2. Processing of personal data and purposes of the processing
a) External web hosting
This website is hosted by an external service provider (hoster). The personal data collected on the website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
For the provision of this website, we use the web hosting service of Fancy Chap, Inc., D/B/A Flywheel. 1405 Harney Street #201 Omaha, NE 68102 (hereinafter referred to as “Flywheel”). Flywheel stores this website on its servers (hosting). The hosting takes place on servers in the European Union.
In connection with the hosting, Flywheel processes personal data on our behalf that arises from the following actions of users:
- When visiting the website;
- When using the form to apply.
We have entered into a Data Processing Agreement (DPA) with Flywheel. Through this contract, Flywheel ensures that they process the data in accordance with the GDPR and ensure the protection of the rights of the data subject. In the event that Flywheel transfers personal data to a country outside the EU, we have agreed with Flywheel on the so-called standard contractual clauses of the European Commission. Flywheel undertakes to ensure a level of data protection that is adequate for the EU.
In order to offer a website, the commissioning of a web hosting service is required. The use of Flywheel takes place in accordance with Art. 6 para. 1 f) GDPR due to our legitimate economic interest in keeping our services on this website available.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
b) When visiting the website
You can visit the website without having to disclose any information about your identity. The browser used on your end device only automatically sends information to the server of our website (e.g. the operating system of your computer and the browser you are using, the name of your internet access provider, the name and URL of the file accessed, the date and time of access, the website from which access was made).
This also includes the IP address of your requesting end device. This IP address is temporarily stored in a so-called log file and automatically deleted after 7 days.
The IP address is processed for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and, if necessary, to be able to pursue any illegal attacks on it.
The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows results from the aforementioned security interest and the necessity of a trouble-free provision of our website.
We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
c) Contact Us
When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of handling the contact request and its fulfilment pursuant to Art. 6 para. 1 lit. b. GDPR.
The user’s details may be stored in our customer relationship management system (“CRM system”) or comparable enquiry organisational systems.
We currently use the CRM system “Hubspot”, from the provider Hubspot Inc. (25 First St, Cambridge, Massachusetts 02141, USA) on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR (efficient and fast processing of user enquiries). For this purpose, we have concluded an Data Processing Agreement with Hubspot including the so-called standard contractual clauses, in which Hubspot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level pursuant to the GDPR.
d) Comments and Postings
When a user comments on posts on the website, their IP address is stored. This is done for the security of the provider in case someone writes unlawful content in comments and posts (insults, forbidden political propaganda, etc.). In this case, the provider itself can be prosecuted for the comment or post and is therefore dependent on collecting the identity of the users who write a comment.
If you would like to subscribe to our newsletter, we would be pleased if you would register using the form provided for this purpose. All you have to do is enter your e-mail address. Further personal details (e.g. name, so that we can address you personally) are optional. In order o ensure that you really want to receive our newsletter (and that your e-mail address has not been entered by someone else) and to record that you agree to the processing of your personal data in the context of sending the newsletter, we use the so-called double opt-in procedure. This means that after entering your e-mail address (and possibly other data), you will receive a confirmation e-mail from us. Only after you have clicked on the activation link in the confirmation e-mail are you registered for our newsletter.
Since we only process your data for sending the newsletter if you agree to this, i.e. you have given us your consent (in accordance with Art. 6 para. 1 lit. a GDPR), we must store the data required for the corresponding documentation. For these purposes, in addition to your e-mail address, we also store the time and date of your registration, the time and date of your confirmation and the relevant IP address.
You can revoke your consent at any time with effect for the future by using the corresponding unsubscribe link, which you can find at the end of every newsletter.
As soon as you revoke your consent, we will no longer send you the newsletter. Based on our legitimate interest (Art. 6 para. 1 lit. f. GDPR) in the verifiability of legally compliant data processing, we reserve the right to store your e-mail address together with logging data of your consent for a further 3 years. In this case, we will retain the aforementioned data exclusively for this purpose and block it for other processing.
Dispatch service provider:
https://www.hubspot.de/data-privacy/gdpr. Hubspot has signed the so-called standard contractual clauses of the European Commission to ensure an appropriate level of data protection, including in exchanges with third countries. Furthermore, according to its own information, the dispatch service provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
The dispatch service provider is used on the basis of our legitimate interest (Art. 6 para. 1 lit. f. GDPR) in the implementation and optimisation of our newsletter and customer relations.