Privacy Policy
Status: October 23, 2025 This privacy policy applies to ig-wuerzburg.de (website) including its subpages, as well as our online presences/accounts on Facebook, Instagram, TikTok and for our use of the donation and fundraising platform GoFundMe. (Original German text applies in case of doubt)
Responsible Party
Islamische Gemeinschaft Würzburg e.V. Barbarastraße 31, 97074 Würzburg Representative: Wail Al Ahmad Email: [email protected] Legal Notice: https://ig-wuerzburg.de/impressum/
Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Relevant Legal Bases
Legal bases according to GDPR: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), Membership status (Art. 6 para. 1 sentence 1 lit. b GDPR).
Security Measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. We use TLS/SSL encryption (https).
Transmission of Personal Data
In the course of our processing, personal data may be transmitted to other bodies (e.g. IT service providers).
International Data Transfers
Data processing in third countries takes place in accordance with legal requirements (e.g. EU-US Data Privacy Framework, Standard Contractual Clauses).
General Information on Data Storage and Deletion
We delete data as soon as it is no longer required for the purpose or consent is revoked, unless retention obligations (e.g. 6 or 10 years for tax-relevant documents) apply.
Rights of Data Subjects (Art. 15–20 GDPR)
You have the following rights regarding your personal data: • Art. 15 – Right of access: You may request information about the data we store about you. • Art. 16 – Right to rectification: You may request correction of inaccurate data. • Art. 17 – Right to erasure: You may request deletion of your data, unless legal retention obligations apply. • Art. 18 – Right to restriction: You may request restriction of processing. • Art. 20 – Right to data portability: You may receive your data in a machine-readable format. • Art. 21 – Right to object: You may object to the processing of your data. • Withdrawal: A given consent may be revoked at any time with effect for the future. To exercise your rights, please contact us by email: [email protected] We process requests within 30 days in accordance with Art. 12(3) GDPR. Complaints may be submitted to the supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach, Germany.
Provision of the Online Offer and Web Hosting
We process usage data (IP address, log files) for security and provision. Service providers: Hetzner Online GmbH (Germany), Cloudflare (CDN/WAF).
Use of Cookies and Browser Storage
Our website uses cookies and similar storage technologies. On your first visit a banner appears where you can give consent for individual categories. We use the following categories: 1. Necessary (always active): The 'cookie_consent' cookie (storage: 1 year) saves your consent decision. Legal basis: Art. 6(1)(c) and (f) GDPR. 2. Statistics / Analytics (only with consent): Google Analytics 4 and Google Tag Manager (_ga, _gid, _gat). Only loaded when you enable 'Statistics' in the banner. Legal basis: Art. 6(1)(a) GDPR. 3. Marketing (only with consent): Meta Pixel (Facebook) and TikTok Pixel. Only loaded when you enable 'Marketing' in the banner. Legal basis: Art. 6(1)(a) GDPR. You can withdraw your consent at any time by deleting cookies in your browser.
Contact and Inquiry Management
When contacting us (form, e-mail), we process your details to process the inquiry.
Web Analysis, Monitoring and Optimization
We use Google Analytics 4 and Google Tag Manager for range measurement (with IP anonymization). This only takes place after your consent.
Presences in Social Networks
We maintain profiles on Facebook, Instagram, TikTok. The data protection regulations of the respective platforms apply.
External Services (Google Maps, Mawaqit)
On our website, we integrate maps from the 'Google Maps' service (provider: Google Ireland Limited) and prayer time widgets from the 'Mawaqit' service. Your IP address is transmitted to the respective provider. This is done in the interest of an appealing presentation and easy findability of our locations (Art. 6 para. 1 lit. f GDPR).
Donation and Fundraising Platforms
For donations we use Stripe, PayPal or refer to GoFundMe.
Data Protection Impact Assessment: Conversion Tracking (CAPI)
We use Conversion APIs (CAPI) to report donation completions to advertising platforms and to optimise our donation campaigns. We have conducted a Data Protection Impact Assessment (DPIA) in accordance with Art. 35 GDPR: Purpose: Measuring the effectiveness of advertising campaigns (conversion optimisation). Data processed: The donor's email address is hashed with SHA-256 before transmission. No plain text is transmitted. Additional event parameters (amount, currency) may be sent. Recipients: Meta Platforms Ireland Ltd. (Facebook/Instagram CAPI), Google LLC (Google Ads Conversion). Data transfer to the USA is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). Legal basis: Consent pursuant to Art. 6(1)(a) GDPR (Marketing cookies must be enabled in the banner). Risk mitigation: Email hashing, no transmission of plain data, consent required, opt-out at any time by declining marketing cookies.