Impressum (§ 5 DDG, § 18(2) MStV) and Data Controller:
Paul Schwandes, C/O www.impressum-ohne-adresse.de, Wernher-von-Braun-Str. 5-7, 69214 Eppelheim.
(Impressum ohne Adresse wird zur Verfügung gestellt von Antavi IT Solutions GmbH.)
Email: paul@schwandes.de / Phone: (+49) 01577-4465389
Statutory contact details. Use unrelated to this service is prohibited.
Contact: You can contact me via email to paul@schwandes.de or via phone at (+49) 01577-4465389. If you contact me, your data is processed based on the nature of your request. For Legal/GDPR Rights Requests, I process your data to fulfill my legal obligations to respond (Art. 6(1)(c) GDPR), retained for 3 years to demonstrate compliance (Art. 5(2) GDPR). For General Inquiries, I process your data to facilitate communication based on my legitimate interest (Art. 6(1)(f) GDPR), deleted once resolved.
Your rights: You have the right to access your data (Art. 15), rectify (Art. 16), erase (Art. 17), restrict (Art. 18), port your data (Art. 20), and to withdraw any given consent at any time (Art. 7(3)) via email. You have the right to lodge a complaint with the supervisory authority (Art. 77). You have the right to object to the processing of your data at any time for reasons arising from your particular situation (Art. 21 GDPR).
Hosting, Security & Cookies: I host this site via netcup GmbH under a Data Processing Agreement (DPA). All traffic is SSL/TLS encrypted. Server logs (IP address, timestamp, browser, OS) are stored based on my legitimate interest to ensure security and prevent abuse (Art. 6(1)(f) GDPR) and are automatically deleted after 30 days. No analytics or external trackers are used. Strictly necessary technical cookies (e.g., CSRF tokens for form security) are set based on technical necessity (§ 25(2) TDDDG) and legitimate interest (Art. 6(1)(f) GDPR).
Donations & PayPal IPN Processing: Payments are processed entirely by PayPal and go directly to the charity. To verify successful donations and update the tracker (Art. 6(1)(b) GDPR), PayPal sends an Instant Payment Notification (IPN) containing PII. My server temporarily processes this payload in memory and transmits it back to PayPal for cryptographic verification to prevent fraud (Art. 6(1)(f) GDPR). Once verified, I discard all sensitive PII (e.g. emails, addresses, real names) and do not store this data. Anonymized transaction data is retained indefinitely for historical/statistical integrity (Art. 6(1)(f) GDPR).
US Data Transfers: PayPal processes data in the US, currently covered by the EU-US Data Privacy Framework (DPF, Art. 45 GDPR). Due to historic legal volatility, should the Adequacy Decision be invalidated in the future, we will rely on Art. 49(1)(b) GDPR as a fallback mechanism, under which the transfer of your connection data and IPN payload is strictly necessary for the performance of the contract to process and verify your donation on our tracker.