Privacy Policy

Last updated: July 24, 2025.

Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing this website and to process donations.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

Responsible

Drawpile gUG (haftungsbeschränkt)
Adolfstraße 1
65185 Wiesbaden
Germany

General Manager: Carsten Hartenfels
E-Mail: [email protected]

Scope of this policy

This privacy policy only pertains to this website, donate.drawpile.org. It is a static site that itself does not process any personal data.

It also explains how we handle data we receive from donators.

External services

This website is provided through Cloudflare Pages. Please refer to Cloudflare’s Privacy Policy (external link) for more information about their handling of personal data.

We don’t share any personal data with Cloudflare, they only receive information that you give to them or that your web browser provides them during use.

When donating via the “Direct” option and Liberapay, Stripe will be used as the payment processor. In that regard, please refer to Stripe’s Privacy Policy (external link).

For donations via PayPal, please refer to PayPal’s Privacy Policy (external link).

For donations via Liberapay, please refer to Liberapay’s Privacy Policy (external link).

Cookies

Cookies are small pieces of information stored in your web browser when you visit websites.

This website itself does not use cookies.

Cloudflare, Stripe, PayPal and Liberapay may use cookies. Refer to their privacy policy linked above. They will request consent on their side for those cookies if necessary.

Donator Data

We don’t request personal informations from people that donate, but banks and payment processors will always transmit some information to us. This is typical payment information, such as a name or an account number. If you request a full donation confirmation (German: Zuwendungsbestätigung) from us, we also need your name and address to fill out the required fields in the document.

This data is only used as receipts in our accounting. We store it only to the extent necessary and only as long as we are legally obligated to. We don’t abuse the data for marketing and don’t transmit it to third parties for other purposes.

We may be required to use your data to respond to your requests or if it is otherwise necessary. For example, if you request a donation confirmation from us via e-mail and give us your e-mail address for the purpose, or if you want to reverse a payment, we have to correlate your request with your donation accordingly. In these cases we also only use the data as is necessary for the purpose.

Minors

This site and services are all directed at people 16 years or older. If you are under the age of 16, per the GDPR, do not use this site or its services without supervision of a legal guardian. People under 18 years old should only donate after discussing it with a legal guardian.

Rights of users and data subjects

Users and data subjects have the right:

• to confirm whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
• to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
• to the immediate deletion of data concerning them (cf. also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 No. 3 GDPR, to restrict said processing per Art. 18 GDPR;
• to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
• to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 No. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 No. 1 lit. f) GDPR.