Privacy Policy

Introduction

This Privacy Policy describes how we collect, use, and protect your personal information when you visit and use this memorial website. We are committed to protecting your privacy and ensuring the security of your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

Data Controller: This website is operated by ASATECH. Our servers are hosted in Germany, ensuring your data is stored within the European Union and subject to EU data protection standards.

Legal Basis for Processing Personal Data (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you submit a tribute or make a donation, you provide explicit consent for us to process your personal data for these purposes.
• Legitimate Interest (Article 6(1)(f)): We process IP addresses and technical data for security, fraud prevention, and website functionality purposes.
• Legal Obligation (Article 6(1)(c)): We may process data to comply with legal requirements, such as financial record-keeping for donations.

Information We Collect

Personal Information

When you interact with this memorial website, we may collect the following types of information:

• Tributes: When you submit a tribute, we collect your name, email address (optional), relationship, and your message.
• Support/Donations: When you make a donation, we collect your name, email address, phone number (if provided), donation amount, and any message you include.
• Contact Information: If you contact us directly, we may collect your name, email address, and any other information you provide.

Automatically Collected Information

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on pages
• Referring website addresses

How We Use Your Information

We use the information we collect for the following purposes:

• To display tributes and messages on the memorial website (with your consent)
• To process and acknowledge donations and support contributions
• To send email notifications regarding tribute approval or status changes
• To send thank-you messages for donations (if email is provided)
• To improve our website functionality and user experience
• To analyze website usage and visitor statistics
• To respond to your inquiries and provide customer support
• To comply with legal obligations

Information Sharing and Disclosure

We respect your privacy and do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Public Display: Tributes and messages you submit may be displayed publicly on the memorial website (with your consent).
• Payment Processors: When you make a donation, your payment information is processed by secure third-party payment gateways (e.g., Fapshi, MTN Mobile Money). We do not store your complete payment card information.
• Service Providers: We may share information with trusted service providers who assist us in operating our website and conducting our business, subject to confidentiality agreements.
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access (Article 15): You can request access to the personal information we hold about you, including a copy of your data in a machine-readable format.
• Right to Rectification (Article 16): You can request correction of inaccurate or incomplete information.
• Right to Erasure (Article 17): You can request deletion of your personal information, subject to legal and operational requirements (e.g., financial records must be retained for tax purposes).
• Right to Restrict Processing (Article 18): You can request that we limit how we use your personal data.
• Right to Data Portability (Article 20): You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21): You can object to processing of your personal data based on legitimate interests.
• Right to Withdraw Consent (Article 7): You can withdraw your consent for processing your information at any time, without affecting the lawfulness of processing based on consent before withdrawal.
• Right to Lodge a Complaint (Article 77): You have the right to lodge a complaint with a supervisory authority, particularly in Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and remember your preferences. You can control cookies through your browser settings. However, disabling cookies may limit some website functionality.

Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Children's Privacy

Our website is not intended for children under the age of 16. In accordance with GDPR Article 8, we require parental consent for processing personal data of children under 16. We do not knowingly collect personal information from children without appropriate consent. If you believe we have inadvertently collected information from a child, please contact us immediately.

Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Tributes: Approved tributes are retained indefinitely as part of the memorial. Pending/unapproved tributes are retained for 1 year, then deleted.
• Donations: Financial records are retained for 7 years as required by German tax law. Personal data associated with donations is anonymized after 3 years.
• User Accounts: Retained until account deletion or 3 years of inactivity.
• IP Addresses: Anonymized after 90 days (last octet removed for IPv4, last 64 bits for IPv6).
• Session Data: Deleted after 2 hours of inactivity or when you close your browser.

Data Transfer and Storage Location

Your personal data is stored on servers located in Germany, within the European Union. We do not transfer your personal data to countries outside the EU/EEA unless adequate safeguards are in place. When using third-party payment processors (such as Fapshi), your payment data is processed according to their privacy policies and security standards.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit - BfDI) without undue delay, and in any event within 72 hours of becoming aware of the breach, as required by GDPR Article 33-34.

Third-Party Services and Data Processors

We use the following third-party services that may process your data:

• Payment Processors: Fapshi, MTN Mobile Money - Process payment transactions. They are GDPR compliant and have their own privacy policies.
• CDN Services: Bootstrap, Font Awesome, jQuery - Loaded from CDN for website functionality. These services may collect technical data.
• Hosting Provider: Our servers are hosted in Germany by a GDPR-compliant provider.

All third-party processors are bound by data processing agreements ensuring GDPR compliance.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or to exercise your GDPR rights, please contact us: