Data protection

Welcome to our website. Thank you for your interest in the information we provide at www.sternenbruecke.de.

We respect your right to informational self-determination. We process your personal data in accordance with the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG).

Please read on for further details.

Stiftung Kinder-Hospiz Sternenbrücke (Sternenbrücke Children's Hospice Foundation)
Peer-Uwe Gent (Chairman)
Sandmoorweg 62
22559 Hamburg

Phone: 040 - 81 99 12 0

Email: info@sternenbruecke.de

We have appointed a data protection officer for our company.

Uwe Kleimann
Dorfstraße 53
23869 Elmenhorst

Phone: 040 - 81 99 12 77
Email: datenschutzbeauftragter@sternenbruecke.de

• Automatically when you visit our website (IP address, other technical data)

• You provide it to us (e.g. in contact forms or when registering for a newsletter)

• You support us with a donation and pass on the necessary data to our service provider

• You conclude a contract with us

• You apply for a job with us

• Art. 6 (1) (a): You give us your voluntary consent to the processing of your data, which can be revoked at any time.

• Art. 6 (1) (b): We process your data for the purpose of initiating or executing a contract.

• Art. 6 (1) (c): We process your data on the basis of a legal obligation.

• Art. 6 (1) (f): We process your data on the basis of a legitimate interest. You can lodge a justified objection to this.

• For the functioning of the website (legal basis: GDPR Art. 6 (1) (f)

• Für anonymisierte Nutzungsstatistiken (Rechtsgrundlage: DSGVO Art. 6 Abs. 1, S.1 lit. f)

• Für die Versendung von Newslettern oder zur Kontaktaufnahme mit Ihnen (Rechtsgrundlage: DSGVO Art. 6 Abs. 1, S.1 lit. a)

• Für die Zahlungsabwicklung (Rechtsgrundlage: DSGVO Art. 6 Abs. 1, S.1 lit. b) und die Erstellung von Spendenbescheinigungen (Rechtsgrundlage: DSGVO Art. 6 Abs. 1, S.1 lit. c)

• Für Vertragsabschlüsse (Rechtsgrundlage: DSGVO Art. 6 Abs. 1, S.1 lit. b)

• Für unser Bewerbungsmanagement (Rechtsgrundlage: DSGVO Art. 6 Abs. 1, S.1 lit. b)

• Für die Einbettung externer Videodienste (Rechtsgrundlage: DSGVO Art. 6 Abs. 1, S.1 lit. a)

As part of our activities, we work with various external agencies. In some cases, this requires the transfer of personal data to these external agencies. We only pass on personal data to external bodies if this is necessary for the fulfilment of a contract, if we are legally obliged to do so, if we have a legitimate interest in passing on the data in accordance with Art. 6 (1) (f) GDPR, or if another legal basis, e.g. your consent, permits the transfer of data. When using processors, we only pass on our customers' personal data on the basis of a valid contract for data processing.

Unless we specify a more specific storage period, your personal data will remain with us until the purpose for data processing no longer applies. If there are legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods), deletion will take place after the relevant periods have expired.

You can contact the above addresses at any time to...

• obtain information free of charge about your data processed by us (origin, recipient, purpose)

• have your data corrected or deleted

• revoke any consent to data processing at any time and without giving reasons

• lodge a justified objection to the processing of your data

• receive your data in a commonly used machine-readable format, or instruct us to transfer it to other controllers

• lodge a complaint with a supervisory authority, such as the Hamburg Commissioner for Data Protection and Freedom of Information https://datenschutz-hamburg.de/

Our website is hosted by the service provider Hetzner in the EU. We use secure SSL/TLS encryption for all transmissions. The following access data is processed automatically:

• Your IP address

• Further technical data (operating system, browser, browser settings)

• Time stamp

• Whether the data transfer was successful

• Referrer URL (from which website you came to us)

For security reasons, this data is written to log files and automatically deleted after seven days. All of this is done on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is as reliable as possible.

Our website uses various cookies (small data packets) and related technologies that automatically collect data from you.

Some are technically necessary, for example to deliver our website to you and to document your consent or non-consent to other cookies. They are temporarily stored on your device for the duration of a session and automatically deleted at the end of your visit. You cannot opt out of this type of cookie. It is in our legitimate interest pursuant to Art. 6 (1) (f) GDPR to be able to process your visit request in a legally compliant manner.

Donations, payment transactions or applications, on the other hand, serve to prepare or conclude a contract. The necessary data transfers (possibly also via third-party cookies) are therefore carried out on the legal basis of Art. 6 (1) (b) GDPR.

However, you are free to decide whether or not to consent to the setting of cookies by other third-party providers. You will be notified of this before any data transfer can take place. For example, a video from YouTube will not be played without your express consent, which can be revoked at any time, in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

Our website uses the open source tool Orejime to manage and document your consent to the storage of cookies on your device or your refusal thereof in accordance with data protection regulations. We have integrated the software in such a way that no data is transferred to third parties. Your consent decisions are stored locally on your device (in your browser).

The data collected in this way is retained until the purpose of data storage no longer applies or you delete your cookies and browser cache yourself. The use of the software is based on the legal basis of Art. 6 (1) (c) GDPR and thus complies with a legal obligation.

We collect anonymised visitor statistics using the open source software Matomo. Your IP address is truncated immediately upon receipt so that it can no longer be traced back to you personally. We operate the service on our own server, so all data remains with us.

The use of statistics software is based on the legal basis of Art. 6 (1) (f) GDPR: We have a legitimate interest in analysing the overall behaviour of our users in order to improve our website and our range of services. You can object to this at any time, stating your reasons.

We would be delighted if you would like to subscribe to our newsletter. We need your email address to deliver it. To document that you have the specified email address and that you agree to receive the newsletter, we will send you a confirmation email (double opt-in). You can unsubscribe from the newsletter at any time (via a link at the end of each newsletter).

We use the German service provider CleverReach as a processor for sending newsletters. CleverReach stores your data (especially your email address) in compliance with the GDPR on servers in Germany and Ireland. https://www.cleverreach.com/de/datenschutz/

Our newsletters sent with CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, this shows how many recipients have opened the newsletter and how often which link in the newsletter has been clicked on. See also: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. If you do not want this, you must unsubscribe from the newsletter.

Data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

After you unsubscribe from the newsletter, your email address will be deleted from the corresponding distribution list and permanently stored in a blacklist by the newsletter service provider for the sole purpose of preventing new mailings from being sent to you. We have a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in being able to comply with the legal requirements for sending newsletters. You can object to this storage by stating your reasons.

If you apply to us (e.g. by e-mail or post), we will treat all your related data as strictly confidential and use it exclusively for the application process. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) in conjunction with Article 6(1)(b) of the GDPR.

If no employment relationship is established, we will retain your data for a further six months after the end of the application process. After that, it will be deleted on a regular basis, provided that there are no legal retention obligations to the contrary.

We use a donation form from GRÜN Spendino (GRÜN Software Group GmbH, Pascalstraße 6, 52076 Aachen, Germany) on our website. When you use the form, your data (in particular your IP address) is transferred to Spendino to enable us and you to process the payment. For the sole purpose of collecting and managing donations, additional personal data such as first name, surname, street, house number, place of residence, postcode, account holder and account details are processed and stored when you use the form. This is done exclusively on servers in Germany. Further information about the security procedures used and data processing can be found here: https://www.gruen.net/spendino/unternehmen/datenschutz/

This transfer of your data to GRÜN spendino is based on the legal basis of Art. 6 (1) (b) GDPR. Your data will be stored for as long as required by law.

Wir sind auf sozialen Plattformen präsent. Diese Präsenzen sind nicht auf unserer Webseite eingebettet, sondern von dort nur über externe Hyperlinks erreichbar.

The platforms themselves are responsible for data processing. Please refer to the websites of the respective providers for information on their data protection regulations.

In order to show you our work clearly, we embed videos from YouTube on our website. YouTube is operated by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

When you watch one of these videos, some of your data (IP address, technical data, usage behaviour) is transferred from our website to YouTube and processed there. We use YouTube in extended data protection mode so that your usage data is not used to personalise advertisements on YouTube in particular.

Please note that we have no influence on the further processing of your data by Google. Please refer to Google's own privacy policy on the following website: https://policies.google.com/privacy?hl=de

Before this data transfer, we ask for your consent in accordance with Art. 6 (1) (a) GDPR. Without this consent, no data will be transferred to YouTube. You can revoke your consent at any time without having to give reasons.

Your data is processed not only within the EU, but also on Google servers in the United States. This data transfer is based on the EU Standard Contractual Clauses. In addition, Google is certified under the EU-US Data Privacy Framework (DPF), which is designed to ensure compliance with European data protection standards when processing data in the United States. https://policies.google.com/frameworks?hl=de.

This information is dated 6 November 2025 and may be updated at any time if necessary.