Privacy policy — network registration

1. Controller

The controller within the meaning of the GDPR is:
materiaterra — independent initiative (association in formation)
Contact person: Petra van der Wielen, Deutsche Energie-Agentur GmbH (dena), Chausseestraße 128a, 10115 Berlin, Germany
Email: petra.vanderwielen@dena.de · contact@materiaterra.org

2. Purpose of processing & legal basis

We process your personal data for the purpose of registering you as a contact in the materiaterra network and for subsequently contacting you and informing you about the activities, events and projects of materiaterra relating to nature-based building materials.

Legal basis: Art. 6 (1) (a) GDPR (consent) as well as § 7 (2) no. 3 of the German Act Against Unfair Competition (UWG). Consent is voluntary and can be withdrawn at any time — the lawfulness of processing carried out up to the point of withdrawal remains unaffected.

3. What data is collected?

Mandatory information: first name, last name, email address, actor type (your "I am …" selection).

Voluntary information: salutation, academic title, position, organisation, phone, postal address, language preference, topics of interest, source (how you heard about us), free-text comment.

Technical data recorded during registration (as proof of consent pursuant to Art. 7 (1) GDPR): IP address, user agent (browser identifier), time of registration, time of confirmation (double opt-in).

4. Double opt-in procedure

After submitting the registration form you will receive an email with a confirmation link (valid for 7 days). Your registration only becomes active once you click the link. Unconfirmed registrations are automatically deleted after a total of 21 days (7 days token validity + 14 days grace period). This complies with German case law on lawful registration (Federal Court of Justice, judgment of 10 February 2011, I ZR 164/09).

5. Storage of your data (database)

Your registration data is stored in a database operated on the server named below. The database is the leading data source for your registration in the materiaterra network and serves to manage your consent, your contact details and your registration status.

6. Internal mirroring in Google Workspace (Google Sheet)

For internal organisational processing, we additionally mirror your registration data into an internal, non-public spreadsheet (Google Sheet) within our Google Workspace environment. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for users in the European Economic Area). The mirroring is carried out solely for the internal maintenance of the network and is accessible only to a tightly limited group of authorised persons.

A data processing agreement (Art. 28 GDPR) including standard contractual clauses is in place with Google. Insofar as a transfer to a third country in the USA takes place, this is based on the EU-US Data Privacy Framework (adequacy decision of the EU Commission of 10 July 2023). If you unsubscribe, your entry in the internal spreadsheet is marked as "unsubscribed".

7. Sending of emails (Google Workspace)

The double opt-in confirmation email and further network messages are sent via materiaterra's own Google Workspace infrastructure (Google Ireland Limited / Google LLC). materiaterra uses no external newsletter or mailing service provider. A data processing agreement including standard contractual clauses is in place with Google; any transfer to a third country in the USA is based on the EU-US Data Privacy Framework.

8. Hosting

This application is hosted on a server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement is in place with Hetzner. Server location: Germany. When the page is accessed, the server records technical connection data in log files (IP address, date, requested URL). These are automatically deleted after 14 days.

9. Retention period

• Registration data (name, email, actor type, voluntary information): until you withdraw your consent.
• Proof of consent (IP, user agent, timestamp): 3 years after last contact (limitation period § 195 German Civil Code).
• Pending registrations without double opt-in confirmation: token valid for 7 days, then a 14-day grace period, followed by automatic deletion.
• Server log files: 14 days.
• After unsubscribing, the entry is kept with the status "unsubscribed" to prevent you from being accidentally re-registered. On request we will delete the record completely (Art. 17 GDPR).

10. Cookies

We use only a technically necessary session cookie for internal administration authentication. It is deleted as soon as the browser is closed. No tracking takes place on the registration page — no Google Analytics, no Facebook pixel, no third-party tracking cookies. In addition, a cookie storing only your chosen interface language (DE/EN) may be set; it contains no personal data.

11. Your rights

You have the following rights towards us regarding your personal data:

• Access (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure ("right to be forgotten", Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent at any time (Art. 7 (3) GDPR) — most easily via the unsubscribe link in any email, or by message to contact@materiaterra.org

We process requests within the statutory deadlines (usually within 30 days).

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The final details of the supervisory authority responsible for us will be added once the formation of the association is complete.

13. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this application uses SSL/TLS encryption. You can recognise an encrypted connection by the "https://" in your browser's address bar.