Privacy Policy – Data Protection
I. Name and address of the controller in charge for data processing
When using the App controller in charge for the processing of personal data within the meaning of the EU-General Data Protection Regulation (GDPR) and all other relevant data protection laws is:
2808 - Divisions & Ventures UG (haftungsbeschränkt)
represented by its CEO Mr. Elias Diebold
Hasenheide 74, 10967 Berlin, GERMANY
(hereinafter also referred to as: We/us)
E-Mail: info@28o8.com
App: „momentum“
II. General information on data processing
- Personal data
„Personal data“ comprises all data that can be used to personally identify you.
- Scope of processing of personal data
We take the protection and security of the personal data that are being processed in connection with the use of our App very seriously and handle these confidentially. We process and use personal data of our users only, if and to the extent this is allowed under applicable statutory laws, for example if you have consented in the processing of your personal data, if this is necessary for the purposes of providing you with a functioning mobile App and related services to be rendered by us and/or for the purposes of the performance and fulfillment of subscription contracts our users have entered into with us.
- Examples of data processing
We may process data that you share with us voluntarily, for instance information you are uploading on the App. Some data may be automatically recorded and processed by our IT systems whenever you are using the App, primarily technical information, such as IP addresses, browser data, geo data or the time when you access and use the App. This information may be statistically analyzed to optimize the App and our services, to guarantee the error free provision of the App as well as to detect and prevent misuse of the App. Furthermore, some features of our dating App require the processing of personal data for its proper and intended use of providing our users the opportunity to date a partner in real life, such as location data to ensure your potential date is within local reach.
- Legal basis for data processing (examples)
If and to the extent that you have given consent to the processing of your personal data for one or more specific purposes, the legal basis for the processing is Art. 6 (1) lit. a GDPR.
If and to the extent that the processing is necessary for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR.
If and to the extent that processing is necessary for compliance with a legal obligation to which we are subject, the legal basis for the processing is Art. 6 (1) lit. c GDPR.
If and to the extent that processing is necessary in order to protect the vital interests of you or of another natural person, the legal basis for the processing is Art. 6 (1) lit. d GDPR.
If and to the extent processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data, in particular where the data subject is a child, the legal basis for the processing is Art. 6 (1) lit. f GDPR.
- Deletion of data and storage period
The duration of the storage of personal data is subject to and determined by the purposes for which we have processed them and the respective legal retention periods (e.g. commercial and tax retention periods). After achievement of the purposes for which we have processed data and the expiration of applicable retention periods, the corresponding data will be deleted.
Any data you are sharing with other registered users of the App when you post a „Desire“ or when you apply for „Desires“ of other registered users of the App will be routinely deleted from your mobile device at sunrise and will no longer be displayable to other registered users thereafter. We only save such data on the servers of our hosting service partner for a period of fourteen (14) days after they have been posted by you, so that we can track potential misuse of our services or potential violations of our terms or applicable laws in the event another registered users reports a misuse or a violation to us or we become aware hereof. All such data are routinely deleted from the servers of our hosting service partner thereafter, unless a complaint is submitted to us or we become aware of misuses or violations in which case we will internally store relevant data documenting and proving a misuse or a violation until such matter is settled.
- Information on data transfer to third-parties
In the scope of our business activities we are cooperating with external contract partners and service providers (third-parties). We only disclose and transfer personal user data to these third-parties if and to the extent this is required to fulfill our contracts with the user, if we are legally obligated to do so (e.g. disclosure of data to tax authorities), if we have a legitimate overriding interest according to Art. 6 (1) lit. f) GDPR or in other cases in which a transfer of personal data is mandatory or allowed by statutory laws. Depending on the nature of our cooperation with third-parties to whom personal data of our users are transferred under the conditions set forth above we do so on the basis of valid data processing or joint processing agreements.
We use tools from third-party companies located in the US. The USA is deemed to be a secure third-party country with a level of data protection comparable to that of the EU. Data transfer to the US is permitted, if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional assurances. We only cooperate with third-party companies in the US who are accordingly certified or warrant appropriate additional data protection assurances.
III. Logfiles when visiting our websites
(1) When using our App, even if you neither register or apply for a subscription nor otherwise provide us with information, technical data are automatically transmitted to us by the browser of your mobile device (mobile phone or tablet computer). We only process and collect the data that your browser transmits to our server (so-called “server log files”). When you visit the App, the following information is transmitted:
IP address
Date and time at the moment of access
Source/reference from which you came to the App
We process these data for the purposes of
providing a stable connection to our App
providing a comfortable use of our App
analyzing system security and stability of our App
(2) Data processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest of the purposes as listed above. The data will not be used to identify you, as only anonymized IP addresses are being processed. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
IV. Hosting / IT-support and maintenance
Our App is hosted by the following provider:
AWS – Amazon Web services, a cloud computing platform operated by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxemburg (controller in charge for the EU)
whose data privacy policy can be found here: https://aws.amazon.com/de/privacy/.
IT-support and maintenance for our App is provided by:
Memory Squared sp.z.o.o., Dąbrowskiego 24, 30-532 Kraków, Poland, a software design and development company.
Data processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in achieving the purpose of providing and maintaining a reliable, stable, secure and user-friendly App.
We have entered into Data Processing Agreements (DPA) with the provider and the IT-support and maintenance company for the use of their services named above. A DPA is a mandatory contract under data privacy laws that ensures that the providers process personal data of our App user only in compliance with applicable data protection laws and on our instructions.
V. Application for a membership subscription
Description and scope of data processing
Prior to your App subscription you have to apply for a membership subscription. In the course of the application we are asking you several questions („multiple choice“), i.a. about your age, relationship status, intentions to use the App, and ask you to upload three photos depicting you. All the data that you are entering and the photos you are uploading during the application process will not be publicly accessible or displayed. They will only be internally viewed and assessed by us. We process your data only to assess your application and to decide whether or not we will offer you a membership subscription to use our App and its services.
Purposes and legal basis for data processing
The processing of personal data when you apply for a membership subscription is necessary in order to take steps at the request of you prior entering into a contract (Art. 6 (1) lit. b GDPR).
Duration of storage
All data that are being processed in the course of the application will be deleted after we have assessed your application and decided whether or not we are offering a membership subscription to you.
VI. Subscription and creation of an Account
- Description and scope of data processing
In order to use our App you have to apply for a membership (see V.) and – after your application has been approved – register and subscribe to the services of our App. Once we have approved your application you can easily access your personal data in the respective form and submit them to us in the course of your registration. When registering for our services you may sign in via Apple with your Apple ID or with the email address or phone number you have submitted to us. We will send a text with a verification code to you either via email or via SMS, depending on which sign-up method you have selected. You will be able to start the registration process with the verification code we have provided to you. Within the registration process you have to type in the following mandatory personal data, which will be processed and stored by us:
- first name, last name
- email-address
- mobile telephone number
- date of birth
- user name/nick name
sex
sexual orientation
relationship status
personal preferences / turn-ons („sparks“)
Some of these data are required so that we can identify you as our subscribed user (name, email-address, mobile number) in order to render our services to you. Some of these data are processed in order to ensure the best user experience and to prevent the use of fake profiles and fake dating requests (sex, sexual orientation, relationship status, preferences/needs). You have to indicate your date of birth in order for us to exclude minor aged persons from the use of our App which is intended to be used by adults of legal age only.
- Purposes and legal basis for data processing
The processing of personal data when subscribing for our services, registering for our App and creating a user account serves the purpose of entering and duly performing service-contracts with you. Legal basis for the processing of personal data is Art. 6 (1) lit. b GDPR.
- Duration of storage
The duration of the storage of personal data is determined by the purposes for which we have processed them and the respective legal retention period (e.g. commercial and tax retention periods).
- Cancellation of a user-account
As a registered user you can cancel and delete your user account at any time with future effect in the respective settings of your account. In the course of your cancellation we will send you a code via SMS to your mobile phone. In order to confirm your cancellation you have to use the SMS code sent to you. Access to your account will be blocked immediately after you have confirmed your deletion request. We will direct our service partner Klaviyo to permanently suppress your profile. When you cancel your user account your personal data will be deleted and removed completely from our databases 30 days after your SMS confirmation with future effect. The processing of personal data for contracts that have been concluded with us remains unaffected by a cancellation and deletion of your account, which means that we will continue to internally process such data, if and to the extent it is necessary for the performance and fulfillment of contracts or if we are obligated to do so by law, especially in order to comply with mandatory retention periods that apply to us.
According to customary IT standards, we are regularly performing encrypted database backups on our host’s (AWS) servers in cases of critical downtime or errors. In the course of such backups user data can be stored for a short time after deletion from the main database in rare cases.
- Update and modification of user data
You can change or modify your personal data that have been stored in your account at any time, if your data are no longer up-to-date. You can correct or change your personal data in the settings of your password secured account by yourself.
VII. Download, payment and fulfillment via third-party distributors and payment service providers
- Description and scope of data processing
Our App is distributed through app-stores only, namely Google Play and Apple App Store. All contracts/subscriptions of our App are concluded, handled and executed by the respective owners of these app-stores. All payments of subscription fees are being processed, handled and received by the app-stores and their respective payment service providers, such as Apple Pay or Google Payment. When purchasing and downloading the App and paying subscription fees for the use of our App the respective Terms & Conditions and Privacy Policies of the app-stores and payment service providers apply additionally and have to be complied with. For the performance and fulfillment of purchase-/subscription contracts that are being concluded in the app-stores of the distributors of our App as well as for pre-contractual activities, it is necessary for the distributing app-stores and payment service providers to process your personal data and payment data that are submitted and stored in the course of your purchase/subscription of the App. Detailed information on personal data that are being processed by the app-stores and payment service providers when purchasing and downloading our App can be found in the applicable Policies of the distributing app-stores and payment service providers:
Google Play Store:
https://play.google.com/about/play-terms/index.html
Google Pay:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
Apple App Store:
https://www.apple.com/legal/privacy/data/en/app-store/
Apple Pay:
https://www.apple.com/legal/privacy/data/en/apple-pay/
- Legal basis for data processing and data transfer to third parties
The legal basis for data processing of the distributing app-stores is Art. 6 (1) lit. b and lit. f GDPR.
- Purposes of data processing and data transfer
The processing and transfer of the personal data mentioned is necessary for the conclusion, fulfillment and performance of contracts as well as steps at your request prior to entering into such contracts. Any personal data that are processed and transferred will only be used for the purposes that are set out in the applicable Terms and Policies of the app-stores. Personal data will only be transferred to us, if this is necessary for us in the context of the conclusion, fulfillment and performance of contracts or if and to the extent processing is necessary for the purposes of the legitimate interests pursued by us in accordance with Art. 6 (1) lit. f GDPR.
- Duration of storage
Detailed information can be found in the applicable Privacy Policies of the distributing app-stores. The duration of the storage of personal data that have been transferred to us by our distributors is determined by the purposes for which they have been transferred and the respective legal retention periods (e.g. commercial and tax retention periods).
VIII. Use of Analysis tools and third-party services
According to customary IT-standards and like most apps and websites we are using third-party services and analysis tools in our App in order to permanently and constantly improve and optimize our App’s services as well as to analyze and assess i.a. range, traffic, potential security gaps and statistic user behavior in our App. Currently we are using the following analysis tools, third-party services and features:
- Google Analytics
For the purposes of optimizing the user experience of our App we use Google Analytics, a web analysis service of Google Inc., USA. For users in the EU and the European Economic Area (EEC) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as „Google“) is responsible controller in charge within the meaning of the GDPR.
Google Analytics enables us to analyze the behavior patterns of App users and visitors. Google Analytics uses so-called cookies, which are text files stored on your computer, to help the App analyze how it’s being used. We receive i.a. accessed pages, time spent on our App, utilized operating systems and user’s location. Furthermore, Google Analytics allows us to analyze clicks and scrolling on our App. Google Analytics uses modeling approaches to augment the collected data sets and uses machine learning technologies. According to Google this information is also stored and transferred to a Google server in the US.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission: https://business.safety.google/adscontrollerterms/sccs/
Google is certified for the US-European data protection agreement “EU-US Data Privacy Framework” (DPF), which guarantees compliance with the data protection level applicable in the EU. We have entered into a Data Processing Agreement (DPA) with Google, i.e. a mandatory contract under data privacy laws that ensures that Google processes personal data of our App user only in compliance with applicable data protection laws and on our instructions.
The App uses Google Analytics with the extension “anonymizeIp()”, which ensures an anonymization of the IP address by shortening it and thus, excluding a direct personal identification. Only in exceptional cases, the full IP address will be transmitted to a Google server in the US and shortened there.
On our behalf, Google uses data to evaluate the use of the App and to compile reports on activities on our App. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout.
More information on how Google Analytics handles user data can be found in Google’s privacy policy at: https://support.google.com/analytics/answer/6004245.
- Firebase
We use Firebase Cloud Messaging, a cross-platform messaging solution, for our App. The service provider is Google Inc., US. For the EU and the European Economic Area (EEC), Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland is responsible for Google services and controller in charge within the meaning of the GDPR. According to Google, Firebase also processes data in the US. Such data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission:
Google is certified for the US-EU data protection agreement “EU-US Data Privacy Framework” (DPF), which guarantees compliance with the data protection level applicable in the EU. We have entered into a Data Processing Agreement (DPA) with Google, i.e. a mandatory contract under data privacy laws that ensures that Google processes personal data of our App users only in compliance with applicable data protection laws and on our instructions.
Our App uses push services from the operating system of your device. Push services are short messages that can be sent directly to the App from our server via Firebase. By using this service, content can be synchronized very quickly on all end devices.
When using the push service, a device token is assigned. These are encrypted, anonymized device IDs. The sole purpose of its use is to provide the push services to our App users. Firebase Cloud Messaging is part of our backend service platform.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout. Further information on the terms of use of Firebase Cloud Messaging can be found on the Firebase website: https://firebase.google.com/terms/
- Facebook Analytics
We use Facebook Analytics for Apps for analysis and statistical evaluation of the use of our App. The service provider is Meta Platforms Inc., US. For the EU and the European Economic Area (EEC) Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for Facebook services and controller in charge within the meaning of the GDPR.
We may use the statistics we obtain from Facebook Analytics to improve our services and to make our App more user-friendly. To the extent that personal data are transferred to Meta’s server in the US, such transfer falls under the US-EU data protection agreement “EU-US Data Privacy Framework” (DPF), which guarantees compliance with the data protection level applicable in the EU. We have entered into a Data Processing Agreement (DPA) with Meta Platforms, i.e. a mandatory contract under data privacy laws that ensures that Meta processes personal data of our App user only in compliance with applicable data protection laws and on our instructions.
Further information on the data being processed when Facebook Analytics is used can be found on the Facebook website: https://www.facebook.com/about/privacy/
- TikTok Analytics
We use TikTok Analytics for analysis and statistical evaluation of the use of our App. For users in the EU and the European Economic Area (EEC) TikTok is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Analytic data provided to us by TikTok in anonymized form enable us to evaluate behavior, user traffic and interactions of App users. These data allow us to analyze and filter i.a. number of views, interactions, the average duration spent on our App. This also includes information about where users have discovered our App and the regions our users come from. With this information we can analyze and optimize the effectiveness of our activities and services.
We have entered into a Data Processing Agreement (DPA) with TikTok, i.e. a mandatory contract under data privacy laws that ensures that TikTok processes personal data of our App users only in compliance with applicable data protection laws and on our instructions.
More information on how TikTok Analytics handles user data can be found in TikTok’s privacy policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/en
- Appsflyer
We use AppsFlyer, an analysis service which enables us to provide suitable advertising to our App users and third-parties as well as to ensure the effectiveness of our advertising. The representative of the service provider within the EU is AppsFlyer Germany GmbH, Kurfürstendamm 11, c/o WeWork, 10719 Berlin, Germany.
Data and reports provided to us by AppsFlyer enable us to analyze and optimize our promotional, marketing and advertising campaigns.
You can opt-out from the processing and using of your personal data with AppsFlyer for marketing and promotional purposes in accordance with this subsection anytime by adjusting your device settings in iOS or Android (further information for Android users: https://support.google.com/ads/answer/2662922 and for iOS users: https://support.apple.com/HT205223)
We have entered into a Data Processing Agreement (DPA) with AppsFlyer, i.e. a mandatory contract under data privacy laws that ensures that AppsFlyer processes personal data of our App users only in compliance with applicable data protection laws and on our instructions.
More information on how AppsFlyer handles user data can be found in the privacy policy of the service provider at: https://www.appsflyer.com/legal/services-privacy-policy/
- Stripe
We have assigned Stripe Payments Europe, Limited (SPEL) with registered offices in the EU (Dublin, Ireland), Web: stripe.com (hereinafter referred to as „Stripe“) with the verification process.
After signing up for the App and after completing your subscription you will be re-directed to Stripe. As a company with registered offices in the EU Stripe has to comply with European laws, especially relevant data protection laws, such as the EU-GDPR. We use these third-party verification services to thoroughly check the identity of users who have signed up for the App, to prevent fraudulent or incorrect registrations for the services of the App and – by doing so – to ensure a high level of safety and transparency for us and our users. Stripe has no knowledge about the purpose of the verification, which means Stripe and Stripe’s employees, who are conducting the verification process, do not know that you are about to subscribe for our dating app „momentum“. We will not accept user subscriptions and will not provide our services to users who have not been successfully verified by Stripe. In order to take part in the verification process you will have to present a valid Identity Card (ID) / Personalausweis (PA) of yourself. Furthermore, you have to enable Stripe to access your camera and microphone of your mobile device which can be done in the settings of your mobile device. You will be informed hereof. If you do not enable Stripe to access your mobile device’s camera and microphone you will not be able to verify. Access to camera and microphone is necessary to conduct the verification process. Stripe’s Terms & Conditions and Privacy Policy apply and need to be complied with. We do not have any influence on Stripe’s Terms & Conditions and Privacy Policy and therefore do not take any responsibility or liability, neither for the result of the verification nor for any disputes arising out of or in connection with the verification process at Stripe. We will notify the user once he/she/they has been successfully verified.
We have entered into a Data Processing Agreement (DPA) with Stripe, i.e. a mandatory contract under data privacy laws that ensures that Stripe processes personal data of our App user only in compliance with applicable data protection laws and on our instructions.
More information on how Stripe handles user data can be found in the privacy policy of the service provider at: https://stripe.com/de/privacy
- Klaviyo
For our App we use the services of Klaviyo Inc., 125 Summer St Floor 7, Boston, MA 02111, USA, to manage and execute push notification services within the App’s functionalities such as sending verification codes to our users’ mobile device.
In order to evaluate the push notification services the notifications sent to you via our App contain a tracking pixel or a tracking link. This allows us to determine whether you have opened the message and whether you have clicked on any integrated links. In this context your personal data such as IP address, browser type and device as well as the time of access are processed and stored. These technical data will not be used to identify you personally. The data processed is only used to improve text messaging services and to provide flawless functionalities in our App.
To the extent that personal data are transferred to Klaviyo’s server in the US, such transfer falls under the US-EU data protection agreement “EU-US Data Privacy Framework” (DPF), which guarantees compliance with the data protection level applicable in the EU. We have entered into a Data Processing Agreement (DPA) with Klaviyo, i.e. a mandatory contract under data privacy laws that ensures that Klaviyo processes personal data of our App users only in compliance with applicable data protection laws and on our instructions.
More information on how Klaviyo handles user data can be found in the privacy policy of the service provider at: https://www.klaviyo.com/legal/privacy-notice.
- Twilio
For our App we use the services of Twilio Inc., 645 Harrison Street, 3rd Floor, San Francisco, CA 94107, USA to manage and execute the sending of SMS codes to your mobile device within the App’s functionalities.
When using these services technical data such as IP address, browser type and device as well as the time of access are processed and stored. These technical data will not be used to identify you personally. The data processed is only used to improve the services described and to provide flawless functionalities in our App.
To the extent that personal data are transferred to Twilio’s server in the USA, such transfer falls under the US-EU data protection agreement “EU-US Data Privacy Framework” (DPF), which guarantees compliance with the data protection level applicable in the EU. We have entered into a Data Processing Agreement (DPA) with Twilio, i.e. a mandatory contract under data privacy laws that ensures that Twilio processes personal data of our App users only in compliance with applicable data protection laws and on our instructions.
More information on how Twilio handles user data can be found in the privacy policy of the service provider at: https://www.twilio.com/en-us/legal/privacy
- Access to features of your mobile device
The App uses your mobile device’s GPS location, which helps us to determine your approximate geographical location and make use of such location data to provide relevant features of the App such as personalized content, relevant recommendations, and location-based services. In order to use all functionalities of the App it is mandatory to enable our App to access your location, as potential dates and „Desires“ are only displayed to other App users within a certain radius. You can allow the App to access your location in the settings of your mobile device. You will be informed hereof via a push message in the App. Geo-data about your mobile device’s location are only used to provide our services to you as described above. If you do not enable the App to access your mobile device’s location you will not be able to use the functionalities and features of the App to the full extent.
When choosing photos of yourself to upload on your App profile within the App’s typical functionalities you may grant our App access to the photo gallery and choose which photo(s) to upload from your mobile device. You will be asked to allow our App access to certain applications of your mobile device beforehand. Such data are only used to provide our services to you as described above.
- Legal basis for data processing
The legal basis for the processing of personal data in context of the use of analysis tools and the third-party services listed above is either
Art. 6 (1) lit. a GDPR, i.e. your consent to the processing of personal data for one or more specific purposes; consent can be withdrawn at any time with future effect; or
Art. 6 (1) lit. b GDPR to the extent processing is necessary for the performance of a contract or in order to take steps at the request of you prior to entering a contract, or
Art. 6 (1) lit. f GDPR, i.e. our legitimate interest in providing a stable, reliable and user-friendly App to you and in permanently improving and optimizing the App by applying and using statistic and analytic data being processed and provided to us by third-party service and analysis tool operators listed above.
- Purposes of data processing
In addition to the purposes mentioned and described here within we use these third-party services and analysis tools to analyze traffic and to optimize our App in a user-friendly way as well as for the following purposes:
- Ensuring the security in our App
- Statistic purposes, especially analyzing the range of and traffic on our App
- Optimizing the services of our App
These purposes are legitimate interests to process personal data within the meaning of Art. 6 (1) lit. f GDPR.
We do not use personal data generated by these third-party services and analysis tools to create identifiable user profiles. Some functions of our websites cannot be provided without the use of necessary third-party services and tools.
- Duration of storage
Detailed information can be found in the applicable Privacy Policies of the third-party service providers listed above. The duration of the storage of personal data that have been processed by us or transferred to us by these third-party service providers is determined by the purposes for which they have been processed or transferred and the respective legal retention periods. If statutory retention periods do not apply to the processing of such personal data they will be routinely deleted and no longer be used, if and as soon as the purposes for which they have been processed or transferred are achieved. Some of the tools and services listed here within can be de-activated by yourself in the respective settings of your mobile device.
IX. Contact
We provide information on how to get in contact with us on our App. In the context of contacting us (e.g. via e-mail or phone), personal data is collected and stored:
- name
- e-mail-address
- your inquiry/message/question (formulated individually by you)
These data are stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. In this context no personal data are transferred to third parties.
The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR.
Your data will be deleted after your inquiry has been resolved; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided that there are no legal storage obligations to the contrary.
X. Rights of the data subject
If your personal data are being processed, you are „data subject“ within the meaning of the GDPR and you have the following rights towards us as the controller of your data:
- Right of information
Pursuant to Art. 15 GDPR you have the right to obtain information from the controller as to whether or not personal data concerning you are being processed, and, where that is the case, access to personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling as well as – if applicable – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Right of rectification
Pursuant to Art. 16 GDPR you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you or the right to have incomplete personal data completed.
- Right of erasure
Pursuant to Art. 17 GDPR you have the right to obtain from the controller the erasure of personal data concerning you without undue delay, unless that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by statutory law to which the controller is subject, for reasons of public interest or for the establishment, exercise or defense of legal claims.
- Right to restriction of processing
Pursuant to Art. 18 GDPR you have the right to obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the controller no longer needs the personal data for the purposes of processing but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.
- Right to data portability
Pursuant to Art. 20 GDPR you have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided where the processing is based on consent and is carried out by automated means.
- Right of withdrawal
Pursuant to Art. 7 (3) GDPR you have the right to withdraw your consent for the processing of personal data at any time with the consequence that we may not continue with the processing which was based on your consent.
- Right to lodge a complaint
Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, place of the alleged infringement or controller‘s residence.
- RIGHT TO OBJECT
PURSUANT TO ART. 21 GDPR YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS BASED ON ART. 6 (1) LIT. (e) OR (f) GDPR, INCLUDING PROFILING BASED ON THOSE PROVISIONS. WE SHALL NO LONGER PROCESS THE PERSONAL DATA UNLESS WE DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU WHERE PERSONAL DATA ARE PROCESSED FOR MARKETING PURPOSES. WHERE YOU OBJECT TO PROCESSING FOR DIRECT MARKETING PURPOSES, THE PERSONAL DATA SHALL NO LONGER BE PROCESSED FOR SUCH PURPOSES.
- Contact
Please contact us, if you want to exercise your rights in connection with the processing of your personal data or if you have any data related questions or inquiries.
XI. Data security
We solely use data transmission services that offer high security standards to protect the transmission of personal data and other confidential information against loss, alteration and misuse. We and our service partners endeavor to comply with high security standards in order to protect your data. If such data are being transmitted we are using encrypted services. However, the online transmission of personal data via the Internet bears risks and may be subject to security gaps. Despite all due care and precaution taken it is not possible to completely and exhaustively protect personal data against third-party access or illegal activities.
August 2024