Skip to main content
RNIGe.V.

Privacy Policy

Last updated: March 2026 — This policy is provided in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Data Controller

Rhein Neckar Indische Gemeinde e.V. (RNIG e.V.)
Breslauer Str. 11
68519 Viernheim
Deutschland
E-Mail: privacy@rnig-ev.org

2. Data We Collect

We collect and process personal data only to the extent necessary to provide our services. Depending on how you use our Platform, this includes:

  • Account data: name, email address, and hashed password when you create an account.
  • Order data: ticket selections, purchase history, PayPal transaction IDs, and payment confirmation records.
  • Membership application data: full name, postal address, telephone number, IBAN (for SEPA direct debit authorisation), membership type, declaration of interests, and digital signatures where provided.
  • Check-in data: timestamp recorded when your ticket QR code is scanned at the event venue.
  • Technical data: IP address, browser type, and device information collected automatically during site usage via server logs.

3. Purposes of Processing

  • Fulfilling ticket orders and delivering tickets by email.
  • Processing and managing membership applications.
  • Managing your account and providing customer support.
  • Communicating event updates, changes, or cancellations.
  • Processing entry check-ins at event venues.
  • Complying with statutory accounting and tax-record retention obligations under German law.
  • Ensuring the security and proper functioning of our Platform.

4. Legal Basis (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)): processing necessary to fulfil your ticket purchase or process your membership application.
  • Legal obligation (Art. 6(1)(c)): retention of transaction and accounting records under § 147 AO (German Fiscal Code).
  • Legitimate interests (Art. 6(1)(f)): platform security, fraud prevention, and prevention of unauthorised ticket use.

5. Third-Party Processors

We share personal data with the following processors solely to deliver our services. All processors are bound by written data processing agreements in accordance with Art. 28 GDPR:

  • Supabase Inc. — database hosting and authentication. Data stored on EU-region servers.
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. — payment processing. Subject to PayPal's own privacy policy.
  • Resend Inc. — transactional email delivery (ticket confirmations, membership confirmations).
  • Vercel Inc. — website hosting and global edge delivery.

We do not sell, rent, or otherwise disclose your personal data to third parties for their own marketing purposes.

6. Cookies

We use essential session cookies solely to manage authenticated user sessions. These cookies are technically necessary for the Platform to function and do not require your consent. We do not use advertising or tracking cookies.

7. Data Retention

  • Account data: retained for the duration of your account and deleted within 30 days of account closure, unless a legal retention obligation applies.
  • Order and transaction data: retained for 10 years to comply with German tax and commercial law (§ 147 AO, § 257 HGB).
  • Membership application data: retained for the duration of membership and for 10 years thereafter in accordance with applicable statutory retention periods.
  • Check-in data: retained for 90 days after the event and then deleted.
  • Technical server logs: retained for 30 days and then deleted.

8. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR): obtain confirmation of whether we process your data and receive a copy.
  • Right to rectification (Art. 16 GDPR): have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17 GDPR): request deletion of your data where no overriding legal basis exists.
  • Right to restriction (Art. 18 GDPR): restrict processing in certain circumstances.
  • Right to data portability (Art. 20 GDPR): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): object to processing carried out on the basis of legitimate interests.

To exercise any of these rights, please contact us at privacy@rnig-ev.org. We will respond within 30 days.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority at any time. As RNIG e.V. is established in Hessen, the competent authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Postfach 3163
65021 Wiesbaden
datenschutz.hessen.de

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised version will be published on this page with an updated date. We encourage you to review this page periodically.

11. Contact

For any privacy-related questions or requests, please contact:
RNIG e.V. — Datenschutz
Breslauer Str. 11, 68519 Viernheim
E-Mail: privacy@rnig-ev.org