Brückenwelten
DE Contact Request Demo

Privacy Notice

Last updated: 26 January 2026

1. Responsible entity

The responsible entity within the meaning of data protection law is
Unifya UG (haftungsbeschränkt)
August-Klotz-Straße 21
52349 Düren, Germany
Email: [email protected]

Authorized managing director: Inna Klee

Pursuant to Art. 4 No. 7 GDPR, Unifya UG (haftungsbeschränkt) is the responsible entity. If you have any questions about data protection, you can contact us at any time using the contact details above.

2. Hosting by Cloudflare and Heroku, Salesforce

Our website (www.brueckenwelten.org) is hosted by Cloudflare, Inc. This includes technical services such as server operation, storage, and security infrastructure. As part of maintenance and support, Cloudflare may have access to personal data generated during the use of our website.

Address:
Cloudflare Germany GmbH
c/o Design Offices München Atlas
Rosenheimer Straße 143C – 8th floor
81671 Munich, Germany
Further contact options: cloudflare.com/contact

A data processing agreement pursuant to Art. 28 GDPR is in place between us and Cloudflare. Cloudflare is committed to processing all data on our behalf in compliance with data protection regulations. Any data transfers to locations outside the EU are carried out in compliance with applicable data protection requirements, in particular through the use of appropriate safeguards pursuant to Chapter V GDPR.

We also operate a web application at app.brueckenwelten.org, which is hosted via Heroku, Salesforce. Heroku uses Amazon Web Services (AWS) for its technical infrastructure. Access to personal data may also occur in the course of service provision.

A data processing agreement pursuant to Art. 28 GDPR is also in place with Heroku. Any data transfers to AWS locations outside the EU are carried out in compliance with applicable data protection requirements, in particular through the use of appropriate safeguards pursuant to Chapter V GDPR.

Address:
Heroku, Salesforce
415 Mission Street Suite 300
San Francisco, CA 94105
Further contact: heroku.com/contact

3. Collection and use of personal data

3.1 Server log files

When you visit our website for purely informational purposes — i.e. without registering or actively transmitting data — the following information is automatically collected and temporarily stored:

  • IP address (anonymized where applicable)
  • Date and time of access
  • Name and URL of the retrieved file
  • Referrer URL (previously visited page)
  • Browser type and operating system
  • Name of your internet service provider

This data is used for technical security and the smooth operation of our website. Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest. Log files are generally deleted after 30 days.

3.2 Browser error tracking

To improve the stability and functionality of our web application, we automatically collect technical errors that occur during use in the browser. The following information is processed in particular:

  • Time and type of error
  • Technical details about the browser and system environment
  • URL of the affected page
  • Other technical metadata where applicable

Collection is anonymized by default, so that no conclusions about your identity are possible. If you expressly consent, this error data may be linked to your user account to enable targeted error analysis and individual support.

The legal basis for anonymous collection is Art. 6(1)(f) GDPR (legitimate interest in technical optimization). When linked to your user account, processing is based on your consent pursuant to Art. 6(1)(a) GDPR. The data is used exclusively for analysis purposes and is not shared with third parties.

3.3 Contact

When you contact us by email or via a contact form, we process the data you provide (e.g. name, email address, message) in order to respond to your inquiry.

The legal basis depends on the context:

  • Your consent (Art. 6(1)(a) GDPR),
  • Performance of (pre-)contractual measures (Art. 6(1)(b) GDPR), or
  • Our legitimate interest in efficient communication (Art. 6(1)(f) GDPR).

Data is only stored for as long as necessary to process your inquiry and any follow-up questions — or as required by law.

Contact form (Formspark)

For the technical processing of our contact form, we use Formspark, a form backend service based in Belgium. The data you enter (name, email address, message, as well as technical data such as IP address and timestamp) is transmitted to and processed on Formspark's servers.

A data processing agreement pursuant to Art. 28 GDPR is in place with Formspark. Data is stored on servers in Ireland (European Union). No transfer to third countries outside the EU/EEA takes place.

Further information: formspark.io/legal/privacy-policy

3.4 Use of the web app

When you use the web app, we store your name or a pseudonym you provide for a period of 40 days. This data is used for internal organization, documentation, and, where applicable, post-event follow-up.

Legal basis: Art. 6(1)(f) GDPR. After 40 days, automatic deletion takes place unless statutory retention obligations apply.

3.5 Use of the consultation chat in the web app

When using our consultation chat within the web app, we store the transmitted content — including messages, pseudonym, and timestamps — for 40 days. This is necessary to ensure the functionality of the web app.

Legal basis: Art. 6(1)(f) GDPR. After the retention period, automatic deletion takes place.

3.6 Interests and participation in matchmaking in the web app

As part of the matchmaking feature, we store which established topics interest you and in which you participate. This is necessary to ensure the functionality of the web app. We also store topics that did not come to fruition anonymously.

Legal basis: Art. 6(1)(f) GDPR. Data is stored for 40 days and then deleted unless statutory requirements dictate otherwise.

3.7 Visibility of topic preferences in the web app

If you indicate within the web app whether you wish to share your topic ("Yes, gladly" or "Maybe" in response to "Would you like to share your topic?"), this selection is stored together with the established topic.

Once a topic is made visible, your selection is permanently viewable by event organizers. For other participants who were involved in the group formation, your selection is temporarily visible in their account. After group formation is complete, participants can view the topics they were involved in via their account.

No processing for general event preparation takes place. The link to the individual is deleted after 40 days.

Legal basis: Art. 6(1)(f) GDPR.

3.8 Account creation and permanent data storage

When creating a user account, we store the following data permanently until you manually delete it or request deletion:

  • Email address
  • Name or pseudonym
  • Chat histories
  • Event participations
  • Your own topics
  • Topics you participated in

Legal basis: Art. 6(1)(a) and (f) GDPR. Deletion can be initiated at any time via the app or by contacting us.

4. Cookies, local storage mechanisms, and similar technologies

4.1 Identification token in the browser

For recognition purposes, an identification token is stored in your browser's local storage. It is valid for 40 days and is used for the technical assignment of your session.

Legal basis: Art. 6(1)(f) GDPR. You can delete the token at any time via your browser settings.

5. Fonts and Content Delivery Networks (CDN)

5.1 Google Fonts

Our website uses fonts from Google Fonts, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you access our website, a connection to Google's servers is established to load the fonts. Your IP address may be transmitted to Google in the process.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a uniform and appealing presentation of our website).

Further information on data protection at Google: policies.google.com/privacy

5.2 Content Delivery Networks

We use a Content Delivery Network (CDN) — by default from Cloudflare — to deliver content. For the app, the Amazon CloudFront CDN from Amazon Web Services (AWS) may optionally be used. In this case, we ensure GDPR-compliant processing, e.g. through EU servers or appropriate safeguards pursuant to Art. 46 GDPR.

The connection to CDN servers is established via a TLS-encrypted connection to ensure the integrity and confidentiality of the transmitted data.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a modern and efficient presentation). When retrieving content via the CDN, your IP address may be technically required to establish the connection to the respective server.

6. Security of data transmission

Our website uses TLS encryption (Transport Layer Security) to secure all data transmissions between your browser and our server. This ensures that your data remains confidential and is protected from manipulation or unauthorized access.

This security measure also applies to communication with external services such as Content Delivery Networks (CDNs), where applicable.

7. Storage duration and data deletion

Personal data is only stored for as long as necessary to fulfill the respective purpose or as required by statutory retention periods. After that, data is deleted or blocked in accordance with legal requirements.

8. Your rights

You have the following rights under the GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)

To exercise your rights, please contact us using the contact details provided above.

9. Withdrawal of consent

You may withdraw any consent given at any time with effect for the future. An informal notification is sufficient. The processing carried out until the withdrawal remains lawful.

10. Right to lodge a complaint with a supervisory authority

If you believe that your data has been processed unlawfully, you may lodge a complaint with the competent data protection supervisory authority.

An overview can be found at: bfdi.bund.de/DE/Infothek/Anschriften_Links

11. Data security

We employ appropriate technical and organizational measures to protect your data from loss, manipulation, and unauthorized access. Our security standards are regularly reviewed and adapted to the state of the art.

12. Changes to this privacy notice

We reserve the right to amend this privacy notice to adapt it to new legal requirements or technical developments. The current version applies for your next visit.