Privacy Policy | Good For Better e.V.

Last updated: March 2026

Website: goodforbetter.org
Registered name: Gut für Besser – Good for Better (GFB) e.V.
Registration no.: Amtsgericht Augsburg, VR 203107
Registered address: Friedberger Berg 5, 86316 Friedberg, Germany
Tel: +49 821 66091200 | Fax: +49 821 66091222 | Email: info@goodforbetter.org

1. Introduction

This Privacy Policy explains how Gut für Besser – Good for Better (GFB) e.V. (hereinafter “we”, “our”, or “us”) collects, uses, processes, and protects personal data when you visit or interact with our website goodforbetter.org.

We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws of the Federal Republic of Germany.

If you have any questions about this Privacy Policy or our data practices, you may contact us at:

Gut für Besser – Good for Better (GFB) e.V.
Website: goodforbetter.org
Email: info@goodforbetter.org
Country of the registered address: Germany

2. Data Controller

The data controller responsible for the processing of personal data on this website is:

Registered name: Gut für Besser – Good for Better (GFB) e.V.
Registration no.: Amtsgericht Augsburg, VR 203107
Registered address: Friedberger Berg 5, 86316 Friedberg, Germany
Tel: +49 821 66091200 | Fax: +49 821 66091222 | Email: info@goodforbetter.org

3. Data protection at a glance

a) General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in this privacy policy below. The operators of these pages take the protection of your personal data very seriously and this privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

b) Data collection on this website

We may collect and process the following types of personal data:

Information you provide

Name
Email address
Information submitted through contact forms
Information related to donations or payments

Automatically collected information

When you visit our website, certain data may be automatically collected by our IT systems (either automatically or after you have given consent), including:

IP address
Browser type and version
Operating system
Device information
Referring website
Pages visited
Date and time of access

This information is primarily collected through cookies, analytics tools, and server log files.

c) How we use your data

We process personal data for the following purposes:

Providing and maintaining our website
Responding to inquiries submitted through contact forms
Processing donations or payments
Sending newsletters and updates (if subscribed)
Analyzing website usage, user behavior and improving our services
Protecting our website from fraud, abuse and cyberattacks
Ensuring website performance and security

Processing is based on one or more of the following legal bases under the GDPR:

Consent of the user, Art. 6(1)(a) GDPR
Performance of a contract, Art. 6(1)(b) GDPR
Legal obligations, Art. 6(1)(c) GDPR
Legitimate interests, Art. 6(1)(f) GDPR

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the controller responsible” in this privacy policy.

d) Rights regarding your data

You have the right at any time to obtain information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can withdraw this consent at any time with effect for the future. In addition, you have the right, under certain circumstances, to request restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

4. Third-Party Services

We have concluded a data processing agreement (DPA) for the use of the above service. This contract is required by data protection laws and ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

5. Third-Party Services

We use third-party service providers that may process personal data on our behalf. These providers offer services such as hosting, security, analytics, payments, newsletters, maps and consent management.

a) Hosting and Infrastructure

We host the content of our website with the following provider:

IONOS

The provider is IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany (hereinafter “IONOS”).
Phone: 0049721 170 5522 | Email: info@ionos.de

When you visit our website, IONOS records various log files, including your IP address.

Details can be found in IONOS’ privacy policy: https://www.ionos.de/datenschutzerklaerung

IONOS is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

b) Security and Content Delivery Network

We use Cloudflare for website security, bot and attack protection, performance optimization and content delivery. Cloudflare may process IP addresses and other technical data necessary for security and network functionality.

c) Web Analytics

We use Google Analytics to gain insight into how visitors interact with our website. Google Analytics may collect the following information: IP address (anonymized where applicable), device and browser information, and pages visited. This helps us analyze website usage and improve our services.

d) Payment Processing

Payments and donations can be made via Stripe. When you make a payment, Stripe processes the payment data directly in accordance with their privacy policies. We do not store full payment card details on our servers.

e) Maps and Location Services

Our website uses Google Maps to display geographical information. When using Google Maps, personal data such as IP addresses may be transmitted to Google.

f) Consent Management

We use Complianz to manage cookie consent and user privacy preferences, ensuring compliance with GDPR requirements.

6. Newsletter and Email Tracking

a) Newsletter data

To subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify your ownership of the email address and your agreement to receive the newsletter (including open and click tracking). No further data is collected unless you choose to provide it. We use newsletter service providers for newsletter processing, which are described below.

b) ActiveCampaign

This website uses ActiveCampaign to send newsletters. The provider is ActiveCampaign, LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, USA.
Contact (privacy): privacy@activecampaign.com | Telephone: (773) 360-2270

ActiveCampaign is a service that can be used to organize and analyze newsletter distribution.

Using ActiveCampaign, we can analyze our newsletter campaigns, for example by seeing whether a newsletter was opened and which links were clicked. This helps us to understand which content is relevant to our recipients and to improve our communications. If you do not wish to be included in such analyses, please unsubscribe from the newsletter. You can find an unsubscribe link in each newsletter.

ActiveCampaign’s privacy policy can be found here: www.activecampaign.com/legal/privacy-policy

c) Legal basis

We process your data on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. However, the lawfulness of any data processing operations already carried out remains unaffected by this withdrawal.

d) Storage period

We will store the data you provide for the purpose of receiving the newsletter until you unsubscribe, at which point it will be deleted from the distribution list. Data stored for other purposes remains unaffected.

After you unsubscribe, your email address may be stored in a blacklist by us and/or the newsletter provider if this is necessary to prevent future mailings. Data from the blacklist is used solely for this purpose and is not merged with other data. This serves both our interest and your interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interests.

7. Cookies and Tracking Technologies

Our website uses cookies and other tracking technologies. Cookies are small data files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted when you end your visit. Permanent cookies remain stored on your device until you or your web browser delete them.

Cookies may be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies enable certain third-party services to be integrated within websites (e.g., cookies for processing payments).

Cookies serve various functions. Many are technically necessary for certain website functions to work. Other cookies may be used to analyze website traffic, user behavior or for advertising purposes.

Necessary cookies which are required to carry out the electronic communication process, to provide certain functions you request, or to optimize the website are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to provide its services in a technically error-free and optimized way. If consent for the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser to notify you when cookies are set, allow them only in specific cases, exclude their acceptance in certain cases or generally, and activate their automatic deletion when you close the browser. Please note that if you disable cookies, the functionality of this website may be restricted. This privacy policy provides information on the cookies and services used on this website.

Our website uses the consent technology of Complianz to obtain your consent to store certain cookies or use certain technologies on your device, and to document this in a manner that complies with data protection legislation. The provider is Complianz B.V., Kalmarweg 14-5, 9723JG Groningen, the Netherlands (hereinafter referred to as “Complianz”).

When you visit our website, Complianz may store information (e.g., via a cookie) in your browser to link the consents you have given and/or withdrawn to you. This data is stored until you request its deletion, delete the relevant cookie yourself, or the purpose of storing it no longer applies. Mandatory statutory retention obligations remain unaffected.

Complianz is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR. Further details can be found in Complianz’ privacy statement.

8. General information and mandatory disclosures

a) Information on the controller responsible

The controller responsible for data processing on this website is:

Susanne Busch
Affinger Weg 24
86316 Friedberg
Germany

The controller is the natural or legal person who decides, either alone or jointly with others, on the purposes and means of processing personal data (e.g., names and email addresses).

b) Storage Period

Unless this privacy policy states a more specific storage period, your personal data will remain with us until the purpose for processing the data no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing it (e.g., retention periods under tax or commercial law). In the latter case, it will be deleted once these reasons no longer apply.

c) General information on the legal bases for data processing on this website

If you have given us your consent to process your personal data, we will do so on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR where special categories of data under Art. 9(1) GDPR are processed. If you have explicitly consented to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to cookies being stored or to access information on your device (e.g., via device fingerprinting), processing is also based on Section 25(1) TDDDG. Consent can be withdrawn at any time.

If processing your data is necessary for us to perform a contract with you or implement pre-contractual measures, we will do so on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary to comply with a legal obligation under Art. 6(1)(c) GDPR. Data processing may also take place on the basis of our legitimate interests under Art. 6(1)(f) GDPR. The specific legal basis applicable in each individual case is explained in the relevant section of this privacy policy.

d) Recipients of personal data

As part of our business activities, we collaborate with various external parties. In some cases, it is necessary to transfer personal data to these parties. We only pass personal data on to external parties if this is required to fulfil a contract, if we are legally obliged to do so (e.g., to tax authorities) or if we have a legitimate interest in doing so pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the transfer. When using processors, we transfer personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

e) Withdrawal of your consent to data processing

Many data processing operations can only be carried out with your explicit consent. You can withdraw any consent you have already given at any time. However, the lawfulness of any data processing carried out before you withdrew your consent remains unaffected.

9. Your rights under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

a) Right to access, rectify and erase your personal data (“Right to be forgotten”)

Within the framework of applicable legal provisions, you have the right to obtain free information at any time about your stored personal data, its origin and recipients, and the purpose of data processing. You also have the right to request the correction or deletion of this data where applicable. Please feel free to contact us at any time with any questions you may have regarding personal data.

b) Right to restrict processing

You have the right to request that we restrict the processing of your personal data. You can contact us at any time to do so. You have the right to request restriction of processing in the following cases:

If you dispute the accuracy of the personal data that we hold about you, we generally need time to verify this. While we verify this, you have the right to request the restriction of processing your personal data.
If the processing of your personal data is/was unlawful, you may request restriction of processing instead of deletion.
If we no longer need your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request restriction of processing instead of deletion.
If you have lodged an objection pursuant to Art. 21(1) GDPR, we must carry out a balancing of your interests and ours. While this balancing process is ongoing, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, apart from storage, it may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest in the European Union or of a Member State.

c) Right to object to processing

You have the right to object to us processing your personal data if we are doing so based on our legitimate interests (Art. 6(1)(f) GDPR) or for direct marketing purposes. If you object to processing for direct marketing purposes, we will stop doing so immediately.

Where processing is based on legitimate interests, you may object on grounds relating to your particular situation. In such cases, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims.

To exercise your right to object, please contact us using the details provided in this privacy policy.

d) Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. This also applies to profiling based on these provisions. The relevant legal basis for processing can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless processing is necessary for the establishment, exercise or defence of legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object to this at any time. This also applies to profiling insofar as it is associated with direct marketing. If you object, your personal data will no longer be used for direct marketing purposes.

e) Right to data portability

You have the right to receive any data that we process automatically based on your consent or to fulfil a contract in a commonly used, machine-readable format for your own use or for transfer to another controller. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

f) Right to withdraw consent at any time

If we are processing your personal data based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR), you have the right to withdraw your consent at any time.

Withdrawing your consent does not affect the lawfulness of any processing carried out prior to withdrawal. Once consent has been withdrawn, we will stop the relevant processing activities unless another legal basis for processing applies.

You can withdraw your consent by contacting us using the details provided in this privacy policy.

g) Right to lodge a complaint with the competent supervisory authority

Data subjects have the right to lodge a complaint with a supervisory authority in the event of infringements of the GDPR, particularly if they are a resident of, work in, or the alleged infringement occurred in a Member State of the European Economic Area (EEA). This right is independent of any other administrative or judicial remedies.

10. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries sent to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the address bar changing from http:// to https:// and by the lock symbol in your browser.

Once SSL/TLS encryption is activated, any data you send us cannot be read by third parties.

11. Data Retention

We only retain personal data for as long as is necessary for the purposes for which it was collected. These purposes include fulfilling legal obligations, resolving disputes and enforcing agreements. Data that is no longer required will be securely deleted or anonymized.

12. Data Transfers

Some of the third-party services that we use may process data outside of the European Economic Area (EEA). When such transfers occur, appropriate safeguards are implemented, such as Standard Contractual Clauses (SCCs) and/or GDPR-compliant agreements with the service providers.

13. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure and destruction. This includes the use of secure servers, encryption, and security monitoring.

14. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in legal requirements, technological advances, or the services we offer. The latest version will always be published on this page and will include the revised date.