Unit Logo
Home Privacy

Privacy

Privacy Policy

Last Updated: October 9, 2025

1. Controller and Contact Information

Service Provider and Data Controller:

n-ost e.V. (registered association)
Erkelenzdamm 59/61 Portal 1b | 10999 Berlin | Germany

Contact Details:
Phone: +49-30-259 32 830
Email: privacy@n-ost.org
Website: www.n-ost.org

Representative: Management Board of n-ost e.V.

Data Protection Officer:
Markus Niedobitek
Email: privacy@n-ost.org

2. Scope and Legal Framework

This Privacy Policy informs users about the collection, processing, and use of personal data when visiting and using our website unit.n-ost.org.

Legal Framework:

  • EU General Data Protection Regulation (GDPR)
  • German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG)
  • German Telemedia Act (Telemediengesetz – TMG)

3. Automatic Data Collection

3.1 Server Log Files

Every time you access our website, certain information is automatically recorded by our web hosting provider. This data is necessary for the technical provision and security of the website.

Data collected:

  • Date and time of access
  • Name of accessed file
  • Amount of data transferred
  • Access status (file transferred, file not found, etc.)
  • Web browser and browser version
  • Operating system
  • Referrer URL (the website from which you accessed our site)
  • IP address (anonymized)
  • Internet service provider

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – necessary for the technical operation and security of our website.

Retention period: Log files are typically deleted after 7 days, but may be retained longer for security investigation purposes if necessary.

Third-party processor: Our website is hosted by ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. For their privacy policy, see: https://all-inkl.com/datenschutzinformationen/

4. Cookies and Similar Technologies

4.1 What are Cookies?

Cookies are small text files stored on your device when you visit our website. They help improve website functionality and provide analytics information.

4.2 Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the website to function properly.

Cookie Name Purpose Duration Type
cookie_consent Stores your cookie preferences 12 months First-party
session_id Maintains your session Session First-party
koko_analytics Tracks returning visitors for privacy-friendly analytics 6 months First-party

Legal basis: Necessary for service provision (Art. 6(1)(b) GDPR)

Functional Cookies

These cookies enhance website functionality and user experience.

Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR)

4.3 Third-Party Cookies

Our website may load cookies from third-party services when you interact with embedded content:

Google Services (Fonts, Forms, reCAPTCHA)

  • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • Purpose: Display fonts, forms, spam protection
  • Duration: Varies by service (session to 24 months)
  • Privacy Policy: https://policies.google.com/privacy

YouTube Videos (embedded)

  • Provider: Google Ireland Limited
  • Purpose: Video playback
  • Duration: Varies (session to 24 months)
  • Privacy Policy: https://policies.google.com/privacy

Vimeo Videos (embedded)

  • Provider: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA
  • Purpose: Video playback
  • Duration: Varies (session to 24 months)
  • Privacy Policy: https://vimeo.com/privacy

Social Media Embeds (Facebook, Twitter/X)

  • Providers: Meta Platforms Ireland Limited; X Corp.
  • Purpose: Display social media content
  • Note: We use simple links and embeds without plugins to minimize tracking
  • Privacy Policies:
    • Facebook: https://www.facebook.com/privacy/explanation
    • Twitter/X: https://twitter.com/privacy

Issuu (document embeds)

  • Provider: Issuu Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA
  • Purpose: Display embedded publications
  • Privacy Policy: https://issuu.com/legal/privacy

AddToAny (social sharing buttons)

  • Provider: AddToAny LLC, USA
  • Purpose: Enable sharing of content on social media platforms
  • Data collected: IP address, browser information, shared content URL, interaction data
  • Privacy Policy: https://www.addtoany.com/privacy
  • Note: When you click a share button, you may be connected to third-party social media platforms

Legal basis: Consent (Art. 6(1)(a) GDPR) for non-essential cookies

International data transfers: Some third-party providers are based in the USA. Data transfers are based on the EU-US Data Privacy Framework or Standard Contractual Clauses.

4.4 Managing Your Cookie Preferences

Browser Settings: You can configure your browser to:

  • Block all cookies
  • Accept only first-party cookies
  • Delete cookies when closing your browser
  • Notify you before accepting cookies

Opt-out Tools:

  • US: http://www.aboutads.info/choices/
  • Europe: http://www.youronlinechoices.com/uk/your-ad-choices/

Note: Blocking necessary cookies may limit website functionality.

5. Personal Data We Collect

5.1 Newsletter Subscription

Data collected:

  • Email address
  • Date and time of subscription
  • IP address (for verification purposes)
  • Confirmation of subscription (double opt-in)

Purpose: Sending our newsletter with news and information about our projects and activities

Legal basis: Consent (Art. 6(1)(a) GDPR)

Double Opt-In Process: After signing up, you will receive a confirmation email. Your subscription is only activated after you click the confirmation link. This prevents unauthorized subscriptions.

Service provider: Mailchimp (Intuit Inc., 2632 Marine Way, Mountain View, CA 94043, USA)

Data transfers: Your data is processed in the USA. Mailchimp participates in the EU-US Data Privacy Framework.

Privacy Policy: https://www.intuit.com/privacy/statement/

Data collected by Mailchimp:

  • Email address
  • Subscription date and time
  • Email opening and click behavior (for campaign optimization)
  • Device and browser information

Retention period: Until you unsubscribe or we terminate the newsletter service

Your rights: You can unsubscribe at any time by clicking the unsubscribe link in every newsletter.

5.2 Contact Form and Email Communication

Data collected:

  • Name
  • Email address
  • Message content
  • Date and time of inquiry
  • IP address (for security purposes)

Purpose: Processing and responding to your inquiry

Legal basis:

  • Consent (Art. 6(1)(a) GDPR) when you submit the form
  • Legitimate interest (Art. 6(1)(f) GDPR) for responding to inquiries

Retention period:

  • Standard inquiries: Typically deleted within 6 months after final response
  • Legal matters: Retained as required by law (up to 6-10 years)

Recipients: Your data is only accessible to authorized n-ost e.V. staff members responsible for handling inquiries.

6. Third-Party Services and Content

6.1 Google Services

We use various Google services on our website:

Google Fonts

  • Purpose: Display consistent typography
  • Data collected: IP address, browser information
  • Privacy-friendly implementation: Fonts are hosted locally where possible
  • Privacy Policy: https://policies.google.com/privacy

Google Forms

  • Purpose: Surveys and data collection forms
  • Data collected: Form responses, IP address, timestamp
  • Privacy Policy: https://policies.google.com/privacy

Google reCAPTCHA

  • Purpose: Spam protection for forms
  • Data collected: IP address, browser data, interaction behavior
  • Privacy Policy: https://policies.google.com/privacy

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for website functionality; Consent (Art. 6(1)(a) GDPR) for optional features

Data processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

6.2 Video Embeds

YouTube

  • We use YouTube’s privacy-enhanced mode (youtube-nocookie.com) where possible
  • Videos are not loaded automatically; only when you click play
  • Provider: Google Ireland Limited
  • Privacy Policy: https://policies.google.com/privacy

Vimeo

  • Videos are embedded with DNT (Do Not Track) enabled where possible
  • Provider: Vimeo Inc., USA
  • Privacy Policy: https://vimeo.com/privacy

6.3 Social Media Links and Embeds

We include links and embedded content from:

  • Facebook: https://www.facebook.com/privacy/explanation
  • Twitter/X: https://twitter.com/privacy

Important: We use simple links and content embeds WITHOUT social media plugins. This means:

  • No automatic data transfer when you load our page
  • Social networks only receive your data if you click on links or interact with embedded content
  • We do NOT use Like buttons, Share buttons, or similar tracking plugins

6.4 Issuu Document Embeds

We may embed publications using Issuu.

Provider: Issuu Inc., USA
Privacy Policy: https://issuu.com/privacy
Data collected: IP address, interaction data when viewing embedded documents

6.5 AddToAny Social Sharing

We use AddToAny to provide social sharing buttons on our content.

Provider: AddToAny LLC, USA
Privacy Policy: https://www.addtoany.com/privacy

Purpose: Enable users to easily share our content on social media platforms

Data collected:

  • IP address
  • Browser and device information
  • URL of shared content
  • Interaction with share buttons
  • Referrer information

How it works: When you click on a share button, AddToAny may set cookies and connect you to the respective social media platform. Data is then shared with that platform according to their privacy policies.

Legal basis: Consent (Art. 6(1)(a) GDPR) when you interact with share buttons; Legitimate interest (Art. 6(1)(f) GDPR) for providing sharing functionality

International transfers: Data may be transferred to the USA. We rely on appropriate safeguards for such transfers.

7. Analytics and Statistics

7.1 Koko Analytics

We use Koko Analytics, a privacy-friendly web analytics tool, to understand how visitors use our website.

Provider: Self-hosted on our servers (plugin by ibericode)
Privacy Policy: https://www.kokoanalytics.com/privacy/

Purpose: Analyze website traffic and user behavior to improve our content and user experience

Data collected:

  • Page views and visits
  • Referrer URLs (where visitors came from)
  • Anonymized IP addresses (last octets removed)
  • Browser and device type
  • Country (derived from anonymized IP)

Cookie usage: Koko Analytics uses a single first-party cookie to identify returning visitors. This cookie does not contain any personal information and is used solely for counting unique visitors.

Privacy features:

  • Minimal personal data collection
  • IP addresses are anonymized immediately
  • Data is stored on our own servers in Germany
  • No data is shared with third parties
  • Compliant with GDPR, ePrivacy, and PECR

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – we have a legitimate interest in understanding how our website is used to improve it, and this minimal data collection does not override users’ privacy rights.

Data retention: Analytics data is retained for up to 24 months.

Your rights: Since minimal personal data is collected, you can exercise your rights by contacting us at the details in Section 16.

7.2 Cookie Consent Management

We use Real Cookie Banner to manage cookie consent and comply with GDPR and ePrivacy regulations.

Provider: devowl.io GmbH (self-hosted plugin)
Privacy Policy: https://devowl.io/privacy-policy/

Purpose:

  • Display cookie consent banner
  • Manage user consent preferences
  • Block cookies until consent is given
  • Provide cookie documentation

Data collected:

  • Cookie consent choices (stored locally in browser)
  • Consent timestamp
  • Consent ID (anonymous identifier)

How it works: When you first visit our website, you see a cookie consent banner. Your choices are stored locally in your browser. The plugin ensures that third-party cookies are only loaded after you give consent.

Legal basis: Legal obligation (Art. 6(1)(c) GDPR) – we are legally required to obtain consent for non-essential cookies

Data storage: Consent data is stored locally in your browser and on our servers for documentation purposes as required by law.

8. Data Sharing and Disclosure

8.1 Categories of Recipients

We may share your personal data with:

Technical service providers:

  • Web hosting provider (ALL-INKL.COM – Neue Medien Münnich, Germany)
  • Email service provider (Mailchimp/Intuit, USA)

Legal obligation:

  • Law enforcement or government authorities when required by law
  • Legal counsel in case of legal disputes

Third-party content providers:

  • As described in Section 6 (Google, YouTube, Vimeo, etc.)

8.2 No Sale of Data

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

8.3 International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), particularly in the USA.

Safeguards for data transfers:

  • EU-US Data Privacy Framework (for compliant US companies)
  • Standard Contractual Clauses approved by the EU Commission
  • Adequacy decisions by the EU Commission

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against:

  • Unauthorized access
  • Accidental loss
  • Manipulation or destruction
  • Unlawful processing

Security measures include:

  • SSL/TLS encryption for data transmission
  • Encrypted data storage where applicable
  • Access controls and authentication
  • Regular security updates
  • Secure data center hosting within Germany/EU
  • Staff training on data protection

Note: Internet data transmission cannot be completely secure. While we implement strong security measures, we cannot guarantee absolute security.

10. Data Retention

We store personal data only for as long as necessary for the purposes described in this policy or as required by law.

Retention periods:

Data Type Typical Retention Period
Server logs Up to 7 days (may be longer for security purposes)
Newsletter subscriptions Until unsubscribe
Contact form inquiries Typically up to 6 months after final response
Cookies As specified in Section 4.2
Analytics data (Koko Analytics) Up to 24 months
Cookie consent records 3 years (as required by law)
Legal correspondence 6-10 years (as required by law)

After the retention period expires, we delete or anonymize your data unless longer retention is required by law.

11. Your Rights Under GDPR

You have the following rights regarding your personal data:

11.1 Right of Access (Art. 15 GDPR)

You can request information about what personal data we process about you.

11.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate personal data.

11.3 Right to Erasure (Art. 17 GDPR)

You can request deletion of your personal data when:

  • Data is no longer necessary for the purposes collected
  • You withdraw consent (and no other legal basis applies)
  • You object to processing (and no overriding legitimate grounds exist)
  • Data was unlawfully processed
  • Legal obligation requires deletion

Exceptions: We may retain data when required by law or for legal claims.

11.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request that we limit processing of your data in certain situations.

11.5 Right to Data Portability (Art. 20 GDPR)

You can receive your personal data in a structured, commonly used, machine-readable format.

11.6 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests at any time.

Direct marketing: You have an absolute right to object to processing for direct marketing purposes, including profiling.

11.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

11.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of:

  • Your habitual residence
  • Your place of work
  • The place of alleged infringement

Supervisory authority for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

How to exercise your rights: Contact us at privacy@n-ost.org or using the contact details in Section 1. We will respond within one month of your request.

12. Children’s Privacy

Our website is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent.

If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@n-ost.org.

13. Automated Decision-Making and Profiling

We do NOT use:

  • Automated decision-making (including profiling) that produces legal effects or similarly significantly affects you
  • Profiling for marketing purposes
  • Automated credit scoring or risk assessment

14. Data Protection Principles

In accordance with Art. 5 GDPR, we process personal data:

Lawfully, fairly, and transparently: We inform you about data processing and obtain consent where required.

Purpose limitation: We collect data for specified, explicit, legitimate purposes only.

Data minimization: We only collect data that is necessary for our purposes.

Accuracy: We keep personal data accurate and up to date.

Storage limitation: We retain data only as long as necessary.

Integrity and confidentiality: We implement appropriate security measures.

Accountability: We can demonstrate compliance with data protection principles.

15. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to:

  • Reflect changes in our data processing practices
  • Comply with new legal requirements
  • Improve clarity and transparency

Version history: The current version is dated at the top of this policy.

Your responsibility: We encourage you to review this policy periodically.

Continued use: Your continued use of our website after changes constitutes acceptance of the updated Privacy Policy.

16. Contact and Questions

For questions about this Privacy Policy or our data processing practices, please contact:

Email: privacy@n-ost.org
Mail: n-ost e.V., Erkelenzdamm 59/61 Portal 1b | 10999 Berlin | Germany
Phone: +49-30-259 32 830

17. Cookie Policy

Cookie Consent Banner

When you first visit our website, you will see a cookie consent banner allowing you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize your cookie preferences

Cookie categories:

Strictly Necessary (always active): Required for basic website functionality
Functional: Enhance website features and personalization
Analytics: Help us understand website usage
Marketing: Used for advertising purposes (currently not in use)

You can change your cookie preferences at any time by clicking the “Cookie Settings” link in the footer or by contacting us at privacy@n-ost.org.

Document Information:

  • Policy Version: 2.0
  • Last Updated: October 9, 2025

This privacy policy was created with consideration for GDPR, German data protection law, and industry best practices.