The use of the services provided by childstories.org is subject to the following data protection regulations. All visitors of this website are assured comprehensive protection of their personal data. All data provided will always be treated with the utmost care. The following privacy policy gives you an overview of how your data privacy is ensured and what types of data are collected for what purposes. The terms “user” and “visitor” refer to all natural persons using or visiting this website, regardless of whether they interact with website elements. The terms used in this privacy policy, such as "user", are to be understood as gender-neutral.

The protection of personal data is of the highest priority for the operator of this website and is ensured through various technical security measures and routines. The data protection laws of the Federal Republic of Germany, the Telemedia Act, and the General Data Protection Regulation of the European Union (hereinafter: "data protection regulations") are strictly observed.

Wherever the online service allows the input of personal or business data (name, email address, phone number, address), the submission of such data by the user is explicitly voluntary. The collection, processing, and use of personal data only takes place if the user has given their consent and provides such data voluntarily, deliberately, and intentionally via a contact form. In this context, personal data refers to information entered into the relevant forms on the childstories.org website that can be used to identify the user (e.g., name, address, phone number).

This privacy policy applies solely to the website "childstories.org". If the homepage or any subpages contain links to third-party websites, this privacy policy does not apply to those websites. In such cases, the operator is not responsible for the processing of personal data within those third-party offerings in the sense of Art. 4 No. 7 GDPR. Please consult the privacy policies of the respective linked websites. The offering of the childstories.org website is generally intended for adults. Persons under 16 years of age may not submit personal data to the operator without parental or guardian consent.

If you have any questions regarding data protection or need to report an issue, please contact childstories.org via email at datenschutz@childstories.org or by post using the address provided above.

The operator must ensure the lawfulness of data processing through regularly reviewed technical and organizational measures.

This website and its services are operated by

When accessing the website "childstories.org", one or more cookies are stored on the user's device (PC, notebook, smartphone, or tablet) if the user has configured their browser to allow the creation and storage of cookies. If the user’s browser permits cookie storage, this is considered valid consent to store and create cookies, which also specifically applies to this website.

Since a user can block, allow, or delete first-party or third-party cookies in general or for specific websites via browser settings, the operator assumes consent to cookie storage when such blocking is not in place. The way the user configures their browser is interpreted as their declaration of intent. The operator uses "cookies" (small data packets with configuration information) to improve the product offering, recognize user preferences, and operate the website optimally.

To prevent user actions and entries from being lost in the event of a server connection interruption (e.g., in mobile networks), cookies may also be used for temporary storage. Cookies ensure a high level of user-friendliness and help further develop the website. If you do not accept cookies in your browser, this may limit the functionality of the online offering, especially if technically necessary cookies such as session cookies are affected. Cookies do not damage your device and do not contain viruses, executable code, or spyware. Technically speaking, cookies are not personal data unless they store such data explicitly.

Cookies are stored as text files on your device's hard drive, while session cookies are stored in RAM. A cookie is either sent from the web server to the browser or generated by a script (e.g., JavaScript) on the website. A session cookie contains a randomly generated unique ID known as a session ID. It also includes information about its origin and expiration. Session cookies cannot store other types of information. The data stored in cookies on this website cannot be linked to your identity and is therefore not personal data.

Most cookies used by childstories.org are so-called "session cookies", which are automatically deleted after your browser session ends. Other cookies remain on your device until deleted or expired. These persistent cookies enable childstories.org to recognize your browser upon your next visit. You can configure your browser to inform you when cookies are being set and allow them only in specific cases, block cookies in general or for specific cases, or automatically delete cookies when closing the browser. Disabling cookies may limit the functionality of this website, particularly if session cookies are affected.

Cookies can be managed with most internet browsers, such as Google Chrome, Firefox, Internet Explorer, Apple Safari, Microsoft Edge, and Opera. Cookie storage can be disabled in the browser settings, allowing the visitor to decide whether a cookie may be saved or must be deleted before its intended expiration.

As cookies are plain text files, they can be viewed with most text editors or word processors. You can click on a cookie to open it. Below is a list of links to view cookies in various browsers. If you use a different browser, check that browser’s cookie settings. If you use a mobile phone, refer to your phone’s manual for more information.

If you do not want websites to store cookies on your device at all, you can configure your browser to notify you before storing any cookie. You can also set your browser to reject all cookies or only third-party cookies. Additionally, you can delete any cookies that have already been stored.

Keep in mind that cookie settings must be adjusted individually for each browser and device you use. Common browser settings include: 1. Do not accept any cookies. 2. Only accept cookies from the server of the visited page (no third-party cookies such as ad banners). 3. Prompt the user for every cookie—usually allowing choices like “allow” (keeps it), “allow for this session” (accepted but deleted after closing the browser), and “deny” (not accepted). Most browsers also allow you to view data stored in cookies, delete individual or all cookies, and modify their contents.

Please note that the full functionality of this website cannot be guaranteed if cookies are disabled. Some features may not work, and certain parts of the website may not display at all. Also, disabling cookies does not mean you will no longer see ads on other websites. Each browser handles cookie settings differently—use your browser’s help function if needed. If you want to disable cookies on a mobile device, refer to your device’s manual.

The following section explains which cookies are created and stored by this website and their purpose. Three main objectives are pursued: to ensure data protection, enhance user-friendliness, and support the further development of the website in the best possible way. Different types of cookies are used for various applications. Below is a list of the cookies used and their respective purposes.

A session cookie is temporarily stored on your device while you are browsing this website. The session cookie contains a session ID and is automatically deleted when the browser is closed.

Example of a session cookie

The numeric sequence stored in the session cookie cannot be assigned to any specific person and is therefore anonymous. The session ID is generated by the server at the start of a PHP session and is stored on the client side in a cookie or transmitted in the URL. Any request that does not contain the session ID is considered the first request of a new session.

The purpose of a session ID is to recognize multiple related requests from a user and assign them to one session. Session cookies are technically essential, as session- and user-specific content could otherwise be displayed incorrectly or not at all.

Website URLs containing text contributions with more than 250 words are tagged with pixel calls that report access to the collecting society VG Wort, Munich. "Session cookies" from VG Wort are used to measure access to texts and determine the likelihood of copying. These measurements are carried out by Kantar Deutschland GmbH using the Scalable Central Measurement System (SZM). The measurement helps determine the likelihood of copying individual texts for compensating authors and publishers under statutory claims. No personal data is collected through these session cookies. Authors are compensated via this system by VG Wort, ensuring legal remuneration for the use of copyrighted works under §§ 53, 54 UrhG (Art. 6(1)(f) GDPR). Kantar Deutschland GmbH, Landsberger Straße 284, 80687 Munich, collects and processes anonymized access data on behalf of VG Wort. Based on the SZM, Kantar determines statistical values to measure access and copying likelihood. A session cookie is used to recognize systems via a signature composed of various automatically transmitted browser data. IP addresses are only processed in anonymized form. The required session cookie is valid until the end of the browser session and is technically necessary, otherwise authors would not receive compensation. (More information is available in section 5.2)

You can easily configure your browser to disable all cookies.

You can generally view this website without providing any personal data. However, technical data (usage and meta/communication data) is generated during use. When visiting this website, the hosting provider (also known as server provider or webspace provider) automatically collects and stores information about accesses in server log files, which your browser transmits to the server. This information is generated systemically when using the internet and is technically necessary to ensure the website functions correctly. The server log files collect data about every access to files or directories on the server.

The log data is used without assigning it to specific users or for profiling, in compliance with data protection laws, solely for operation, security, and optimization of the website. The host of this website is "ALL-INKL.COM - Neue Medien Münnich", with servers located in Dresden. All server log files are stored exclusively on servers in Germany and are subject only to European data protection laws. All server log files are automatically deleted after 30 days.

The hosting services used by the operator include: infrastructure and platform services, computing capacity, storage and database services, security services, and technical maintenance. Under a data processing agreement (DPA) with "ALL-INKL.COM - Neue Medien Münnich", the following data is processed by the host: inventory data, contact data, content data, usage data, and meta/communication data. This DPA is based on Art. 6(1)(f) GDPR.

Through server log files, the host collects usage data (e.g., visited pages, access times) and meta/communication data (e.g., device/browser info, IP addresses). Specifically, the stored data includes the following:

1. IP address (anonymized)
2. Browser type/version
3. User operating system
4. Referrer URL (previous page)
5. Date and time of server request
6. Requested content (specific page)
7. Access status/HTTP status code
8. Amount of data transferred

The data stored in server log files cannot be assigned to specific individuals. No combination is made with other data sources such as cookies or personal data submitted via forms. Server log files are not used for statistical analysis or linked with other collected data. Users are never identified.

This website does not store or process unmasked IP addresses. The last two blocks of each visitor's IP address are automatically anonymized before storage by the host—for example, 11.22.33.44 becomes 11.22.0.0. Server log files allow the operator to track server activity and detect errors. They help optimize server operations and monitor security. They also provide clues to prevent illegal use of the server (e.g., DDoS attacks, hacking, or software errors causing high server load). Data processing is based on Art. 6(1)(f) GDPR. The operator’s legitimate interest lies in the purposes mentioned above.

Example content of a server log file:

10.20.158.XX.XX - -[05/Jun/2017:08:58:44 +0100] "GET /index.php HTTP/1.1" 200 713 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0" "www.google.de"

We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Fonts allows us to use external fonts to display text on our website. The integration is based on our legitimate interest in using fonts that are technically secure, maintenance-free, efficient, and consistently rendered. We use Google Fonts to optimize and improve the usability of our website, particularly to increase readability with large font sizes (currently 18px) and improve reading time and user experience on mobile devices. The legal basis is Art. 6(1)(f) GDPR.

When you access our website, the required Google Font is loaded into your browser cache. This is necessary for your browser to display our text in a visually improved manner. If your browser does not support this function, a standard font from your computer will be used. The integration of Google Fonts involves a server request, usually to a Google server in the USA. This informs Google which of our URLs you have visited. Your device’s IP address is also transmitted to Google. We have no control over the scope and use of the data collected by Google Fonts.

All Google Fonts are automatically optimized for the web, saving data volume and offering significant advantages for mobile devices. The small file size ensures fast load times. Additionally, Google Fonts are secure web fonts. Different rendering systems in various browsers, operating systems, and mobile devices can lead to distortions in text display. Thanks to the fast content delivery network (CDN), Google Fonts avoids cross-platform issues. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). Google Fonts does not store cookies in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com.

Third-party information: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

For more information on privacy, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Further information about Google Fonts can be found at https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1, and https://www.google.com/fonts#AboutPlace:about

We use "session cookies" from VG Wort, Munich, to measure access to texts and determine the probability of copying. These measurements are conducted by Kantar Deutschland GmbH using the Scalable Central Measurement System (SZM). They help determine the likelihood of text copying for the compensation of statutory claims of authors and publishers. No personal data is collected via these session cookies. A tracking pixel for audience measurement is embedded on this website. A tracking pixel is a miniature graphic embedded in web pages to enable logfile recording and analysis for statistical evaluation. The Scalable Central Measurement System is operated by Kantar Deutschland GmbH, Landsberger Straße 284, 80687 Munich, Germany. The system determines statistical metrics such as reach measurement. The embedded tracking pixel makes it possible to determine whether, when, and how many users (including the data subject) have accessed the website and what content was viewed. Data collected via the SZM is collected anonymously. To identify repeat visits, either a session cookie is set or alternative methods are used, involving a signature composed of various automatically transmitted information. The IP address used by the data subject is only collected and processed in anonymized form. The data subject is never personally identified. The data subject may at any time prevent the setting of cookies by adjusting their browser settings, as already described above, thereby permanently objecting to cookie storage. Such browser settings would also prevent Kantar Deutschland GmbH from setting a session cookie on the data subject’s system. Additionally, cookies already set by Kantar Deutschland GmbH can be deleted at any time via the browser or other software tools.

On our website, we use the JavaScript library jQuery. To improve loading speed and provide a better user experience, we use Google's CDN (Content Delivery Network) to load this library. The JavaScript file is requested via the Google domain ajax.googleapis.com. It is highly likely that you have already used jQuery on another site from Google's CDN. In that case, your browser can use the cached copy instead of downloading it again, saving time and server load. If your browser has not cached the file, or for any other reason downloads it from the Google CDN, data will be transmitted to Google Inc. ("Google"). When a connection to the CDN server is made, your IP address is collected and stored—only if this data is not already cached in your browser from a previous visit. The legal basis for this is our legitimate interest according to Art. 6(1)(f) GDPR. Our legitimate interest lies in the purposes described above. If data is processed outside the EEA or EU in countries without adequate data protection standards, Google states that it uses standard contractual clauses. For more information on Google’s data processing and data retention, refer to Google’s privacy policy available at: https://www.google.de/intl/de/policies/privacy/ and https://developers.google.com/speed/libraries/#jquery

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"), accessible via Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called 'cookies' that are stored on the user's device and enable an analysis of website usage. The analytics service sets first-party cookies to record visitor interactions with this website and store information related to the website visit. The information stored by the cookies (including your anonymized IP address) is usually transmitted to a Google server in the USA and stored there. Google evaluates the usage of the visited website with the stored data and generates reports on website activity for the site operator.

After agreeing to the privacy policy, a Google Analytics code is loaded and several first-party cookies are created and stored on the user’s device. The Google Analytics JavaScript transmits the information stored in the first-party cookies to Google each time the corresponding URL is called. The collected data is then available in Google Analytics for website and behavior analysis. Google Analytics provides geographic location data by deriving the following metadata from IP addresses: city (including derived latitude and longitude), continent, country, region, subcontinent (and corresponding IDs).

Google may transfer the collected data to third parties if required by law or if third parties process the data on Google's behalf. Google Analytics uses IP addresses to ensure service security and to provide website owners with information about the origin of their visitors—this is known as "IP address geotargeting". Actual IP address details are not visible to Google Analytics customers. Google will not merge your IP address with other Google data. You can prevent the installation of cookies by adjusting your browser settings accordingly (see section "Deactivate Google Analytics" and 5.5).

By using this website and agreeing to the privacy policy, you consent to the processing of data collected by Google in the manner and for the purposes described above. Disclosure requests can be addressed to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6(1)(a) GDPR)

Website: https://marketingplatform.google.com/intl/de/about/analytics/

Security measures: IP masking (pseudonymization of the IP address)

Privacy policy: https://policies.google.com/privacy

Data processing agreement: https://business.safety.google/adsprocessorterms/

Basis for third country transfers: Data Privacy Framework (DPF)

Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de

Ad personalization settings: https://myadcenter.google.com/personalizationoff

More information: https://business.safety.google/adsservices/

The operator of this website has configured Google Analytics to use only part of the IP address for geotargeting instead of the full address. The Google tracking codes used on this site implement the function "_anonymizeIp()", which ensures that IP addresses are only processed in a shortened form to prevent direct personal identification. When using the anonymized Google Analytics tracking code, the user’s IP address is first transmitted to a Google server (possibly in the USA) and then anonymized before being stored. Generally, however, the IP address is shortened by Google within EU member states or other EEA agreement countries before transmission. Only in exceptional cases is the full IP address transmitted to a server in the USA and shortened there.

You can object to the data collection and storage at any time with effect for the future by using the following Google browser plugin. This plugin prevents the data generated by the cookie (including your IP address) about your use of the website from being sent to Google and processed by Google.

Opt-out plugin: Deactivate Google Analytics

Users who want to ensure that their visit data is not collected by Google Analytics JavaScript can install the browser add-on to disable Google Analytics. This add-on prevents the transmission of visit data to Google Analytics via Google Analytics JavaScript (ga.js, analytics.js, and dc.js). It is compatible with most modern browsers. This add-on does not prevent information from being transmitted to the website itself. More information on the browser add-on to disable Google Analytics.

According to the Google Analytics terms of use, which all users of Google Analytics must comply with, the transmission of personally identifiable information to Google Analytics is prohibited. This includes data such as names, email addresses, and payment information. More information about terms of use and privacy can be found at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/. The operator notes that Google Analytics on this website has been extended by the code "anonymizeIp" to ensure anonymized collection of IP addresses (so-called IP masking).

Users can block cookies, file deliveries, or the integration of external domains in various ways:

1. Block files: Disable files using a browser plugin such as Adblock Plus for Chrome, Firefox, Android or Apple iOS

2. Block JavaScript: Disable JavaScript using browser plugins such as NoScript for Chrome and Firefox

3. Block domains: Blacklist domains and subdomains at the router level, e.g., using filter lists on FRITZ!Box routers or browser plugins such as Domain Blocker for Chrome and Firefox

4. Block cookies: Adjust browser settings accordingly – see section 3.4

5. Block cookies: Via the EU website https://www.youronlinechoices.com/

6. Block cookies: Via the US website https://www.aboutads.info/choices/

Personal data refers to all information relating to an identified or identifiable natural person (hereinafter referred to as “user”). A natural person is considered identifiable if they can be identified directly or indirectly, particularly by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., IP address or cookies), or one or more characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.

Processing means any operation or set of operations performed on personal data, whether or not by automated means. This includes any handling of personal data such as collection, storage, alteration, use, transmission, dissemination, deletion, or destruction, etc.

In principle, the operator only processes personal data to the extent necessary for providing the online service, content, or performance. The processing of personal data only takes place with user consent or if permitted by legal regulations. You may access this website without providing any personal data and are under no legal obligation to submit personal data to the operator.

The term "user" includes all categories of persons affected by data processing. This includes providers, business partners, interested parties, as well as visitors and users of the online offering.

Under the EU General Data Protection Regulation, processing is generally prohibited unless it is permitted by law or with the user's consent. The operator is obligated to inform you about the legal basis for data processing.

Pursuant to Article 13 GDPR, the operator informs you of the legal bases for data processing. If your consent is obtained, the legal basis is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR. If processing is necessary for the performance of pre-contractual measures, the legal basis is Art. 6(1)(b) GDPR. If processing is necessary for compliance with a legal obligation, such as data retention requirements, Art. 6(1)(c) GDPR applies.

If a processing activity is not covered by one or more of the aforementioned legal bases, it will take place if it is necessary for the purposes of the legitimate interests pursued by the operator or a third party and those interests are not overridden by your rights and freedoms. In this case, processing is permitted under Art. 6(1)(f) GDPR. Legitimate interests of the operator include, in particular, carrying out business activities, fraud prevention, server and information security, and ensuring reliable service delivery. You may object to processing based on legitimate interests at any time (see section 7.6).

If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.

The legal framework for commercial communications outside of business relationships, especially via mail, telephone, fax, and email, is provided in § 7 UWG (German Act Against Unfair Competition).

When using the contact or comment form (hereinafter referred to as “contact form”), individual details about the personal or factual circumstances of a specific or identifiable natural person are collected to the extent provided by the user. When the user clicks the “Submit,” “Send,” or “Submit Form” button, the following data is collected, stored, and processed for the purposes outlined in section 6.3:

Inventory and contact data

1. Full name or pseudonym
2. If applicable, email address
3. If applicable, full telephone number
4. If applicable, company name
5. If applicable, postal address

Inquiry data

1. Message content
2. If applicable, opinion or comment

(hereinafter referred to as “personal data”).

Your declaration of consent in this regard reads as follows:

By submitting my inquiry (by clicking the “Submit,” “Send,” or “Submit Form” button), I consent to childstories.org collecting, storing, processing, and using my name, contact details, and inquiry data to handle my request and, in the case of an expressed opinion via the comment function, to publish it. I agree to the storage and processing of my personal data and expressly consent to its publication. I may revoke my consent at any time without formal requirements by email to datenschutz@childstories.org or by post to Gordon Bujak, Parkstraße 32c, 38644 Goslar, with future effect.

Your declaration of consent is an expression of your right to informational self-determination. It represents a voluntary, specific, informed, and unambiguous expression of will in the form of a statement or other clear affirmative action, by which you signify your agreement to the processing of your personal data. Consent can be revoked at any time.

You have the right to withdraw your consent to the processing, use, and disclosure of your data at any time without providing reasons, with effect for the future, by notifying the operator via post or email to datenschutz@childstories.org. The lawfulness of processing carried out prior to the withdrawal remains unaffected.

Personal data is collected, stored, and processed by childstories.org exclusively for the following purposes:

1. Processing the inquiry
2. Contact by email to respond to an inquiry
3. Publishing user comments and opinions upon request

childstories.org will only use personal data for purposes other than those listed above if permitted under § 28(2) BDSG to protect the legitimate interests of a third party or to avert dangers to state or public security or to prosecute criminal offenses. Personal data is stored and processed exclusively on servers located in Germany and is never shared with third parties.

Personal data entered by users in an inquiry form, particularly inventory, contact, and content data, is processed exclusively in Germany and not in third countries.

If the operator processes data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing/transmitting data to third parties, it will only be done if required to fulfill the online offer, for pre-contractual measures, based on user consent, due to a legal obligation, or based on legitimate interests.

Subject to legal or contractual permissions, the operator processes data in a third country only if the special conditions of Art. 44 et seq. GDPR are met. This means processing takes place, for example, based on special guarantees such as an officially recognized level of data protection equivalent to that of the EU (e.g., in the USA via the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called "standard contractual clauses"). More information on this topic can be found under section 5. Used Services and Providers.

For the USA, the European Commission decided on July 12, 2016, that an adequate level of data protection exists under the EU-U.S. Privacy Shield framework (adequacy decision, Art. 45 GDPR). For more information, visit https://www.privacyshield.gov. The operator uses only U.S. service providers certified under the EU-U.S. Privacy Shield.

The operator’s email address is published on the website and can be used for electronic contact. This fulfills the legal requirement to allow rapid electronic communication. If you choose to contact us this way, your email address and any personal data contained in your message will be processed and automatically stored for the purpose of responding to the inquiry in accordance with Art. 6(1)(c) GDPR. Our legitimate interest lies in this purpose. The inquiry will be deleted once it is no longer necessary and no legal retention obligations apply.

The EU General Data Protection Regulation guarantees you certain rights that you can assert against the operator, provided the legal requirements are met.

You have the right to request confirmation from the operator as to whether personal data concerning you is being processed, stored, or shared and, if so, what data is involved as well as the details of the data processing or sharing. Additionally, you have the right to request and receive free information about the personal data stored about you by this website, including the time, duration, and purpose of storage (Art. 15 GDPR – Right of Access by the Data Subject). If this is the case, you may request information on the following:

1. Copy of the personal data concerning you
2. Categories of personal data
3. Purposes of processing
4. Recipients or categories of recipients to whom the personal data has been disclosed
5. Time and duration of storage
6. Existence of a right to rectification or erasure of your personal data
7. Existence of a restriction of processing by the operator
8. Existence of a right to object to processing
9. Existence of a right to lodge a complaint with a supervisory authority
10. Existence of automated decision-making including profiling, and meaningful information about the logic involved, as well as the significance and expected consequences of such processing
11. Information about the origin of the data

You also have the right to know whether your personal data has been transferred to a third country or an international organization. If so, you have the right to be informed of the appropriate safeguards related to the transfer. More information on this can be found under section 5. Used Services and Providers.

The operator will provide you with a copy of the personal data undergoing processing within one month of receiving your access request. For any additional copies you request, the operator may charge a reasonable fee based on administrative costs. If you make the request electronically, the operator will provide the information in a commonly used electronic format unless otherwise requested.

You have the right to request the operator to promptly rectify or amend any personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data – including by means of a supplementary statement (Art. 16 GDPR – Right to Rectification).

You have the right to request the operator to delete personal data concerning you without delay (Art. 17 GDPR – Right to Erasure). Additionally, the operator is obligated to delete personal data without delay if it is no longer necessary for the purposes for which it was collected or otherwise processed, or if the user withdraws their consent on which the processing is based, or objects to the processing.

The operator is also obligated to delete personal data if there is no legal basis for processing, if there are no overriding legitimate grounds for processing, or if the personal data was unlawfully processed—for example, if a third party submits your data to the operator without legal basis or impersonates another person. Personal data stored by childstories.org will be deleted from all operator servers as soon as it is no longer required for its intended purpose and no legal retention obligations oppose the deletion, but at the latest after 7 days.

You have the right to request the restriction of processing of your personal data from the operator (Art. 18 GDPR – Right to Restriction of Processing). Where processing is restricted, personal data – apart from storage – will only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

You have the right, in the case of processing based on consent, to receive the personal data concerning you, which you have provided to the operator, in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from the operator, or to have the data transmitted directly to the other controller where technically feasible (Art. 20 GDPR – Right to Data Portability).

You have the right to withdraw any consent given for the processing of personal data at any time. Furthermore, you may object at any time to the processing or disclosure of personal data concerning you that is carried out based on Art. 6(1)(e) or (f) GDPR. If you object, the operator will no longer process your personal data unless the processing is for the establishment, exercise or defense of legal claims (Art. 21 GDPR – Right to Object).

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If such automated decisions exist, you can object to them by sending a message by post or via email to datenschutz@childstories.org. To safeguard your rights, freedoms, and legitimate interests, you may present your point of view and contest the automated decision. The operator will then personally review the decision made by the algorithm.

You have the right to lodge a complaint with a supervisory authority at any time, particularly in the Member State of your residence, workplace, or the place of the alleged infringement, if you believe that the processing of personal data relating to you violates applicable law or if unlawful data processing is taking place (Art. 77 GDPR in conjunction with § 19 BDSG – Right to Lodge a Complaint with a Supervisory Authority).

The rights guaranteed by the EU General Data Protection Regulation can be exercised by sending a message by post or via email to datenschutz@childstories.org. If you have any questions that this privacy policy could not answer regarding your rights, or if you require more detailed information on a particular point, please feel free to contact the operator at any time via email at datenschutz@childstories.org. You have the right to request information, at any time and free of charge, about the personal data stored about you, its origin and recipient, and the purpose of the data storage.

Personal data will be deleted without delay in the event of the withdrawal of your consent or if the purpose for data usage no longer applies, but no later than 7 days. Non-personal data such as server log files and cookies will be automatically deleted after 30 days, unless otherwise specified in this privacy policy.

Personal data is processed only in compliance with the applicable data protection regulations and in accordance with the principles of data minimization and data avoidance. This means that personal data is only processed if a legal permission exists—particularly if the data is required to provide the online services—or if consent has been given. Additionally, the operator restricts the processing of personal data through comprehensive validity and plausibility checks.

Furthermore, in accordance with Article 32 of the GDPR, various technical security measures are used in line with the current state of the art to ensure compliance with data protection regulations and to protect the data processed via this website against accidental or intentional manipulation, loss, destruction, or unauthorized access.

These measures include in particular the control of physical access to personal data as well as access, input, and transfer control. The operator also considers the protection of personal data during software development and through privacy-friendly default settings (Article 25 GDPR).

To ensure confidentiality and integrity in communication between the web server of childstories.org and the user's web browser, SSL encryption by the certification authority "Let’s Encrypt" is used. The encryption methods used with SSL are regularly tested, regardless of their purpose, and are considered mathematically secure—meaning they cannot theoretically be circumvented with currently known techniques.

To ensure a level of protection appropriate to the risk, the use of technical and organizational security measures always takes into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.

The operator reserves the right to amend the privacy policy to reflect changes in legal requirements or in the event of changes to the service or data processing. However, this applies only with regard to declarations concerning data processing. If user consent is required or if components of the privacy policy contain provisions governing the relationship with the users, changes will only be made with the users’ consent. Users are encouraged to regularly review the content of the privacy policy.

Last updated: 24.02.2018