Privacy Policy of Masterpiece for Good gUG (haftungsbeschränkt)
Version dated 17 February 2026
- Who we are
The controller for the purposes of the General Data Protection Regulation is:
Masterpiece for Good gUG (haftungsbeschränkt)
Saarbrücker Str. 24
10405 Berlin
Germany
Represented by Bogna Grazyna Jaroslawski and Aurélie Maestre
For data protection enquiries, you can contact us at:
office@masterpieceforgood.org
- Overview of the data we process
Depending on the nature and extent of your use of our website, we process in particular the following categories of data:
Server and access data when the website is accessed
Data submitted through contact enquiries
Newsletter subscription data
Usage data for the statistical analysis of the website
Consent and cookie related information
Data processed in connection with embedded external content and the use of external services
- Legal bases for processing
We process personal data on the basis of the following legal grounds:
Consent pursuant to Article 6(1)(a) GDPR
Performance of a contract or steps taken prior to entering into a contract pursuant to Article 6(1)(b) GDPR
Compliance with a legal obligation pursuant to Article 6(1)(c) GDPR
Legitimate interests pursuant to Article 6(1)(f) GDPR
- Hosting and server log files
Our website is hosted by Strato. When you access the website, certain data is processed for technical reasons in order to make the website available and to ensure the security of our systems.
In particular, the following data is processed:
IP address
Date and time of access
Content accessed
Referrer information
Information about the browser and operating system used
Status codes
The legal basis for this processing is Article 6(1)(f) GDPR.
The retention period depends on the technical requirements of the hosting provider and on security requirements and is generally limited to a short period.
- Cookies, consent, and Cookie Policy
We use CookieYes to manage consent and to provide information about cookies and similar technologies.
The current Cookie Policy is publicly available at:
https://masterpieceforgood.org/cookie-policy/
The legal basis for technically necessary cookies and similar storage operations is Article 6(1)(f) GDPR.
The legal basis for optional cookies and similar storage operations is Article 6(1)(a) GDPR.
5.1 Cookie table
Please note that the cookies actually set may change as a result of updates, theme settings, or third party content. The Cookie Policy available at the URL above therefore remains authoritative at all times. The table below provides a summary of the currently visible status.
| Category | Cookie | Provider | Purpose | Retention period |
|---|---|---|---|---|
| Necessary | cf_bm | Cloudflare | Bot protection and security functions | 1 hour |
| Necessary | wpEmojiSettingsSupports | WordPress | Checks whether the browser can correctly display emojis | Session |
| Necessary | cookieyes-consent | CookieYes | Stores your consent choices and settings | As specified in the Cookie Policy |
- Contact form
We use Contact Form 7. If you contact us via the contact form, we process the data you enter, in particular your name, your email address, and your message, in order to handle your enquiry.
Contact Form 7 does not permanently store the submitted form data in the website database. The data is transmitted to us by email and processed there for the purpose of handling your enquiry.
The legal basis is Article 6(1)(b) GDPR insofar as the communication concerns pre contractual or contractual matters. In all other cases, the processing is based on Article 6(1)(f) GDPR.
Retention period: 24 months after the enquiry has been completed.
- Newsletter and Brevo
If you subscribe to our newsletter, we process your email address and records of your consent.
We use a double opt in procedure.
If you subscribe through a newsletter form embedded on our website, the data you enter is transmitted to Brevo and processed there on our behalf for the purpose of managing newsletter subscriptions and documenting your consent.
The newsletter is sent via Brevo.
According to Brevo, the databases on which Brevo processes and stores data are hosted within the European Union. Depending on the specific processing activity and the involvement of subprocessors, transfers to third countries may nevertheless occur in individual cases. Where this is the case, appropriate safeguards are applied in accordance with applicable data protection law.
The legal basis is Article 6(1)(a) GDPR.
Retention period: until you unsubscribe from the newsletter. Records of consent are stored for as long as necessary for documentation purposes.
- Web analytics and Independent Analytics
We use Independent Analytics for the statistical analysis and improvement of our website.
The legal basis is Article 6(1)(f) GDPR.
Retention period: 24 months.
- Embedded external content and social media
Our website may contain embedded content from third party providers, in particular YouTube, Dailymotion, Instagram, TikTok, LinkedIn, and Facebook.
When such content is loaded, data may be transmitted to the respective providers, in particular your IP address and technical usage data. This may also involve transfers of data to third countries.
Where such content is not technically necessary, the processing is generally based on your consent pursuant to Article 6(1)(a) GDPR.
- PayPal donation link
We provide a link to PayPal in order to enable donations. By clicking this link, you leave our website. Any subsequent processing of personal data is subject to PayPal’s privacy policy.
The legal basis for providing the link is Article 6(1)(f) GDPR.
- With whom we share data
We share personal data only to the extent necessary to provide the website and the functions described above. This applies in particular to:
Strato as hosting provider
Brevo as provider for newsletter forms and newsletter delivery
Providers of embedded content where such content is loaded
PayPal after you click on the donation link
- Retention period
Unless a more specific retention period is stated in this Privacy Policy, we store personal data only for as long as necessary for the respective purposes.
In particular, the following periods apply:
Server log files: short term in accordance with the requirements of the hosting provider
Contact enquiries: 24 months
Newsletter data: until you unsubscribe; records of consent for as long as necessary
Analytics data: 24 months
Cookies and consent data: in accordance with the retention periods stated in the Cookie Policy
- Your rights
Within the framework of the applicable legal provisions, you have the right to access, rectification, erasure, restriction of processing, and data portability.
You may withdraw any consent you have given at any time with effect for the future.
You may object to the processing of personal data where such processing is based on legitimate interests.
You also have the right to lodge a complaint with a data protection supervisory authority.
To exercise your rights, you can contact us at:
office@masterpieceforgood.org
- Security
We implement technical and organisational measures to protect personal data. These include in particular HTTPS encryption of the website, access restrictions within the backend, as well as backups and updates within the scope of our technical and organisational capabilities.
- Measures in the event of data breaches
If we become aware of a personal data breach, we assess the incident, secure the affected systems, document the matter, and comply with any applicable legal notification obligations.
We inform affected individuals where there is a high risk to their rights and freedoms.
- Automated decision making and profiling
We do not use automated decision making or profiling within the meaning of Article 22 GDPR.
- Technical adjustments currently still being implemented
Google Maps
On some pages, Google Maps may currently still be embedded in such a way that a connection to Google is established as soon as the page is loaded. Our aim is to ensure that Google Maps is loaded only after consent has been given, or alternatively that only a link is provided. Until this has been fully implemented, data may be transmitted to Google.
Google Fonts
Fonts are currently still loaded externally in some cases. As a result, requests may be sent to Google servers when individual pages are accessed. Our aim is to integrate all fonts locally. Until this has been fully implemented, data may be transmitted to Google.
- Changes to this Privacy Policy
We update this Privacy Policy whenever functions of the website, services used, or legal requirements change. This applies in particular once the technical adjustments relating to Google Maps and Google Fonts have been completed.