Data Policy

Translation Disclaimer: This document has been translated from German into English using an automated translation tool. While efforts have been made to provide an accurate translation, please note that automated translations may not always capture the full intent of the original text. Any discrepancies or inaccuracies in the translation are unintentional. In case of any discrepancy between this translated version and the original German text, the German version shall prevail.

_______________________________________________________________________________________________________________________________________________________________

We process personal data in operating our websites. These are treated confidentially by us and processed in accordance with applicable laws – in particular, the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications and Telemedia Data Protection Act (TTDSG). With these privacy provisions, we aim to inform you about the personal data we collect from you, for what purposes and on what legal basis we use them, and if applicable, to whom we disclose them. Furthermore, we will explain your rights to protect and enforce your data privacy.

Due to technological advancements and organizational changes, processing procedures may change/evolve. Therefore, we reserve the right to further develop this privacy policy according to technical conditions. If you object to further processing, you have the right to request the deletion of data in written form, in accordance with Article 17 of the EU GDPR. This applies to data that is not stored based on other legal requirements, such as commercial or tax retention obligations.

1. Name and Address of the Controller Responsible for Processing

Responsible for data processing is:

Boogie-Bären München e.V.
Gneisenaustr. 16
80992 München
Germany
Tel.: +49 89 1588 3900
Email: office@boogie-baeren.de

Only individuals at Boogie-Bären who require this data to perform their duties within the responsible entity, who are informed about the legal provisions on data protection, and who have committed themselves to comply with the applicable legal provisions (§ 5 BDSG, or Art. 5 of the EU GDPR) have access to personal data. If you have any questions about data protection, please contact the above address or the contacts listed in the imprint.

2. Websites

This privacy policy applies to all websites operated by us, namely:

• www.boogie-baeren.de
• www.bb-dancecamp.com
• www.boogie-baeren.de/die-tanzwerkstatt.html

3. Data Collection on our Website

We only process data from you that you actively provide on the website (e.g., by filling out forms, subscribing to newsletters, etc.) or that you automatically provide when using our services. Your data is processed exclusively by us and is generally not sold, lent, or disclosed to third parties.

If we use external service providers in the processing of your personal data, this is done within the scope of a so-called order processing, where we as the client are authorized to issue instructions to our contractor. For the operation of our website, we use an external service provider for hosting. We host our website with the external service provider Hostingwerk (Feyer Media GmbH, Eibenweg 42, 42111 Wuppertal, Germany) with data centers in Germany. If additional external service providers are used for individual processing operations, they will be named there.

We generally do not transfer data to third countries and have no plans to do so. We will inform you about exceptions to this principle in the processing described below. Any data transfer to third countries will then be based on the so-called EU standard contractual clauses.

4. Membership Application

The members of the association are managed through the external service provider MGVO (IBB Solutions, Akazienstr. 23, 74924 Neckarbischofsheim, Germany). To apply for membership with Boogie Bären e.V., you will be redirected from the website to an MGVO form. In the context of the membership relationship, the association processes the following data: gender, first name, last name, date of birth, address (street, house number, postal code, city), bank details, telephone number, and email address. Additional data such as entry date or affiliation with departments can be optionally collected.

Purpose & Legal Basis

The data of association members are collected for association management purposes (to identify association members, communicate with them, and collect membership fees). For security reasons, a log is also written when creating a membership application, which contains the IP address. Processing is necessary to safeguard the legitimate interests of the controller as described above (Art. 6 para. 1 lit. f GDPR).

Storage Duration

The log written when creating the membership application is kept for one week and then automatically deleted. The storage of a member's data is not limited in time.

5. Cookies

Our website uses cookies. Cookies are small text files that are stored on the end user's device when visiting a website. Cookies do not execute programs or load viruses onto the computer. Cookies contain information that allows for the recognition of an end device and, if applicable, certain functions of a website. This enables an offer tailored to the visitor and makes the use of the website convenient.

We use both temporary and persistent cookies on our site. Temporary cookies are stored until the browser is closed. Persistent cookies remain stored on your end device for a longer period. The following overview shows which cookies are used on our website for what purpose and for how long they are stored:

Name of Cookie	Purpose	Storage Duration
csrf_https-contao_csrf_token	Protect from entries against cross-site request forgery attacks.	Session
PHPSESSID	Remembers the current session.	Session
ISOTOPE_TEMP_CART	Remembers the shopping cart for BB_Dancecamp orders.	1 Month

We only use cookies that are technically necessary for the operation of our site. Consent is not required for these cookies. However, users always have the option to reject the setting of cookies. This is usually done by selecting the appropriate option in the browser settings or through additional programs. For more information, please refer to the help function of the browser used. If the user decides to disable cookies, this may reduce the scope of services and have a negative impact on the use of the website.

Purpose & Legal Basis

We use cookies to make our website more user-friendly and to offer the functions described in the table above. Processing is necessary to safeguard the legitimate interests of the controller as described above (Art. 6 para. 1 lit. f GDPR).

Storage Duration

Cookies are automatically deleted at the end of a session or after the specified storage period. Since cookies are stored on your end device, you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Stored cookies can be deleted, which can also be done automatically. If cookies are deactivated, deleted, or restricted for our website, it may be that individual functions of our website cannot be used or can only be used to a limited extent.

6. Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

These data will not be merged with other data sources.

Purpose & Legal Basis

The processing is carried out to ensure the stability and security of the website. Processing is necessary to safeguard the legitimate interests of the controller as described above (Art. 6 para. 1 lit. f GDPR).

Storage Duration

The log files are deleted after 7 days.

7. Newsletter

To keep association members informed about general meetings, course offerings, events, etc., there is an association newsletter that can be subscribed to upon joining the association.

To stay updated on news about the BB-Dancecamp, there is the BBDC newsletter. You can subscribe to the BBDC newsletter by filling out and submitting a newsletter registration form on our website. Only the email address is required for registration. For the execution and verification of newsletter registrations, we use a double opt-in procedure. Registration takes place in several steps. First, you sign up for the newsletter on our website. You will then receive an email from us at the email address you provided. With this email, we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. Confirmation is done by clicking on a confirmation link in the email. Only after successful confirmation will we add you to the BBDC newsletter distribution list and send you emails in the future. When registering via double opt-in, Mailjet records the email address, date, IP address, and user agent. The BBDC newsletter can be unsubscribed by clicking the unsubscribe link in any of the newsletters. When unsubscribing from the newsletter, the contact is not deleted, but only the status is changed to prevent future emails.

We use the external service provider Mailjet (Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany) for newsletter delivery. The data you enter for newsletter subscription purposes is stored on Mailjet's servers.

Purpose & Legal Basis

The storage of the email address is carried out to provide the newsletter function. Processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR. Your consent is voluntary. The collection and storage of email addresses, dates, IP addresses, and user agents during newsletter registration serve to document consents granted and protect against abusive entry of email addresses. Processing is necessary to safeguard the legitimate interests of the controller as described above (Art. 6 para. 1 lit. f GDPR).

Storage Duration

If you do not confirm your newsletter subscription with the corresponding confirmation email, your data will be automatically deleted within 30 days. The storage of data after successful newsletter registration is not limited in time.

8. Registration Form

For registration for courses and events, we use Google Forms and Google Drive, tools from the Google Workspace package provided by the service provider Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Purpose & Legal Basis

To register for a course, name, email address, role (leader/follower), and the selected course are collected. The storage of this information is necessary to regulate the number of participants in a course and achieve a balanced ratio between leaders and followers. Processing is necessary to safeguard the legitimate interests of the controller as described above (Art. 6 para. 1 lit. f GDPR).

Storage Duration

The storage of data for course registration is not limited in time.

9. Matomo

Our website uses Matomo, a web analytics software from Innocraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo is an open-source software that we operate as a service ourselves. We operate Matomo without the use of cookies and without so-called fingerprinting. Within the framework of web analysis using Matomo, the IP address is only truncated to the last six digits, making it impossible to associate. The data collected by Matomo is not used for any other purpose or merged with other data. The statistics created by Matomo include, in particular, the number of users visiting the website, the country of access, which subpages are accessed, and how visitors reach our website via links or search terms. The collected information is transmitted to our server and stored there alone. There is no disclosure to third parties.

Purpose & Legal Basis

The processing is carried out to evaluate the use of our website. The information obtained is used to improve and tailor our online presence to user needs and to measure response. Processing is necessary to safeguard the legitimate interests of the controller as described above (Art. 6 para. 1 lit. f GDPR).

Storage Duration

The data processed and stored with Matomo is automatically deleted after one year.

10. Sentry

Sentry is a tool used by developers to monitor and resolve crashes in the program code in real-time. The tool provides comprehensive context for all identified errors, ensuring high transparency of errors.

Purpose & Legal Basis

Sentry assists us in the technical improvement and ensuring the stability of our website. It also helps us identify security vulnerabilities, thus contributing to data protection and the security of potential member data. Processing is necessary to safeguard the legitimate interests of the controller as described above (Art. 6 para. 1 lit. f GDPR).

Storage Duration

The storage of data is limited to 90 days.

11. Social Networks

Our website does not use so-called plugins from social networks. The logos of Facebook, Instagram, YouTube, and Google Maps displayed on our website are merely linked to the corresponding profiles of Boogie Bären on social networks. There is no data transmission to social networks or platforms with the integration of logos. Clicking on one of the logos will simply redirect you to the external website of the respective social network.

12. Photo und Video Recordings during Public Events

During our events, photo and video recordings are taken to capture special moments and the atmosphere. It is possible that we may later publish these images and videos on various platforms such as websites, press releases, newsletters, brochures, and printed materials to report on and promote the event. This practice complies with data protection regulations according to Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in documenting and promoting the event. Since the event is public, we assume that you do not have a fundamental issue with photos and videos being taken for these purposes. However, we assure you that we handle these recordings carefully and respect your privacy. If you have any concerns, we are available to answer your questions and discuss your concerns.

13. Your Rights

In view of the data processing described above by our association, you have the following data subject rights:

1. Information (Art. 15 GDPR)
   You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right, under the conditions specified in Art. 15 GDPR, to obtain information about this personal data and the information listed in detail in Art. 15 GDPR.
2. Rectification (Art. 16 GDPR)
   You have the right to demand from us the rectification of inaccurate personal data concerning you without undue delay, and if necessary, the completion of incomplete personal data.
3. Erasure (Art. 17 GDPR)
   You have the right to demand from us the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies in detail, e.g., if your data are no longer necessary for the purposes pursued by us.
4. Restriction of Processing (Art. 18 GDPR)
   You have the right to demand from us the restriction of processing if one of the conditions listed in Art. 18 GDPR applies in detail, e.g., if you dispute the accuracy of your personal data, the processing will be restricted for the duration that allows us to verify the accuracy of your data.
   
   
5. Data Portability (Art. 20 GDPR)
   You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format under the conditions specified in Art. 20 GDPR.
   
   
6. Revocation of Consent (Art. 7 para. 3 GDPR)
   You have the right to revoke your consent to processing at any time if the processing is based on consent. The revocation is effective from the time it is declared. In other words, revoking your consent does not affect the lawfulness of processing based on consent before its revocation.
   
   
7. Complaint (Art. 77 GDPR)
   If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can exercise this right with a supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.
   
   
8. Prohibition of Automated Decision-Making/Profiling (Art. 22 GDPR)
   Decisions that have legal effect on you or significantly affect you may not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, concerning your personal data.
   
   
9. Right to Object (Art. 21 GDPR)
   If we process personal data about you based on Art. 6 para. 1 lit. f GDPR (to safeguard legitimate interests), you have the right to object under the conditions specified in Art. 21 GDPR. However, this only applies if reasons arise from your particular situation. After objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims. In any case - even regardless of any particular situation - you have the right to object at any time to the processing of your personal data for direct marketing purposes.