Abstract digital artwork featuring colorful flowing waves and connected spheres against a light background.

Privacy Policy

1. General Information

Digital Freedom and Rights gUG (haftungsbeschränkt) i. G., also operating as DFR Foundation, takes the protection of personal data seriously. We process personal data in accordance with the EU General Data Protection Regulation, the German Federal Data Protection Act, and other applicable data protection laws.

This Privacy Policy explains how we process personal data when you visit our website, contact us, register for courses, purchase online trainings, participate in events, or use our digital services.

2. Data Controller

The data controller responsible for processing personal data is:

Digital Freedom and Rights gUG (haftungsbeschränkt) i. G.
Friedrich-König-Weg 5
90513 Zirndorf
Germany

Email: Jazzi@dfrfoundation.com
Phone: +49 911 47758629

3. Personal Data We Process

Depending on how you use our services, we may process the following categories of personal data:

  • Name and contact details

  • Email address and phone number

  • Organization or professional role, if provided

  • Billing and payment information

  • Course registration details

  • Participation and attendance information

  • Communication with us

  • Certificate-related information, where applicable

  • Technical data such as IP address, browser type, device information, access time, and log data

  • Consent preferences for cookies or marketing communication

4. Purposes of Processing

We process personal data for the following purposes:

  • To respond to inquiries and communicate with you

  • To manage course registrations and event participation

  • To provide access to online courses, trainings, workshops, and learning materials

  • To process payments and issue invoices

  • To issue certificates or confirmations of participation

  • To operate, secure, and improve our website and digital services

  • To detect and prevent misuse, attacks, or security incidents

  • To meet legal, tax, accounting, and compliance obligations

  • To send newsletters or updates where consent has been given

5. Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

  • Article 6(1)(b) GDPR: performance of a contract or pre-contractual measures

  • Article 6(1)(c) GDPR: compliance with legal obligations

  • Article 6(1)(f) GDPR: legitimate interests, such as secure operation of our website and communication with users

  • Article 6(1)(a) GDPR: consent, for example for newsletters, analytics, or non-essential cookies

6. Website Usage Data and Security Logs

When you visit our website, our servers may automatically process technical data such as IP address, browser type, operating system, access time, requested pages, and referring website.

This data is processed to deliver website content, maintain technical stability, detect misuse, and protect against cyberattacks.

IP addresses and security logs may be stored for up to four weeks where necessary for security and incident investigation purposes, unless a longer retention period is required due to a specific security incident or legal obligation.

Our website uses TLS encryption. Email communication may be encrypted in transit depending on the email providers involved.

7. Contact and Communication

If you contact us by email, contact form, chat, or other communication channels, we process the information you provide in order to respond to your request and manage communication with you.

8. Course Registration and Online Learning

When you register for a course, training, workshop, or event, we process the data necessary to manage your registration, provide access, communicate course information, process payments, and issue certificates where applicable.

Course access links, learning materials, recordings, and platform credentials may only be used by registered participants.

9. Payments

Payments may be processed through external payment service providers such as Stripe, PayPal, or other providers made available during checkout.

Financial data is generally processed directly by the payment provider. DFR Foundation does not store full payment card details in its own systems.

The respective payment provider is responsible for its own data processing where applicable.

10. Cookies and Consent Management

Our website may use cookies and similar technologies. Some cookies are necessary for the technical operation of the website, while others may be used for analytics, media integration, marketing, or user experience improvements.

Non-essential cookies and analytics tools are used only where legally permitted and, where required, based on your consent.

We may use a consent management tool such as Complianz to manage cookie preferences.

11. Third-Party Services

We may use third-party service providers to operate and improve our website, store, learning platform, communication, analytics, payment processing, and media integration.

These may include, depending on the configuration of the website:

  • WooCommerce for online store functionality

  • LearnPress for training and learning management

  • Stripe and PayPal for payment processing

  • Google Analytics for website analytics, where consent has been given

  • Mailchimp for newsletters, where consent has been given

  • tawk.to for chat functionality

  • Complianz for consent management

  • YouTube for embedded videos

  • OpenStreetMap for map integration

These providers may process personal data according to their own privacy policies and, where applicable, under data processing agreements with us.

12. International Data Transfers

Some third-party providers may process data outside the European Economic Area. Where this occurs, we seek to ensure that appropriate safeguards are in place, such as EU Standard Contractual Clauses, adequacy decisions, or other legally recognized mechanisms.

13. Newsletter

If you subscribe to our newsletter, we process your email address and, where provided, your name and preferences for the purpose of sending updates, course information, and relevant communications.

You may unsubscribe at any time using the unsubscribe link in the newsletter or by contacting us.

14. Data Retention

We store personal data only as long as necessary for the purposes described in this Privacy Policy or as required by law.

Billing and accounting data may be retained for statutory retention periods. Course participation records may be retained for a reasonable period to verify participation or reissue certificates.

15. Data Sharing

We do not sell personal data.

We share personal data only where necessary to provide our services, process payments, operate our website, comply with legal obligations, or protect legitimate interests. Data is not shared with unauthorized third parties.

16. Your Rights

Subject to legal requirements, you have the following rights:

  • Right of access to your personal data

  • Right to rectification of inaccurate data

  • Right to erasure of your data

  • Right to restriction of processing

  • Right to object to processing

  • Right to data portability

  • Right to withdraw consent at any time

  • Right to lodge a complaint with a competent data protection authority

17. Contact for Privacy Requests

For privacy-related inquiries or requests, please contact us at:

Jazzi@dfrfoundation.com

18. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, technical systems, or third-party providers.

The current version will be made available on our website.