As of September 2025
We're pleased you're visiting our website who-cared.com. The protection of your personal data is very important to us. Here you can find out what information we collect, how we use it, and how you can exercise your rights.
1. Responsible body
WHO CARED is a project by
Masala Movement e.V.
Hansen Street 41
50739 Cologne, Germany
Email: hello@who-cared.com
For legal questions – particularly concerning data protection or image rights – please contact: rights@who-cared.com
2. Visiting the Website
It is not necessary to provide personal data (e.g., name, address, email, etc.) to visit our website. When you visit our website, your browser automatically transmits information to the server of this site. These so-called log files are temporarily stored until they are automatically deleted:
Data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimise the website and ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes. In no case do we use the collected data to draw conclusions about your person.
Furthermore, when you visit our website, we use cookies and analytics services (see below).
3. Contact
When you contact us by email or form, the data submitted will only be used to process your request. It will not be passed on to third parties without your express consent. Data processing is carried out in accordance with Art. 6 (1a) of the GDPR, based on your voluntarily given consent. The personal data collected by us for the use of the contact form will be deleted once your request has been dealt with.
4. Newsletter via Brevo
The service Brevo (formerly Sendinblue) is used for sending newsletters and email campaigns:
Sendinblue GmbH
126 Köpenicker Street
10179 Berlin
Data processing is carried out on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR. Data are stored on servers within the EU. In accordance with Art. 28 GDPR, we have concluded a contract for order processing. Data will only be passed on to Brevo. Data will not be passed on to third parties or to third countries unless legal requirements mandate it.
In connection with Brevo, the following data is processed:
Registration for the newsletter takes place via a double opt-in procedure: After registering, subscribers will receive an email to confirm their registration. Newsletter delivery will only be active after this confirmation. Unsubscribing is possible at any time via the link in the newsletter or by email.
Further information:
https://www.brevo.com/en/legal/privacypolicy/
5. Statistics / Analysis
(none at present)
6. Google Fonts (local hosting)
This page uses so-called Google Fonts, provided by Google, for consistent font display. The Google Fonts are installed locally. No connection is made to Google's servers.
For more information about Google Fonts, please see https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=de.
7. WordPress and Plugins, Domain and Web Space Provider
This website is based on WordPress. Plugins can process personal data, such as IP addresses or cookies. Only GDPR-compliant extensions are used. Detailed information about individual plugins can be provided upon request.
Our website is hosted with Hostinger International Ltd.
When the website is accessed, Hostinger automatically collects technical data such as IP address, date and time of access, the page visited, amount of data transferred, browser type and operating system in so-called server log files and stores them for a limited period.
This processing is carried out to ensure the reliable and secure operation of the website, and is based on Article 6(1)(f) of the GDPR.
A contract for order processing was concluded with Hostinger in accordance with Art. 28 GDPR.
A transfer to third countries can occur, but only takes place in compliance with statutory requirements, for example, through standard contractual clauses.
More information can be found in Hostinger’s privacy policy at: https://www.hostinger.com/privacy-policy.
8. Cookies
Our websites use what are known as „cookies“. Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies can originate from us (First-Party Cookies) or from third-party companies (so-called Third-Party Cookies). Third-Party Cookies enable the integration of specific services from third-party companies within websites (e.g., cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g., displaying videos). Other cookies can only be used for analysing user behaviour or for advertising purposes with explicit consent.
Cookies that are necessary for the electronic communication process, to provide certain functions desired by you (e.g., for the shopping cart function), or to optimise the website (e.g., cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically flawless and optimised provision of its services. Where consent has been requested for the storage of cookies and comparable recognition technologies, processing will only take place on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies and allow cookies only on an individual basis, exclude the acceptance of cookies in specific cases or in general, as well as activate the automatic deletion of cookies when closing the browser. The functionality of this website may be restricted when cookies are deactivated.
Cookies and services on this website can be configured by you in the cookie banner: https://who-cared.com/cookie-policy-eu“
9. Consent with Complianz Cookie
Our website uses Complianz Cookie Consent technology to obtain your consent for storing certain cookies in your browser or for using certain technologies and to document this in a data protection compliant manner. The provider of this technology is Complianz BV, Kalmarweg 14-5, 9723 JG, Groningen (NL) (hereinafter Complianz).
When you visit our website, a Complianz cookie will be stored in your browser, which saves the consents you have given or the revocation of these consents. This data will not be passed on to the provider of Complianz Cookie.
The data collected will be stored until you request its deletion, you delete the Complianz cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details on Complianz Cookie's data processing can be found at https://complianz.io/legal/privacy-statement/
The Complianz cookie consent technology is used to obtain legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) of the GDPR.
10. Data Protection Notice for the Use of MASV
For the transfer of large files, we use MASV (Massive.io), a service from MASV Inc., Canada. MASV is used for the secure transmission and management of large amounts of data. Processing is carried out for the purpose of file transfer, tracking sending and receiving activities, and, if necessary, for project organisation (e.g., using tags and logs).
The following data is being processed:
Processing is carried out on the basis of Article 6 (1) (b) of the GDPR (performance of a contract/contractual measures) and, if applicable, on the basis of legitimate interests (Article 6 (1) (f) GDPR) in secure, reliable data transmission.
MASV acts as a processor; a Data Processing Addendum (DPA) has been concluded with MASV. Data processing generally takes place in Canada and potentially in other countries. MASV and its sub-processors operate in compliance with GDPR, and appropriate Standard Contractual Clauses have been implemented to ensure an adequate level of data protection for international data transfers.
Further information can be found in the MASV data protection policy at https://massive.io/de/gdpr/
11. Data Protection Information for the Use of Oral-History.Digital
Oral-History.Digital supports the cataloguing and research of scholarly collections of audio-visually recorded narrative interviews.
In this context, personal data (e.g. name, contact details, spoken content, image and audio data) will be collected and processed for the purpose of scientific research and documentation.
The processing is for the evaluation and archiving of the interviews, including post-processing and potential publication within the scope of scientific publications or projects. The data processing is carried out by joint controllers. The controllers are Freie Universität Berlin https://www.oral-history.digital/impressum/datenschutzhinweise/index.html and Masala Movement e.V.
The data processing is based on your consent according to Art. 6(1)(a) GDPR or on the basis of a public interest in scientific research according to Art. 89 GDPR. Data will only be passed on within the scope of legal provisions and consent. Third parties will only be granted access if this is necessary and permitted for scientific use (e.g. co-researchers, publications, archives). Transfer to third countries will only take place if an adequate level of data protection is ensured.
12. Processing of data by social networks
We maintain publicly accessible profiles on social networks. You can find the specific social networks we use listed below.
Social networks like Facebook, Instagram, etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection occurs, for example, via cookies that are stored on your end device or by capturing your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles that store your preferences and interests. This allows relevant advertising to be displayed to you both on and off the respective social media platform. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot fully comprehend all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Please refer to the terms of use and data protection regulations of the respective social media portals for details on this.
Our social media presence is intended to ensure the broadest possible online presence. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).
For the processing of personal data when visiting this profile, there is joint responsibility with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (Instagram). You can find Instagram's data policy here: https://privacycenter.instagram.com/policy/.
When visiting and interacting with our Instagram profile, Instagram collects and processes the following data, among others:
Name, username, contact and content data, location data if applicable
Activities related to our profile (e.g. Liking, Commenting, Messaging)
Usage and communication data, e.g. via Instagram Insights (statistics tools)
Processing is carried out on the basis of our legitimate interest in an informative and supportive external presentation in accordance with Art. 6(1)(f) GDPR, possibly (in the case of interactions, competitions, etc.) also on the basis of consent in accordance with Art. 6(1)(a) GDPR.
Data may be transferred to the Meta group of companies in the USA or other third countries. Instagram uses standard contractual clauses for this purpose in accordance with Art. 46(2) GDPR to ensure an appropriate level of data protection.
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing activities we and Meta are responsible for when you visit our Facebook Page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Please refer to Facebook's privacy policy for details: https://www.facebook.com/about/privacy/.
The company is certified under the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can find further information on this from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Please refer to YouTube's privacy policy for details on how they handle your personal data: https://policies.google.com/privacy?hl=de.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
13. Donation portal Betterplace
To collect donations, we use an offer from betterplace.org. You can read details about the data processing carried out in connection with the services in betterplace.org's privacy policy: https://www.betterplace.org/c/regeln/datenschutz
14. Your data protection rights
Under certain conditions, you can assert your data protection rights against us.
You therefore have the right to receive information from us about your data stored by us in accordance with the rules of Art. 15 GDPR (if applicable, with restrictions under § 34 BDSG).
Following your request, we will rectify the data stored about you in accordance with Article 16 GDPR if it is inaccurate or incorrect.
If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g. statutory retention obligations or the restrictions under § 35 BDSG) or a predominant interest on our part (e.g. for the defence of our rights and claims) do not prevent this.
Taking into account the prerequisites of Article 18 of the GDPR, you can request that we restrict the processing of your data.
Furthermore, you can object to the processing of your data pursuant to Art. 21 GDPR, whereupon we must cease processing your data. However, this right of objection only applies if very specific circumstances of your personal situation exist, and the rights of our association may potentially override your right of objection.
You also have the right to receive your personal data in a structured, common, and machine-readable format or to transmit it to a third party, under the conditions of Art. 20 GDPR.
Furthermore, you have the right to withdraw your consent for the processing of personal data at any time, with effect for the future (see section 2.3).
Furthermore, you have a right of complaint to a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection contact person in the first instance.
Your requests concerning the exercise of your rights should, if possible, be addressed in writing to the address provided above or directly to our data protection representative.
Enquiries on this matter can be made by email: rights@who-cared.com