5. Contact (contact form / partner form)

If you use our contact form, which is embedded as a form block by Squarespace, we process the data you enter (name, e‑mail address, message and any additional voluntary information).
The legal basis is Art.6(1)(b) GDPR (pre‑contractual measures) where the enquiry relates to potential cooperation, and Art.6(1)(f) GDPR (legitimate interest in answering general enquiries).
The data are used exclusively for processing your request and subsequently deleted in accordance with the statutory retention periods.

6. Newsletter

We use the service Email Octopus, provided by Three Hearts Digital Ltd, United Kingdom, to send our e‑mail newsletter. The data are stored on servers in Amazon Web Services data centres located in Ireland (EU).

If you subscribe to our newsletter, we process:

• E‑mail address

• Name (optional)

• Time of subscription

• Confirmation in the double‑opt‑in process

The legal basis is your consent pursuant to Art.6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every newsletter e‑mail or by sending us an informal message.

Processing is carried out on the basis of the data protection arrangements provided by Email Octopus.

7. Participation in surveys

For our community surveys (e.g. on unpaid care work or the Project Care‑Coin community), we use the external service forms.app. The forms are linked or embedded on our website; however, data are processed directly by forms.app and not by Squarespace.

Depending on the specific survey, the following data may be processed:

• Your answers to the questions in the form

• Any contact details you voluntarily provide (e.g. e‑mail address)

• Technical information (e.g. IP address, browser type, language settings, time of participation)

As a rule, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR (voluntary participation). In the case of purely anonymous evaluations, the legal basis may be our legitimate interest in project analysis and product development pursuant to Art.6(1)(f) GDPR.

forms.app stores the collected form data on servers located in the European Union (Belgium). All form data are stored in encrypted form on EU servers; forms.app states that it fully complies with the requirements of the GDPR and implements appropriate security measures.
In addition, the privacy policies of forms.app apply, available at https://forms.app/privacy-policy and https://forms.app/en/gdpr.

8. Cookies and consent management

In addition to cookies that are necessary for the operation of the website (Squarespace), additional cookies may be set in connection with embedded or linked third‑party services, e.g. by forms.app (surveys) or EmailOctopus (newsletter forms). These cookies are controlled exclusively by the respective providers. Further information can be found in the privacy and cookie notices of the respective services.

The legal basis for technically necessary cookies is Art.6(1)(f) GDPR. For all other cookies (e.g. analytics or marketing cookies), the legal basis is Art.6(1)(a) GDPR. Consent is obtained via a consent management tool (e.g. the integrated Squarespace cookie banner) and can be withdrawn or adjusted at any time.

Further details on the cookies used can be found in our separate Cookie Policy.

9. Web analytics (Squarespace Analytics)

(1) Squarespace uses analytics tools that collect basic statistical usage data.
(2) The data processed include, for example:

• Page views

• Time spent on pages

• Origin of visitors

• Device type

• Technical metadata 


(3) The legal basis is Art.6(1)(f) GDPR.
(4) Data transfers to the United States cannot be ruled out; such transfers are based on Standard Contractual Clauses.

10. Disclosure of data to third parties

Personal data are only disclosed to third parties if:

• this is necessary for the performance of a contract (Art.6(1)(b) GDPR),

• there is a legal obligation to do so (Art.6(1)(c) GDPR),

• it is necessary for the purposes of legitimate interests (Art.6(1)(f) GDPR), or

• you have given your consent (Art.6(1)(a) GDPR).

Service providers are contractually bound as processors in accordance with Art. 28 GDPR.

11. Storage period

Data are stored only for as long as necessary for the respective purpose or as required by statutory retention periods. Once the purpose of storage no longer applies or the statutory retention periods have expired, the data are deleted.

12. Rights of data subjects

You have the following rights:

• Right of access (Art.15 GDPR)

• Right to rectification (Art.16 GDPR)

• Right to erasure (Art.17 GDPR)

• Right to restriction of processing (Art.18 GDPR)

• Right to data portability (Art.20 GDPR)

• Right to object (Art.21 GDPR)

• Right to withdraw consent (Art.7(3) GDPR)

13. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR.

The competent authority is in particular:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein‑Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine‑Westphalia)

Postfach 20 04 44
40102 Düsseldorf
Germany

E‑mail: poststelle@ldi.nrw.de

14. Updates to this Privacy Policy

This Privacy Policy is reviewed regularly and updated to reflect legal or technical developments.

Version: 17 Decembre 2025