The fnordkollektiv logo consisting of a stylized 'f' and 'k' on a black background.

Privacy Policy

The privacy policy was last updated on 2022-01-01

We are happy about your interest in our collective. However, if a data subject wants to use special services of our collective via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation, and in accordance with the country-specific data protection regulations applicable to the fnordkollektiv GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

As the website operator, the fnordkollektiv GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we explain the terminology used at the end of the statement.

1. Name and address of the website operator

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

fnordkollektiv GmbH
Dillweg 27
57250 Netphen
Email: Please enable Javascript to view email address!

2. Name and address of the responsible supervisory authority

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2–4
40213 Düsseldorf
Phone: +49 211 38424-0
E-Mail: poststelle@ldi.nrw.de

3. Hosting

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process personal data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data. Furthermore, we have taken active measures to protect our visitors.

We use the following hoster:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
In order to ensure data protection-compliant processing, we have concluded an order processing agreement with our hoster.

4. Cookies

We do not use cookies on our website.

5. Analytics

We do not use any analytics services.

6. Server logs

We use a reverse proxy and do not store server log files.

7. Data protection in applications and in the application process

The website operator collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also take place electronically. This is the case, in particular, if an applicant submits relevant application documents by electronic means. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted four months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). In the case of a job interview, it is possible that we offer a job interview via video chat. For this purpose, we use the service Jitsi Meet, which we provide on our own server. For this purpose, we have explicitly disabled the forwarding of data to third parties. The e-mail address jobs@fnordkollektiv.de is available for applications and is not archived. Please apply exclusively via this e-mail address or by post.

8. Profiling

We do not use profiling.

9. fnord.world | WorkAdventure

In the WorkAdventure game world, participants can meet other participants virtually in small groups and talk to each other (via text, video, or audio chat) or share screen content from their own screen.

Data processing is based on your consent (Art. 6 (1) a DSGVO/GDPR). Participation in the WorkAdventure and the Jitsi chat is largely (IP is recorded for technical reasons) anonymous using a nickname. Camera and audio can be switched off. Likewise, there is the possibility via settings that other participants can not contact your WOKA (avatar). As soon as you visit our WorkAdventure and Jitsi Meet, certain data such as IP address, operating system/browser information and the current time are transmitted to our system. We do not store this data. To enable communication between participants, audio and video data is transmitted between participants and the system. During transmission, these are encrypted, but must be decrypted on the system in order to be decrypted on the system so that they can be processed further. No communication data is viewed, recorded or stored. A direct connection is established between the participants during the use of WorkAdventure and the embedded video conferences. If this is not possible for technical reasons, a STUN/TURN server is used to establish a connection between the participants. This server serves only as a "relay", which only passes the data between the clients and does not store any data. Furthermore, there is a connection via WebRTC in the WOKA communication circles (up to 5 people), which is also encrypted. We use our own Jitsi Meet Server on our infrastructure.

Nextcloud

We use the software service Nextcloud (accessible via the Internet and executed on the servers of fnordkollektiv GmbH) for the following purposes: Document exchange between customers. In this context, personal data may be processed and stored on the servers of fnordkollektiv GmbH, insofar as these are part of communication processes with us or are otherwise processed by us as set out in the context of this privacy policy. Furthermore, fnordkollektiv GmbH processes usage data and metadata that are used for security purposes and deleted within 30 days. Notes on legal bases: We ask for consent for the use of our cloud services, the legal basis of the processing is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administration and collaboration processes). User accounts are not created for customers in this regard. Furthermore, each exchange is password protected, whereby passwords are transmitted separately by us. Data processing types: personal data (e.g. names, addresses), contact data (e.g. e-mail, user names), content data (e.g. text input, photographs, videos), usage data (e.g. interest in content, access times), meta/communication data (e.g. device information, IP addresses). Data processing purposes: Organizational procedures. Legal bases: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), performance of contract.

10. Social Media | Mastodon

We recommend all users to inform themselves about the processing of their data by Mastodon and to protect their privacy as much as possible.

We have no influence on the type and scope of the data processed by Mastodon, the way it is processed and used, or the transfer of this data to third parties, as Mastodon is a decentralized network. Consuming our Mastodon toots is possible almost anonymously, since you do not need a Mastodon account to read our TToots. Only the IP address is stored when visiting our account at kanoa (a project of Adminforge) for 14 days (https://kanoa.de/terms).

If you have a Mastodon account, your personal data will be collected, transferred, stored, disclosed as well as pushed to other entities (also outside the European Union) by Mastodon.

11. Legal basis of the processing

Article 6 I lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b GDPR.

The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person.

This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the website operator (recital 47 sentence 2 GDPR).

12. Your privacy rights

In accordance with the applicable data protection law, you are entitled in particular to the following data protection rights:

Right of access, rectification, erasure and restriction: You may have the right to request information about your personal data stored by us at any time. When we process or use your personal data, we strive to take reasonable steps to ensure that your personal data is accurate and up to date for the purposes for which it was collected. In the event that your personal data is inaccurate or incomplete, you may request that it be corrected. Furthermore, you may have the right to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing under this Privacy Policy or applicable law and legal retention obligations do not require its continued storage.

Right to data portability: you may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to transfer this data to another party.

Right to withdraw your consent: If you have consented to the processing of your personal data, you may withdraw your consent at any time with effect for the future, but without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

Right of objection pursuant to Art. 21 (1) and (2) GDPR: You have the right to object at any time, on grounds relating to their particular situation, to the processing of your personal data carried out on the basis of Art. 6(1)(e) or (f) GDPR. We will not further process your personal data after an objection, unless we can demonstrate compelling legitimate grounds for further processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims (cf. Art. 21 (1) GDPR, so-called "limited right of objection"). In this case, you must provide reasons for the objection that arise from your particular situation.

13. Definitions

The data protection declaration of the fnordkollektiv GmbH is based on the terms used by the European Directive and Regulation Authorities when issuing the Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would also like to explain the terminology used. The data protection declaration of the fnordkollektiv GmbH is based on the terms used by the European Directive and Regulation Authorities when issuing the Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would also like to explain the terminology used.

  1. Personal data Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data subject Data subject means any identified or identifiable natural person whose personal data are processed by the website operator.
  3. Processing Processing means any operation or set of operations which is performed upon personal data, whether by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Restriction of processing Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
  5. Profiling Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
  6. Pseudonymization Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
  7. Website operator or person responsible for processing Website operator or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the website operator or the specific criteria for its designation may be provided for under Union or Member State law.
  8. Processor Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  9. Recipient Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether they are third party or not. However, public authorities that may receive Personal Data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
  10. Third Party Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
  11. Consent Consent is any expression of will in the form of a declaration or other unambiguous affirmative action made voluntarily by the data subject for the specific case in an informed manner and in an unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.We reserve the right to amend this Privacy Policy at any time in compliance with legal requirements.