1. What do we do?

2. What information do we provide?

3. Definitions

4. Contact

5. Data Security

6. Rights of Data Subjects

7. General Principles

8. Individual Data Processing Activities

9. Will our privacy policy always remain the same?

What do we do?

Warm Hearts gUG (limited liability) (Adlerhorst 7, 24558 Henstedt-Ulzburg) operates the website www.warm-hearts.de (hereinafter referred to as "we").

The protection of your personal data is very important to us. In this privacy policy, we transparently and clearly inform you about which data we collect via our website and how we handle it.

For this reason, we use the icons of the PRIVACY ICONS association. They are intended to help you quickly get an overview of how we process your data.

What information do we provide?

• Who is responsible for data processing;

• Which data is collected;

• For what purpose the data is collected;

• On what legal basis we collect this data;

• To whom we disclose this data;

• How you can object to data processing;

• Your rights and how you can exercise them.

Definitions

What are personal data?

Personal data (equivalent to the term "person data") are any information relating to an identified or identifiable natural person. This includes, for example, name, address, date of birth, email address, phone number, and IP address. Data about personal preferences, such as hobbies or memberships, also count as personal data.

What are special categories of personal data?

Special categories of personal data (equivalent to the term "sensitive data") include:

• Data about religious, philosophical, political, or trade union beliefs or activities;

• Data about health, intimacy, racial or ethnic origin, sexual life, and sexual orientation;

• Data about administrative or criminal proceedings and sanctions, as well as social welfare measures;

• Genetic data and biometric data that uniquely identify a person.

If necessary and if you voluntarily provide such data, we may process data that belongs to a special category of personal data. In this case, its processing is subject to stricter confidentiality.

What is processing of personal data?

Processing (equivalent to "handling") refers to any interaction with personal data, regardless of the methods used, especially collecting, storing, using, modifying, disclosing, archiving, deleting, or destroying personal data.

What is disclosure of personal data?

This refers to transmitting or making personal data accessible, for example, publishing it or revealing it to a third party.

Contact

If you have questions or concerns about the protection of your data by us, you can contact our data protection officer:

Warm Hearts gUG (limited liability)
Dominik-Andreas Remmert
Adlerhorst 7
24558 Henstedt-Ulzburg
info@warm-hearts.de

Data Security

We will store your data securely and take all reasonable measures to protect your data from loss, access, misuse, or alteration.

Our contractors and employees who have access to your data are obliged to comply with data protection regulations. In some cases, it may be necessary within the framework of commissioned processing to forward your requests to affiliated companies. Even in these cases, your data will be treated confidentially.

Within our website, we use the SSL (Secure Socket Layer) protocol in conjunction with the highest encryption level supported by your browser.

Rights of Data Subjects

Right to information

You may request information at any time about the data we store about you. Please send your request along with credible proof of identity to info@warm-hearts.de.

The information will be provided in writing or another form, possibly electronically. If you request, we can also provide the information orally if you verify your identity by other means. Electronic requests will be provided in a common electronic format unless otherwise specified.

Information is generally free of charge. If copies are requested, a reasonable fee may be charged.

The right to receive a copy of the processed data must not affect the rights and freedoms of others.

For obviously unfounded or excessive requests, we reserve the right to refuse or charge a reasonable fee.

Processing of your request is subject to the statutory period of one month. This period may be extended by up to two additional months due to complexity or high volume of requests. You will be informed of the extension within one month and the reasons for the delay will be explained.

Deletion and correction

You may request deletion, correction, or completion of your data at any time, unless statutory retention obligations or legal permissions prevent it.

Please note that exercising your rights may conflict with contractual agreements and affect the execution of contracts (e.g., early termination or cost implications).

Restriction of processing

You also have the right to request restriction of processing if you dispute the accuracy of your data, if processing is unlawful, if the data is no longer needed, or if you have objected to processing.

Restricted data may only be stored and may only be processed further with your consent, for legal claims, to protect another person’s rights, or for important public interest reasons. You will be notified if restrictions are lifted.

Right to data portability

You have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format and to transfer it to another controller without hindrance, provided processing is based on consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR) or a contract (Art. 6(1)(b) GDPR) and processing is automated. You can also request direct transfer to another controller if technically feasible.

Right to object

If you have given consent to processing, you can withdraw it at any time. This affects the legality of processing after withdrawal.

If processing is based on legitimate interests, you may object. If you do, we will examine your objection and either stop or adjust processing or explain compelling reasons why processing continues.

You can also object to processing for advertising and data analysis purposes at any time via the contact information in this privacy policy.

Right to complain

You have the right to lodge a complaint with a data protection authority regarding the processing of your personal data.

General Principles

Which data do we process and where do we get it?

We primarily process personal data you provide to us or that we collect while operating our website. Occasionally, we may receive personal data from third parties. Categories include:

• Personal data (name, address, birth date, etc.);

• Contact data (phone number, email, etc.);

• Financial data (e.g., bank account details);

• Online identifiers (e.g., cookies, IP addresses).

Sources include:

• Publicly available sources (e.g., media, internet);

• Public registers (e.g., commercial register, land register);

• Government or court proceedings;

• Professional functions and networks;

• Correspondence or meetings with third parties;

• Credit information;

• Information provided by people in your environment;

• Data from website usage.

Legal basis for processing

We process your data in compliance with applicable data protection laws, especially the GDPR. Legal bases include:

• Consent (Art. 6(1)(a) GDPR)

• Contract performance or pre-contractual measures (Art. 6(1)(b) GDPR)

• Legal obligations (Art. 6(1)(c) GDPR)

• Protection of vital interests (Art. 6(1)(d) GDPR)

• Public interest tasks (Art. 6(1)(e) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

Certain data is necessary for contract execution. Without it, contracts cannot normally be fulfilled.

Data disclosure to third parties

We may involve third-party or affiliated companies as processors. Categories include:

• Accounting, tax, and auditing firms;

• Consulting firms (legal, tax, etc.);

• IT service providers;

• Payment service providers;

• Providers of tracking, conversion, and advertising services.

We ensure these parties comply with data protection and confidentiality obligations.

We may also disclose data to authorities as required.

International transfers

Personal data may be transferred internationally. If data protection standards are lower than in the EEA, we conduct a risk assessment and implement contractual or technical safeguards (e.g., EU standard contractual clauses).

Data retention

We store personal data only as long as necessary for the purposes collected. Contractual data may be stored longer due to legal obligations (e.g., business communications, contracts, accounting records up to 10 years).

Individual Data Processing Activities

Website provision and log files

When you visit www.warm-hearts.de without registering or providing information, only automated technical data is collected:

• ISP name

• IP address

• Browser, OS, screen resolution

• Date and time of access

• Referrer URL

These cannot be linked to individuals. Data is processed to ensure website functionality and security, based on legitimate interest (Art. 6(1)(f) GDPR). Data is deleted after the session.

Cookies

Cookies are text files stored on your device. They do not harm your device. Some are essential (“session cookies”), which are deleted after your visit. Others remain until you delete them or they expire.

Cookies help improve website usability, store preferences, deliver content efficiently, and analyze usage. Non-essential cookies require your consent (Art. 6(1)(a) GDPR); essential cookies are based on legitimate interests (Art. 6(1)(f) GDPR).

You can manage cookies via browser settings or opt-out mechanisms.

Tracking pixels

Tracking pixels (web beacons) are small, usually invisible images used to track website or email usage. Data collected may include session profiles. Third-party services may be used.

Legal basis is consent (Art. 6(1)(a) GDPR). You can block pixels via browser extensions or email settings.

Third-party services

• Wix eCommerce: Online shop functionality.

• Wix: Website builder with tools and apps.

• Sentry: Error monitoring and reporting tool.

• Google Cloud CDN: Content delivery for faster performance and reduced latency.