Home page » Data Privacy

Data Privacy

As of: 8 April 2024

Table of contents

Responsible

Felix Webdesign
Felix Hahn
Seeblick 14
D-82237 Wörthsee

E-mail address: info@felixwebdesign.de
Imprint: https://felixwebdesign.de/impressum/

Overview of processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed

  • Inventory data.
  • Payment details.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.

Categories of data subjects

  • Customers.
  • Interested persons.
  • communication partner.
  • users.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and fulfilment of contractual obligations.
  • Contact requests and communication.
  • Safety measures.
  • direct marketing.
  • Office and organizational procedures.
  • Conversion measurement.
  • Managing and responding to inquiries.
  • Firewall.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
  • Contract fulfilment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Article 6 paragraph 1 sentence 1 lit. c) GDPR) – Processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests or fundamental rights and freedoms of the data subject which require protection of personal data do not prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. In addition, state data protection laws of the individual federal states may apply.

Reference to the validity of GDPR and Swiss DSG: This data protection notice serves to provide information in accordance with both the Swiss Federal Data Protection Act (Swiss DSG) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to the broader spatial application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "personal data requiring particular protection" used in the Swiss DSG, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within the scope of the validity of the Swiss DSG.

Safety measures

In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to it, input, transfer, ensuring availability and separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to data threats. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

Rights of the data subjects

Rights of the data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
  • Right of revocation for consent: You have the right to revoke your consent at any time.
  • Right of providing information: You have the right to request confirmation as to whether or not data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with the statutory provisions, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.
  • Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to request that data concerning you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with the statutory provisions.
  • Right to data portability: You have the right to receive the data concerning you that you have made available to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transmitted to another responsible party.
  • Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Business Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships and associated measures and with regard to communication with the contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedy in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and company organization. In addition, we process the data on the basis of our legitimate interests in both proper and economical business management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners are informed about other forms of processing, such as for marketing purposes, in this data protection declaration.

We inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and similar obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal archiving reasons (e.g. for tax purposes, usually ten years). We delete data that was disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Customers; prospective customers; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; contact requests and communication; office and organizational procedures; administration and response to inquiries; conversion measurement (measurement of the effectiveness of marketing measures). Profiles with user-related information (creation of user profiles).
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR); Legal obligation (Art. 6 Para. 1 Clause 1 Letter c) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

Further information on processing procedures, methods and services:

  • Customer account: Customers can create an account within our online offering (e.g. customer or user account, in short "customer account"). If the registration of a customer account is necessary, customers will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and use of the customer account, we save the customers' IP addresses along with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless it is kept for purposes other than making it available in the customer account or must be kept for legal reasons (e.g. internal storage of customer data, order processes or invoices). It is the customer's responsibility to back up their data when terminating the customer account; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).
  • Economic analysis and market research: For business reasons and in order to be able to identify market trends and the wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons affected can include contractual partners, interested parties, customers, visitors and users of our online offer. The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we can take into account the profiles of registered users, including their information, e.g. on services used, if available. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized values. Furthermore, we take the privacy of users into account and process the data for analysis purposes as pseudonymously as possible and, if possible, anonymously (e.g. as summarized data); Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
  • Online shop, order forms, e-commerce and delivery: We process our customers' data to enable them to select, purchase or order the selected products, goods and associated services, as well as to pay for and deliver or execute them. If necessary to execute an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the order or comparable purchase process and includes the information required for delivery, provision and billing, as well as contact information in order to be able to hold any consultations; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).
  • Project and development services: We process the data of our customers and clients (hereinafter referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works and associated activities as well as to pay for them and to make them available or to carry them out or provide them.

    The required information is marked as such in the context of the order, purchase order or similar contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations. To the extent that we receive access to information from end customers, employees or other persons, we process this in accordance with the legal and contractual requirements; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Payment methods

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, we use other service providers for this purpose (collectively "payment service providers").

The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information confirming or rejecting the payment. The payment service providers may transmit the data to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. For this purpose, we refer to the terms and conditions and the data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and to assert revocation, information and other rights of those affected.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved). Contact data (e.g. postal and email addresses or telephone numbers).
  • Affected people: Customers. Prospects.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Further information on processing procedures, methods and services:

  • Apple Pay: Payment services (technical connection of online payment methods); Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR); Website: https://www.apple.com/de/apple-pay/. Data protection: https://www.apple.com/legal/privacy/de-ww/.
  • Google Pay: Payment services (technical connection of online payment methods); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR); Website: https://pay.google.com/intl/de_de/about/. Data protection: https://policies.google.com/privacy.
  • Mastercard: Payment services (technical connection of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR); Website: https://www.mastercard.de/de-de.html. Data protection: https://www.mastercard.de/de-de/datenschutz.html.
  • PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de. Data protection: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
  • Stripe: Payment services (technical connection of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR); Website: https://stripe.com; Data protection: https://stripe.com/de/privacy. Basis for third country transfers: Data Privacy Framework (DPF).
  • Visas: Payment services (technical connection of online payment methods); Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR); Website: https://www.visa.de; Data protection: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html. Basis for third country transfers: Adequacy Decision (GB).

Provision of the online offer and web hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved). Content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures. Firewall.
  • Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Provision of online offering on rented storage space: To provide our online service, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called “web host”) or otherwise obtain; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files can include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.
  • Email sending and hosting: The web hosting services we use also include the sending, receiving and storing of emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the email sending (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purposes of detecting SPAM. Please note that emails are generally not sent encrypted on the Internet. Emails are usually encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We cannot therefore accept any responsibility for the transmission path of emails between the sender and the recipient on our server; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
  • STRATO: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: STRATO AG, Pascalstrasse 10, 10587 Berlin, Germany; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.strato.de; Data protection: https://www.strato.de/datenschutz/. Data processing agreement: Provided by the service provider.
  • Wordfence: Firewall and security and error detection functions to detect and prevent unauthorized access attempts and technical vulnerabilities that could enable such access. For these purposes, cookies and similar storage procedures required for this purpose may be used and security logs may be created during the check and in particular in the event of unauthorized access. In this context, the IP addresses of users, a user identification number and their activities, including the time of access, are processed and stored and compared with the data provided by the provider of the firewall and security function and transmitted to them; Service provider: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.wordfence.com; Data protection: https://www.wordfence.com/privacy-policy/; Basis for third country transfers: Standard Contractual Clauses (https://www.wordfence.com/standard-contractual-clauses/). Additional Information: https://www.wordfence.com/help/general-data-protection-regulation/.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read it from them. For example, to store the log-in status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used in an online service. Cookies can also be used for various purposes, such as the functionality, security and convenience of online services and the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless it is not required by law. Permission is not necessary in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service that they have expressly requested (i.e. our online offering). The revocable consent is clearly communicated to them and contains information on the respective cookie usage.

Notes on data protection legal bases: The data protection basis on which we process users' personal data using cookies depends on whether we ask them for consent. If users accept, the legal basis for the use of their data is their declared consent. Otherwise, the data used using cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and the improvement of its usability) or, if this is done as part of the fulfillment of our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We will explain the purposes for which we use cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed his or her device (e.g. browser or mobile application).
  • Persistent cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. If we do not provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to processing in accordance with legal requirements, including through the privacy settings of their browser.

  • Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR). Consent (Art. 6 Para. 1 Clause 1 Letter a) GDPR).

Further information on processing procedures, methods and services:

  • Processing of cookie data based on consent: We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers named in the consent management solution. This procedure is used to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users' end devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers named in the consent management procedure. Users also have the option of managing and revoking their consent. The consent declarations are stored in order to avoid further queries and to be able to provide proof of consent in accordance with legal requirements. The data is stored on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information is available about the providers of consent management services, the following general information applies: The consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of the consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).
  • Compliance: Consent management: procedures for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies for storing, reading and processing information on users' end devices and their processing; Service provider: Execution on servers and/or computers under your own data protection responsibility; Website: https://complianz.io/; Data protection: https://complianz.io/legal/. Additional Information: An individual user ID, language, types of consent and the time of their submission are stored on the server side and in the cookie on the user's device.

Registration, login and user account

Users can create a user account. During registration, users are provided with the required mandatory information and this information is processed for the purpose of providing the user account on the basis of contractual obligations. The data processed includes in particular the login information (user name, password and an email address).

When you use our registration and login functions and the user account, we save the IP address and the time of the respective user action. The data is saved on the basis of our legitimate interests and those of the users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by email about events relevant to their user account, such as technical changes.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; administration and response to inquiries. Provision of our online offering and user-friendliness.
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

Further information on processing procedures, methods and services:

  • User profiles are not public: Users’ profiles are not publicly visible or accessible.

Blogs and publication media

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). Readers' data is only processed for the purposes of the publication medium to the extent that it is necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness; Security measures. Administration and response to inquiries.
  • Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be held liable for the comment or contribution and are therefore interested in the identity of the author.

    Furthermore, we reserve the right to process user information for the purpose of spam detection based on our legitimate interests.

    On the same legal basis, we reserve the right, in the case of surveys, to store users’ IP addresses for the duration of the survey and to use cookies to avoid multiple voting.

    The personal information, any contact and website information as well as the content information provided in the comments and contributions will be stored by us permanently until the user objects; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
  • Gravatar profile pictures: Profile pictures – We use the Gravatar service within our online offering and especially in the blog.

    Gravatar is a service where users can register and store profile pictures and their email addresses. If users leave posts or comments on other online sites (especially blogs) using the respective email address, their profile pictures can be displayed next to the posts or comments. For this purpose, the email address provided by the user is sent to Gravatar in encrypted form to check whether a profile has been saved for it. This is the sole purpose of transmitting the email address. It is not used for any other purposes and is deleted afterwards.

    The use of Gravatar is based on our legitimate interests, as with the help of Gravatar we offer the authors of posts and comments the opportunity to personalize their posts with a profile picture.

    By displaying the images, Gravatar finds out the user's IP address, as this is necessary for communication between a browser and an online service.

    If users do not want a user image linked to their email address on Gravatar to appear in the comments, they should use an email address that is not stored on Gravatar to comment. We would also like to point out that it is also possible to use an anonymous email address or no email address at all if users do not want their own email address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system; Service provider: Aut O'Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://automattic.com; Data protection: https://automattic.com/privacy. Basis for third country transfers: Data Privacy Framework (DPF).
  • UpdraftPlus: Backup software and backup storage; Service provider: Simba Hosting Ltd., 11, Barringer Way, St. Neots, Cambridge., PE19 1LW, GB; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://updraftplus.com/; Data protection: https://updraftplus.com/data-protection-and-privacy-centre/. Basis for third country transfers: Adequacy Decision (GB).

Contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the person making the inquiry will be processed to the extent necessary to answer the contact inquiries and any requested measures.

  • Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: communication partner.
  • Purposes of processing: Contact requests and communication; administration and response to requests; feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR). Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Further information on processing procedures, methods and services:

  • Contact form: If users contact us via our contact form, email or other communication channels, we process the data communicated to us in this context to process the communicated request; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

Newsletters and electronic notifications

We only send newsletters, emails and other electronic notifications (hereinafter "newsletters") with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and ourselves.

To subscribe to our newsletter, it is generally sufficient to provide your email address. However, we may ask you to provide a name for the purpose of addressing you personally in the newsletter or other information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter is always carried out using a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm. This is necessary so that no one can register using someone else's email address. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list (so-called "block list") for this purpose alone.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

Contents:

Information about us, our services, promotions and offers, helpful tips for HumHub administrators

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Affected people: communication partner.
  • Purposes of processing: Direct marketing (e.g. by email or post).
  • Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).
  • Opt-out option: You can cancel your subscription to our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

The recipients have the right to revoke consent given or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove previous authorization for contacting or sending for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently respecting the user's revocation or objection, we also store the data required to avoid further contact (e.g., depending on the communication channel, the email address, telephone number, name).

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.). Contact data (e.g. postal and email addresses or telephone numbers).
  • Affected people: communication partner.
  • Purposes of processing: Direct marketing (e.g. by email or post).
  • Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Changes and updates to the privacy policy

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke

Shopping Basket
Scroll to Top