As of April 2, 2026
01
Information we collect
We collect personal and non-personal data to organize our events, process inquiries, and keep you informed about our events.
Information provided by you:
Name and contact information (email, phone number, address)
Ticket purchase details (ticket type, quantity, payment method) via Pretix
Event registration information and forms
Messages and inquiries via our contact forms
Application information (for online submissions)
Information collected automatically:
IP address and browser type
Device Information and Operating System
Pages visited, time spent on site, and navigation
02
How we use your data
We use your data responsibly to:
Process and confirm ticket orders
Send updates, newsletters, and information about upcoming events
Responding to inquiries and providing requested information
To improve the user-friendliness and security of our website
Keep accurate records of participants and application documents
To comply with legal and financial obligations
Legal basis: Article 6(1)(b) of the GDPR (performance of a contract), (c) (legal obligations), and (f) (legitimate interests).
03
Ticket Sales and Event Registration (Pretix)
We use Pretix (pretix GmbH, Heidelberg, Germany) for ticket sales and the management of event registrations. Pretix processes your name, email address, billing address, and event-related information.
Data processing takes place exclusively on servers located within the EU. We have entered into a data processing agreement (DPA) with pretix GmbH in accordance with Article 28 of the GDPR. Tax-related data is retained for up to 10 years in accordance with Sections 147 of the German Fiscal Code (AO) and 257 of the German Commercial Code (HGB).
Pretix Privacy Policy: https://pretix.eu/about/de/privacy/
04
Payment processing
We offer the following payment methods. Your payment information is processed exclusively through encrypted, secure channels. We do not have access to your full credit card or bank account information.
Stripe
Provider: Stripe Payments Europe, Ltd., Dublin, Ireland. Stripe processes payment data, IP addresses, and transaction data for payment processing and fraud prevention (PCI-DSS certified). Data transfers to the United States are carried out in accordance with the EU Standard Contractual Clauses (Art. 46 GDPR).
Stripe Privacy Policy: https://stripe.com/de/privacy
PayPal
Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg. PayPal processes the transaction on its own behalf and may use data for credit checks and fraud prevention. Data transfers to third countries are carried out on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.
PayPal Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Bank Transfer
When paying by bank transfer, you provide us with your bank account details (IBAN, account holder’s name) directly through your own bank. We use this information solely to process and confirm your payment and do not share it with third parties. Processing is based on Article 6(1)(b) of the GDPR (performance of a contract). Payment receipts are stored for up to 10 years in accordance with the statutory retention periods (Sections 147 AO, 257 HGB).
05
Contact Form & Forms (Baserow)
We store incoming contact requests and form submissions (including job applications) with Baserow (Baserow B.V., Amsterdam, Netherlands). The data is used exclusively to process your request and is not shared with third parties. Baserow stores data within the EU.
We have entered into a data processing agreement with Baserow in accordance with Article 28 of the GDPR. In the case of job applications, data will be deleted no later than six months after a rejection (Section 26 of the BDSG).
06
Disclosure of Information
We do not sell, rent, or trade your personal data. We only share it on a limited basis with:
Trusted service providers (Pretix, Stripe, PayPal, Baserow, Framer) based on General Terms and Conditions (GTC)
Government agencies, where required by law
In-house teams for data management and support
When paying by bank transfer, the transaction is processed through your own bank; we have no control over their data processing. All other partners are bound by strict confidentiality and data protection agreements.
07
Your rights
You have the right to:
Access to, correction, or updating of your data (Art. 15, 16 GDPR)
Deletion of your data from our systems (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data Portability (Art. 20 GDPR)
Objection to processing (Art. 21 GDPR)
Withdrawal of consent (Art. 7(3) GDPR)
Unsubscribe from newsletters and promotional emails
Filing a complaint with a data protection supervisory authority (Art. 77 GDPR)
To exercise your rights, please contact: kontakt@mutualaidheat.de
08
Privacy & Security
We use robust technical and organizational security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. All data transmission is SSL/TLS-encrypted (indicated by https:// in the address bar).
Card payments are processed exclusively through PCI-DSS-certified services (Stripe, PayPal). We never store complete payment details on our own systems. For bank transfers, we process only the payment receipt and the data necessary for allocation.
09
Cookies
This website does not use analytics, marketing, or tracking cookies. Technically necessary cookies may be set by Framer (session cookies), Pretix (shopping cart session), as well as Stripe and PayPal (transaction security). These do not contain any marketing data and are necessary for the respective services to function properly.
10
Updates to this statement
We may update this Privacy Policy from time to time to reflect new legal requirements or changes to our services. The most recent version is always available on this page with the current date.
11
Contact
If you have any questions or concerns regarding this privacy policy, please contact:
Till Leinen
Roseggerstr. 42
12043 Berlin, Germany
Email: kontakt@mutualaidheat.de