PRIVACY POLICY

Intro­duc­tion

Thank you for vis­it­ing our web­site. With the fol­low­ing data pro­tec­tion declar­a­tion, we inform you about the types of your per­son­al data (from now on, also referred to as “data”) that we pro­cess, for what pur­poses and to what extent. The data pro­tec­tion declar­a­tion applies to all pro­cessing of per­son­al data car­ried out by us, both in the con­text of the pro­vi­sion of our ser­vices and, in par­tic­u­lar, on our web­sites, in mobile applic­a­tions and with­in extern­al online pres­ences, such as our social media pro­files (from now on col­lect­ively referred to as “Online Offer”).

Status: 8 Janu­ary 2023

Table of contents

Per­son responsible

Petra Weber KrimiKiosk Ver­lag
Falken­burgstr. 18
50935 Köln, Ger­many
+49221437820
Email: rose.h.schmollek@georgeedalji.com

IMPRINT

Sum­mary of the pro­cessing operations

The fol­low­ing sums the types of data pro­cessed and the pur­poses of their pro­cessing and refers to the data subjects.

Types of data processed.

  • Invent­ory data.
  • Pay­ment data.
  • Con­tact data.
  • Con­tent data.
  • Con­tract data.
  • Usage data.
  • Meta/​communication data.

Cat­egor­ies of data subjects

  • Cus­tom­ers.
  • Inter­ested parties.
  • Com­mu­nic­a­tion partners.
  • Users.
  • Busi­ness part­ners and con­tract­ing partners.

Pur­poses of processing

  • Pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er service.
  • Con­tact enquir­ies and communication.
  • Secur­ity measures.
  • Office and organ­isa­tion­al procedures.
  • Man­aging and respond­ing to enquiries.
  • Fire­wall.
  • Feed­back.
  • Pro­vi­sion of our online ser­vices and user experience.
  • Inform­a­tion tech­no­logy infrastructure.
  • Con­trac­tu­al per­form­ance and pre-con­trac­tu­al enquir­ies (Art. 6 (1) p. 1 lit. b) GDPR) Pro­cessing is neces­sary for the per­form­ance of a con­tract to which the data sub­ject is party or for the per­form­ance of pre-con­trac­tu­al meas­ures at the data sub­ject’s request.
  • Leg­al oblig­a­tion (Art. 6(1DSGVO) – Pro­cessing is neces­sary for com­pli­ance with a leg­al oblig­a­tion to which the con­trol­ler is subject.
  • Legit­im­ate interests (Art. 6 (1) p. 1 lit. f) DSGVO) – Pro­cessing is neces­sary for the pur­poses of the legit­im­ate interests of the con­trol­ler or a third party, except where such interests are over­rid­den by the interests or fun­da­ment­al rights and freedoms of the data sub­ject, which require the pro­tec­tion of per­son­al data.

Trans­mis­sion of per­son­al data

In line with our pro­cessing of per­son­al data, the data may be trans­ferred to or dis­closed to oth­er bod­ies, com­pan­ies, leg­ally inde­pend­ent organ­isa­tion­al units or per­sons. The recip­i­ents of this data may include, for example, ser­vice pro­viders com­mis­sioned with IT tasks or pro­viders of ser­vices and con­tent that are integ­rated into a web­site. In such cases, we observe the leg­al require­ments and, in par­tic­u­lar, con­clude cor­res­pond­ing con­tracts or agree­ments that pro­tect your data with the recip­i­ents of your data.

Data pro­cessing in third countries

If we pro­cess data in a third coun­try (i.e. out­side the European Uni­on (EU), the European Eco­nom­ic Area (EEA)) or the pro­cessing takes place in the con­text of the use of third-party ser­vices or the dis­clos­ure or trans­fer of data to oth­er per­sons, bod­ies or com­pan­ies. In that case, this is only done fol­low­ing the leg­al requirements.

Sub­ject to express con­sent or con­trac­tu­ally or leg­ally required trans­fer, we only pro­cess or have data pro­cessed in third coun­tries with a recog­nised level of data pro­tec­tion, con­trac­tu­al oblig­a­tion through so-called stand­ard pro­tec­tion clauses of the EU Com­mis­sion, in the pres­ence of cer­ti­fic­a­tions or bind­ing intern­al data pro­tec­tion reg­u­la­tions (Art. 44 to 49 DSGVO, inform­a­tion page of the EU Com­mis­sion: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Dele­tion of data

The data pro­cessed by us will be deleted in accord­ance with the leg­al require­ments as soon as their con­sent per­mit­ted for pro­cessing is revoked or oth­er per­mis­sions cease to apply (e.g. if the pur­pose of pro­cessing this data has ended to apply or it is not required for the pur­pose). If the data are not deleted because they are neces­sary for oth­er and leg­ally per­miss­ible pur­poses, their pro­cessing is lim­ited to these pur­poses. I.e. the data is blocked and not pro­cessed for oth­er pur­poses. This applies, for example, to data that must be retained for reas­ons of com­mer­cial or tax law or whose stor­age is neces­sary for the asser­tion, exer­cise or defence of leg­al claims or for the pro­tec­tion of the rights of anoth­er nat­ur­al or leg­al person.

Our pri­vacy policy may also con­tain fur­ther inform­a­tion on the reten­tion and dele­tion of data that has pri­or­ity for the respect­ive pro­cessing operations.

Cook­ies are small text files, or oth­er memory notes that store inform­a­tion on end devices and read inform­a­tion from the end devices. For example, to save the login status in a user account, the con­tents of a shop­ping bas­ket in an e‑shop, the con­tents called up or the func­tions used in an online offer. Cook­ies can fur­ther be used for vari­ous pur­poses, e.g. for func­tion­al­ity, secur­ity and com­fort of online offers, as well as the cre­ation of ana­lyses of vis­it­or flows. 

Notes on con­sent: We use cook­ies in accord­ance with leg­al require­ments. We, there­fore, obtain pri­or con­sent from users, except where this is not required by law. In par­tic­u­lar, con­sent is not required if the stor­age and read­ing of inform­a­tion, includ­ing cook­ies, is essen­tial to provide a Tele­media ser­vice (i.e. our online offer) expressly reques­ted by the user. The revoc­able con­sent is clearly com­mu­nic­ated to the users and con­tains inform­a­tion on the respect­ive cook­ie use.

Notes on leg­al bases under data pro­tec­tion law: The leg­al basis under data pro­tec­tion law on which we pro­cess users’ per­son­al data with the help of cook­ies depends on wheth­er we ask users for con­sent. If users con­sent, the leg­al basis for pro­cessing their data is their declared con­sent. Oth­er­wise, the data pro­cessed using cook­ies are pro­cessed based on our legit­im­ate interests (e.g. in the busi­ness oper­a­tion of our online offer and improve­ment of its usab­il­ity) or, if this is done in line with the per­form­ance of our con­trac­tu­al oblig­a­tions if the use of cook­ies is neces­sary to ful­fil our con­trac­tu­al oblig­a­tions. We explain the pur­poses for which we pro­cess cook­ies in this data pro­tec­tion declar­a­tion or as part of our con­sent and pro­cessing procedures.

Stor­age dur­a­tion: Con­cern­ing the stor­age dur­a­tion, the fol­low­ing types of cook­ies are distinguished:

  • Tem­por­ary cook­ies (also: ses­sion cook­ies): Tem­por­ary cook­ies are deleted at the latest after a user has left an online offer and closed their end device (e.g. browser or mobile app).
  • Per­man­ent cook­ies: Per­man­ent cook­ies remain stored even after the end device is closed. For example, the login status can be saved, or pre­ferred con­tent can be dis­played dir­ectly when the user revis­its a web­site. Like­wise, user data col­lec­ted by cook­ies can be used to meas­ure reach. Unless we provide users with expli­cit inform­a­tion on the type and stor­age dur­a­tion of cook­ies (e.g. when obtain­ing con­sent), users should assume that cook­ies are per­man­ent and can be stored for up to two years.

Gen­er­al inform­a­tion on revoc­a­tion and objec­tion (opt-out): Users can revoke the con­sents they have giv­en at any time and file an objec­tion to pro­cessing in accord­ance with the leg­al require­ments in Art. 21 DSGVO. Users can also declare their objec­tion via their browser set­tings, e.g. by deac­tiv­at­ing cook­ies (although this may also lim­it the func­tion­al­ity of our online ser­vices). An objec­tion to using cook­ies for online mar­ket­ing can also be declared via the web­sites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Busi­ness services

We pro­cess data of our con­trac­tu­al and busi­ness part­ners, e.g. cus­tom­ers and inter­ested parties (col­lect­ively referred to as “con­trac­tu­al part­ners”) in the con­text of con­trac­tu­al and com­par­able leg­al rela­tion­ships as well as related meas­ures and in the con­text of com­mu­nic­a­tion with con­trac­tu­al part­ners (or pre-con­trac­tu­al), e.g. to answer enquiries.

We pro­cess this data to ful­fil our con­trac­tu­al oblig­a­tions. These include, in par­tic­u­lar, the oblig­a­tions to provide the agreed ser­vices, any update oblig­a­tions and rem­ed­ies in the event of war­ranty and oth­er ser­vice dis­rup­tions. Fur­ther­more, we pro­cess the data to safe­guard our rights and for the admin­is­trat­ive tasks asso­ci­ated with these oblig­a­tions and the com­pany organ­isa­tion. We pro­cess the data based on our legit­im­ate interests in prop­er and eco­nom­ic man­age­ment as well as secur­ity meas­ures to pro­tect our con­trac­tu­al part­ners and our busi­ness oper­a­tions from mis­use and endan­ger­ment of their data, secrets, inform­a­tion and rights (e.g. for the involve­ment of tele­com­mu­nic­a­tions, trans­port and oth­er aux­il­i­ary ser­vices as well as sub­con­tract­ors, banks, tax and leg­al advisors, pay­ment ser­vice pro­viders or tax author­it­ies). In line with applic­able law, we only dis­close the data of con­trac­tu­al part­ners to third parties to the extent that this is neces­sary for the pur­poses men­tioned above or to ful­fil leg­al oblig­a­tions. Con­trac­tu­al part­ners will be informed about oth­er forms of pro­cessing, e.g. for mar­ket­ing pur­poses, with­in the frame­work of this data pro­tec­tion declaration.

We inform the con­trac­tu­al part­ners which data is required for the pur­poses men­tioned above or in the course of data col­lec­tion, e.g. in online forms, using spe­cial labelling (e.g. col­ours) or sym­bols (e.g. aster­isks or sim­il­ar), or in person.

We delete the data after the expiry of stat­utory war­ranty and com­par­able oblig­a­tions, i.e., in prin­ciple after 4 years, unless the data is stored in a cus­tom­er account, e.g., as long as it has to be retained for leg­al archiv­ing reas­ons. The stat­utory reten­tion peri­od for doc­u­ments rel­ev­ant under tax law as well as for com­mer­cial books, invent­or­ies, open­ing bal­ances, annu­al fin­an­cial state­ments, the work instruc­tions required to under­stand these doc­u­ments and oth­er organ­isa­tion­al doc­u­ments and account­ing vouch­ers is ten years, and for received com­mer­cial and busi­ness let­ters and repro­duc­tions of sent com­mer­cial and busi­ness let­ters six years. The peri­od shall begin at the end of the cal­en­dar year in which the last entry was made in the book, the invent­ory, the open­ing bal­ance sheet, the annu­al accounts or the man­age­ment report was drawn up, the com­mer­cial or busi­ness let­ter was received or sent, or the account­ing doc­u­ment was cre­ated. Fur­ther­more, the record­ing was made, and oth­er doc­u­ments were created.

As far as we use third-party pro­viders or plat­forms to provide our ser­vices, the respect­ive third-party pro­viders or plat­forms’ terms and con­di­tions and data pro­tec­tion notices apply to the rela­tion­ship between the users and the providers.

  • Types of data pro­cessed: Invent­ory data (e.g. names, addresses); pay­ment data (e.g. bank details, invoices, pay­ment his­tory); con­tact data (e.g. email, tele­phone num­bers); con­tract data (e.g. sub­ject mat­ter of con­tract, term, cus­tom­er cat­egory); usage data (e.g. web­sites vis­ited, interest in con­tent, access times); meta/​communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Cus­tom­ers, pro­spect­ive cus­tom­ers, busi­ness and con­trac­tu­al partners.
  • Pur­poses of pro­cessing: pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er ser­vice; secur­ity meas­ures; con­tact requests and com­mu­nic­a­tion; office and organ­isa­tion­al pro­ced­ures; admin­is­tra­tion and response to requests.
  • Leg­al grounds: Con­trac­tu­al per­form­ance and pre-con­trac­tu­al enquir­ies (Art. 6 para. 1 p. 1 lit. b) DSGVO); Leg­al oblig­a­tion (Art. 6 para. 1 p. 1 lit. c) DSGVO); Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).

Shop and e‑commerce: We pro­cess the data of our cus­tom­ers to enable them to select, pur­chase or order the selec­ted products, goods and asso­ci­ated ser­vices, as well as their pay­ment and deliv­ery or exe­cu­tion. If neces­sary for the exe­cu­tion of an order, we use ser­vice pro­viders, in par­tic­u­lar postal, for­ward­ing and ship­ping com­pan­ies, to carry out the deliv­ery or exe­cu­tion for our cus­tom­ers. To pro­cess pay­ment trans­ac­tions, we use the ser­vices of banks and pay­ment ser­vice pro­viders. The required inform­a­tion is iden­ti­fied as such in the con­text of the order or sim­il­ar pur­chase pro­cess and includes the inform­a­tion required for deliv­ery or pro­vi­sion and billing as well as con­tact inform­a­tion to be able to con­tact you; leg­al basis: con­tract per­form­ance and pre-con­trac­tu­al enquir­ies (Art. 6 para. 1 p. 1 lit. b) DSGVO).

Pay­ment pro­ced­ures
In the con­text of con­trac­tu­al and oth­er leg­al rela­tion­ships, due to leg­al oblig­a­tions or oth­er­wise based on our legit­im­ate interests, we offer data sub­jects effi­cient and secure pay­ment options and use oth­er ser­vice pro­viders for this pur­pose in addi­tion to banks and cred­it insti­tu­tions (col­lect­ively “pay­ment ser­vice providers”).

The data pro­cessed by the pay­ment ser­vice pro­viders include invent­ory data, such as the name and address, bank data, such as account num­bers or cred­it card num­bers, pass­words, TANs and check­sums; the con­tract, sum and recip­i­ent-related details. The inform­a­tion is required to carry out the trans­ac­tions. How­ever, the data entered is only pro­cessed by the pay­ment ser­vice pro­viders and stored with them. I.e. we do not receive any account or cred­it card-related inform­a­tion, but only inform­a­tion with con­firm­a­tion or rejec­ted pay­ment. Under cer­tain cir­cum­stances, the data may be trans­mit­ted by pay­ment ser­vice pro­viders to cred­it agen­cies. The pur­pose of this trans­mis­sion is to check iden­tity and cred­it­wor­thi­ness. There­fore, please refer to the pay­ment ser­vice pro­viders’ gen­er­al terms and con­di­tions and the data pro­tec­tion information.

The respect­ive pay­ment ser­vice pro­vider­’s terms and con­di­tions and data pro­tec­tion notices apply to the pay­ment trans­ac­tions and can be accessed with­in the respect­ive web­sites or trans­ac­tion applic­a­tions. We also refer to these for fur­ther inform­a­tion and the asser­tion of revoc­a­tion, inform­a­tion and oth­er data sub­ject rights.

  • Types of data pro­cessed: Invent­ory data (e.g. names, addresses); pay­ment data (e.g. bank details, invoices, pay­ment his­tory); con­tract data (e.g. sub­ject mat­ter of con­tract, term, cus­tom­er cat­egory); usage data (e.g. web­sites vis­ited, interest in con­tent, access times); meta/​communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Cus­tom­ers; pro­spect­ive customers.
  • Pur­poses of pro­cessing: pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er service.
  • Leg­al basis: Con­tract per­form­ance and pre-con­trac­tu­al enquir­ies (Art. 6 para. 1 p. 1 lit. b) DSGVO).

Fur­ther inform­a­tion on pro­cessing oper­a­tions, pro­ced­ures and services:

Apple Pay: pay­ment ser­vices (tech­nic­al con­nec­tion of online pay­ment meth­ods); ser­vice pro­vider: Apple Inc., Infin­ite Loop, Cuper­tino, CA 95014, USA; leg­al basis: con­tract ful­fil­ment and pre-con­trac­tu­al inquir­ies (Art. 6 Para. 1 Clause 1 lit. b) GDPR); web­site: https://www.apple.com/apple-pay/; pri­vacy policy: https://www.apple.com/legal/privacy/.

Google Pay: pay­ment ser­vices (tech­nic­al con­nec­tion of online pay­ment meth­ods); ser­vice pro­vider: Google Ire­land Lim­ited, Gor­don House, Bar­row Street, Dub­lin 4, Ire­land; leg­al basis: con­tract ful­fil­ment and pre-con­trac­tu­al inquir­ies (Art. 6 Para. 1 Clause 1 lit. b) GDPR); web­site: https://pay.google.com/about/; pri­vacy policy: https://policies.google.com/privacy.

Stripe: pay­ment ser­vices (tech­nic­al con­nec­tion of online pay­ment meth­ods); Ser­vice pro­vider: Stripe, Inc., 510 Town­send Street, San Fran­cisco, CA 94103, USA; Leg­al basis: con­tract ful­fil­ment and pre-con­trac­tu­al inquir­ies (Art. 6 Para. 1 Clause 1 lit. b) GDPR); Web­site: https://stripe.com; Pri­vacy Policy: https://stripe.com/privacy; Basis for third coun­try trans­fers: Data Pri­vacy Frame­work (DPF).

Types of data processed.

  • Usage data (e.g. web­sites vis­ited, interest in con­tent, access times); meta/​communication data (e.g. device inform­a­tion, IP addresses); con­tent data (e.g. entries in online forms).
  • Data sub­jects: Users (e.g. web­site vis­it­ors, users of online services).
  • Pur­poses of pro­cessing: pro­vi­sion of our online offer and user-friend­li­ness; inform­a­tion tech­no­logy infra­struc­ture (oper­a­tion and pro­vi­sion of inform­a­tion sys­tems and tech­nic­al devices (com­puters, serv­ers, etc.).); secur­ity meas­ures; pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er ser­vice; firewall.
  • Leg­al basis: Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).

Pro­vi­sion of the online offer and web hosting:

  • Col­lec­tion of access data and log files: Access to our online offer is logged as so-called “serv­er log files”. The serv­er log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data trans­ferred, noti­fic­a­tion of suc­cess­ful access, browser type and ver­sion, the user­’s oper­at­ing sys­tem, refer­rer URL (the pre­vi­ously vis­ited page) and, as a rule, IP addresses and the request­ing pro­vider. The serv­er log files may be used on the one hand for secur­ity pur­poses, e.g. to avoid over­load­ing the serv­ers (espe­cially in the case of abus­ive attacks, so-called DDoS attacks) and on the oth­er hand to ensure the util­isa­tion of the serv­ers and their sta­bil­ity; Leg­al basis: Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Dele­tion of data: Log file inform­a­tion is stored for the longest 30 days and then deleted or anonymised. Data whose fur­ther stor­age is neces­sary for evid­en­tiary pur­poses is exempt from dele­tion until the final cla­ri­fic­a­tion of that incident.
  • Email deliv­ery and host­ing: We use web host­ing ser­vices, includ­ing email deliv­ery, receipt and stor­age. For these pur­poses, the addresses of the recip­i­ents and senders, as well as fur­ther inform­a­tion regard­ing the email dis­patch (e.g. the pro­viders involved) and the con­tents of the respect­ive emails, are pro­cessed. The data above may also be pro­cessed to recog­nise SPAM. Please note that emails on the Inter­net are gen­er­ally not sent in encryp­ted form. As a rule, emails are encryp­ted in trans­it, but (unless a so-called end-to-end encryp­tion pro­ced­ure is used) not on the serv­ers from which they are sent and received. There­fore, we can not take any respons­ib­il­ity for the trans­mis­sion path of the emails between the sender and the recep­tion on our serv­er; leg­al basis: legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
  • Con­tent Deliv­ery Net­work: We use a “con­tent deliv­ery net­work” (CDN). A CDN is a ser­vice which deliv­ers the con­tent of an online offer, in par­tic­u­lar, large media files such as graph­ics or pro­gramme scripts, quick­er and more securely with the help of region­ally dis­trib­uted serv­ers con­nec­ted via the Inter­net; Leg­al basis: Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
  • Host­ing by Digita­lOcean: We use Digita­lOcean LLC, 101 Aven­ue of the Amer­icas, 10th Floor New York, NY 10013, USA (“Digita­lOcean”), to host and dis­play the site con­tent and pro­cessing on our behalf. All data col­lec­ted on our web­site is pro­cessed on Digita­lOcean­’s serv­ers. As part of the ser­vices men­tioned above, data may also be trans­ferred to Digita­lOcean serv­ers in the USA for fur­ther pro­cessing on our behalf. We have con­cluded an order pro­cessing agree­ment with Digita­lOcean (“Data Pro­cessing Agree­ment”, view­able at https://www.digitalocean.com/legal/data-processing-agreement/), in which we oblige the pro­vider to pro­tect our users’ data and not to pass it on to third parties. You can find more inform­a­tion on Digita­lOcean­’s data pro­tec­tion at the web­site: https://www.digitalocean.com/legal/privacy-policy/. Fur­ther pro­cessing on serv­ers oth­er than the ones above of Digita­lOcean only takes place with­in the frame­work com­mu­nic­ated below.

Con­tact and requests

When con­tact­ing us (e.g. by con­tact form, email, tele­phone or via social media) as well as in the con­text of exist­ing user- and busi­ness rela­tion­ships, the inform­a­tion of the inquir­ing per­sons is pro­cessed inso­far as neces­sary to answer the con­tact enquir­ies and any reques­ted measures.

  • Types of data pro­cessed: Con­tact data (e.g. email, tele­phone num­bers). Con­tent data (e.g. entries in online forms). Usage data (e.g. web­sites vis­ited, interest in con­tent, access times). Meta/​communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Com­mu­nic­a­tion partners.
  • Pur­poses of pro­cessing: con­tact requests and com­mu­nic­a­tion; man­aging and respond­ing to requests; feed­back (e.g. col­lect­ing feed­back via online form); provid­ing our online offer and user experience.
  • Leg­al basis: Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); con­tract per­form­ance and pre-con­trac­tu­al enquir­ies (Art. 6 para. 1 p. 1 lit. b) DSGVO).
  • More inform­a­tion on pro­cessing oper­a­tions, pro­ced­ures and services:
  • Con­tact form: If users con­tact us via our con­tact form, email or oth­er com­mu­nic­a­tion chan­nels, we pro­cess the data com­mu­nic­ated to us in this con­text to pro­cess the trans­mit­ted request;
  • Leg­al basis: Con­tract per­form­ance and pre-con­trac­tu­al enquir­ies (Art. 6 para. 1 p. 1 lit. b) DSGVO), Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).

Man­age­ment, organ­isa­tion and sup­port tools
We use ser­vices, plat­forms and soft­ware from oth­er pro­viders (from now on referred to as “third-party pro­viders”) to organ­ise, man­age, plan and provide our ser­vices. We observe the leg­al require­ments when select­ing third-party pro­viders and their ser­vices.
In this con­text, per­son­al data may be pro­cessed and stored on the serv­ers of third-party pro­viders. This may include vari­ous data we pro­cess per this data pro­tec­tion declar­a­tion. This data may include, in par­tic­u­lar, mas­ter data and con­tact data of users, data on trans­ac­tions, con­tracts, oth­er pro­cesses and their contents.

If users are referred to third-party pro­viders or their soft­ware or plat­forms in line with com­mu­nic­a­tion, busi­ness or oth­er rela­tion­ships with us, the third-party pro­viders may pro­cess usage data and metadata for secur­ity pur­poses, ser­vice optim­isa­tion or mar­ket­ing pur­poses. We, there­fore, ask you to observe the data pro­tec­tion notices of the respect­ive third-party providers.

  • Types of data pro­cessed: Con­tent data (e.g. entries in online forms); Usage data (e.g. web­sites vis­ited, interest in con­tent, access times); Meta/​communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Com­mu­nic­a­tion part­ners; users (e.g. web­site vis­it­ors, users of online services).
  • Pur­poses of pro­cessing: con­tact requests and com­mu­nic­a­tion; pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er ser­vice; office and organ­isa­tion­al procedures.
  • Leg­al grounds: Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).

Fur­ther inform­a­tion on pro­cessing oper­a­tions, pro­ced­ures and services:

  • WeTrans­fer: Trans­fer of files via the inter­net; Ser­vice pro­vider: WeTrans­fer BV, Oostelijke Han­del­skade 751, Ams­ter­dam, 1019 BW, Neth­er­lands; Leg­al basis: Legit­im­ate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Web­site: https://wetransfer.com; Pri­vacy policy: https://wetransfer.com/legal/privacy.

Modi­fic­a­tion and updat­ing of the Pri­vacy Policy
Please inform your­self reg­u­larly about the con­tent of our pri­vacy policy. We adapt the pri­vacy policy as soon as changes in our data pro­cessing require this. In addi­tion, we will noti­fy you in case the changes require an act of cooper­a­tion on your part (e.g. con­sent) or oth­er indi­vidu­al noti­fic­a­tion.
We provide addresses and con­tact inform­a­tion of com­pan­ies and organ­isa­tions in this data pro­tec­tion declar­a­tion. Please note that they may change, and please check the inform­a­tion before con­tact­ing us.

Rights of data sub­jects
As a data sub­ject, you have vari­ous rights under the GDPR, which arise in par­tic­u­lar from Art. 15 to 21 GDPR:

  • Right to object to pro­cessing: you have the right to object at any time, on reas­ons relat­ing to your par­tic­u­lar situ­ation, to the pro­cessing of per­son­al data con­cern­ing you, which is car­ried out based on Art. 6(1)(e) or (f) DSGVO; this also applies to pro­fil­ing based on these pro­vi­sions. If the per­son­al data con­cern­ing you are pro­cessed for dir­ect mar­ket­ing, you have the right to object at any time to the pro­cessing of per­son­al data con­cern­ing you for such mar­ket­ing; this also applies to pro­fil­ing inso­far as it is related to such dir­ect marketing.
  • Right of revoc­a­tion for con­sents: You have the right to revoke any con­sent you have giv­en at any time.
  • Right to access: You have the right to request inform­a­tion on wheth­er data con­cern­ing you is being pro­cessed. You have the right to get a report on this data, fur­ther details, and a copy of the data fol­low­ing the leg­al requirements.
  • Right to rec­ti­fic­a­tion: By the leg­al require­ments, you have the right to request that the data con­cern­ing you be com­pleted or that incor­rect data con­cern­ing you be corrected.
  • Right to eras­ure and restrict pro­cessing: You have the right, by the law, to request that data relat­ing to you be deleted imme­di­ately, altern­at­ively, to request the restric­tion of the pro­cessing of the data fol­low­ing the law.
  • Right to data port­ab­il­ity: You have the right to receive data con­cern­ing you, which you have provided to us, in a struc­tured, com­mon and machine-read­able format under the leg­al require­ments or to demand that it be trans­mit­ted to anoth­er per­son responsible.
  • Com­plaint to the super­vis­ory author­ity: Without pre­ju­dice to any oth­er admin­is­trat­ive or judi­cial rem­edy, you have the right to sub­mit a com­plaint to a super­vis­ory author­ity, in par­tic­u­lar in the Mem­ber State of your habitu­al res­id­ence, place of work or place of the alleged infringe­ment, if you con­sider that the pro­cessing of per­son­al data relat­ing to you infringes the require­ments of the GDPR.

This Pri­vacy Policy is based on the free Datenschutz-Generator.de by Dr Thomas Schwen­ke but trans­lated and mod­i­fied by the web­site own­er.