Privacy Policy Hubs

  1. Description and Scope of Data Processing
    To conduct our virtual festival, we utilize the “Hubs” software (based on the Hubs Foundation open-source project) on infrastructure hosted by us. This allows you to move through a virtual space via an avatar and interact with other participants via voice (audio) and chat.

    Since we operate the instances ourselves, we maintain full control over data processing. In principle, no data transfer to third parties takes place in this context, unless external assets (e.g., images or videos) are loaded into the room from third-party servers.

    When entering and using the virtual environment, the following data is processed:
    • Technical Connection Data: IP address, browser type/version, operating system, referrer URL, and timestamp of access.
    • Interaction Data: Movement data of your avatar (position, viewing direction) as well as interactions with objects within the virtual space.
    • Communication Data: Audio streams (your voice), provided you activate the microphone, as well as text messages in the chat.
    • Local Settings: We store configuration data (e.g., selected avatar, display name, language settings) in the “Local Storage” of your browser.
  2. WebRTC and Real-Time Transmission
    The application uses WebRTC technology for the transmission of audio and movement data. Data is transmitted in encrypted form in real-time. Depending on the network configuration, a direct connection between participants (Peer-to-Peer) or a connection via our relay servers (SFU) may be established.
  3. Hosting and Data Processing
    The server systems necessary for the operation of the virtual environment (web servers for the application and servers for the real-time synchronization of avatars) are operated by our hosting service provider, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server locations are within Germany/EU. We have concluded a Data Processing Agreement (DPA) with the provider in accordance with Art. 28 GDPR to ensure the security of your data.
  4. Legal Basis
    Data processing is carried out on the basis of Art. 6 (1) lit. b GDPR (performance of a contract or implementation of pre-contractual measures) to enable your participation in the virtual event. Insofar as processing goes beyond what is technically necessary, we rely on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR to provide an interactive and functional festival experience.
  5. Storage Duration
    Volatile interaction data (audio streams, avatar movements) are not stored permanently but are merely routed through in real-time. Chat messages and server logs are deleted no later than one week after the end of the event.