• Controller
• Overview of Processing
  • Types of Processed Data
  • Categories of Affected Individuals
  • Purposes of Processing
• Relevant Legal Bases
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Provision of Online Services and Web Hosting
• Einsatz von Cookies
• Changes and Updates
• Definitions

Controller

Joachim Schmidt
Heinrich-Delp-Str. 185
64297 Darmstadt
Deutschland

Email Address: privacy@josch557.de

Overview of Processing

The following overview summarizes the types of data processed, the purposes of processing, and references the affected individuals.

Types of Processed Data

• Usage data.
• Metadata, communication data, and procedural data.
• Log data.

Categories of Affected Individuals

• Users.

Purposes of Processing

• Security measures.
• Provision of our online services and ease of use.
• Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection regulations in your or our country of residence or establishment may apply. If more specific legal bases apply in individual cases, we will inform you in the privacy policy.

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject, which require the protection of personal data, do not override them.

National data protection regulations in Germany: In addition to the GDPR data protection regulations, national data protection laws apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transmission as well as automated decision-making in individual cases, including profiling. Additionally, the data protection laws of individual federal states may apply.

General Information on Data Storage and Deletion

We delete personal data we process in accordance with legal requirements as soon as the underlying consent is revoked or no further legal basis for processing exists. This applies in cases where the original purpose of processing no longer exists or the data is no longer needed. Exceptions exist if legal obligations or specific interests require longer retention or archiving of the data.

Specifically, data that must be retained for commercial or tax reasons or that is necessary for legal prosecution or protection of the rights of other individuals or entities must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply to specific processing operations.

If multiple retention periods or deletion deadlines exist for a piece of data, the longest period always applies.

If a deadline does not explicitly start on a specific date and lasts at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the termination or other end of the legal relationship.

Data that is no longer needed for its original purpose but is retained due to legal obligations or other reasons is only processed for the reasons justifying its retention.

Further information on processing activities, procedures, and services:

• Retention and deletion of data: The following general retention periods apply under German law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and other organizational documents required for understanding, as well as accounting records and invoices (§ 147 para. 3 in conjunction with para. 1 nos. 1, 4, and 4a of the German Fiscal Code (AO), § 14b para. 1 of the German VAT Act (UStG), § 257 para. 1 nos. 1 and 4, para. 4 of the German Commercial Code (HGB)).

  • 6 years – Other business documents, such as received business letters, copies of sent business letters, and other documents relevant for taxation, e.g., payroll records, operating cost statements, calculation documents, and pricing records (§ 147 para. 3 in conjunction with para. 1 nos. 2, 3, and 5 AO, § 257 para. 1 nos. 2 and 3, para. 4 HGB).

  • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries, based on previous business experiences and industry practices, is stored for the standard statutory limitation period of three years (§§ 195, 199 of the German Civil Code (BGB)).

Rights of Data Subjects

As a data subject under the GDPR, you have various rights, particularly those derived from Articles 15 to 21 GDPR:

• Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to direct marketing.

• Right to withdraw consent: You have the right to withdraw consent given at any time.

• Right of access: You have the right to request confirmation of whether data concerning you is being processed, as well as detailed information and a copy of the data in accordance with legal requirements.

• Right to rectification: You have the right to request the completion or correction of your inaccurate data as required by law.

• Right to erasure and restriction of processing: You have the right, under legal conditions, to request the immediate deletion of your data or, alternatively, restriction of processing.

• Right to data portability: You have the right to receive the data you provided in a structured, commonly used, and machine-readable format or to request its transfer to another controller.

• Right to lodge a complaint with a supervisory authority: You have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data violates GDPR provisions.

Provision of Online Services and Web Hosting

We process user data to provide our online services. For this purpose, we process users’ IP addresses, which are necessary to deliver content and functions to users’ browsers or devices.

• Types of processed data: Usage data (e.g., page views, visit duration, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons); Log data (e.g., logins, data retrieval, access times).

• Affected individuals: Users (e.g., website visitors, online service users).

• Purposes of processing: Provision of our online services and ease of use; IT infrastructure (operation and provision of IT systems and devices, such as computers, servers, etc.); Security measures.

• Retention and deletion: Data is deleted according to the section “General Information on Data Storage and Deletion.”

• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Provision of Online Services on Rented Storage Space: To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”). Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called “server log files.” These server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volume, message about a successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, such as DDoS attacks), and also to ensure server load balancing and stability. Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of Data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is exempt from deletion until the respective incident is fully resolved.

Einsatz von Cookies

The term “cookies” refers to functions that store and retrieve information on users’ devices. Cookies can be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as analyzing visitor traffic. We use cookies in accordance with legal regulations. Where required, we obtain users’ prior consent. If consent is not necessary, we rely on our legitimate interests. This applies when storing and retrieving information is essential to provide explicitly requested content and functions. This includes storing settings and ensuring the functionality and security of our online offerings. Consent can be revoked at any time. We clearly inform users about the scope and types of cookies used.

Notes on legal bases under data protection law: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as explained in this section and in the context of the respective services and processes.

Storage duration: The following types of cookies are distinguished based on their storage duration:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest when a user leaves an online offering and closes their device (e.g., browser or mobile application).

• Permanent cookies: Permanent cookies remain stored even after closing the device. For example, they can store login status and display preferred content directly when a user revisits a website. Cookies can also be used for audience measurement. Unless we explicitly provide users with information on the type and duration of cookies (e.g., when obtaining consent), they should assume that these cookies are permanent and can be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke their given consent at any time and also object to processing in accordance with legal regulations, including via their browser’s privacy settings.

• Types of data processed: Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).

• Affected individuals: Users (e.g., website visitors, users of online services).

• Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Changes and Updates

We ask you to regularly review the contents of our privacy policy. We update the privacy policy as soon as changes in our data processing activities make this necessary. We will inform you if changes require your cooperation (e.g., consent) or another form of individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that these addresses may change over time. Therefore, we ask that you verify the information before making contact.

Definitions

This section provides an overview of the terminology used in this privacy policy. Where legal definitions exist, they apply. The following explanations are primarily intended to aid understanding.

• Metadata, communication data, and procedural data: These categories include information on how data is processed, transmitted, and managed. Meta-data, also known as “data about data,” describes the context, origin, and structure of other data, including file sizes, creation dates, authorship, and modification histories. Communication data records the exchange of information between users via various channels, such as email traffic, call logs, messages on social networks, and chat histories, including involved persons, timestamps, and transmission paths. Procedural data describes processes and workflows within systems or organizations, including workflow documentation, transaction logs, and audit logs used for tracking and verifying activities.

• Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. It includes a wide range of details about how applications are used, which features users prefer, how long they stay on specific pages, and how they navigate through an application. Usage data may also include usage frequency, activity timestamps, IP addresses, device information, and location data. Such data is valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Additionally, usage data plays a key role in identifying trends, preferences, and potential problem areas in digital offerings.

• Personal data: “Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.

• Log data: Log data consists of information about events or activities recorded in a system or network. This typically includes details such as timestamps, IP addresses, user actions, error messages, and other information about system usage or operation. Log data is often used for system troubleshooting, security monitoring, and performance reporting.

• Controller: A “controller” is a natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data.

• Processing: “Processing” refers to any operation or set of operations performed on personal data, whether or not by automated means. This term is broadly defined and includes virtually any handling of data, such as collection, analysis, storage, transmission, or deletion.