Privacy Policy
Weekend Wolf – Event Platform • Version: 30.04.2026
This privacy policy informs you about what personal data we collect, for what purposes we process it and what rights you have. The privacy policy is based on the Swiss Data Protection Act (revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).
Diese Fassung richtet sich insbesondere an Nutzerinnen und Nutzer in Deutschland. Für Verarbeitungen mit Marktbezug Deutschland wenden wir die DSGVO an; zusätzlich gelten für unser Unternehmen die einschlägigen schweizerischen Datenschutzvorgaben.
1. Controller
Johannes Nothstein
Bahnhofplatz 2
4133 Pratteln
Switzerland
[email protected]
2. Data Collected
2.1 When Visiting the Website (automatic)
Each time you access our platform, the following data is automatically collected:
- IP address (anonymized)
- Browser type and version
- Operating system
- Pages visited
- Date and time
- Language setting
2.2 During Registration
- Email address (required)
- Password (hashed)
- Name (optional)
- Profile picture (optional)
- Social media links (optional)
2.3 When Creating Events/Venues
- Event details (title, description, date, etc.)
- Venue details (name, address, etc.)
- Images
- Contact information (optional)
- Location coordinates
legal.privacy.sections.data.payment.title
- legal.privacy.sections.data.payment.items.stripeId
- legal.privacy.sections.data.payment.items.subscriptionStatus
- legal.privacy.sections.data.payment.items.invoices
legal.privacy.sections.data.payment.connect
3. Legal Bases for Processing
| Purpose | DSGVO | revDSG |
|---|---|---|
| Contract fulfillment | Art. 6 Abs. 1 lit. b | Art. 6 Abs. 3 |
| Consent (e.g., cookies) | Art. 6 Abs. 1 lit. a | Art. 6 Abs. 6 |
| Legitimate interest | Art. 6 Abs. 1 lit. f | Art. 6 Abs. 1 |
| Legal obligations | Art. 6 Abs. 1 lit. c | Art. 6 Abs. 3 |
Note: The revised Swiss Data Protection Act (revDSG) does not have a conclusive catalog of legal bases like the GDPR. Processing is permissible if it is proportionate and the principles under Art. 6 revDSG are observed.
4. Cookies
Cookies are small text files stored on your device that enable recognition.
Necessary Cookies
| Cookie | Purpose | Storage Duration |
|---|---|---|
| authjs.session-token | Login session | Session / 30 days |
Analytics Cookies (only with consent)
| Cookie | Purpose | Storage Duration |
|---|---|---|
| _ga | User differentiation | 2 years |
| _ga_* | Session tracking | 2 years |
Important: Google Analytics is only activated if you have explicitly agreed in the cookie banner. Without your consent, no analytics cookies will be set.
5. Third-Party Providers and Data Transfers
Hetzner Online GmbH (Hosting & Speicher)
legal.privacy.sections.thirdParty.hetzner.text
Google Tag Manager / Google Analytics
legal.privacy.sections.thirdParty.googleTagManager.text
- legal.privacy.sections.thirdParty.googleTagManager.measures.ip
- legal.privacy.sections.thirdParty.googleTagManager.measures.noAds
- legal.privacy.sections.thirdParty.googleTagManager.measures.consent
Opt-Out: tools.google.com/dlpage/gaoptout
Google Places API / Google Maps
legal.privacy.sections.thirdParty.googlePlaces.text
Resend (Email Delivery)
For sending emails (verification, notifications) we use Resend (USA). Data transfer based on SCCs.
Stripe (Zahlungsabwicklung)
legal.privacy.sections.thirdParty.stripe.text
Spotify API
For artist information we use the Spotify API. Only public artist data is retrieved, no user data is transmitted.
Push-Benachrichtigungen
legal.privacy.sections.thirdParty.push.text
Note on Third-Country Transfers (USA)
For all US service providers, we have conducted a risk assessment (Transfer Impact Assessment). In addition to EU Standard Contractual Clauses (SCCs), we employ the following protective measures:
- Encryption of data during transfer and storage
- Pseudonymization where technically possible
- Limitation of transmitted data to the necessary minimum
- Contractual assurances from providers regarding government requests
6. Retention Period
| Data Type | Retention Period |
|---|---|
| User account | Until deletion + 6 months |
| Events | Until deletion by organizer or admin |
| Venue claims | 3 years after completion |
| Server logs | 90 days |
| Analytics data | 26 months (Google Analytics) |
7. Your Rights
- Right of Access: You can request information about what personal data we have stored about you.
- Right to Rectification: You can request correction of inaccurate data.
- Right to Erasure: You can request deletion of your data, provided no legal retention obligations apply.
- Restriction of Processing: You can request restriction of processing.
- Data Portability: You can request that we provide your data in a structured, commonly used and machine-readable format.
- Right to Object: You can object to processing of your data when based on legitimate interest.
- Withdrawal of Consent: Granted consents can be revoked at any time with effect for the future.
- Right to Complain: You have the right to complain to the competent data protection supervisory authority.
To exercise your rights, please contact: [email protected]
legal.privacy.sections.rights.exercise.title
legal.privacy.sections.rights.exercise.intro
- legal.privacy.sections.rights.exercise.items.selfService
- legal.privacy.sections.rights.exercise.items.deletion
- legal.privacy.sections.rights.exercise.items.email: [email protected]
legal.privacy.sections.rights.exercise.response
8. Data Security
- SSL/TLS encryption of data transmission
- Passwords are stored hashed (bcrypt)
- Role-based data access
- Regular software updates
9. Minors
The platform is not intended for persons under 16 years of age. We do not knowingly collect data from minors under 16.
10. Changes to Privacy Policy
We reserve the right to adapt this privacy policy as needed. For material changes, we will inform registered users by email. Material changes take effect no earlier than 14 days after notification.
11. Supervisory Authority
For complaints, you can contact the competent data protection supervisory authority:
Bundesbeauftragte fuer den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Deutschland
www.bfdi.bund.de
Privacy Contact
Johannes Nothstein
[email protected]
Version: 30.04.2026