Privacy Policy

Controller

The controller responsible for the processing described in this privacy policy is:

Accessing this website

When you access this website, technical data may be processed automatically by the web server. This may include:

• IP address
• date and time of access
• requested page or file
• amount of data transferred
• browser type and version
• operating system
• referrer URL, where available

This data is processed to provide the website, ensure technical stability, prevent misuse and maintain the security of our systems. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and reliable operation of this website.

Server log data is deleted or anonymised after a short technical retention period, unless longer retention is necessary to investigate a specific security incident or to assert, exercise or defend legal claims.

Cookies and analytics

This website does not use cookies, user accounts, tracking technologies or web analytics tools.

If this changes in the future, this privacy policy will be updated before such technologies are used.

Contact by email

If you contact us by email, we process the information you provide in order to respond to your request. This may include your name, email address, organisation, the content of your message and any additional information you choose to provide.

The legal basis is Art. 6(1)(b) GDPR where your request relates to pre-contractual or contractual matters. In other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in responding to enquiries and communicating with interested individuals, organisations, contributors and supporters.

Email correspondence is stored only for as long as necessary to handle the request and any related follow-up. Statutory retention obligations remain unaffected.

Membership administration

If you apply for membership, become a member, support the Samba Foundation as a sponsor or otherwise participate in membership-related processes, we process the personal data necessary to administer the membership, sponsorship or organisational relationship.

Depending on the specific process, this may include:

• name and contact details
• organisation or company affiliation, where applicable
• membership type and membership status
• communication related to membership, governance or sponsorship
• billing, payment and accounting information, where applicable
• records required for statutory, tax or organisational purposes

The legal basis is Art. 6(1)(b) GDPR where processing is necessary for the establishment, administration or termination of a membership or sponsorship relationship. Where we are legally required to retain or process certain information, the legal basis is Art. 6(1)(c) GDPR.

For general organisational communication and the administration of foundation-related processes, the legal basis may also be Art. 6(1)(f) GDPR. Our legitimate interest lies in the effective and transparent administration of the Samba Foundation and its members, contributors and supporters.

For membership administration, we currently use campai, a cloud-based membership management service for associations and organisations. campai may process personal data on our behalf as a technical service provider.

Where campai processes personal data on our behalf, this is done under a data processing agreement in accordance with Art. 28 GDPR. Access to membership data is restricted to authorised persons who need such access for membership administration, accounting, governance or related organisational purposes.

Membership-related data is retained for as long as necessary for the membership, sponsorship or organisational relationship and for any applicable statutory retention periods. After that, the data is deleted or anonymised unless further retention is necessary to assert, exercise or defend legal claims.

Recipients and service providers

Personal data may be processed by technical service providers who support us in operating this website, email infrastructure, membership administration or related IT systems. Such providers process data only as necessary for the respective service and, where required, on the basis of a data processing agreement.

For membership administration, we currently use campai as a service provider. Further technical service providers may include hosting, email and IT infrastructure providers.

We do not sell personal data and do not share it for advertising purposes.

External links

This website may contain links to external websites. We are not responsible for the content or privacy practices of external websites. The privacy policies of the respective providers apply once you leave samba.foundation.

Your rights

Under the GDPR, you have the following rights, subject to the applicable legal requirements:

• right of access, Art. 15 GDPR
• right to rectification, Art. 16 GDPR
• right to erasure, Art. 17 GDPR
• right to restriction of processing, Art. 18 GDPR
• right to data portability, Art. 20 GDPR
• right to object, Art. 21 GDPR
• right to withdraw consent, where processing is based on consent

To exercise your rights, please contact us at privacy@samba.foundation.

Supervisory authority

You also have the right to lodge a complaint with a data protection supervisory authority. If the Samba Foundation is based in Berlin, the competent authority is:

Changes to this privacy policy

We may update this privacy policy when this website, our organisational processes or our services change. The current version is published on this page.

Last updated: May 2026