Privacy Policy
Sample Data Processing Agreement (in german)
Responsible party in terms of data protection laws, particularly the EU General Data Protection Regulation (GDPR), is:
stdout UG (haftungsbeschränkt)
Grimmeisenstraße 19
81927 Munich
Your Data Subject Rights
You can exercise the following rights at any time by contacting our Data Protection Officer at the contact details provided:
– Access to your data stored with us and information about its processing (Art. 15 GDPR),
– Correction of incorrect personal data (Art. 16 GDPR),
– Deletion of your data stored with us (Art. 17 GDPR),
– Restriction of data processing, provided we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
– Objection to the processing of your data with us (Art. 21 GDPR), and
– Data portability, provided you have consented to the data processing or have a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future.
You can always file a complaint with a supervisory authority, such as the competent supervisory authority of the federal state of your residence or the authority responsible for us as the responsible entity.
A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
Collection of General Information When Visiting Our Website
Type and Purpose of Processing:
When you access our website, i.e., if you do not register or otherwise transmit information, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address, and similar.
They are processed particularly for the following purposes:
– Ensuring a trouble-free connection to the website,
– Ensuring the smooth use of our website,
– Evaluation of system security and stability, and
– for the optimization of our website.
We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us anonymously, if necessary, to optimize our internet presence and the underlying technology.
Legal Basis and Legitimate Interest:
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.
Recipients:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Third Country Transfer:
The collected data will not be transferred to third countries.
Following data protection guarantees are in place:
Storage Duration:
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is generally the case for data used to provide the website when the respective session has ended.
In the case of data storage in log files, this is the case after no later than 14 days. A further storage is possible. In this case, the IP addresses of the users are anonymized so that an assignment of the calling client is no longer possible.
Provision Prescribed or Required:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website are not guaranteed. Additionally, individual services and services may not be available or may be limited. For this reason, an objection is excluded.
[block id=”cookies” value=”Yes”]
Cookies
Like many other websites, we also use so-called “cookies.” Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website.
You can delete individual cookies or the entire cookie stock. In addition, you will receive information and instructions on how these cookies can be deleted or their storage can be blocked in advance. Depending on the provider of your browser, you will find the necessary information under the following links:
Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
Opera: http://www.opera.com/help
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Storage Duration and Used Cookies:
If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:
woocommerce_cart_hash -> duration of the session
wp_woocommerce_session_[SESSION_ID] -> 2 days
woocommerce_items_in_cart -> duration of the session
wp-wpml_current_language -> duration of the session
Technically Necessary Cookies
Type and Purpose of Processing:
We use cookies to make our website more user-friendly. Some elements of our internet page require that the calling browser can be identified even after a page change.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our internet page cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
Shopping cart
Adoption of language settings
Legal Basis and Legitimate Interest:
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a user-friendly design of our website.
Recipients:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
[/block]
Third Country Transfer:
The collected data will not be transferred to third countries.
Following data protection guarantees are in place:
Provision Prescribed or Required:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website are not guaranteed. Additionally, individual services and services may not be available or may be limited.
Objection
Read the information about your right to object under Art. 21 GDPR below.
Registration on Our Website
Type and Purpose of Processing:
For registration on our website, we require some personal data, which is transmitted to us through an input mask.
At the time of registration, the following additional data is collected:
IP address
Timestamp
Your registration is required for the provision of certain content and services on our website.
Legal Basis:
The processing of the data entered during registration is based on the user’s consent (Art. 6 para. 1 lit. a GDPR).
Recipients:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Third Country Transfer:
The collected data may be transferred to the following third countries:
No
The following data protection guarantees are in place:
Storage Duration:
Data is processed in this context only as long as the corresponding consent is present.
Provision Prescribed or Required:
The provision of your personal data is voluntary and solely based on your consent. Without providing your personal data, we cannot grant you access to our offered content.
Provision of Paid Services
Type and Purpose of Processing:
For the provision of paid services, we request additional data, such as payment information, to be able to fulfill your order.
Legal Basis:
The processing of data required for the conclusion of the contract is based on Art. 6(1)(b) GDPR.
Recipients:
Recipients of the data may include processors.
Third Country Transfer:
The collected data may be transferred to the following third countries:
NO
The following data protection guarantees are in place:
Storage Duration:
We store this data in our systems until the legal retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax requirements.
Provision Prescribed or Required:
The provision of your personal data is voluntary. Without providing your personal data, we cannot grant you access to our offered content and services.
Newsletter
Type and Purpose of Processing:
For the delivery of our newsletter, we collect personal data that is transmitted to us via an input form.
For effective registration, we need a valid email address. To verify that a registration is actually made by the owner of an email address, we use the “double opt-in” procedure. This involves logging the newsletter registration, sending a confirmation email, and receiving the requested response. No further data is collected.
Legal Basis:
Based on your explicit consent (Art. 6(1)(a) GDPR), we will regularly send you our newsletter or comparable information via email to your specified email address.
You can withdraw your consent to store your personal data and its use for the newsletter dispatch at any time with effect for the future. Each newsletter contains a corresponding link for this purpose. Additionally, you can unsubscribe at any time directly on this website or inform us of your withdrawal using the contact options provided at the end of this privacy notice.
Recipients:
Recipients of the data may include processors.
Third Country Transfer:
The collected data may be transferred to the following third countries:
NO
The following data protection guarantees are in place:
Storage Duration:
Data is processed in this context only as long as the corresponding consent is present. Afterward, it will be deleted.
Provision Prescribed or Required:
The provision of your personal data is voluntary and solely based on your consent. Without existing consent, we cannot send you our newsletter.
Withdrawal of Consent:
You can withdraw your consent to store your personal data and its use for the newsletter dispatch at any time with effect for the future. The unsubscription can be requested via the link contained in each email or by contacting the data protection officer or the person responsible for data protection listed below.
Payment Provider
We use the payment service provider Stripe to process payments on our website. Stripe is an online payment service that allows us to securely process payments via credit card or bank transfer. To use this service, you need to provide your bank details, such as credit card number or account information.
Data Protection with Stripe
Stripe collects and processes certain personal data during each transaction. This includes:
• First and last name
• Address
• Email address
• IP address
• Phone number
• Credit card number
• Account coverage
• Transactions
• Overdraft limit
This data is particularly sensitive and is processed by Stripe in accordance with applicable data protection laws. Stripe retains your data only as long as necessary for processing the payment and uses it solely for the purpose of payment processing. The legal basis for Stripe’s data processing is the fulfillment of the contract pursuant to Art. 6 (1) (b) GDPR.
You have the right to object to the processing of your personal data by Stripe. However, please note that certain data, such as your name and payment details, are required for processing payments through Stripe, and an objection to their processing cannot prevent this requirement.
Since Stripe operates as an independent payment service provider and processes data within its own sphere of responsibility, there is no directive relationship according to Art. 29 GDPR. Therefore, a data processing agreement (DPA) between us and Stripe is not necessary.
Further information about data protection at Stripe can be found in Stripe’s privacy policy: stripe.com/de/privacy
Contact Form
Type and Purpose of Processing:
The data you enter will be stored for the purpose of individual communication with you. A valid email address and your name are required for this. This serves to assign the request and subsequently respond to it. Providing further data is optional.
Legal Basis:
The processing of data entered into the contact form is based on a legitimate interest (Art. 6(1)(f) GDPR).
By providing the contact form, we aim to facilitate an uncomplicated means of contacting us. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.
If you contact us to request an offer, the processing of data entered into the contact form is carried out to implement pre-contractual measures (Art. 6(1)(b) GDPR).
Recipient: The recipients of the data may include data processors.
Transfer to Third Countries: The collected data may be transferred to the following third countries: NO The following data protection guarantees are in place:
Storage Duration: Data will be deleted no later than 6 months after the request has been processed. If a contractual relationship is established, we are subject to the statutory retention periods under the German Commercial Code (HGB) and will delete your data after these periods have expired.
Provision Prescribed or Required: Providing your personal data is voluntary. However, we can only process your request if you provide us with your name, email address, and the reason for your request.
SSL Encryption: To protect the security of your data during transmission, we use encryption methods that comply with the current state of the art (e.g., SSL) over HTTPS.
Information about Your Right to Object under Article 21 GDPR
Right to Object on a Case-by-Case Basis: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6(1)(f) GDPR (data processing based on a balance of interests); this also applies to profiling based on this provision as defined in Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
Recipient of an Objection: stdout UG (haftungsbeschränkt)
Changes to Our Privacy Policy
We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to reflect changes in our services in the privacy policy, such as the introduction of new services. The new privacy policy will apply to your subsequent visits.
Questions for the Data Protection Officer
If you have any questions about data protection, please email us or directly contact the person responsible for data protection in our company.
Marco Gariboldi
Grüntal 34
81925 München
mg@gdpr-map.eu
The privacy policy was created with the help of the activeMind AG, the experts for externe Datenschutzbeauftragte (Version #2020-09-30).