Privacy Policy

Data Protection Information
Biodynamic Federation Demeter International e.V.

Effective date 09.02.2026

Privacy Policy

for the website demeter.net
Effective date: 08 January 2025

This Privacy Policy applies to the website demeter.net, provided by
Biodynamic Federation Demeter International e.V.
Brandschneise 1, 64295 Darmstadt, Germany.

It explains what personal data we collect when you use our website, how we process it, and what rights you have under applicable data protection law.

  1. Controller

The controller within the meaning of the GDPR is:

Biodynamic Federation Demeter International e.V.
Represented by the Executive Director Annegret Flohr.

Email: [secretariat@demeter.net]

  1. What Data We Process

You can visit our website without registering or actively providing personal data. In such cases, we collect only the following technical access data:

  • Customer domain
  • IP address (last two bytes anonymized)
  • Timestamp (date and time of request)
  • Request line
  • Status code
  • Referrer (previous website or user agent)

Purpose: Ensuring the stable and secure operation of the website
Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
Retention: Deleted no later than six months after your visit

  1. Purposes and Legal Bases of Processing

3.1 Provision of the Website

We process your data to make the website and associated services available.

Legal basis:

  • Art. 6(1)(b) GDPR (contract or service fulfilment)
  • Art. 6(1)(f) GDPR (legitimate interest in efficient operation)
  • Art. 6(1)(a) GDPR (consent), if required

3.2 Cookies, Statistics & Matomo Analytics

We use cookies for:

  • technical functionality (session cookies)
  • statistical evaluation
  • demand-oriented design of our services

Matomo Analytics

We use Matomo, provided by
InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Configuration:

  • Cookie-based analytics
  • IP addresses are collected only in shortened (anonymized) form
  • No personal identification possible

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest)
  • § 25(1) TDDDG

More information: https://matomo.org/privacy/

You may block cookies in your browser settings; however, some website functions may be unavailable.

3.3 Social Media Share Buttons

We use share buttons for these platforms:

  • Facebook
  • Instagram
  • LinkedIn
  • Twitter (now X)

These buttons do not transmit data to the respective platform operators until you click them.
Once you click, their respective privacy policies apply.

3.4 YouTube Embedding

We embed videos from:

YouTube, operated by
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When accessing a page with embedded YouTube content:

  • your IP address is transmitted to Google
  • additional personal data may be collected by Google for its own purposes
  • data may be transferred to the USA

Legal basis:
Art. 6(1)(f) GDPR and § 25(2) TDDDG

Google Privacy Policy: https://www.google.com/intl/de/policies/privacy/

3.5 Google Maps

We use Google Maps provided by
Google LLC.

Data processed:

  • IP address
  • browser information
  • location-related information (depending on browser settings)

This may involve transfers to the USA.

Legal basis:

  • § 25(1) TDDDG (read/write of cookies)
  • Art. 6(1)(a) GDPR (consent)
  • Art. 49(1)(a) GDPR (explicit consent to third-country transfer)

More information: https://www.google.com/intl/de/policies/privacy/

3.6 Contact Form

When contacting us via the “Contact Us” form or by email, we process:

  • first and last name
  • email address
  • country
  • your message
  • optional additional information

Legal basis:

  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(b) GDPR (pre-contractual measures)

Retention: Stored for 6 years as business correspondence.

3.7 External Links

Our website contains links to external websites and local BFDI members.
Each provider is solely responsible for their own data processing.

3.8 Downloads & Files

Downloads available on the website are hosted on servers located in a German data center operated by our service provider.

3.9 Petitions

If you sign a petition:

  • your data is processed only for the campaign
  • you will only be added to mailing lists if you explicitly opt in
  • all petition data is deleted after the end of the campaign
  • you may unsubscribe from mailing lists at any time

  1. Data Recipients

We may share personal data with the following categories of recipients:

4.1 Internal Transfers within BFDI

For administrative purposes, necessary personal data may be shared within
Biodynamic Federation Demeter International e.V., including global members.

4.2 Processors (Service Providers)

We engage service providers (Art. 28 GDPR) for:

  • hosting
  • analytics
  • IT services
  • communication services

Some providers may be located in third countries.
Transfers occur only:

  • with adequacy decisions, or
  • via EU Standard Contractual Clauses (SCCs)

4.3 Government Authorities & Legal Proceedings

We may share data with:

  • law enforcement
  • authorities responsible for prosecuting administrative offences
  • tax authorities
  • affected third parties (e.g., in case of legal infringements)

Only when legally required or in cases of misuse.

  1. Data Retention

We delete or anonymize personal data as soon as it is no longer required.

General retention periods:

  • Website logs: up to 6 months
  • Contact form data: 6 years
  • Consent-based data: until withdrawal
  • Backups: up to 6 months after deletion

Longer retention may occur for:

  • legal claims
  • statutory obligations

  1. Your Rights as a Data Subject

You have the following rights under GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21), especially when processing is based on Art. 6(1)(e) or (f)
  • Right to withdraw consent at any time (Art. 7(3))

Requests can be sent to the contact details listed in the legal notice.

Supervisory Authority

You may lodge a complaint with:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany
Phone: +49 611 1408 – 0
Email: poststelle@datenschutz.hessen.de

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, especially when improving services or adding features.
Please check the “Privacy Policy” section of our website regularly to stay informed about current changes.