Privacy Policy

As of: June 2026 — Last updated: 04.06.2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection legislation is:

Zukunftstheater, König & König GbR
Spechthausen 45
16225 Eberswalde
Germany
Email: info@zukunftstheater.de

2. Principles of data processing

This website is designed according to the principles of Privacy by Design & Privacy by Default in accordance with Art. 25 GDPR. This means:

  • No cookies are set — neither technically necessary nor optional ones.
  • No tracking takes place — no web analytics tool, no reach measurement.
  • No external resources are integrated (no CDNs, no fonts, no APIs).
  • No third-party services are integrated on the frontend (no Google Analytics, no Facebook Pixel, no tracking or advertising tools).
  • The contact options are purely static and transmit no data.
  • No automated decision-making or profiling takes place.

3. What data is processed?

3.1 Server log files

When this website is accessed, server log files are technically recorded by the hosting provider. These may contain the following information:

  • Anonymised IP address of the requesting device (the last segment is replaced by a random value)
  • Date and time of access
  • Name of the file accessed
  • Data volume transferred
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)

This data is not merged with other data sources. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the security and functionality of the website). Log files are automatically deleted after 7 days by default (configurable in the hosting administration). Hetzner stores only truncated IP addresses (last octet replaced by a random value); a direct personal reference is not generally possible.

3.2 Contact by email

If you contact us by email, the data you provide (name, email address, message content) will be stored and processed for the purpose of handling your enquiry.

The legal basis is Art. 6(1)(b) GDPR (performance of pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). The data will be deleted once the enquiry has been fully processed, provided no statutory retention obligations apply.

3.3 Contact options

The contact options on this website are purely static and have no submission function. No form data is transmitted, stored or processed. The mailto links serve solely as a guide for direct email contact.

3.4 Personal mailing list

On our website we offer the option to be added to a personal mailing list. To do so, simply send an informal email to info@zukunftstheater.de.

We store only the email address and — if provided — the name. The data is not managed in any external system and not shared with third parties. We write when there is something new from us — new formats, projects or offerings.

The legal basis is Art. 6(1)(a) GDPR (consent given by active contact). Inclusion in the mailing list is voluntary and can be withdrawn at any time without giving reasons — an informal email to info@zukunftstheater.de is sufficient. We will delete the address promptly.

3.5 Interactive tools (orientation tool)

The website contains an interactive orientation tool. This tool runs entirely in the user's browser (client-side) and transmits no data to any server or third party. Responses entered by users do not leave the device. No cookies are set, no localStorage or sessionStorage is used, and no personal data is collected or stored. The tool uses rule-based if-then logic with no AI component; no automated decision-making within the meaning of Art. 22 GDPR takes place. No legal basis under GDPR is required, as no personal data is processed.

3.6 Event registration data

If you register for one of our own events (e.g. a workshop, training or retreat), the data required for this purpose (name, email address, and where applicable address and payment information) will be processed for the purpose of organising the event and handling billing. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). The data will be deleted after the event has concluded and any statutory retention periods have expired.

If photo or video recordings are made at our own events and used for documentation or marketing purposes, this will only take place on the basis of explicit consent (Art. 6(1)(a) GDPR). Consent is voluntary and may be withdrawn at any time without giving reasons.

4. No cookies

This website sets no cookies whatsoever — neither technically necessary ones nor functional, analytics or marketing cookies. Consent pursuant to Art. 6(1)(a) GDPR is therefore not required and is not sought.

5. No external integrations / third parties

This website integrates no external resources:

  • No external fonts (no Google Fonts or similar)
  • No external scripts or libraries
  • No social media plugins or share buttons
  • No analytics or tracking services (no Google Analytics, Matomo, etc.)
  • No embedded videos or maps (no YouTube, no Google Maps)
  • No advertising or affiliate links

When you visit this website, no data is therefore transmitted to third parties.

6. Hosting & webmaster tools

This website is hosted by Hetzner Online GmbH, based in Germany. A data processing agreement (DPA) in accordance with Art. 28 GDPR is in place. The hosting provider processes the server log data described in section 3.1.

To monitor visibility in search engines, we use Google Search Console (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Website visitors are not tracked in this process; no visitor data is transmitted to Google. Google receives only technical information about the site structure in the course of regular crawling by Googlebot. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the findability of the website). Google's privacy policy is available at policies.google.com/privacy.

6a. Data processing agreements and research cooperations

Where the provider processes personal data on behalf of clients as part of commissioned work or research cooperations, this is done on the basis of a data processing agreement (DPA) in accordance with Art. 28 GDPR. In these cases, the respective client is the data controller; the provider acts solely on their instructions.

This applies in particular to research cooperations with universities, institutes or other organisations in which personal data of participants is collected in the course of participatory or transdisciplinary processes. In such cases, responsibility for obtaining the required consents from participants rests with the client.

7. Your rights as a data subject

You have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority is the supervisory authority of your federal state or that of the federal state in which we are based.

8. Data security

This website uses SSL/TLS encryption for data transmission. In addition, technical and organisational measures (TOMs) in accordance with Art. 32 GDPR are implemented to protect your data against unauthorised access, loss or manipulation.

9. Currency and amendments

This privacy policy is currently valid and dated as shown above. As our website develops or as legal and regulatory requirements change, it may be necessary to amend this policy. The current version is always available on this page.