If you have any questions about how we handle your Personal Data or about data protection in general, you can reach us at firstname.lastname@example.org.
Handling of Personal Data
In the following, we would like to inform you about our handling of Personal Data when you use this website.
Unless otherwise described in the following sections, the legal basis for handling your Personal Data follows from the necessity of such handling for the provision of the functionalities requested by you on this website (Art. 6(1)(b) of the GDPR).
Accessing the website
When you call up our website, your browser transmits certain data to our web server for technical reasons in order to provide you with the information you have called up. To enable you to visit the website, the following data is collected, stored for a short time and used:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Operating system and its interface
- Access status / HTTP status code
- Amount of data transferred
- Website from which the request came
- Browser, language, and version of the browser software
In addition, we store this data for a limited period of time to protect our legitimate interests, in order to be able to trace Personal Data in the event of unauthorized access or attempted access to our servers (Art. 6(1)(f) of the GDPR).
To provide our website, we use the services of Linode LLC of 249 Arch St, Philadelphia, Pennsylvania, USA who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website (Art. 6(1)(f) of the GDPR).
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations and/or our legitimate interest in processing your request (Art. 6(1)(b) and (f) of the GDPR).
Profile and account
If you register on our platform, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form (your full name, address, email address and password). The entry of your data is encrypted so that third parties cannot read your data when it is entered. We rely on the processing of certain Personal Data, to fulfil our contractual obligations to you or to carry out pre-contractual measures (Art. 6(1)(b) of the GDPR).
When using our services
We process the data of our registered users in order to be able to provide our Services as well as to ensure the security of our services and to be able to develop it further. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract (Art. 6(1)(b) of the GDPR) for the use of the service as well as your consent (Art. 6(1)(c) of the GDPR). We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account. You may withdraw your consent and request us to stop using and/or disclosing your Personal Data by submitting your request to us in writing. Please note when using our services, you become the data controller and we become the data processor in accordance with Art. 29 of the GDPR.
If you make a purchase your payment will be processed via the payment system of Thrivecart WebActix Ltd of 6 Boulder Lane, Pyes Pa, Tauranga 3112, New Zealand using the payment service providers PayPal of 2211 N 1st St, San Jose, CA 95131 United States and Stripe of The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland. Payment data will solely be processed through the payment system of PayPal and Stripe. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service (Art. 6(1)(b) of the GDPR).
Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to (Art. 6(1)(a) of the GDPR).
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.
We use the ConvertKit system of ConvertKit LLC, 750 W Bannock St 761, Boise, Idaho, 83701, United States to process user data and lead management. Your details may be stored in the ConvertKit system, and we may use your Personal Data in connection with the services offered to us by ConvertKit including marketing, to fulfill our contractual obligations to you or to carry out pre-contractual measures (Art. 6(1)(b) and (f) of the GDPR).
We have integrated components from Vimeo of 555 West 18th Street New York, NY 10011 United States when you want to replay live events. The integration requires that Vimeo can perceive the IP address of the user. The IP address is required in order to send the video content to the user's browser. If you click on a Vimeo component (video), your internet browser will be prompted by the component to download a corresponding representation of the component. In this way, Vimeo knows which specific sub-pages you have visited. The legal basis for the data processing is our legitimate interest and your consent (Art. 6(1)(f) and (a) of the GDPR).
Google Tag Manager
We also use Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal Data is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html. This represents a legitimate interest (Art. 6(1)(f) of the GDPR).
We are present on social media on the basis of our legitimate interest. If you contact us via social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the PDPA and GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. A Joint Controller Agreement itself is very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfill the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service, if any (Art. 6(1)(f) and (a) and (b) of the GDPR).
Transfer of data for processing on our behalf
We sometimes use specialized service providers to process your data. Our service providers are carefully selected and regularly monitored by us. They process Personal Data only on our behalf and strictly in accordance with our instructions on the basis of corresponding contracts for commissioned processing.
Processing of data outside the EU / EEA
Some of your data may also be processed in countries outside the European Union ("EU") or the European Economic Area ("EEA"), where there may generally be a lower level of data protection than in Europe. In these cases, we ensure that a sufficient level of data protection is guaranteed for your data, e.g., via contractual agreements with our contractual partners (copy available on request), or we ask for your express consent.
Information about your rights
The following rights are available to you under applicable data protection laws:
- Right to obtain information about the data we hold about you;
- Right to rectify, erase or restrict the processing of your Personal Data;
- Right to object to processing which serves our legitimate interest;
- Right to data portability;
- Right to complain to a supervisory authority;
- You can revoke your consent to the collection, processing and use of your Personal Data at any time with effect for the future.
If you wish to exercise your rights, please contact us.