Data Protection

Data protection declaration
Preamble

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process for what purposes and to what extent in the context of providing our application.

The terms used are not gender-specific.

As of: August 12, 2024
Table of contents

Preamble
Responsible person
Contact data protection officer
Overview of processing
Relevant legal bases
Transfer of personal data
Rights of the data subjects
Payment methods
Provision of the online offer and web hosting
Registration, login and user account
Community functions
Single sign-on registration
Contact and inquiry management
Web analysis, monitoring and optimization

Responsible person

Michael Heller
str. Gorunesti 331
245404 Balcesti, VL
Romania

Email address: [email protected]
Contact data protection officer

[email protected]
Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons affected.

Types of data processed

Inventory data.
Payment data.
Contact details.
Content data.
Contract data.
Usage data.
Meta, communication and process data.
Protocol data.

Categories of persons affected

Recipients of services and clients.
Interested parties.
Communication partners.
Users.
Business and contractual partners.

Purposes of processing

Provision of contractual services and fulfillment of contractual obligations.
Communication.
Security measures.
Range measurement.
Organizational and administrative procedures.
Feedback.
Profiles with user-related information.
Registration procedures.
Provision of our online offer and user-friendliness.
Information technology infrastructure.
Business processes and business management procedures.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are also relevant in individual cases, we will inform you of these in the data protection declaration.

Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – The data subject has given their consent to the processing of personal data concerning them for a specific purpose or several specific purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – The processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
Legitimate interests (Article 6, paragraph 1, sentence 1, letter f) GDPR) – the processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

Transfer of personal data

As part of our processing of personal data, it may happen that this is transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organization: Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to it. If the data is passed on for administrative purposes, it is based on our legitimate business and commercial interests or occurs if it is necessary to fulfill our contractual obligations or if the data subject has given his consent or is legally permitted.

Rights of the data subjects

Rights of the data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right of objection: You have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) (e) or (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. If the personal data concerning you is processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

Right of withdrawal in the case of consent: You have the right to withdraw consent given at any time.

Right to information: You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the statutory requirements.

Right to rectification: In accordance with the statutory requirements, you have the right to request the completion of the data concerning you or the rectification of inaccurate data concerning you.

Right to erasure and restriction of processing: You have the right, in accordance with the statutory provisions, to request that data concerning you be erased immediately or, alternatively, to request that the processing of the data be restricted in accordance with the statutory provisions.

Right to data portability: You have the right to receive data concerning you that you have made available to us in a structured, common and machine-readable format or to request that it be transmitted to another responsible party in accordance with the statutory provisions.

Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the provisions of the GDPR.

Payment methods

As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the persons concerned efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively “payment service providers”).

The data processed by the payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information confirming or rejecting the payment. The payment service providers may transmit the data to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. For this purpose, we refer to the terms and conditions and the data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, apply to payment transactions. We also refer to these for further information and to assert revocation, information and other rights of those affected.

Types of data processed: inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).

Affected persons: service recipients and clients; business and contractual partners. Interested parties.

Purposes of processing: provision of contractual services and fulfillment of contractual obligations. Business processes and business management procedures.
Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.

Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

Stripe: payment services (technical connection of online payment methods); service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); website: https://stripe.com; data protection declaration: https://stripe.com/de/privacy. Basis for third country transfers: Data Privacy Framework (DPF).

Provision of the online offer and web hosting

We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Affected persons: Users (e.g. website visitors, users of online services).

Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.
Retention and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent from a corresponding server provider (also known as a “web host”) or obtain from other sources; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).
Collection of access data and log files: Access to our online services is logged in the form of so-called “server log files”. The server log files can include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. B. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and secondly to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be stored for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Registration, login and user account

Users can create a user account. As part of the registration, users are provided with the required mandatory information and processed for the purposes of providing the user account on the basis of contractual obligations. The data processed includes in particular the login information (user name, password and an email address).

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests and those of the users in protecting against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by email about processes that are relevant to their user account, such as technical changes.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Protocol data (e.g. log files relating to logins or the retrieval of data or access times).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Security measures; Organisational and administrative procedures. Provision of our online offer and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”. Deletion after termination.
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

Registration with pseudonyms: Users may use pseudonyms as user names instead of real names; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR).

User profiles are public: User profiles are publicly visible and accessible.

Deletion of data after termination: If users have terminated their user account, their data relating to the user account will be deleted, subject to legal permission, obligation or consent of the users; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR).

No obligation to retain data: It is the responsibility of users to back up their data before the end of the contract if the contract is terminated. We are entitled to irretrievably delete all user data stored during the term of the contract; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Community functions

The community functions we provide allow users to have conversations with one another or otherwise exchange information with one another. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our terms and guidelines and the rights of other users and third parties.

Types of data processed: inventory data (e.g. full name, home address, contact information, customer number, etc.). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: provision of contractual services and fulfillment of contractual obligations; security measures. Provision of our online offer and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.

Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

User contributions are public: The contributions and content created by users are publicly visible and accessible; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR).
Storage of data for security purposes: User contributions and other inputs are processed for the purposes of the community and conversation functions and, subject to legal obligations or legal permission, are not released to third parties. An obligation to release data can arise in particular in the case of illegal contributions for the purposes of legal prosecution. We would like to point out that in addition to the content of the contributions, the time of their creation and the IP address of the users are also stored. This is done in order to be able to take appropriate measures to protect other users and the community; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Right to delete content and information: The deletion of posts, content or information provided by users is permissible to the extent necessary after a proper assessment, provided there are concrete indications that they represent a violation of legal rules, our specifications or the rights of third parties; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Protection of your own data: Users decide for themselves which data they disclose about themselves within our online offering. For example, when users provide information about themselves or participate in conversations. We ask users to protect their data and only publish personal data with caution and only to the extent necessary. In particular, we ask users to note that they must protect their access data particularly carefully and use secure passwords (i.e. above all, combinations of characters that are as long and random as possible); legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Single sign-on registration

“Single sign-on” or “single sign-on registration or authentication” refers to procedures that allow users to log in to a provider of single sign-on procedures (e.g. a social network), including our online offering, using a user account. The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose, or are already registered with the single sign-on provider and confirm the single sign-on registration via a button.

Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that we cannot use for other purposes (so-called “user handle”). Whether additional data is sent to us depends solely on the single sign-on process used, on the data releases selected as part of the authentication and also on which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user’s choice, this may be different data, usually the email address and user name. The password entered with the single sign-on provider as part of the single sign-on process is neither visible to us nor is it stored by us.

Users are asked to note that their details stored with us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually done. If, for example, users’ email addresses change, they must change them manually in their user account with us.

We can use the single sign-on registration, if agreed with the users, as part of or before the contract is fulfilled, if the users have been asked to do so, within the scope of consent and otherwise use it on the basis of our legitimate interests and the interests of the users in an effective and secure registration system.

If users decide that they no longer want to use the link between their user account with the single sign-on provider for the single sign-on process, they must cancel this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

Types of data processed: inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; registration procedures. Provision of our online offer and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”. Deletion after termination.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Single sign-on registration

In addition, the IP addresses of the users are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, the user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Range measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years.).
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or more usage processes, which search terms they have used, accessed them again or interacted with our online offering. The time of use and its duration are also stored, as are the sources of users who refer to our online offering and technical aspects of their devices and browsers.
Pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used solely for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy policy: https://policies.google.com/privacy; Order processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF); Possibility of objection (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

Erstellt mit kostenlosem Datenschutz-Generator.de von Dr. Thomas Schwenke

★★★★★

4.3 stars from 800+ reviews