1. Data Controller

The entity responsible for processing personal data on this website within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Imprint

Hereinafter referred to as “PsyFuture”.

2. Member Associations and Independent Data Controllers

This website lists and links to its member groups and affiliated organisations. These are legally independent entities.

Each member groups is independently responsible for the processing of personal data on its own website. PsyFuture accepts no liability for their data protection practices. We encourage you to review the privacy policy of each respective association.

The publication of member groups on this website is based on our legitimate interest (Art. 6(1)(f) GDPR) in providing transparency about our organisational structure and promoting the statutory objectives of the NGO.

3. What Data We Collect and Why

3.1 Server Log Files

Each time our website is accessed, the hosting provider automatically records technical access data transmitted by your browser, including:

• IP address (anonymised or full, depending on configuration)
• Date and time of access
• Requested URL and referring URL
• Browser type and version, operating system
• Volume of data transferred and HTTP status code

This data is processed solely to ensure the technical operation of the website, for error analysis, and to defend against attacks. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). Data is deleted after a maximum of 30 days unless a statutory retention obligation applies.

3.2 Contact Form and Email

When you contact us via the contact form or by email, we process the data you provide (in particular your name, email address, and message content) to respond to your enquiry. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures or performance of a contract) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). Data is deleted once your request has been fully addressed, unless a retention obligation applies.

3.3 Newsletter

Where we offer a newsletter, we process your email address and, where provided, your name, on the basis of your express consent (Art. 6(1)(a) GDPR). Subscription is confirmed via a double opt-in procedure. You may withdraw your consent at any time with future effect by using the unsubscribe link in any newsletter or by contacting us directly.

3.4 Cookies and Similar Technologies

Our website do not use cookies or similar technologies.

3.5 Analytics Tools

[If applicable, specify the tool, e.g.:] We use [tool name, e.g. Matomo / Plausible Analytics] to statistically analyse usage of our website. [Add details on IP anonymisation, server location, and any data processing agreement.] The legal basis is your consent (Art. 6(1)(a) GDPR). Where we use a privacy-friendly, cookie-free tool that does not process personal data, no consent is required.

3.6 Embedded Third-Party Content

Our website may embed third-party content (e.g. YouTube videos, Google Maps, social media buttons). When such content is loaded, data may be transmitted to the respective providers, including in third countries. We embed such content only with your consent (Art. 6(1)(a) GDPR) or using a two-click solution that establishes a connection only after your active confirmation.

4. International Data Transfers

As an international NGO with members worldwide, it may be necessary to transfer personal data to countries outside the European Economic Area (EEA). We only transfer data from emails or contact forms, and only when it is absolutely necessary to respond to your inquiry. We ensure that an adequate level of data protection is maintained through:

• Adequacy decisions by the European Commission (Art. 45 GDPR),
• Standard contractual clauses adopted by the European Commission (Art. 46(2)(c) GDPR),
• Your express consent (Art. 49(1)(a) GDPR), or
• Other appropriate safeguards pursuant to Art. 46 GDPR.

Details of specific recipients and applicable safeguards are available on request.

5. Processors and Service Providers

We engage external service providers who process personal data on our behalf (data processors within the meaning of Art. 28 GDPR), including:

• Hosting provider for website operation
• Email service provider for newsletter delivery

We have concluded written data processing agreements with all processors in accordance with Art. 28 GDPR, ensuring an adequate level of data protection.

6. Retention Periods

We retain personal data only for as long as necessary for the relevant processing purposes or as required by statutory retention obligations. Once the processing purpose ceases or the applicable retention period expires, data is routinely deleted or anonymised.

7. Your Rights as a Data Subject

If you are subject to the GDPR (in particular if you are located in the EU or EEA), you have the following rights:

• Right of access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and obtain a copy thereof.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data.
• Right to erasure (Art. 17 GDPR): You may request deletion of your data, provided no retention obligations apply.
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.
• Right to withdraw consent: Any consent given may be withdrawn at any time with future effect.

To exercise your rights, please contact us at: mail@psyfuture.org.

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority depends on your country of residence. A list of European supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

8. Data Security

We implement appropriate technical and organisational measures to protect your data against loss, destruction, manipulation, and unauthorised access. Our website is served exclusively over an encrypted HTTPS (TLS) connection. Our security measures are reviewed and updated regularly in line with technological developments.

9. Children and Minors

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from minors without verified parental consent. If we become aware that such data has been collected, we will delete it without undue delay.

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal requirements or technical circumstances. The current version is available on this website at all times. We recommend reviewing this policy periodically.

11. Contact

For questions about data protection, to exercise your rights, or to submit a complaint, please contact:

Imprint