Data Policy
1. Who We Are
Controller (Art. 4 No. 7 GDPR) for ECS EmpowHer Cannabis Society e.V.(“ECS”)
Registered seat:
ECS EmpowHer Cannabis Society e.V.
c/o Lisa Haag
Novalissstraße 14
10115 Berlin
Amtsgericht Charlottenburg (zu VR 41819 B)
Handelsregister: Hardenbergstr. 31, 10623 Berlin
Vereinsregister: Amtsgerichtsplatz 1, 14057 Berlin
Contact e-mail (interim): info@empowhersociety.global
2. Contact for Data-Protection Matters
ECS is not yet legally obliged to appoint a Data-Protection Officer (§ 38 BDSG). Please use the address above for any privacy requests.
3. What Personal Data We Collect & Why
| Situation / Plug-in | Categories of Data | Purpose & Legal Basis |
|---|---|---|
| Newsletter (MailPoet) | Name, e-mail, IP, open & click rates | Delivery of newsletters; proof of double-opt-in; performance stats (Art. 6 (1)(a) consent & Art. 6 (1)(f) legitimate interest) |
| Contact forms (WPForms Lite) | Any data you type, IP, timestamp | Responding to enquiries (Art. 6 (1)(b) pre-contractual steps) |
| Comments (native WP + Antispam Bee) | Comment text, name, e-mail, IP, browser UA | Publishing comments & spam filtering (Art. 6 (1)(f)) |
| Gravatar check | Hash of your e-mail | Display avatar next to your comment (Art. 6 (1)(a) consent) |
| Security logs (All-In-One Security / AIOS) | Username, IP, login attempts | Site and account-security monitoring (Art. 6 (1)(f)) |
| Consent banner (Complianz) | IP (short term), consent status & timestamp | Recording cookie-/tracking consent (Art. 6 (1)(c) legal obligation) |
| Translation (GTranslate) | IP, language selection | Serving multilingual pages (Art. 6 (1)(f)) |
| Image optimisation (Smush) | Image file incl. EXIF | Compressing & converting images for performance (Art. 6 (1)(f)) |
| Back-ups (UpdraftPlus) | Complete site incl. database | Disaster recovery (Art. 6 (1)(c) duty to ensure availability) |
| Caching (WP Super Cache) | Cookie distinguishing cached vs. fresh page | Faster delivery (Art. 6 (1)(f)) |
| Member login (planned) | Username, password hash, membership category, payment status | Running the members-only area once launched (Art. 6 (1)(b) contractual relation). Processing starts only after the login feature goes live; details will be added to this table. |
4. Cookies (selection)
| Cookie | Purpose | Duration |
|---|---|---|
cmplz_* (Complianz) | Stores your consent choice | 1 year |
comment_author_* etc. | Remembers details in comment form | 1 year |
wordpress_logged_in_* | Keeps you signed in (future member area) | 2 days / 14 days with “Remember me” |
googtrans (GTranslate) | Remembers chosen language | Session / 1 year |
wp-super-cache-* | Distinguishes cached/uncached pages | 30 min – 48 h |
You can block or delete cookies in your browser settings; some functions may then not work as intended.
5. Embedded Content
Posts may include YouTube videos, Instagram posts, etc. These third-party sites may collect data, use cookies and track your interaction exactly as if you visited their site.
| Recipient / Processor | Safeguards |
|---|---|
| MailPoet SAS (France) | EU data-processing agreement |
| GTranslate Inc. (USA) | EU Standard Contractual Clauses |
| Incsub LLC / WPMU DEV (USA) | SCCs for Smush image optimisation |
| UpdraftPlus / chosen cloud storage (EU / US) | Encrypted back-ups; SCCs or adequacy decision |
| Automattic Inc. (USA) | Gravatar avatars; SCCs |
| Really Simple Plugins B.V. (NL) | Complianz consent records |
| Pluginkollektiv (DE) | Antispam Bee works locally, no external transfer |
ECS never sells or rents personal data.
7. How Long We Store Data
| Data set | Retention rule |
|---|---|
| Newsletter subscribers | Until you unsubscribe |
| Contact-form messages | 12 months after last reply |
| Security logs | 14 days, then anonymised |
| Comments | Indefinitely (incl. metadata) |
| Back-ups | Rolling 30-day encrypted archive |
| Consent logs | 13 months |
| Member-account data (planned) | For the term of membership plus 10 years to meet German bookkeeping rules |
8. International Transfers
Data sent to the USA (GTranslate, WPMU DEV, Automattic) is protected by EU SCCs plus TLS encryption.
9. Your Rights
Access, rectification, erasure, restriction, portability, objection, withdraw consent, and the right to complain to the Berlin supervisory authority.
10. Automated Decision-Making / Profiling
ECS does not use automated decision-making within the meaning of Art. 22 GDPR.
11. Data Security
TLS 1.3, AIOS hardening, encrypted back-ups, principle of least privilege.
12. Changes to This Policy
We will update this notice when (a) the Vereinsregister entry is issued, (b) the member-login goes live, or (c) the fees schedule and any payment service are adopted. The current English version is always available at https://empowhersociety.world/gdpr/.
Last updated: 10 June 2025
