Privacy Policy

Ceylon Logica Institute für Strategische Internationale Politik e. V.

Last updated: 20 May 2025

This Privacy Policy explains, pursuant to Art. 13 et seq. of the General Data Protection Regulation (GDPR), how Ceylon Logica Institute für Strategische Internationale Politik e. V. (“we”) processes personal data, for what purposes and on which legal bases. It applies to all visitors to our website and to all natural persons whose data we process in the course of our non-profit activities.

1. Controller (Art. 4 No. 7 GDPR)



Association

Ceylon Logica Institut für Strategische Internationale Politik e. V.

Authorised board representative

Nicolas Thiery, Chair

Address

Mörsenbroicher Weg 191, 40470 Düsseldorf, Germany

Email

office@ceylonlogica.com

Register entry

Local Court [town], Reg. No. VR [Number]

VAT ID

[if applicable]

2. Definitions

The terms used in this Policy correspond to the definitions in Art. 4 GDPR (e.g. “personal data”, “processing”).

3. Principles of Data Processing

  • Data minimisation & purpose limitation – We collect only the data necessary for our statutory purposes, association administration and the operation of the website.

  • Legal bases – Unless expressly stated otherwise, we process data on the basis of Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (membership/contract), Art. 6 (1) (c) GDPR (legal obligation) or Art. 6 (1) (f) GDPR (legitimate interest).

  • Storage period – Personal data are erased once the purpose ceases to apply, you withdraw your consent or statutory retention periods expire.

4. Provision of the Website & Log Files

Each time our website is accessed, our server automatically processes:
IP address (truncated), date/time, request URL, HTTP status code, referrer URL, browser/OS details.

  • Purpose/legal basis: Ensuring the stability and security of the website, Art. 6 (1) (f) GDPR.

  • Storage period: usually 30 days.

5. Cookies

Our website uses 

  • essential cookies (technically necessary) and

  • optional cookies for web analytics (see section 8).

Optional cookies are set only after you have given your consent via the cookie banner (Art. 6 (1) (a) GDPR, Sec. 25 (1) TTDSG). You may withdraw consent at any time via the banner.

6. Contact (Email, Web Form)

When you contact us, we process the information you provide (name, contact details, message).

  • Purpose/legal basis: Communication relating to association activities or member support, Art. 6 (1) (b) or (f) GDPR.

  • Storage period: Deleted once the enquiry has been fully resolved, provided no statutory retention obligations apply.

7. Membership & Association Administration

We process data of our members, supporters and volunteers:

  • Master data (name, address, date of birth, contact)

  • Association data (date of joining, functions)

  • Payment/donation data (IBAN, contribution and donation history)

Legal basis: Art. 6 (1) (b) GDPR (membership) and Art. 6 (1) (f) GDPR (statutory purposes).
Storage period: Two years after leaving the association; financial data ten years (Sec. 147 AO).

8. Web Analytics

Google Analytics 4

We use Google Analytics 4 (Google LLC, USA) to measure reach.

  • Cookies/IP anonymisation: activated; data stored for 2 months.

  • Legal basis: consent, Art. 6 (1) (a) GDPR.

  • Third-country transfer: Google is certified under the EU–US Data Privacy Framework; standard contractual clauses are in place.

  • Opt-out: at any time via cookie banner or browser add-on.

Withdrawal of your consent deactivates both analytics tools.

9. Donations

For monetary or in-kind donations we process name, address, amount, payment data.

  • Legal basis: Contractual processing, Art. 6 (1) (b) GDPR, and legal obligation to issue donation receipts, Art. 6 (1) (c) GDPR.

  • Storage period: 10 years (Sec. 147 AO).

10. Events & Images

For events we process registration data; photo/video recordings are made only with consent (Art. 6 (1) (a) GDPR) or based on our legitimate interest in publicity (Art. 6 (1) (f) GDPR).

11. Newsletter

Newsletters are sent using a double-opt-in procedure.

  • Legal basis: consent, Art. 6 (1) (a) GDPR.

  • Withdrawal: unsubscribe link in every email.

12. Data Security

We employ SSL/TLS encryption and appropriate technical and organisational measures (Art. 32 GDPR).

13. Rights of Data Subjects

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21) and to withdraw consent (Art. 7 (3)). You may also lodge a complaint with a supervisory authority (Art. 77 GDPR).

14. Obligation to Provide Data

Providing personal data is voluntary; without certain details (e.g. contact or membership data) we may be unable to offer specific services.

15. Automated Decision-Making

We do not use automated decision-making within the meaning of Art. 22 GDPR.

16. Changes to This Privacy Policy

We reserve the right to amend this Policy to reflect changes in law or our services. The version published on your next visit applies.