Skip to main content
Rolfes SDG Academy

Data Protection and Privacy Policy

This notice summarises how the current website build handles personal data for visitors, applicants, newsletter subscribers, donors, and certificate checks.

Last updated: 28 April 2026.

1. Controller

Akademie zur Förderung physiochemischer Nachhaltigkeit e.V. (operating as Rolfes SDG Academy)
Albert-Schweitzer-Str. 22
32602 Vlotho, Germany
Phone: +49 (0) 57 33 / 88 03 58
Email: info@rolfessdgacademy.org

Responsible representatives and data protection contacts:
Dr. Yuno Rolfes
As the legally appointed representative of the association under § 26 BGB, Dr. Yuno Rolfes is the competent person to address any data protection enquiries. The organisation has assessed the DPO appointment requirement under Art. 37 GDPR: given the association’s size, activities, and processing scope, formal DPO appointment is not obligatory; however, the representatives assume full data-protection responsibility. All data subject requests and data protection correspondence should be sent to: info@rolfessdgacademy.org

2. Data processed through the website

  • Contact details and message content when you use the contact, partnership, magazine, or application forms.
  • Email address and related submission metadata when you request newsletter updates.
  • Donation-related information if you choose to use the hosted Donorbox flow or embedded donation form.
  • Certificate verification inputs, hashed IP address, user-agent string, and result status if the certificate backend is deployed.
  • Necessary consent records used to store your privacy choices.

Website forms including contact, partnership, magazine, debate, and newsletter submissions are handled directly by the academy's own website backend and stored on secure servers under the academy's control. Authorised academy administrators may review these submissions in order to respond, coordinate programmes, and maintain governance oversight.

3. Why the data is processed

  • To respond to enquiries and partnership requests.
  • To administer programme applications and communicate with applicants.
  • To review newsletter requests and send updates when you actively subscribe.
  • To process donations if you choose to use the external donation provider.
  • To verify certificates, prevent abuse, and secure the certificate system if that backend is activated.
  • To remember your privacy choices and block optional tools until consent is given.

4. Legal bases typically relied on

  • Article 6(1)(a) GDPR: consent for newsletter signup, optional cookies, analytics, marketing embeds, and other opt-in tools.
  • Article 6(1)(b) GDPR: steps taken at your request before entering a programme or partnership relationship, and delivery of requested services.
  • Article 6(1)(c) GDPR: compliance with legal or accounting obligations where applicable.
  • Article 6(1)(f) GDPR: legitimate interests in site security, abuse prevention, and limited technical logging, subject to balancing with your rights.

4a. Special-category data (Article 9 GDPR)

The Solar Cohort application form contains optional questions relating to disability status and sexual orientation / gender identity in Section 5 (equity and diversity). These are special-category personal data under Art. 9 GDPR. They are processed exclusively for the purpose of diversity, equity, and inclusion (DEI) support within the programme.

The legal basis for processing this data is Article 9(2)(a) GDPR — explicit consent. Applicants are asked to give a separate, explicit tick-box consent before submitting the form. This consent can be withdrawn at any time by contacting info@rolfessdgacademy.org. Data provided in Section 5 is stored only in the academy’s own secure database and is not shared with any third party.

5. How your data is stored and processed

  • Own secure database (primary): All public forms on this website — including Solar Cohort applications, contact enquiries, partnership requests, magazine submissions, debate applications, and newsletter sign-ups — are handled directly by the academy’s own server and stored in our secure systems.
  • Donorbox: provides the donation flow; the on-page embed is blocked until marketing consent is granted. If you use the Donorbox hosted page directly, Donorbox’s own privacy policy applies.
  • Email notifications: When you submit a form, an internal notification is sent to the academy team via our own SMTP mail server (mail.weserberg.net). Your data is not passed to any external marketing platform.
  • Certificate verification: runs on the academy domain and reads from the academy certificate database or protected local registry file. This is a same-origin data protection function rather than a cookie, tracking, or third-party storage service.

Newsletter double opt-in: When you subscribe to our newsletter, we use a double opt-in process in accordance with German court guidance (Bundesgerichtshof). You will receive a confirmation email and your subscription is only activated once you click the confirmation link.

6. International transfers

All form submissions are processed and stored on the academy’s own server within Germany. No form data is transferred to third-party processors outside the EEA through form submission.

If you choose to use the Donorbox hosted donation page, Donorbox (a US company) will process your payment and personal data. Donorbox relies on Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR as the transfer safeguard for EEA-to-US data flows. Please review Donorbox’s privacy policy for full details.

Outbound email notifications from our own mail server (mail.weserberg.net) are sent to the academy’s own mailboxes only. No subscriber or applicant personal data is sent to external marketing platforms.

7. Cookies, local storage, and optional tools

The site now separates necessary, preferences, analytics, and marketing categories. Non-essential scripts and embeds are blocked by default until you actively opt in. For the detailed inventory of storage keys and consent categories, see the Cookies Policy.

8. Retention

  • Contact and application data: deleted within 6 months of last correspondence, unless legal obligations require longer retention.
  • Newsletter data: retained until unsubscribe plus 30 days for technical purge.
  • Donation data: 10 years per § 147 AO where applicable. If donations are processed through Donorbox, Donorbox may retain donation processing records in line with its own retention policy.
  • Consent records: 3 years from consent date.
  • Certificate verification logs: deleted within 30 days of the verification event.

9. Your rights

  • Access to your personal data.
  • Rectification of inaccurate data.
  • Erasure where the legal requirements are met.
  • Restriction of processing.
  • Data portability where applicable.
  • Objection to processing based on legitimate interests.
  • Withdrawal of consent at any time for future processing.

Right to lodge a complaint with a supervisory authority. The authority responsible for our organisation is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LfDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, poststelle@ldi.nrw.de.

This website does not use automated decision-making or profiling within the meaning of Art. 22 DSGVO.

Requests can be sent to info@rolfessdgacademy.org.

Rolfes SDG Academy

Rolfes SDG Academy is a youth-led, non-profit educational initiative advancing the United Nations Sustainable Development Goals through learning, leadership development, and collaborative action.

Albert-Schweitzer-Str. 22, 32602 Vlotho, Germany

+49 177 592 3568

info@rolfessdgacademy.org

Our Work

SDG Learning Programs Youth Leadership & Cohorts Climate & Energy Initiatives Global Debates & Dialogues SDG Ideas Hub Support Our Mission

Governance & Policies

About The Academy Partners & Collaborations Imprint Data Protection & Privacy Cookies Policy

Stay Connected

Subscribe to receive updates on programs, learning opportunities, youth initiatives, and SDG dialogues.

© 2026 Rolfes SDG Academy. All rights reserved.

Rolfes SDG Academy is an independent initiative and is not formally affiliated with the United Nations. References to the SDGs reflect alignment with the UN 2030 Agenda for Sustainable Development.

Website supported by LeAds