Please note that only the German version of the data protection regulations is valid.

Privacy policy

With this data protection declaration we would like to inform you about how we handle your personal data. It applies to the collection, processing and use of personal data in the context of the use of the e-collaboration platform GPENreformation.

The operator is

Das Kirchenamt der EKD
Herrenhäuser Straße 12
30419 Hannover

Name and contact details of the local data protection officer:

Mr Stephan Liebchen
Evangelische Kirche in Deutschland (EKD)
Herrenhäuser Str. 12
30419 Hannover
phone: +49 511 2796 8395
fax: +49 511 2796 998395

The EKD protects your personal data in accordance with the applicable church data protection laws. The EKD will transmit personal data to institutions (authorities) entitled to receive information if there is an obligation to do so by legal provisions or by court order.

Which data will be processed?

Users* can create a user account. During registration, the required mandatory data will be communicated to the user and processed on the basis of §6 para. 5 DSG-EKD for the purpose of providing the user account. The data processed includes in particular the login information The data entered during registration is used for the purposes of using the user account and its purpose.

The following data is collected and processed when using the cooperation platform:

Personal data:
- name*,
- Name components*,
- First name(s)*,
- School or institution,
- Institutional affiliation
- Function
- e-mail address
- Further voluntary information on contact details and social media

* The marked data are mandatory data for the creation of a user profile. If special circumstances make it necessary to keep the data secret, a pseudonym can be used instead of the real name.

User-related data:
- Date of registration,
- User name, password hash (we do not have access to the password in clear text)
- Date ofthe first login,
- Date of the last login,
- Sum of the logins,
- Total useful life of the cooperation platform,
- used storage space,
- Memberships and courses within the cooperation platform,
- Date of the last editing of a course,
- completed lessons,
- error,
- Number of errors in the tests completed,
- Correction comments,
- contributions published in the cooperation platform (blogs, forums, chats, etc.)
- contributions in common word processing

The storage is based on our legitimate interests, as well as the user's need for protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with §6 Para. 6 DSG-EKD.

If users leave comments or other contributions, their IP addresses may be stored for 7 days on the basis of our legitimate interests as defined in §6 No. 4 DSG-EKD. This is done for our security if someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.). In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author. 

Furthermore, we reserve the right, on the basis of our legitimate interests in accordance with §6 para. 8 DSG-EKD, to process the information provided by users for the purpose of spam detection.

The data voluntarily provided in the context of comments and contributions will be stored by us until objection is received or after the users have left the participating school.


Purpose of use:

The platform is intended for use in the development of joint projects and further education. Personal data is to be used exclusively for these purposes.  

In its self-image GPENreformation as a forum assumes a mediating role for communication among the participating educational institutions, associations, clubs and organisations. It also offers opportunities for enriching exchange and personal encounters for teaching and administrative staff as well as for pupils* and students. With the help of God's philanthropy and the joy of global diversity, fears of the foreign are to be overcome. Pupils and students are offered the opportunity to discuss globally important key topics (including peace, inter-religious dialogue and the preservation of creation) in international learning groups and to develop solutions together. The network supports temporary learning projects as well as longer-term school and university partnerships.

Misappropriated use

The use of the platform for purposes other than joint project work, training or administration in the context of GPENreformation is prohibited. Only information that is relevant to the purpose of GPENreformation and/or the objectives of GPENreformation shall be shared. The dissemination and sharing of secret and top-secret information and data with special protection interests is prohibited. Among other things this concerns:

Race and ethnic origin
Political opinion
Membership of a trade union or political party
Genetic data
Biometric data
Health data
Sexual orientation
Sexual life data
Criminal record

 This list is not complete. And includes all other data with special protection interest according to § 4 DSG-EKD

Use for purposes other than those stated may lead to exclusion from use.


Purpose of processing the data:

By confirming this privacy policy, you consent to the processing of the above data. On the one hand, they serve to identify a person in order to guarantee access to certain modules and functions and to be able to assign contributions to a group project. Possible examination results from learning objective controls serve to issue certificates and to determine the progress of learning content.

The data will not be used for marketing purposes.

You can object to the collection, processing or use of your personal data at any time. Please note the following points. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is based on your consent (§ 6 No. 2 and § 11 DSG-EKD). You can revoke any consent you have given at any time.

The data entered during registration is stored by us for as long as you are registered on our website and is then deleted. Legal retention periods remain unaffected.


Rights concerned

You have the right at any time,

- ... to demand confirmation as to whether personal data relating to you is being processed by us and the right to information about your personal data processed by us (§ 19 DSG-EKD).


- ... to have incorrect data corrected or to have your data complete (§ 20 DSG-EKD).


- ... to the immediate deletion of your personal data ("right to be forgotten") in accordance with § 21 DSG-EKD,
- when they are no longer needed,
- if you have objected to the processing,
- if you have objected for reasons of a special situation on your side and on our side, the legitimate interests do not outweigh the interests of the customer,
- if the data are processed unlawfully,
- the deletion is necessary to fulfil a legal obligation. 

- ... to restriction of the processing of your personal data within the scope of § 22 DSG-EKD,
- if you dispute the accuracy of your personal data while checking the accuracy of your personal data.
- if the processing of your personal data is unlawful.
- if your data is no longer needed by us but you need it to assert, exercise or defend legal claims.
- if you have objected to the processing of your data and it is still unclear whether our legitimate interest prevails.

 - ... to the transferability of your data (§ 24 DSG-EKD)

- ... to revoke your consent at any time and with effect for the future if we process your personal data for specific purposes based on your consent,

- ... to object to the processing of your data, which we carry out in accordance with § 6 No. 1, 3, 4 or 8, in accordance with Art. 25 DSG-EKD for reasons arising from your particular situation.

You can send your objection informally and at any time to the contact details given.

In your profile, you can also enter your objection under the item Data protection and guidelines:

- Contact for data protection issues > Send a data protection request to the administrators of GPENdialogue. (link)

- Data requests > Request your stored data (Link

- Delete my account > request the deletion of all your information Please note that you will no longer be able to use the platform. (link)

Alternatively, you can also contact the administrators informally to exercise your rights:

Kirchenamt der EKD
Education Department / GPENreformation
Herrenhäuser Str. 12
30419 Hannover

 Phone: +49(0) 511 2796 7997
fax: +49(0) 511 2796 99245

Referral to the data protection officer

Any person may contact the responsible data protection officer if he or she believes that his or her rights have been infringed in the collection, processing or use of his or her personal data by church bodies (Article 46 DSG-EKD). This applies to the collection, processing or use of personal data by church courts only insofar as they act as administrative authorities in their own affairs.

No one may be reprimanded or discriminated against on account of the communication of facts which are likely to give rise to the suspicion that the Church's Data Protection Act or any other legal provision on data protection has been violated. Employees of the church authorities do not have to go through official channels for communications to the data protection officers.

Der Beauftrage für den Datenschutz in der EKD>
30419 Hannover
Phone: + 49 (0)511 768128-0
Fax: + 49 (0)511 768128-20


Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Our cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of § 6 No. 4 DSG-EKD; Art 6 Paragraph 1 letter f) DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of his services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this data protection declaration.

As the platform is based on Moodle, two cookies are always stored locally on the respective computer.

The most important cookie is called MoodleSession by default. In order to be able to access all Moodle pages after login, you must agree to the storage. For the next login, it holds session information such as the selected language ready. The cookie has the value: hash/string and is valid for one year.

The second cookie MoodleID has been deactivated.

Once you have accepted the cookie in the cookie banner, this information is also stored in a cookie. It is called EU_COOKIE_LAW_CONSENT and has the value: true and is valid for one month.


Server log files

The provider enables the deactivation of so-called server log files, which your browser automatically transmits to us. We use this data protection-friendly setting. We reserve the right in justified cases (suspicion of unauthorised use of our website etc.) to activate the collection and storage of the following data in log files:  :

- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address

These data are not merged and therefore do not allow conclusions to be drawn about specific individuals. The log files are deleted after 7 days.

We also reserve the right to use these log files for anonymised statistical evaluation in order to optimise our website and its contents and to ensure the functionality and protection of our IT systems, and thus the protection of the data processed by us, and, if necessary, to be able to provide the necessary information to the law enforcement authorities in the event of attacks on our IT systems. These are our legitimate interests within the meaning of § 6 No. 4 DSG-EKD; Art. 6 I lit. f) DSGVO. We store the data in our server log files separately from any other personal data. They are deleted as soon as they are no longer required to fulfil the purpose for which they were stored or if their storage is not permitted for other legal reasons.

The data collected from you when you visit our website and use our forms (contact request, registration, customer account login, search terms etc.) are processed on the servers of our host provider on our behalf. The servers are located within the EU. To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS. Our legitimate interest in the use of this service in the sense of § 6 No. 4 DSG-EKD; Art. 6 I lit. f) DSGVO is the failure-proof output and presentation of our web offer, as well as the maintenance of information security.

Contact forms

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of the data entered in the contact form is therefore exclusively based on your consent (§ 6 No. 2 DSG-EKD). You can revoke this consent at any time. The legality of the data processing operations carried out up to revocation remains unaffected by the revocation.

The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply (e.g. after your enquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.


Enquiry by e-mail, telephone or fax or social media

If you contact us by e-mail, telephone or fax or social media, your enquiry including all personal data (name, enquiry) resulting from it will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of your data that becomes known to us in this way is therefore exclusively based on your consent (§ 6 No. 2 DSG-EKD). You can revoke this consent at any time. The legality of the data processing operations carried out up to revocation remains unaffected by revocation.

The data sent to us by you by means of contact enquiries will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.



The platform is based on Moodle (modular dynamic object-oriented learning environment).

Moodle offers a calendar with school, group and personal appointments in addition to communication and collaboration through various learning activities (such as forums, wikis, glossaries, databases, H5P, tests). Messages can be sent and received using the 'Messages' function. Students and teachers can track how far they have progressed in the project, which activities or whole projects have been completed or which learning activities are still ongoing. The learning activities 'Test' or 'H5P' can be used to check the progress of learning.  

On the learning platform, data entered by you or automatically generated by your use is processed from registration onwards. In addition to the information entered during registration, some of which is automatic and some of which is entered additionally by the user, the software "Moodle" on which the learning platform is based records in a database at which time which users access which components of the courses or profiles of other users. Depending on the design of the individual offer, it is also recorded whether tasks have been completed, whether and what contributions they have made in the forums that may be offered, whether and how they have participated in workshops.

In particular, the following data is stored:
- Login/logout time;
This data can only be viewed by the administrator on a case-related basis.

- Data that is generated in connection with the use of the platform activities (e.g. access to offers; completion of tasks; contributions in forums, workshop, glossary, ...).
These data can be accessed by the project leader and, depending on the learning activity used, by the pupil or group members.

The administration of the platform ensures that the logs are not statistically evaluated.  

These data are automatically deleted after 35 days.


Deletion of data

The automated deletion of the logging of user behaviour is carried out after 35 days at the latest.

User accounts and thus all data including the documentation of learning support are deleted 1 year after leaving the school. Every user can request the deletion of the account via his/her user profile.



We use YouTube plugins operated by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland and YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, YouTube is owned by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

The plugin establishes a direct connection between YouTube servers and the web browser you use. As soon as you access one of our pages with the YouTube plugin, whether you are watching a video or not, it is downloaded from YouTube servers and the download is registered. In this way, YouTube knows which page you have visited on our site and, if you are logged into your YouTube profile, combines this with other personal data already stored there and assigns your surfing behaviour to your account. If you are logged into your Google account, this data may be combined with any other personal data you may have provided. Google creates user profiles from your data for the purpose of target-group oriented advertising and market research and also evaluates these for the purpose of designing its own offers.

Even if you are not logged in, Google may use your data in conjunction with others (e.g. browser history) for these purposes. You can object to the creation of your user profile vis-à-vis Google, in particular you can deactivate Google's cross-device personalised advertising here: or you can activate the add-ons offered by all common browsers that are intended to prevent tracking.

Furthermore, YouTube may store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to gather video statistics, improve user-friendliness and prevent fraud. The cookies remain on your terminal device until you delete them.

Once a YouTube video has started, it may trigger further data processing operations over which we have no control.

YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of § 6 No. 4 DSG-EKD; Art. 6 Para. 1 lit. f DSGVO.

Further information on data protection at YouTube can be found in their data protection declaration at:

Google Web Fonts

This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.



This website uses the video conference software Zoom. The provider is Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600 San Jose, CA 95113, USA.

DIE EKD operates Zoom through its German contractual partner Connect4Video GmbH; Nibelungenstraße 28; 65428 Rüsselsheim, Germany

You can use "Zoom" directly in the Zoom App by entering the respective meeting ID and, if necessary, further access data for the meeting directly.

If you do not use the "Zoom" app, the basic functions can also be used via a browser version that you can find on the provider's website.

All data is transmitted in encrypted form according to the state of the art. At present, AES-256Bit GCM encryption is integrated, which offers improved protection of usage data during transmission and greater resistance to attacks.


Legal basis

The video conferences are intended for use in the preparation of joint projects and training and are to be used exclusively for these purposes.

The legal basis is therefore on the one hand your consent according to § 6 No. 2 DSG-EKD.  On the other hand

we have a legitimate interest in creating a common digital platform and networking it worldwide. The legal basis for this is Article 6 No. 4 of the DSG-EKD.

We record conversations, video conferences, meetings and webinars only with your express consent, which you give separately in case of recording. The legal basis in this case is § 6 No. 2 DSG-EKD.

Which data is affected?

The following personal data can - but will not always - be processed when using "Zoom": 

In order to take part in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

User data: First name, surname, e-mail address, password, (profile picture, telephone, school (optional).

Meeting metadata: Subject, participant IP address, device/hardware information

When dialling in by telephone: information on incoming and outgoing telephone number, country name, start and end time. If necessary, other connection data such as the IP address of the machine can be saved.

Audio and video data: In order to be able to contact you via video and audio at all, data from the microphone and the video camera of your machine are processed during the meeting/webinar for the duration of the meeting. You can mute the camera or microphone yourself at any time using the "Zoom" apps.

Text data: If you use the chat, question or survey functions in an "online meeting", this data is processed in order to display it in the "online meeting" and, if necessary, to record it.

Only for recordings (for which you need to give separate consent): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat. The fact of the recording will be displayed in the "Zoom" app after you have given your consent.

The option of "attention monitoring" ("attention tracking") available with "Zoom" is deactivated.

If you are logged in as a user*In to "Zoom" during a meeting or webinar, reports on meeting metadata, telephone dial-in data, (for webinars, questions and answers in webinars, survey function) are stored with the provider for up to one month.


Transmission of the data to the USA?

An order processing contract has been concluded with the service provider in accordance with § 30 DSG-EKD, under which "Zoom" processes the above-mentioned data of which "Zoom" obtains knowledge in order to provide the service.

Since the Service Provider is based in the United States, which is a third country in the sense of Section 4 No. 18 DSGEKD, the data will be processed there on the basis of appropriate guarantees in the sense of Section 10 I No. 2 DSGEKD, namely the standard data protection clauses. The provider is thus obliged to comply with EU data protection standards.

Further information can be found in the data protection declaration of Zoom under"


Transfer of data to third parties 

The data stored in the database serves exclusively for the implementation of the respective event or project and will not be passed on to other persons or bodies, published or used for purposes other than those intended, even in anonymised form.

Links to the laws and regulations

DSG-EKD (Church Law on Data Protection of the Evangelical Church in Germany)

DSGVO (EU basic data protection regulation)