Privacy Policy

Last updated: 27 April 2026

This English version is provided as a courtesy. The legally binding version is the German Datenschutzerklärung, which fulfills the requirements of the EU General Data Protection Regulation (GDPR) and German law.

Preamble

With this privacy policy, we wish to inform you about the types of personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Table of contents

• Preamble
• Controller
• Overview of processing operations
• Relevant legal bases
• Security measures
• Transmission of personal data
• Data storage and deletion
• Rights of data subjects
• Provision of online offering and web hosting
• Fonts
• Contact and inquiry management
• Modification and update
• Definitions of terms

Controller

Vera Hofmann
Paul-Lincke-Ufer 8c
10999 Berlin
Germany

E-mail: info [at] commoning.art

Overview of processing operations

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed

• Contact data
• Content data
• Usage data
• Meta, communication, and procedural data
• Log data

Categories of data subjects

• Communication partners
• Users

Purposes of processing

• Communication
• Security measures
• Feedback
• Provision of our online offering and user-friendliness
• Information technology infrastructure

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR's provisions, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

• Performance of contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR) — Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Article 6 (1) sentence 1 (f) GDPR) — Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz — BDSG). The BDSG contains, in particular, special regulations on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission and automated decision-making in individual cases including profiling. State data protection laws of the individual federal states may also apply.

Security measures

We take appropriate technical and organisational measures in accordance with statutory provisions, taking into account the state of the art, the cost of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as access, input, transmission, ensuring availability, and separation of data. We have also established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and default.

Securing online connections via TLS/SSL encryption technology (HTTPS): To protect users' data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. When a website is secured by an SSL/TLS certificate, this is indicated by HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.

Transmission of personal data

In the context of our processing of personal data, it may happen that the data is transmitted to or disclosed to other entities, companies, legally independent organisational units, or persons. Recipients of this data may include, for example, IT service providers tasked with such activities or providers of services and content embedded in a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or no further legal grounds for processing exist. This concerns cases in which the original purpose of the processing no longer applies or the data is no longer needed. Exceptions to this rule exist where statutory obligations or particular interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly.

If multiple retention periods or deletion deadlines are specified for a piece of data, the longest period shall always apply. Data that is no longer retained for the originally intended purpose but for legal or other reasons is processed exclusively for the reasons that justify its retention.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
• Right to withdraw consent: You have the right to withdraw consent given at any time.
• Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to receive information about this data, as well as further information and a copy of the data in accordance with statutory provisions.
• Right to rectification: In accordance with statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
• Right to erasure and restriction of processing: In accordance with statutory provisions, you have the right to request that data concerning you be deleted immediately, or alternatively, in accordance with statutory provisions, to request a restriction of the processing of the data.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with statutory provisions, or to demand its transmission to another controller.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Provision of online offering and web hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g. page views and time spent, click paths, intensity and frequency of use, types of devices used, and operating systems); meta, communication, and procedural data (e.g. IP addresses, time stamps); log data.
• Data subjects: Users (e.g. website visitors).
• Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness; information technology infrastructure; security measures.
• Legal bases: Legitimate interests (Article 6 (1) sentence 1 (f) GDPR).

Provision of online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent from a server provider ("web host"). The website is hosted by IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany.

Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transmitted, notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Fonts

This website uses fonts that are hosted locally on the server to ensure consistent display. There is no connection to external font providers (such as Google Fonts). No data is transmitted to third parties.

The following open-source fonts are used:

• Space Grotesk by Florian Karsten, based on Space Mono by Colophon Foundry. Licensed under SIL Open Font License 1.1.
• Newsreader by Production Type. Licensed under SIL Open Font License 1.1.

Contact and inquiry management

When contacting us (e.g. by e-mail) and in the context of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to respond to the contact inquiries and any requested measures.

This website does not contain a contact form. No data is collected via form fields. Contact is exclusively by e-mail to the address indicated in the imprint.

• Types of data processed: Contact data (e.g. e-mail address); content data (content of the message); meta, communication, and procedural data.
• Data subjects: Communication partners.
• Purposes of processing: Communication; feedback; responding to inquiries.
• Legal bases: Legitimate interests (Article 6 (1) sentence 1 (f) GDPR); performance of contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR).

Modification and update

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require any cooperation on your part (e.g. consent) or any other individual notification.

Insofar as we provide addresses and contact information of companies and organisations in this privacy policy, please note that addresses may change over time and we ask that you check the information before contacting them.

Definitions of terms

This section provides an overview of the terms used in this privacy policy. Where the terms are defined by law, their statutory definitions apply. The following explanations, however, are intended primarily for understanding.

• Content data: Content data includes information generated in the course of creating, processing, and publishing content of all kinds. This category of data may include texts, images, videos, audio files, and other multimedia content.
• Contact data: Contact data is essential information that enables communication with persons or organisations. It includes, among other things, telephone numbers, postal addresses, and e-mail addresses.
• Meta, communication, and procedural data: Data about the way data is processed, transmitted, and managed — such as time stamps, IP addresses, and identification features.
• Usage data: Information that records how users interact with digital products or platforms — e.g. page views, time spent, click paths.
• Personal data: Any information relating to an identified or identifiable natural person.
• Log data: Information about events or activities logged in a system or network — e.g. time stamps, IP addresses, error messages.
• Controller: The natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: Any operation or set of operations performed on personal data, whether or not by automated means — e.g. collecting, evaluating, storing, transmitting, or deleting.

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke (German source)