kopfkino.social (hereafter “we”, “us” or “the service”) is a non-profit donation-based service that provides Mastodon social media accounts to the [instance Community] (“you”). For the purpose of connecting and interacting with other Mastodon or Fediverse accounts, kopfkino.social processes personal data from its users and users of other instances with whom they interact. This data protection notice describes what kind of personal data we process and on what legal basis, how long we keep it and why, as well as your rights with respect to your data.
Please do not hesitate to contact us via email to for any question you might have with regard to this document or the processing of your personal data.
We dedicate our Mastodon instance kopfkino.social to the [instance Community]. Our small team in Velbert provides the non-profit donation-based service on a voluntary basis to offer privacy-friendly micro-blogging accounts that our users typically employ for networking, socialising and discussing ideas mainly linked to [AR, VR, marketing].
For the purpose of ensuring a secure interaction, the website of kopfkino.social stores the cookie ‘_mastodon_session’ with an identifier in the browser of registered and unregistered website visitors until they close their browser. For registered website visitors, the cookie ‘_session_id’ stores their login status until logout. Based on user consent, the website stores as well push notification settings in the browser. For security and debugging purposes, our server logs and stores visitor IP addresses for a maximum of 14 days. After that time, all IP addresses are removed.
kopfkino.social processes profile data in the form of posts (toots), subscriptions (following), subscribers (follower), content appreciations (likes) and promotions (boosts) for publication in the context of profile and post pages. For registered users we process your profile data to deliver the service. For users of other instances, we store and display public profile data and rely here on our legitimate interest until they object and in any case when they delete their post or other data (unsubscribe, unlike, unboost).
If you contact kopfkino.social via email or a (private) post, we use any personal data that your message may contain (such as your email address or name) only to respond to your message. We archive your message for at most 12 months. You are of course free to use a nickname and a pseudonymous email address. We process messages from our registered users to deliver the service and rely for users of other instances on their consent. We may also process messages to comply with our legal obligations.
The following information is provided according to Articles 12, 13 and 14 of the GDPR.
“User” means the natural person who interacts with kopfkino.social directly via the website or indirectly via third-party applications compatible with ActivityPub.
“Registered user” means the users with a Mastodon/ActivityPub profile.
“Profile data” means their posts (toots), subscriptions (following), subscribers (follower) content appreciations (likes) and promotions (boosts), bookmarks and profile settings.
“Subscribers” mean the accounts who follow a registered user.
“Subscriptions” mean the accounts followed by a registered user.
Scope and purpose of the processing This data protection notice applies to the processing of personal data for the provision of the microblogging service kopfkino.social. It offers information on what personal data is processed and how it is processed, and on your data subject rights.
Responsible for the processing The data controller is kopfkino.social in its capacity as the provider of the service.
Personal data processed by kopfkino.social is accessible to its administration team and, where necessary, to moderators on a need-to-know basis to ensure a secure operation. User content is published or delivered according to the user settings. For the provision of the service, kopfkino.social employs the data processors listed below that process personal data linked to the service solely on the written instruction from kopfkino.social:
The kopfkino.social website and APIs process the IP addresses and other metadata (as specified below) of its visitors. When accessing the service, an encrypted connection to its web server is established. To display the content correctly on the visitor’s computer or other terminal devices, the following data is processed in accordance with the HTTP and TCP/IP protocol:
This is required for the request, processing, and display of profile data and other content on the service. After each page visit, some of the data are stored in the account profile (if logged in) and server logs. These logs serve the purpose of maintenance and security of the server and personal data herein is deleted after 14 days. Furthermore, the website employs the cookie ‘_session_id’ to store the login status of registered users until logout or until a year after the last website visit. The website also stores the notifications settings in the browser. This processing is based on Article 6 (1) (b) of the GDPR (‘processing is necessary for the performance of a contract’). This includes processing carried out in order to comply with the necessary technical and organisational protection measures.
(b) Contributors from third-party services
kopfkino.social processes personal data when users of third-party services with ActivityPub support interact with its accounts. To enrich public profile pages with profile data, the following data is processed in accordance with the requirements of the ActivityPub protocol:
Private messages are not end-to-end encrypted and are therefore in principle accessible to the kopfkino.social administrators.
This processing is necessary to provide a federated Mastodon instance and therefore based on Article 6 (1) (f) GDPR (‘processing is in our legitimate interest’) with the exception of personal data that is not required such as the display name and profile picture, the processing of which is based on Article 6 (1) (a) GDPR (‘consent’). kopfkino.social stores profile data from subscriptions from compatible third-party services until it receives via that service or directly from the user a request for deletion or objection (unsubscribe, unlike, unboost).(c) Registered users
kopfkino.social limits registrations to users it assumes to be part of the EU policy bubble. kopfkino.social reserves the right to refuse the provision of the service to any given user for any reason. To set up accounts and manage them subsequently, the following data from registered users is processed:
If registered users post profile data, the previous section applies accordingly. Note that updating subscribers and posting profile data (including profile mentions) requires disclosure of personal data to the service of the recipients. Depending on their Mastodon server’s geographic location, the disclosure can possibly involve international data transfers that are outside of kopfkino.social’s control.
The registered user’s name and display name, profile picture and header, description, subscriptions, the own and promoted content, the content of their subscriptions, as well as their given feedback is published on their profile page.
This processing is based on Article 6 (1) (b) of the GDPR (‘processing is necessary for the performance of a contract’) with the exception of personal data that is not required such as the display name and profile picture, the processing of which is based on Article 6 (1) (a) GDPR (‘consent’). Profile data is retained until the account is deleted.
Registered users are responsible for the use of their accounts and their own compliance with the GDPR as separate controllers when they post personal data of other people.(d) Donations via Liberapay
Users can make donations for the operation of kopfkino.social via Liberapay, which processes personal data according to their own data protection notice.(e) Contacting us by email
If you contact kopfkino.social via email or a Mastodon private message, any personal data that your message may contain (such as your email address or name) will only be used to respond to your message and may be stored as part of an email archive. You are of course free to use a nickname and a pseudonymous email address. Such personal data will be deleted after 12 months.
You have the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning you or, where applicable, the right to object to processing or the right to data portability. Where applicable, you also have the right to withdraw your consent at any time. Please note that withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Please find more information on your rights on the website of the European Data Protection Supervisor.
You have, in any case, the right to lodge a complaint with the data protection authority as a supervisory authority.