Privacy Policy
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can personally identify you. Detailed information on data protection can be found in the privacy policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information on the Controller” in this privacy policy.
How do we collect your data?
Some data is collected when you provide it to us — for example, data you enter in a contact form. Other data is collected automatically or with your consent when you visit the website. This mainly includes technical data (e.g. browser, operating system, or time of page access). This data is collected automatically once you access the site.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other inquiries.
What rights do you have regarding your data?
You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can withdraw it at any time with effect for the future. You further have the right, under certain circumstances, to request the restriction of processing of your personal data and the right to lodge a complaint with the competent supervisory authority. You can contact us at any time for this and for further questions about data protection.
2. Hosting
We host the content of our website with the following provider:
External Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated through the website. External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online offer securely, quickly, and efficiently by a professional provider (Art. 6(1)(f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined in the TDDDG. Consent can be withdrawn at any time. Our hosting provider(s) will process your data only to the extent necessary to fulfill their service obligations and in accordance with our instructions.
Hosting Provider:
Vercel Inc.
440 N. Barranca Ave #4133
Covina CA 91723
United States
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with the provider named above. This contract ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. Use of Supabase
We use Supabase as a backend service to provide the technical infrastructure of our application. Provider: Supabase Inc., 981 Mission St, San Francisco, CA 94103, USA. Supabase processes data required for authentication and user account management, including email address, user ID, and technical session data. Data processing takes place for the purpose of providing and operating our online application as well as managing user accounts. Hosting and data processing via Supabase are based on Art. 6(1)(b) GDPR (performance of a contract) and on our legitimate interest in the secure and efficient provision of our application in accordance with Art. 6(1)(f) GDPR. We have concluded a Data Processing Agreement (DPA) with Supabase in accordance with Art. 28 GDPR. If data is transferred to the USA, such transfer is based on the Standard Contractual Clauses (SCCs) issued by the European Commission.
4. General Information and Mandatory Details
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected. This privacy policy explains what data we collect, how we use it, and for what purpose. Please note that data transmission over the internet (e.g. via email communication) may have security gaps. Complete protection of data from third-party access is not possible.
Information on the Controller
The controller responsible for data processing on this website is:
Pascal Wegner
Heintzestraße 15a
24143 Kiel
Deutschland
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Storage Duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you request deletion or withdraw your consent to processing, your data will be deleted unless there are other legally permissible reasons for storing it (e.g. tax or commercial law retention obligations). In the latter case, deletion will occur once those reasons no longer apply.
Legal Bases for Data Processing
If you have given consent, your personal data is processed on the basis of Art. 6(1)(a) GDPR or, for special categories of data, Art. 9(2)(a) GDPR. In cases of explicit consent to data transfers to third countries, processing is additionally based on Art. 49(1)(a) GDPR. If you consent to the storage of cookies or access to device information, this is additionally based on § 25(1) TDDDG. You may withdraw your consent at any time. If your data is required for the performance of a contract or for pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. If processing is required to fulfill a legal obligation, it is based on Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR.
Recipients of Personal Data
In the course of our business, we work with various external parties. This may involve transferring personal data to such entities. We only transfer personal data to external parties if this is necessary for contract performance, if required by law, if we have a legitimate interest (Art. 6(1)(f) GDPR), or if another legal basis permits it. When using processors, we do so only based on a valid DPA in accordance with Art. 28 GDPR. In cases of joint processing, a joint processing agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many processing operations are possible only with your explicit consent. You can withdraw your consent at any time with future effect. The lawfulness of processing prior to withdrawal remains unaffected.
Right to Object (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on these provisions. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if processing serves the establishment, exercise, or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing. After objection, your personal data will no longer be used for direct marketing.
Complaint to the Competent Supervisory Authority
In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement.
Right to Data Portability
You have the right to receive data which we process on the basis of your consent or in performance of a contract, in a commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
Right of Access, Rectification, and Erasure
You have the right to obtain, free of charge, information about your stored personal data, its origin, recipients, and the purpose of processing, as well as the right to rectify or delete this data, in accordance with applicable legal provisions. For this and other questions about personal data, you can contact us at any time.
Right to Restrict Processing
You have the right to request the restriction of processing of your personal data under certain conditions. For example:
- If you contest the accuracy of your personal data, we need time to verify it.
- If processing is unlawful, you may request restriction instead of deletion.
- If we no longer need your data but you need it for legal claims.
- If you have objected under Art. 21(1) GDPR and a balance of interests is pending.
When processing is restricted, your data (apart from storage) will be processed only with your consent, for legal claims, or for the protection of another person’s rights or for important public interest.
SSL/TLS Encryption
This site uses SSL or TLS encryption for security and to protect the transmission of confidential content (e.g. inquiries you send to us). You can recognize an encrypted connection by “https://” and the lock symbol in your browser’s address bar. When encryption is active, data you transmit to us cannot be read by third parties.
5. Data Collection on This Website
Registration via Facebook Connect
Instead of registering directly on this website, you can register using Facebook Connect. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, data may also be transferred to the USA and other third countries.
If you choose Facebook Connect and click the “Login with Facebook” or “Connect with Facebook” button, you will be redirected to Facebook’s platform to log in with your user credentials. This links your Facebook profile with our website or services.
Through this connection, we gain access to certain data stored in your Facebook profile, particularly:
- Facebook name
- profile and cover photos
- registered email address
- Facebook ID
- friend lists
- likes
- birthday
- gender
- country
- language
We use only your email address provided by Facebook to create your user account and enable login. This processing is necessary for the use of our application and thus for the performance of the contract (Art. 6(1)(b) GDPR). Other profile information transmitted by Facebook (e.g. display name or profile picture) may be technically processed or temporarily stored by our authentication service as part of the login process. We do not use this information for personalization purposes and do not transfer it to our own user profiles. Where technically feasible, such data is minimized or deleted after login.
Where personal data is collected on our website and transmitted to Facebook through this tool, we and Meta Platforms Ireland Limited are joint controllers (Art. 26 GDPR). Joint responsibility is limited to data collection and its transfer to Facebook. Subsequent processing by Facebook is outside our responsibility. The jointly responsible obligations are set out in the joint controller agreement available at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information and secure implementation on our website, while Facebook is responsible for the data security of its products. Data subject rights regarding Facebook’s processing can be exercised directly with Facebook. If you assert your rights with us, we are obligated to forward them to Facebook.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses (SCCs). Details: https://www.facebook.com/legal/EU_data_transfer_addendum, https://www.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.
Further information can be found in Facebook’s Terms and Privacy Policy: https://www.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.
Meta is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures compliance with European data protection standards for data processing in the United States. Further details: https://www.dataprivacyframework.gov/participant/4452.