Home/ Legal/ Privacy Policy
Legal · DSGVO / GDPR

Data Privacy Policy

We take your privacy seriously. This page explains exactly what data we collect, why, and what you can do about it.

On this page

  1. Who we are and who is responsible
  2. What personal data we collect
  3. How and why we use your data
  4. Data retention periods
  5. Cookies and analytics
  6. Third-party services
  7. Your rights under GDPR
  8. Data security
  9. Contact our Data Protection Officer
  10. Changes to this policy

1. Who we are and who is responsible

The data controller for this website and all ISAK activities is:

Indian Students Association Koblenz e.V. (ISAK)
Registered at: Amtsgericht Koblenz, VR 41827
Address: c/o Hochschule Koblenz, Konrad-Zuse-Straße 1, 56075 Koblenz, Germany
Email: hello@isak-koblenz.de

We collect and process personal data in compliance with the EU General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

2. What personal data we collect

When you visit our website

Our web server logs standard access data for security purposes: IP address (anonymised after 24 hours), browser type and version, operating system, referring URL, pages visited, and timestamp. This data is not linked to any individual and is deleted within 7 days.

When you submit a contact or membership form

We collect the information you provide: first and last name, email address, study programme, semester, campus, hometown, and the message content you choose to share. Only the name and email address are required fields; all other information is optional and provided at your discretion.

When you subscribe to our newsletter

We collect your email address for the purpose of sending you the monthly ISAK digest. Subscription requires double opt-in: you will receive a confirmation email and must click to confirm before we add you to the mailing list.

When you attend an ISAK event

For ticketed or registration-required events, we collect your name and email address for attendance management. For events with photography, we will clearly announce this in advance and provide an opt-out area.

3. How and why we use your data

We use your data only for the specific purpose for which you provided it:

  • Membership applications: to verify eligibility, issue your member ID, add you to the WhatsApp group, and send welcome materials.
  • Contact form enquiries: to respond to your question or request.
  • Newsletter: to send you the monthly community digest. We use Mailchimp (EU data processing agreement in place) to manage this list.
  • Event management: to confirm registration and communicate event logistics.
  • Website analytics: only with your consent, to understand how the site is used and improve it. See Section 5.

We do not use your personal data for automated decision-making or profiling. We do not sell, rent, or share your data with third parties for their marketing purposes.

4. Data retention periods

  • Membership records are retained for the duration of your active membership plus 12 months after you leave.
  • Newsletter subscriptions are retained until you unsubscribe. You can unsubscribe at any time via the link at the bottom of every email.
  • Contact enquiry records are retained for 24 months.
  • Event attendance records are retained for 12 months, then deleted.
  • Server access logs are anonymised within 24 hours and deleted within 7 days.

5. Cookies and analytics

This website uses only technically necessary cookies (session state). No third-party advertising cookies, Facebook Pixel, or Google Analytics are set without your explicit consent.

With your consent (via the cookie banner when you first visit), we may use Plausible Analytics — a privacy-first analytics tool hosted in the EU, which collects no personal data and sets no cookies. Plausible data is aggregate-only and not shared with any third parties.

You may withdraw consent for optional analytics at any time by clicking "Cookie Settings" in the footer of any page.

6. Third-party services

We use the following external services:

  • Google Fonts: Font files are loaded from Google servers. This results in your IP address being transmitted to Google when you visit the site. We have a legitimate interest in loading the fonts efficiently; the transmission is limited to the font files only.
  • Unsplash: Images are sourced from Unsplash. Images are embedded via their CDN. No personal data is transmitted to Unsplash when viewing images.
  • Mailchimp: Used for newsletter management. We have a GDPR Data Processing Agreement in place. Mailchimp servers are in the US; transfers are covered under the EU-US Data Privacy Framework.
  • WhatsApp: ISAK group chats are operated on WhatsApp. Joining a WhatsApp group is entirely voluntary and governed by WhatsApp's own privacy policy.

7. Your rights under GDPR

Under Articles 15–22 GDPR, you have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Correct inaccurate or incomplete data (Art. 16)
  • Erasure ("right to be forgotten") of your data where no legal obligation to retain it exists (Art. 17)
  • Restriction of processing while a dispute is resolved (Art. 18)
  • Data portability in a structured, machine-readable format (Art. 20)
  • Object to processing based on legitimate interests (Art. 21)
  • Withdraw consent at any time for processing based on consent, without affecting prior lawful processing (Art. 7)

To exercise any of these rights, email privacy@isak-koblenz.de with the subject line "GDPR Request – [your name]". We will respond within 30 calendar days. We may ask you to verify your identity before acting on a request.

You also have the right to lodge a complaint with the supervisory authority in Rhineland-Palatinate: Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz.

8. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. Our website is served over HTTPS. Access to membership records is restricted to board members with a legitimate need. We conduct an annual review of our data protection practices.

Despite our best efforts, no system is perfectly secure. If you believe a data breach has occurred involving your information, please contact us immediately at privacy@isak-koblenz.de.

9. Contact our Data Protection Officer

Tanvi Reddy
Secretary and Data Protection Officer, ISAK e.V.
Email: privacy@isak-koblenz.de
Address: c/o Hochschule Koblenz, Konrad-Zuse-Straße 1, 56075 Koblenz

10. Changes to this policy

We may update this policy from time to time — for example, when we introduce a new service or when legal requirements change. The current version is always available at this URL. Material changes will be announced to active members via email with at least 14 days' notice before they take effect.

Last updated: January 2026 · Version 2.1 · Impressum