Data Protection Declaration Preamble With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). The terms used are not gender-specific. Preamble With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent in the context of providing our application. The terms used are not gender-specific. Status: June 6, 2024 Table of contents Preamble Preamble Responsible party Overview of processing Relevant legal bases Security measures Transfer of personal data General information on data storage and deletion Rights of the data subjects Business services Business processes and procedures Payment methods Provision of the online service and web hosting Registration, login and user account Community functions Contact and inquiry management Communication via messenger Newsletter and electronic notifications Advertising communication via email, post, fax or telephone Web analysis, monitoring and optimization Online marketing Presences in social networks (social media) Plug-ins and embedded functions as well as content Changes and updates Definitions of terms Responsible party Doris Escherich natural person Alpseestrasse 15 86845 Grossaitingen Email address: maltes-ostseekoje@gmx.de Overview of processing The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects. Types of data processed Inventory data. Payment data. Location data. Contact details. Content data. Contract data. Usage data. Meta, communication, and procedural data. Log data. Categories of data subjects: Service recipients and clients. Interested parties. Communication partners. Users. Business and contractual partners. Customers. Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Communication. Security measures. Direct marketing. Reach measurement. Tracking. Office and organizational procedures. Conversion measurement. Target group formation. Organizational and administrative procedures. Feedback. Marketing. Profiles with user-related information. Provision of our online offering and user-friendliness. Information technology infrastructure. Public relations. Sales promotion. Business processes and commercial procedures. Relevant legal bases Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy. Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or several specific purposes. Performance of a contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject. Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject which require protection of personal data do not override them. National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions on the right to information, the right to erasureng, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, the national data protection laws of the individual federal states may apply. Note on the applicability of the GDPR and the Swiss DSG: This data protection notice serves to provide information in accordance with both the Swiss DSG and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to their broader geographical application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest", and "particularly sensitive personal data" used in the Swiss DSG, the terms "processing" of "personal data", "legitimate interest", and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within the scope of the Swiss DSG. Security measures We take suitable technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as control over access, input, and transmission, as well as ensuring availability and separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Furthermore, we consider the protection of personal data right from the development and selection of hardware, software, and processes in accordance with the principle of data protection, through technology design, and through data protection-friendly default settings. IP address shortening: If IP addresses are processed by us or by the service providers and technologies we use, and the processing of a full IP address is not required, the IP address will be shortened (also known as "IP masking"). The last two digits, or the last part of the IP address after a period, are removed or replaced with placeholders. The purpose of shortening the IP address is to prevent or significantly complicate the identification of a person based on their IP address. Securing online connections with TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted. Transfer of personal data As part of our processing of personal data, it may happen that this data is transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data. Data transfer within the organization: Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to it. If the data is passed on for administrative purposes, it is based on our legitimate entrepreneurial and business interests or if it is necessary to fulfil our contractual obligations.
