This privacy policy informs you about the nature, scope and purpose of processing personal data on this website. The controller within the meaning of the GDPR is the person identified in the legal notice.
This site does not set tracking cookies and does not embed any third-party scripts. For strictly technical purposes a functional cookie may be set to remember your manually chosen language (DE/EN); this contains only the language code and no tracking data. The editorial administration area additionally uses a strictly necessary session cookie for sign-in — public visitors never encounter it. When a page is loaded, the following technically necessary data is also logged by the web server: date and time, requested URL, HTTP response code, IP address, user agent. These logs serve operational security only and are automatically deleted after 14 days. Anonymous reach measurement is additionally performed via our own self-hosted GoatCounter instance (details in section 8).
Log data is processed under our legitimate interest (Art. 6 (1) (f) GDPR) in the secure and stable operation of the site. No profiling takes place. Data is forwarded to third parties only in the case of a substantiated suspicion of unlawful use as part of an official inquiry.
Clicking an event link takes you to the respective organiser's site — the data processing there is the sole responsibility of those operators. Web fonts are served directly from our own server; no third-party fetch occurs.
A portion of the events listed here is automatically collected from publicly accessible event announcements in and around Schweinfurt. The data we process is purely factual event metadata: title, date and time, venue, category, price (if given), and a link to the original page. Such information is, as a rule, not personal data within the meaning of Art. 4 (1) GDPR. Where an event description nevertheless contains publicly named individuals (for example performers or organisers), processing takes place on the basis of our legitimate interest in a curated event listing (Art. 6 (1) (f) GDPR). On every event detail page we transparently link back to the original source, so the specific origin of each individual event can be seen there. If you wish to object to the display of an event concerning you, please contact the email address in the legal notice — we review every request and usually remove the entry within 72 hours.
Events from the sources listed in section 4 are reviewed by our editors before entering the public catalogue. To prepare that review we process the collected event texts (title, description, venue, date) through the following external services. In all cases only data that is already publicly available on the respective source page at the time of the request is transmitted; no personal data of visitors to this website is shared with any of these services.
Translation: DeepL SE, Cologne, Germany (EU). For the English-language presentation we translate titles and descriptions server-side via the DeepL API. Only the texts to be translated are sent. No transfer to third countries occurs. Translation results are cached locally so identical texts are not transmitted again. Under DeepL SE's terms of use, transmitted texts and their translations may be retained by DeepL for a limited period to improve the translation service.
Text rewriting and image generation: Requesty Inc., San Francisco, USA. To uphold editorial quality and avoid copyright risk from third-party images, we have event descriptions rewritten by an AI language model and matching cover images generated server-side. Requesty forwards the requests to the relevant AI providers (in particular Google Vertex AI). Data processing by Requesty Inc. is governed by the provider's published privacy notice (available at https://www.requesty.ai/privacy); a separate data processing agreement within the meaning of Art. 28 GDPR has not been concluded with us, as the provider does not offer one in the service tier we use. The generated images are stored on our own servers; all rights to them rest with the site operator. We have reviewed the scope of the transmitted data — limited to publicly available event texts from the sources listed in section 4 — together with the provider's published security and privacy commitments and consider the processing proportionate to the legitimate interest pursued.
Source research: Exa Labs Inc., San Francisco, USA. To link to the original publisher's page of an event rather than to an aggregator page, we transmit title, venue, and month/year to the Exa search API. Search results are cached locally for up to 90 days to avoid repeat queries. Data processing by Exa Labs Inc. is governed by the provider's published privacy notice (available at https://exa.ai/privacy-policy); a separate data processing agreement within the meaning of Art. 28 GDPR has not been concluded with us, as the provider does not offer one in the service tier we use. Here too the transmission is limited to publicly available core data of an event.
The legal basis for all of the above processing is Art. 6 (1) (f) GDPR (legitimate interest in a curated, bilingual event presentation and in correct source attribution). With regard to transfers to the US-based providers named above we transparently note that an adequate level of data protection within the meaning of Art. 45 GDPR cannot be readily assumed at present; we rely on the data protection measures publicly communicated by each provider and on the strict limitation of the transmitted data to content that is publicly available elsewhere. Enrichment only happens for events intended for the public catalogue. User submissions made via the /submit form receive no AI enrichment; their texts are transmitted to DeepL for translation at the earliest after editorial approval (see section 9).
This site is served exclusively over encrypted HTTPS connections. We apply appropriate technical and organisational measures to protect your data against unauthorised access (Art. 32 GDPR).
This site is hosted on servers of DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA — the specific server resides in the EU data centre in Frankfurt am Main. DigitalOcean acts as a processor within the meaning of Art. 28 GDPR; the corresponding Data Processing Agreement is available at https://www.digitalocean.com/legal/data-processing-agreement. A transfer to third countries cannot be fully excluded; such transfers occur on the basis of EU Standard Contractual Clauses (Art. 46 GDPR).
To improve the site we operate a self-hosted instance of the open-source analytics tool GoatCounter on our own server in Frankfurt am Main. The software sets no cookies, stores no IP addresses in plain text, and transmits no data to third parties. Only anonymous, aggregated metrics are recorded: requested URL, truncated referrer URL, browser family, operating-system family, screen size, language, date. IP addresses are hashed internally for daily deduplication and discarded at end of day. Processing is based on our legitimate interest (Art. 6 (1) (f) GDPR) in privacy-preserving reach measurement. You can opt out at any time via the "Do Not Track" setting in your browser — GoatCounter respects this signal and stops collection.
If you submit an event via the /submit form, we process the event data you entered (title, description, date, venue, source URL, image, and the original filename of the uploaded image if provided), your contact details (email address, optionally name) and technical metadata of the submission (the user agent of your browser, the locale you used while filling the form, and any notes you added for the editors). The legal basis is Art. 6 (1) (f) GDPR — our legitimate interest in editorially reviewing submitted events and following up if needed. Your email address is stored in plain text; additionally we store a cryptographic hash of the address and a hash of your IP address (each used to detect repeat submissions and abuse). Your IP address is not stored in plain text. The image-rights confirmation you tick at submission is kept with a timestamp — this audit record is our basis if a copyright question arises later about the image. Approved submissions become part of the public event catalogue (linking back to the source URL you supplied); your contact details do not appear publicly. Rejected submissions are deleted automatically after 180 days at the latest; the uploaded image is deleted immediately at the moment of rejection. Your rights under section 11 (access, deletion, etc.) remain unaffected. For automatically ingested events (see section 4) no submitter data is collected; the mandatory "email" field is technically filled with an internal identifier behind which no real person stands.
On every event detail page you can use the "Data wrong? Report here" link to send a note to the editors. We process the reason text you write (stored in plain text), optionally your email address — kept exclusively as a cryptographic hash, never in plain text — and a hash of your IP address to prevent abuse. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in editorial quality assurance of event data). Reports are retained only as long as needed for editorial follow-up; you may request deletion or anonymisation of your report at any time (see section 11).
You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21). Requests should be sent to the email address in the legal notice. You may also lodge a complaint with the Bavarian Data Protection Authority: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Germany.
This privacy policy was last updated in May 2026.