Privacy Policy

Version 1 effective from 25.02.2025

Data Privacy is a very important issue for us and we hold the protection of your personal data in very high esteem.  With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter referred to as “data”) that we process, the purposes for which we process them, and the extent of this processing. Particularly this Privacy Policy provides you with information about how we process your personal data when you visit our website, or when we communicate with you as a user or as a (potential) partner. The terms used are not gender specific.

The sections of this Privacy Policy apply to the website Coming Soon (“Website”). If you visit another website, the data protection provisions of the respective website operator apply. If links to other websites are placed on our website, we have no influence nor control on the content of such websites and the way they process personal data. We recommend that you read the respective privacy notices to obtain information on how your personal data is collected and processed.

Table of Contents

General Information

Visiting Our Website

Communication

Security Measures

General Information on Data Storage and Deletion

Rights of Data Subjects

Provision of the Online Offering and Web Hosting

Changes and Updates

General Information

The information provided in this section provides general information, which applies to all services and processes, unless specified otherwise within the specific sections. 

Data Controller

The Feminist Bookmap 

Nita Schaub, Alice Brandt

Email Address: feminist.bookmap@gmail.com

Terms and Terminology

Our Privacy Policy aims to be simple and understandable for everyone. The terms used in this Privacy Policy, unless they are defined herein or in other sources we explicitly refer to, correspond to the official terms of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation,  “GDPR”). Such official terms are defined in Art. 4 GDPR. The full text of the GDPR can be found here.

Visiting Our Website 

This section describes how your personal information is processed when you visit the website Coming Soon ( “Website” or “our website”). This website uses the JavaScript library amCharts to display interactive maps. All amCharts scripts and related resources are hosted locally on our server and are not loaded from external servers. As a result, no data is transmitted to third parties or to amCharts servers. No cookies are set, and amCharts does not collect any personal data. This technology is used solely for the visual presentation of information on the website.

Provision of the Online Offering and Web Hosting

We use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”). Our web host is Hostinger, located at:Hostinger Operations, UAB (Švitrigailos str. 34, Vilnius 03230, Lithuania). 

When visiting this website, server log files are automatically created, which may include the following information:

  •       Visited pages
  •       Date and time of access
  •       Amount of data transmitted
  •       Referrer URL (the website from which you accessed this site)
  •       Browser type and version
  •       Operating system used
  •       IP address (anonymized)

The storage of these log files is based on legitimate interests (Art. 6(1)(f) GDPR) to ensure the security and stability of the website. These data are not used to identify individual visitors.

We have entered into a Data Processing Agreement (DPA) with Hostinger to ensure that any processing of personal data is carried out in compliance with the General Data Protection Regulation (GDPR) and that appropriate technical and organizational measures are in place to protect your data.

For more details, please refer to Hostinger’s Privacy Policy and Data Processing Agreement (DPA):

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the affected individuals.

Types of Data Processed

When you visit our website, these types of data are processed:

  • Meta, communication, and procedural data, e.g., IP addresses, timestamps, identification numbers, involved persons.
  • Log data, e.g., log files related to logins or data retrieval or access times.Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the stability of the servers. 

Categories of Data Subjects

  • Users of the website (e.g., website visitors, users of online services)

Purposes of Processing

  • Provision of online offering and user-friendliness.
  • Information technology infrastructure.(operation and provision of information systems and technical devices (computers, servers, etc.)).
  • Security measures.

Legal Basis

Legal basis for the processing is our legitimate interests to provide online services, to ensure and improve the functionality and the security of the services (Art. 6(1)(f) GDPR). S. more in the section describing the relevant legal bases.

Deletion of Data

 Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes is excluded from deletion until the respective incident is finally resolved.

Communication

This section describes the handling of personal data when we communicate with users and with our partners and potential partners. When contacting us either by email or using the contact form, and within the context of existing user and business relationships, the information of the requesting persons is processed to the extent necessary to respond to the contact inquiries, to manage the relationship, handle feedback, and any requested measures. When submitting the contact form, the web host will process the following data: 

Personal Information – Name, email address, phone number, and other identifiers you provide.

Message Content – The text you enter in the message field, including any attachments.

IP Address – Logged for security and anti-spam measures.

Browser & Device Information – Includes user-agent, browser type, and device details.

Timestamp – Records the date and time of form submission.

Referrer Data – The page URL from which the form was submitted. 

 

GMail

Our gmail.com e-mail address is maintained by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). All information and data you choose to share with us by E-mail is processed automatically by Google in one of their secure data centers. Through the use of Google Workplace, personal data may be transferred to the USA. Google (Google LLC) is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard data protection clauses in accordance with Art. 46 para. 2 lit. (c)lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here: https://policies.google.com/privacy?hl=de&gl=de 

 

Types of Data Processed

When you communicate with us, these types of data are processed:

  • Name and surname as well as, if you share them with us, address
  • Contact data: e-mail address and name.
  • Content data: textual contributions.
  • Any personal information you may share with us when in the course of our correspondence and communication. 

Purposes of Processing

  • Communication.
  • Organizational and administrative procedures.
  • Feedback.
  • Provision of services and user friendliness. 

Legal Basis

Legal basis for the processing is our legitimate interests in the use of an effective, secure and user-friendly communication with our partners and potential partners (Art. 6(1)(f) GDPR). If the case, also the performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) may apply. S. more in the section describing the Relevant Legal Bases. 

Retention and Deletion

Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion”.

 

Relevant Legal Bases

Relevant Legal Bases under the GDPR: The following provides an overview of the legal bases of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation,  “GDPR”) on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Legitimate interests – If the the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis is  (Art. 6(1)(f) GDPR).
  • Consent – If you give us your express consent to process personal data for specific purposes , the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time with future effect (see chapter 8 of this data protection information).

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, securing availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and privacy-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

 

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or there are no further legal grounds for processing. This applies to cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

If the case, our privacy notices contain additional information on the retention and deletion of data that specifically apply to certain processing operations.

If there are multiple indications of retention periods or deletion deadlines for a type of data, the longest period always applies.

If a period does not explicitly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships within which data is stored, the triggering event is the effective date of termination or other termination of the legal relationship.

Data that is no longer needed for the originally intended purpose but is retained due to legal requirements or other reasons is processed solely for the reasons that justify its retention.

 

Further information on processing operations, procedures, and services:

  • Retention and deletion of data: The following general periods apply for retention and archiving under German law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the instructions and other organizational documents necessary for their understanding, booking receipts, and invoices (§ 147 Abs. 3 i. V. m. Abs. 1 Nr. 1, 4 und 4a AO, § 14b Abs. 1 UStG, § 257 Abs. 1 Nr. 1 u. 4, Abs. 4 HGB).
    • 6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant for taxation, e.g., hourly wage slips, operating accounting sheets, calculation documents, price labels, but also payroll documents, as far as they are not already booking receipts, and cash register strips (§ 147 Abs. 3 i. V. m. Abs. 1 Nr. 2, 3, 5 AO, § 257 Abs. 1 Nr. 2 u. 3, Abs. 4 HGB).
    • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries, based on previous business experiences and common industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

 

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  •  Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed in accordance with legal requirements.
  • Right to erasure and restriction of processing: You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively, to obtain restriction of processing in accordance with legal requirements.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance from us, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR, without prejudice to any other administrative or judicial remedy.

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes in our data processing make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to check the information before contacting us.