides you with general information about the work of the GFF, calls to participate in campaigns and appeals for support. Supporting members receive further emails, with editorial coverage of our work, with calls for further support of our work and invitations to special events. To dispatch the newsletters we use the service provider DialogMail. For this purpose, your data are transmitted to dialog-Mail eMarketing Systems GmbH, which processes the data on our behalf. The software uses a tracking pixel that statistically evaluates interactions with our mailings. This is a pixel embedded in the email that establishes a connection to DialogMail's server when the email is opened. In this way it is determined whether you have opened the email. By deactivating the „loading of external content“ function in your email program, you can prevent this transmission. In addition, clicks on links in our newsletter are recorded statistically. Both the data on the opening of the email and on the clicks are stored anonymously and processed only for statistical purposes.
  • For the dispatch of press releases and circular emails to politicians and their staff: we process the surnames, first names and email addresses of journalists, politicians and their staff. The legal basis for this processing is Art. 6(1)(1)(f) GDPR (safeguarding legitimate interests, based on our interest in informing politicians, their staff and journalists about our work).

You can revoke any consent granted at any time with effect for the future, in particular by email to info@freiheitsrechte.org, or object to the assumption of a legitimate interest under Art. 6(1)(1)(f) GDPR. In the event of revocation or objection, the GFF will delete the data concerned without delay.

We point out that data transmission over the internet (e.g. when communicating by email) can have security gaps. Complete protection of the data against unauthorised access by third parties is not possible. However, our online services use the SSL/TLS encryption procedure with optimal security settings. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://”, and by the lock symbol in your browser address bar. When SSL/TLS encryption is activated, the data that are transmitted are particularly protected in transit. For a high standard of protection in email communication, we also offer the option of secured communication with PGP/GPG.

4. Recipients of the Data

As a matter of principle, we do not transmit any data to third parties without your consent (Art. 6(1)(1)(a) GDPR). For the purpose of contribution or donation administration as well as the dispatch of the newsletters (see under Donations and Supporting Membership as well as Newsletter), we cooperate with external service providers. The transfer of data to the service providers we use, generally takes place within the framework of data processing on our behalf.

In individual cases, for the processing of your data we use service providers located in third countries outside the European Union. Countries outside the European Union handle the protection of personal data differently from countries within the European Union. We have therefore taken special measures to ensure that your data are processed just as securely in third countries as within the European Union. Insofar as we use a service provider in a third country, we check whether it is based in a country for which an adequacy decision of the EU Commission exists, or whether a service provider based in the United States is certified under the EU-U.S. Data Privacy Framework. Otherwise, we conclude with the service provider the data protection agreement provided by the European Commission for the processing of personal data in third countries (standard contractual clauses) and carry out processing-related data transfer impact assessments where necessary. These measures constitute appropriate safeguards for the protection of your data with service providers in third countries. You can request a copy of the standard contractual clauses using the contact details provided above.

For the operation of our website and other services, we use an external service provider for hosting. We host our websites with the external provider Hetzner (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany).

We host the website afd-gutachten.de with Cloudflare (Cloudflare Germany GmbH, c/o Design Offices München Atlas, Rosenheimer Straße 143C - 8th floor, 81671 Munich, Germany, with the parent company Cloudflare, Inc. based in the USA).

For sending emails in Campaigns, we use the provider Mailjet as an SMTP gateway; for this we have a corresponding data processing agreement.

The GFF is registered in the Lobby Register for interest representation vis-à-vis the German Bundestag and the Federal Government (link:  https://www.lobbyregister.bund...) is registered. We are therefore legally obliged to provide data in the Lobby Register (see above, processing purpose „fulfilment of transparency obligations“).

We do not use social media plug-ins. Instead, the buttons present at some points on the website constitute a link to the website of the respective social media service (in our case Instagram, YouTube, Mastodon, LinkedIn, Bluesky). The mere presence of the buttons does not yet result in any collection and transmission of data to these services. Only when you click a button are you directed to the page of the respective provider.

5. Cookies

The websites partly use so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do no harm to your computer and contain no viruses. Cookies serve to make our service more user-friendly, more effective and more secure.

The cookies we use are so-called „session cookies“. They are automatically deleted after the end of your visit to our online service. The legal basis for the use of the cookies is § 25(2) no. 2 TDDDG.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of websites may be limited.

6. Storage Period

Unless we have already informed you of the storage period in individual cases, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests or statutory retention grounds preclude deletion.

7. Data Subject Rights

You have – in each case in accordance with the statutory requirements – the right

  • pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
  • pursuant to Art. 16 GDPR to request the immediate rectification of incorrect personal data stored by us or the completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, insofar as the processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request the transmission to another controller;
  • pursuant to Art. 21 GDPR, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(1)(e) or (f) GDPR (see above);
  • pursuant to Art. 7(3) GDPR to revoke at any time the consent you have once given to us. The consequence of this is that we may no longer continue the data processing that was based on this consent for the future; and
  • pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace or of our association's registered office for this purpose.

To exercise your data subject rights, please contact us by email at info@freiheitsrechte.org or also by post at: Gesellschaft für Freiheitsrechte e.V., Boyenstraße 41, 10115 Berlin. You can use email encryption: PGP/GPG Key ID FA2C23A8 (  Download).

You may consult the GFF's Data Protection Officer (above under 2.) on all questions relating to the processing of your personal data and the exercise of your rights. The Data Protection Officer is obliged to maintain confidentiality about the identity of the data subject as well as about circumstances that allow conclusions to be drawn about the data subject, insofar as he or she is not released from this obligation by the data subject.

The supervisory authority responsible for the GFF for a complaint is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Alt-Moabit 59-61, 10555 Berlin, mailbox@datenschutz-berlin.de.

8. Changes to this Privacy Policy

The current version is available at this point at any time. Please visit the website regularly and inform yourself about the applicable privacy policy.

As of 06/2026

We use Matomo to carry out reach measurement. With your voluntary consent, you help us to improve our campaigns. You can find more information on this and how to withdraw your consent in our privacy policy.

Grundrechte verteidigen.
Fördermitglied werden!