German English
Notifications (40)
Treasure chest (0)

Privacy Policy

1. Overview

We take the protection of your personal data seriously. In this privacy policy, we explain in a clear and understandable way which data we process on our website, why we need it, and what rights you have.

Our guiding principle is simple: as much data as necessary – as little as possible.

2. Controller & contact

The controller within the meaning of the GDPR is:

RishiFamily – Magic inside and out

If you have questions about data protection or want to exercise your rights, please use:

  • our contact form
  • the contact details listed in the imprint

3. Which data we process – and why

3.1 Visiting our website

When you visit our website, technically necessary data is processed to deliver the website properly, ensure stability and identify security risks.

This may include in particular:

  • IP address (stored for a limited time)
  • date and time of access
  • requested page or resource
  • browser and operating system used

This processing is based on our legitimate interest in providing a secure, stable and functional website.

We do not evaluate web server logs in a personalised way. Technical logs may be processed by our hosting provider as part of operating the service.

3.2 Membership account & member area

If you use a membership account, we process the data you provide (e.g. name, email address, optionally phone number and address) to manage the membership, provide the protected member area, and support the association’s work.

  • You can view and update your profile data in the member area.
  • You can end your membership yourself.
  • Newsletter settings can be managed conveniently in your account.

3.3 Orders / support & confirmations

If you place an order or provide support via the website, we process the data required for this purpose (e.g. order/support details, amounts, status, timestamps, and contact/address data as needed for fulfilment and documentation).

Support confirmations should remain accessible later. Therefore, certain information is stored as a historical snapshot so that earlier confirmations stay consistent.

3.4 Newsletter

You can subscribe to our newsletter independently of a membership. Depending on the case, we process salutation, name, email address, language settings, and timestamps of subscription and confirmation.

We use a double opt-in procedure: newsletters are sent only after you confirm your subscription. You can unsubscribe at any time.

Newsletter emails are sent via our own technical email infrastructure. We do not use an external marketing/newsletter service provider.

3.5 Security features (e.g. one-time codes)

For securing sensitive processes (e.g. verifications), we may use one-time codes. This can involve processing your email address, timestamps and, to a limited extent, IP addresses to reduce misuse.

IP addresses are stored only for a limited time (usually no longer than 1 month) and are then removed or technically cleaned up.

3.6 Internal statistics & improvement

Within the association’s platform, interactions (e.g. views, likes, progress information) may be processed to understand and improve development and impact within the association. This is for internal purposes only, without advertising analysis and without cross-platform profiling. For logged-in members, this information may be linked to the respective member.

3.7 Technically necessary cookies

Our website uses only technically necessary cookies. They are required to provide core functions safely and reliably.

  • Session cookies: Used for the duration of your visit and deleted automatically after you leave the website.
  • Authentication cookies (for members): If you are logged in as a member, a cookie is used to store your login status and enable access to the member area. This cookie can have a longer lifetime (currently up to 3 months) so that you stay logged in.

We do not use tracking, analytics or marketing cookies. We do not use the website for advertising purposes or profiling.

3.8 Contact requests

If you contact us via the contact form or by email, we process the data you provide (e.g. name, email address, message) in order to handle and answer your request.

This data is used solely for handling your request and is deleted afterwards, unless legal retention obligations apply.

4. Legal bases

Depending on the context, we process personal data based on one or more of the following legal bases:

  • to perform a contract or take steps prior to entering into a contract (e.g. membership, orders)
  • based on your consent (e.g. newsletter)
  • based on legitimate interests (e.g. operation, security and improvement of the website)
  • to comply with legal obligations (e.g. retention obligations)

5. Profile & voluntary publication

In the member area, you may optionally maintain a profile (e.g. short description or profile picture). This information is voluntary.

If profile content should be visible to others, this happens only if you actively choose it. There is no automatic publication of personal profile content.

6. Retention, deletion & anonymisation

We store personal data only as long as necessary for the respective purposes or as required by law.

  • Membership data can be removed by ending the membership and removing active data.
  • Where legal obligations prevent complete deletion, data is anonymised after the respective retention periods.
  • Security-related IP data (for one-time codes) is stored for a maximum of 1 month and then removed.

7. Recipients & external services

7.1 Hosting (IONOS)

Our website and database are hosted with IONOS (server location Germany/EU). IONOS provides the technical infrastructure (hosting). Processing takes place under a data processing agreement.

7.2 YouTube videos

Our website may embed videos from YouTube. We use the more privacy-friendly “nocookie” variant.

When you access a page with an embedded YouTube video, a connection to YouTube servers is established. Personal data (e.g. IP address, technical information) may be transmitted to YouTube.

We use YouTube solely to display video content. We do not perform any further analysis or profiling via YouTube.

7.3 Zoom (outside the website)

Online events of the association may take place via Zoom. Zoom is not embedded into the website. If you register for an event, you will receive the event details and Zoom link by email.

7.4 Payment provider (Stripe – planned)

Stripe may be used for future payment processing. If Stripe is actively used, we will update this privacy policy with detailed information about data processing in connection with payments.

8. Your rights

Under the GDPR, you generally have the following rights (where applicable):

  • access to your stored personal data
  • rectification of inaccurate or incomplete data
  • erasure of your data or restriction of processing
  • withdrawal of consent (e.g. newsletter) with effect for the future
  • data portability (provision in a suitable format)
  • complaint to a supervisory authority

If processing is based on legitimate interests, you have the right to object to this processing on grounds relating to your particular situation.

You can contact us via the contact form or the contact details in the imprint. You can also request a copy of your personal data. This includes in particular your profile data, content and actions you created or initiated.

9. Security

We protect personal data through appropriate technical and organisational measures. This includes encrypted access (HTTPS/TLS) and a role-based authorisation concept.

Passwords are not stored in plain text, but in a secure form (hash with salt).

10. Changes to this privacy policy

We may update this privacy policy if our website, processes or legal requirements change. The currently published version on this page applies.

11. Complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority.

For Austria, the competent authority is:

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Austria

More information can be found on the authority’s website.

12. Request your data

If you would like an overview of your personal data stored with us, you can request it here.

Request my data To make sure only you can see your data, we will guide you through a short identity check.