Privacy Policy – Ceylon Logica Institut für Strategische Internationale Politik e. V.
This privacy policy explains, in accordance with Art. 13 et seq. of the General Data Protection Regulation (GDPR), how Ceylon Logica Institut für Strategische Internationale Politik e. V. (“we”, “us”) processes personal data, for which purposes and on which legal bases. It applies to all visitors to our website as well as to natural persons whose data we collect in the course of our non‑profit activities.
1. Controller (Art. 4 (7) GDPR)
Association | Ceylon Logica Institut für Strategische Internationale Politik e. V. |
Authorised Board | Nicolas Thiery, Chair |
Address | Mörsenbroicher Weg 191 |
Register entry | Local Court (Amtsgericht) Düsseldorf, VR 12669 |
2. Definitions
The terms used in this policy follow the definitions of Art. 4 GDPR (e.g. “personal data”, “processing”, “controller”, “processor”).
3. Principles of data processing
Data minimisation & purpose limitation – We only collect data that is necessary for our statutory purposes, association administration and the operation of this website.
Legal bases – Unless expressly stated otherwise in this policy, we process data on the basis of
Art. 6 (1) (a) GDPR (consent),
Art. 6 (1) (b) GDPR (membership/contract),
Art. 6 (1) (c) GDPR (legal obligation), or
Art. 6 (1) (f) GDPR (legitimate interests).
Storage period – Personal data is deleted as soon as the respective purpose no longer applies, you withdraw your consent, or statutory retention periods expire.
4. Provision of the website & log files
When you visit our website, our server automatically processes the following data:
IP address (shortened where technically possible),
date and time of the request,
requested URL,
amount of data transferred,
referrer URL,
HTTP status code,
browser type/version and operating system.
Purpose of processing: Ensuring stability and security (e.g. defence against attacks), error analysis and the technical provision of our content.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a secure and functional web service).
Storage period: Log files are generally deleted after no more than 30 days; longer storage only occurs in specific cases related to security incidents.
5. Cookies
Our website uses cookies and similar technologies.
Essential cookies are technically required to provide basic functions of the website (e.g. consent storage, form functions).
Optional cookies are used for usage analytics (Mixpanel, see section 8).
Essential cookies are used on the basis of Art. 6 (1) (f) GDPR (legitimate interest in a functional website).
Optional cookies are only set with your consent via the cookie banner (Art. 6 (1) (a) GDPR in conjunction with Sec. 25 TDDDG). You can change or withdraw your choice at any time in the cookie settings.
6. Contact (e‑mail, contact form)
If you contact us by e‑mail or via the contact form, we process the information you provide (e.g. name, e‑mail address, organisation, content of the message).
Purpose: Handling your request and, where applicable, initiating or carrying out joint projects.
Legal basis: Art. 6 (1) (b) GDPR (pre‑contractual communication) and Art. 6 (1) (f) GDPR (legitimate interest in efficient communication).
Storage period: We delete requests once they have been finally processed, provided that no statutory retention periods apply. As a rule, data is stored for no longer than 12 months.
7. Membership, supporters and donation management
We process data of our members, supporters and donors, in particular:
basic and contact data (name, address, contact details),
association‑related data (membership number, date of joining/leaving, functions),
payment and donation information (IBAN, amount and date of contributions/donations).
Purpose: Association administration, processing of contributions and donations, issuing donation receipts, proof to tax authorities.
Legal basis: Art. 6 (1) (b) GDPR (membership/donation contract), Art. 6 (1) (c) GDPR (tax law obligations) and Art. 6 (1) (f) GDPR (pursuit of our statutory aims).
Storage period: After leaving or last contact, data is deleted as soon as no statutory retention periods remain (typically 10 years for tax‑relevant documents).
8. Web analytics with Mixpanel
We use Mixpanel, an analytics service provided by Mixpanel, Inc., 405 Howard Street, 2nd Floor, San Francisco, CA 94105, USA (“Mixpanel”), to evaluate and improve the use of our website.
8.1 Nature and scope of processing
Mixpanel collects, among other things:
pages visited and click paths,
timestamps and duration of sessions,
browser and device information,
basic interactions with page elements.
We use Mixpanel solely to obtain aggregated statistics on the use of our website (e.g. which content is accessed most frequently). We do not create personal profiles in the sense of unique user IDs; IP addresses are shortened where technically possible or processed only in pseudonymised form.
8.2 Cookies and consent
Mixpanel uses cookies or similar technologies to recognise returning visits and attribute interactions.
Legal basis: Your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with Sec. 25 TDDDG.
You can withdraw your consent at any time via the cookie banner or the cookie settings on this website.
8.3 Recipients and data transfer to third countries
Recipient of the data is:
Mixpanel, Inc., 405 Howard Street, 2nd Floor, San Francisco, CA 94105, USA
This may involve the transfer of personal data to the USA. We base this transfer on appropriate safeguards pursuant to Art. 46 GDPR (e.g. EU Standard Contractual Clauses), supplemented by technical and organisational measures (e.g. pseudonymised datasets).
8.4 Storage period / deletion
Mixpanel generally stores the collected data for a maximum of 12–18 months, unless we configure a shorter retention period. Individual event data may be anonymised before this period expires.
You can also prevent data collection by Mixpanel by enabling “Do Not Track” in your browser or by restricting the storage of cookies in general.
9. Newsletter
If you subscribe to our newsletter/briefing, we process:
your e‑mail address,
optionally your name/organisation,
date/time of subscription (double opt‑in) and, where applicable, unsubscription data.
Purpose: Sending analyses, information on events and updates on our work.
Legal basis: Your consent, Art. 6 (1) (a) GDPR, and Sec. 7 of the German Unfair Competition Act (UWG).
Withdrawal: You may withdraw your consent at any time with effect for the future, e.g. via the unsubscribe link in each e‑mail or by writing to info@ceylonlogica.de. The lawfulness of processing carried out before the withdrawal remains unaffected.
Storage period: After unsubscribing, we store proof data (opt‑in/opt‑out) for up to 3 years on the basis of Art. 6 (1) (f) GDPR (accountability).
10. Data security
We implement technical and organisational measures (Art. 32 GDPR) to protect your data against loss, destruction, unauthorised access, alteration or disclosure. Data transmission generally takes place using encryption (TLS/SSL).
11. Your rights (Art. 15–21 GDPR)
You have the following rights with respect to us:
right of access to the personal data stored about you (Art. 15 GDPR),
right to rectification of inaccurate data (Art. 16 GDPR),
right to erasure (“right to be forgotten”) (Art. 17 GDPR),
right to restriction of processing (Art. 18 GDPR),
right to data portability (Art. 20 GDPR),
right to object to certain processing activities (Art. 21 GDPR),
right to withdraw consent given (Art. 7 (3) GDPR).
To exercise these rights, you can contact us at any time at info@ceylonlogica.de.
You also have the right to lodge a complaint with a supervisory authority, for example with the:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein‑Westfalen (LDI NRW)
(State Commissioner for Data Protection and Freedom of Information of North Rhine‑Westphalia)
12. Obligation to provide data
The provision of personal data is neither legally nor contractually required. However, certain website functions (e.g. contact form, newsletter) cannot be used without providing the relevant information.
13. Automated decision‑making
No automated decision‑making, including profiling, within the meaning of Art. 22 GDPR takes place.
14. Changes to this privacy policy
We reserve the right to adapt this privacy policy to changed legal requirements or changes to our services. The version published on this page at the time of your visit shall apply.
Cookie settings
You can change your cookie settings at any time via the “Cookie settings” icon/link on this website and withdraw any consent given with effect for the future.