Privacy Policy

Introduction
We (“we”, “us”, “our”) take the protection of the data of the users (“User” or “you”) of our website and/or our mobile app (the “Website” and the “Mobile App”) very seriously and are committed to protecting the information that users provide to us in connection with the use of our website and/or our mobile app (together: the “digital assets”). We are also committed to protecting and using your data in accordance with applicable law.

This Privacy Policy explains our practices regarding the collection, use and disclosure of your data through your use of our digital assets (the “Services”) when you access the Services via your devices.

Please read this Privacy Policy carefully and make sure you fully understand our practices regarding your data before you use our Services. If you have read this Policy, fully understand it and do not agree with our practices, you must cease using our digital assets and Services. By using our Services, you acknowledge the terms of this Privacy Policy. Your continued use of the Services constitutes your consent to this Privacy Policy and any amendments thereto.

In this Privacy Policy you will learn:

• how we collect data

• which data we collect

• why we collect this data

• who we share the data with

• where the data is stored

• how long the data is retained

• how we protect the data

• how we handle data of minors

• updates or changes to this Privacy Policy

What data do we collect?

Below is an overview of the data we may collect:

• Non-identified and non-identifiable information that you provide during the registration process or that is collected through the use of our Services (“non-personal data”). Non-personal data does not allow us to identify the individual from whom it was collected. The non-personal data we collect consists mainly of technical and aggregated usage information.

• Individually identifiable information, i.e. any information by which you can be identified or that could reasonably be used to identify you (“personal data”). The personal data that we collect via our Services may include information that is requested from time to time, such as names, email addresses, postal addresses, phone numbers, IP addresses and more. When we combine personal data with non-personal data, we will treat such combined information as personal data as long as it remains combined.

How do we collect data?

Below are the main methods we use to collect data:

• We collect data when you use our Services. When you visit our digital assets and use the Services, we may collect, record and store usage data, sessions and related information.

• We collect data that you provide to us yourself, for example when you contact us directly via a communication channel (e.g. by email with a comment or feedback).

• As described below, we may collect data from third-party sources.

• We collect data that you provide to us when you sign in to our Services via a third party such as Facebook or Google.

Why do we collect this data?

We may use your data for the following purposes:

• to provide and operate our Services;

• to develop, customise and improve our Services;

• to respond to your feedback, enquiries and requests and to provide support;

• to analyse demand and usage patterns;

• for other internal, statistical and research purposes;

• to improve our data security and fraud prevention capabilities;

• to investigate violations and enforce our terms and policies and to comply with applicable law, regulations or official orders;

• to send you updates, news, promotional material and other information relating to our Services. For promotional emails, you can decide at any time whether you wish to continue receiving them. If not, simply click the unsubscribe link in such emails.

Who do we share this data with?

We may share your data with our service providers in order to operate our Services (for example, to store data via third-party hosting services, provide technical support, etc.).

We may also disclose your data in the following circumstances:
(i) to investigate, detect, prevent or take action regarding illegal activities or other misconduct;
(ii) to establish or exercise our rights of defence;
(iii) to protect our rights, property or personal safety, as well as the safety of our users or the public;
(iv) in the event of a change of control at our company or any of our affiliates (by way of merger, acquisition or purchase of (substantially) all assets, etc.);
(v) to collect, hold and/or manage your data via authorised third-party providers (e.g. cloud service providers), as far as this is reasonably necessary for business purposes;
(vi) to work together with third-party providers in order to improve your user experience.

For the avoidance of doubt, we may transfer, share or otherwise use non-personal data at our sole discretion.

Please note that our Services may enable social interactions (e.g. posting content, information and comments publicly and chatting with other users). We point out that any content or data that you provide in these areas may be read, collected and used by other persons. We advise you not to post or share information that you do not wish to make public. If you upload content to our digital assets or otherwise provide it while using a Service, you do so at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content. You acknowledge and confirm that copies of your data may remain accessible even after deletion on cached and archived pages or after third parties have copied/stored your content.

Cookies and similar technologies

When you visit or access our Services, we authorise third parties to use web beacons, cookies, pixel tags, scripts and other technologies and analytics services (“tracking technologies”). These tracking technologies may enable third parties to automatically collect your data in order to improve the navigation experience on our digital assets, optimise performance and ensure a tailored user experience, as well as for security and fraud prevention purposes.

To find out more, please read our Cookie Policy.

Without your consent, we will not share your email address or other personal data with advertising companies or advertising networks.

Where do we store the data?

Non-personal data

Please note that our company as well as our trusted partners and service providers are located all over the world. For the purposes explained in this Privacy Policy, we store and process all non-personal data that we collect in different jurisdictions.

Personal data

Personal data may be maintained, processed and stored in the United States, Ireland, South Korea, Taiwan, Israel and, where necessary for the proper provision of our Services and/or required by law (as further explained below), in other jurisdictions.

How long is the data retained?

Please note that we retain the data we collect for as long as necessary to provide our Services, comply with our legal and contractual obligations to you, resolve disputes and enforce our agreements.

We may correct, supplement or delete inaccurate or incomplete data at any time at our sole discretion.

How do we protect the data?

The hosting service for our digital assets provides us with the online platform through which we can offer our Services to you. Your data may be stored via the data storage, databases and general applications of our hosting provider. They store your data on secure servers behind a firewall and provide secure HTTPS access to most areas of their services.

Payments / e-commerce
All payment options offered by us and our hosting provider for our digital assets comply with the PCI-DSS (Payment Card Industry Data Security Standard) requirements of the PCI Security Standards Council. This is a joint effort of brands such as Visa, MasterCard, American Express and Discover. PCI-DSS requirements help to ensure the secure handling of credit card data (including physical, electronic and procedural measures) by our shop and our service providers.

Despite the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection and absolute security of the data that you upload, post or otherwise share with us or others.

For this reason, we ask you to choose secure passwords and, wherever possible, not to send us or others any confidential information whose disclosure you believe could cause you significant or lasting harm. As email and instant messaging are not considered secure forms of communication, we also ask you not to share confidential information via any of these communication channels.

How do we handle data of minors?

Our Services are not intended for users who have not yet reached the legal age of majority. We do not knowingly collect data from children. If you are under the age of majority, you should not download or use the Services and should not provide us with any information.

We reserve the right at any time to request proof of age so that we can verify whether minors are using our Services. If we become aware that a minor is using our Services, we may prohibit and block such user’s access to our Services and delete any data stored about this user. If you believe that a minor has provided data to us, please contact us as explained below.

We may also use the contact details of a parent to communicate about the child’s activities within the Services. Parents may view the data we have collected from their child, prohibit us from collecting further data from their child, and request that all data we have collected be deleted from our records.

Please contact us if you wish to view, update or delete your child’s data. To protect your child, we may ask you to provide proof of your identity. We may refuse to grant access to the data if we consider your identity to be in doubt. Please note that certain data cannot be deleted due to other legal obligations.

Legal basis for processing

We use your personal data only for the purposes set out in this Privacy Policy and only if we are convinced that:

• the use of your personal data is necessary to perform or enter into a contract (for example, to provide you with the Services themselves or customer service and technical support);

• the use of your personal data is necessary to comply with corresponding legal or regulatory obligations; or

• the use of your personal data is necessary to support our legitimate business interests (provided that this is always done in a proportionate manner and with respect for your privacy rights).

Your rights as an EU resident

If you are resident in the EU, you may:

• request confirmation as to whether personal data concerning you is being processed or not, and request access to your stored personal data and to certain additional information;

• request to receive the personal data you have provided to us in a structured, commonly used and machine-readable format;

• request the rectification of your personal data stored by us;

• request the deletion of your personal data;

• object to the processing of your personal data by us;

• request the restriction of the processing of your personal data; or

• lodge a complaint with a supervisory authority.

Please note, however, that these rights are not unlimited and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as indicated below.

In the course of providing the Services, we may transfer data cross-border to affiliated companies or other third parties and from your country/your jurisdiction to other countries/jurisdictions worldwide. By using the Services, you consent to the transfer of your data outside the EEA.

If you are resident in the EEA, your personal data will only be transferred to locations outside the EEA where we are satisfied that an adequate or comparable level of protection for personal data exists. We will take appropriate steps to ensure that we have suitable contractual arrangements in place with our third parties to ensure that adequate safeguards are in place to minimise the risk of unlawful use, alteration, deletion, loss or theft of your personal data and to ensure that such third parties act at all times in accordance with applicable laws.

Rights under the California Consumer Privacy Act

If you use the Services as a California resident, you may be entitled under the California Consumer Privacy Act (“CCPA”) to request access to and deletion of your data.

To exercise your right of access and deletion, please see below how you can contact us.

The website does not sell users’ data
We do not sell users’ personal data for the purposes and intentions of the CCPA.

Websites with a blog or forum
Users of the Services who reside in California and are under the age of 18 may request and obtain the removal of content they have posted by sending us an email at the address provided in the “Contact” section below. All such requests must be labelled “California Removal Request”. All requests must include a description of the content you wish to have removed and sufficient information to enable us to locate the material. We do not accept notices that are not labelled or properly submitted, and we may not be able to respond if you do not provide sufficient information. Please note that your request does not ensure that the material will be completely or comprehensively removed. Content you have posted may, for example, be republished or reposted by other users or third parties.

Newsletter

If you would like to subscribe to the newsletter offered on our website, we need your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data will be collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

Sending via Brevo

The newsletter is sent via “Brevo” (formerly Sendinblue), a platform provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

The data stored when registering for the newsletter is stored on Brevo’s servers in Germany. Brevo uses this information on our behalf for sending and analysing the newsletters. Brevo does not use the data of our newsletter recipients to contact them itself or to pass it on to third parties.

Statistical collection and analyses

With the help of Brevo, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter has been opened and which links have been clicked, if any. These analyses serve exclusively to adapt the content of future newsletters to the interests of our readers.

Legal basis

The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

Storage period

We store the data you provide for the purpose of receiving the newsletter until you unsubscribe from the newsletter and delete it from our servers as well as from Brevo’s servers after you have unsubscribed.

Data processing agreement

We have concluded a data processing agreement with Brevo in which we oblige Brevo to protect the data of our customers and not to pass it on to third parties.

Updates or changes to this Privacy Policy

We may revise this Privacy Policy from time to time at our sole discretion; the version published on the website is always current (see the “Status” indication). We ask you to review this Privacy Policy regularly for changes. In the event of significant changes, we will publish a notice on our website. If you continue to use the Services after being notified of changes on our website, this will be deemed your confirmation and consent to the amended Privacy Policy and your agreement to be bound by the terms of such changes.

Contact

If you have general questions about the Services or the data we collect about you and how we use it, please contact us at:

Name: Kai Klostermann
Address: Loher Straße 6, 22149 Hamburg
Email: klostermann.hamburg@gmail.com

​