As of March 2, 2024
Robin Beer
Scharnweberstr. 15
Berlin
The following summary provides an overview of the types of data processed and the purposes of their processing, and refers to the data subjects affected.
Relevant legal bases according to the General Data Protection Regulation (GDPR): Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the data privacy policy.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations may apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains in particular special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer as well as automated decision-making in individual cases, including profiling. Furthermore, it may be possible for the data protection laws of the individual states to apply.
Reference to the GDPR and Swiss Data Protection Act: These data protection notices serve to provide information in accordance with the Swiss Federal Data Protection Act (Schweizer DSG) as well as the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader spatial application and understandability, the terms of the GDPR are used. In particular, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used instead of the terms used in the Swiss DSG, “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data.” However, the legal meaning of these terms continues to be determined in accordance with the Swiss DSG as part of the application of the Swiss DSG.
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.
These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as controlling access, input, disclosure, availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to the protection of data. Furthermore, we take data protection into account when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection by design and data protection-friendly default settings.
TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
As part of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or individuals or disclosed to them. These recipients of the data may include service providers or providers of services and content, such as those integrated into a website, with IT tasks. In such cases, we comply with legal requirements and, in particular, conclude the necessary contracts or agreements with the recipients of your data to protect your data.
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with legal requirements. If the level of data protection in the third country has been recognized by a decision of adequacy (Art. 45 GDPR), this decision serves as the basis for the data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise secured, in particular by means of standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent or if the transfer is necessary for the performance of a contract or the implementation of pre-contractual measures (Art. 49(1) GDPR). Furthermore, we will inform you about the legal basis for the transfer to third countries by the individual providers from third countries, whereby decisions of adequacy are given priority as a basis. Information on third-country transfers and the existence of adequacy decisions can be found in the information provided by the European Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called “Data Privacy Framework” (DPF), the European Commission has also recognized the level of data protection as safe for certain companies from the USA in accordance with the adequacy decision of July 10, 2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in the context of this data privacy policy which providers we use have been certified under the Data Privacy Framework.
Rights of Data Subjects under the GDPR: You have various rights as a data subject under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
We process user data in order to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Further information on processing procedures, procedures, and services:
Users can create a user account. As part of the registration, we provide users with the necessary mandatory information and process it for the purpose of providing the user account on the basis of contract fulfillment. The processed data includes, in particular, the login information (username, password, and email address).
In the context of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the users’ interests in protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so.
Users may be informed by email about processes relevant to their user account, such as technical changes.
Further information on processing procedures, procedures, and services:
If you contact us (e.g., by post, contact form, email, telephone, or via social media) or as part of existing user and business relationships, we process the information provided by the inquiring persons to the extent necessary to respond to the inquiry and any requested measures.
Further information on processing procedures, procedures, and services:
Web analysis (also known as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include pseudonymous values that reflect the behavior, interests, or demographic information of visitors, such as age or gender. With the help of reach analysis, we can, for example, determine at what time our online offering or its functions or content is most frequently visited or invite reuse. We can also understand which areas require optimization.
In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components, for example.
Unless otherwise stated below, profiles, i.e., data summarized for a user using a pseudonym, are created and information is stored in a browser or device and read from it for these purposes. The information collected may include, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have given their consent to us or to the providers we use to collect their location data, location data may also be processed.
IP addresses of users are also stored. However, we use an IP masking method (i.e., pseudonymization by shortening the IP address) to protect users. In principle, we and the providers of the software we use do not store clear data of the users (such as email addresses or names) during web analysis, A/B testing, and optimization, but only pseudonyms. This means that we and the providers do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Please regularly inform yourself about the content of our data privacy policy. We will adjust the data privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this data privacy policy, please note that the addresses may change over time and please check the information before contacting us.