Privacy Policy

Data Protection

Data protection is obviously an important concern for us, and we also put the protection of personal data concretely into practice. As a first point, we try to collect as little data as possible. Where we do, you can expect us to handle your data sensitively and carefully.  

To protect the security of your data during transmission, we always use state-of-the-art encryption methods and protocols such as TLS and HTTPS.

We act in compliance with the EU General Data Protection Regulation, the GDPR. We will collect and process userspersonal information only to the extent described in this Privacy Policy.

Which data we collect

  • When visiting our pages your IP address, browser data and time of access will be stored temporarily. 
  • In case you choose to get into contact with us we will store the data you provide, like your name and your email address for communication purposes.
  • If you subscribe to our newsletter, we will store your email address. We use CleverReach for sending it out.

 What we use your data for

  • For regular operation of the Website.
  • To resolve technical issues and prevent spam or other attacks.
  • Stored IP addresses are deleted after a maximum of 7 days. 

Your rights

You can always contact us and ask for…

  • Information
  • Correction
  • Deletion
  • Restriction of processing
  • Access

…about/of the data stored about you. Please contact us by email:
(artur.andretta@port-zero.com ).

 

Privacy Policy – Detailed Version

I. Name and address of the responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

bothAnd gGmbH
Richardstr. 85/86
12043 Berlin

The controllers data protection officer is:

Port Zero GmbH
Artur Andretta
Paul-Lincke-Ufer 7e
10999 Berlin
Email: artur.andretta@port-zero.com 

II. General information about data processing

1. Nature and extent of the collection and processing of personal data

In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. 

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis. Insofar as processing of personal data is required to fulfill a legal obligation that is subject to BothAnd.eu, Art. 6 para. 1 lit. c GDPR as legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. It may also be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which bothAnd.eu is subject. A blocking or deletion of the data takes place also if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a contract conclusion or a contract fulfillment. Details can be found in the following sub-items.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data will be collected:

  1. Information about the browser type and the version used
  2. The operating system of your computer
  3. The Internet service provider you are using
  4. The IP address of your computer
  5.  Date and time of access
  6. Websites from which the users system accesses our website („referrers)
  7. Websites accessed by your system through our website

The data is stored temporarily in the log files of our system, and not stored together with other personal data.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, the IP address of your computer must remain stored for the duration of the session. Log files are stored to ensure the functionality of the website and the security of our information technology systems. We do not use IP addresses to identify you. The log file data is not evaluated for marketing purposes.

Our legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f GDPR lies in these purposes.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

  • In the case of the collection of data to provide the website, this is the case when the respective session is terminated.
  • If the IP address is stored in log files, this is the case after 7 days at the latest.

5. Possibility of opposition and removal

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of opposition.

IV. Contact Form

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is your consent, Art. 6 Para 1 lit a) GDPR.

In addition, we save your IP address and your browsers string on our server as measures of security. 

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data.

Once we have fully answered your inquiry we will store your data for 6 months for the purposes of the legitimate interests pursued by us as the controller. 

V. Newsletter

If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.

The provider is CleverReach GmbH & Co. KG. CleverReach is a service we use to organize and analyze the newsletter dispatch. The data you enter for newsletter subscription (e.g. email address) will be stored on CleverReach’s servers in Germany and Ireland.

The service of CleverRech enables us to analyze the behavior of newsletter recipients. For example the number of recipients who opened the newsletter and the kind of links they clicked are analyzed. With the help of so-called conversion tracking, we find out whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking the link in the newsletter. For more information on data analysis through the CleverReach newsletter, go to: https://www.cleverreach.com/de/funktion/reporting-und-tracking/.

Data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. 

If you do not want CleverReach to carry out an analysis, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

The data you have stored with us for the purpose of subscribing to the newsletter will be saved by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter, both from our servers and from the servers of CleverReach. 

For more information, see CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/.

We have concluded a contract for order data processing with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.

VII. Cookies

1. General Information

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.

When you first visit we provide you with a cookies permission banner seeking your consent to use of cookies as required by law. From this banner you will be able to access our cookies management tool. By clicking „Accept“ or clicking through to any part of the site, we will start to manage your visit using cookies.

2. Purpose of data processing

Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

3. Legal basis for data processing

The legal basis for such processing is based on your given consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR.

4. Duration of storage

When you close your browser, these session cookies are deleted.

VII. Data Processors

Commissioned data processing only proceeds on the basis of a data processing contract. We have entered such an agreement with all of our Processors. We disclose your Personal Data to the following service providers:

Raidboxes as the WordPress Hoster for our Website (RAIDBOXES GmbH Friedrich-Ebert-Straße 7 48153 Münster, https://raidboxes.io/datenschutzerklaerung/)

CleverReach as out Newsletter Service provider ( CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, https://www.cleverreach.com/de/datenschutz/)

Mailbox as our Email sending provider (Heinlein Support GmbH, Schwedter Straße 8/9B, 10119 Berlin, https://mailbox.org/de/datenschutzerklaerung )

VIII. COMMUNITY.BOTHAND.EU

1. General information

Below we inform you about the nature, extent and purpose of the processing of your personal data when using our website community.bothand.eu (henceforth, ‘platform’). Personal data are all the information, which relate to an identified or identifiable individuals.

2. When you visit our platform

When you visit our platform, our server gathers the following information from your terminal: browser type and version, operating system, the previously visited internet site (‘referrer’), IP address and time of the site view.

We gather and process this data, in order to ensure the smooth running of our platform and to recognise, to fend off and to pursue a misuse of our services. Furthermore, we use the gathered data for statistical purposes, in order to evaluate with which terminals and browser our platform is viewed, in order to continuously adapt and improve our offer on the basis of the users’ needs.

This data processing takes place on the basis of Article 6 Paragraph 1 Letter f of the GDPR. All of the technical data with personal reference mentioned in the first paragraph, we anonymise 30 days after collecting.

3. User Profile

When you create a user profile on our platform, we collect your e-mail address and a user name (pseudonym), freely chosen by you; without this data, we cannot create a user profile for you. Beyond that, you may voluntarily add further information to your user profile, for instance a profile photo.

When you have a user profile with us, we can, if requested, keep you informed about news from our platform. You can also change the settings in your user profile, to specify which notifications you wish to receive. You may revoke your consent at any time with future effect by adjusting the settings.

We retain the personal data associated with the user profile until the contractual relationship regarding the user profile has been ended with us. The legal basis for the processing of data in Article 6 Paragraph 1 Letter b of the GDPR.

4. No automatized decision making, no profiling

When deciding on the conclusion of a contract, we forgo automatized decision making and profiling.

5. Data processor

For the operation of our platform, we make use of the following data processors in accordance with Article 28 of the GDPR:

  • Authorised operator of the platform, also responsible for the anonymised evaluation of the data to improve the platform (see above): wechange e.G., Oberlandstr. 26-35, 12099 Berlin, Deutschland,
  • for web hosting: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany,
  • for e-mail dispatch and e-mail management by bothAnd gGmbh: Mailbox.org, Heinlein Support GmbH, Schwedter Straße 8/9A, 10119 Berlin, Germany.

6. Posts

When you write a post on our platform, for instance a discussion contribution or an event announcement, we save and publish your post in the corresponding place together with your username. You can determine in your user profile, which information from your user profile should be disclosed and to whom.

If your user profile with us is deleted, certain posts remain on our platform, so that other users can continue to work on them and continue to understand the course of a discussion (see § 3 Paragraph 3 of our Terms of Use), however we anonymise the user name previously shown with your posts. Personal data contained within the text of post – if you, for instance, wrote your own name – remain obtained after the deletion of a user profile.

7. Contact form and Communication via E-mail

When you send us a message via the contact form on our platform or via e-mail, we save your message with the sender data contained in it (name, e-mail address and, if applicable, further information added by your e-mail programme). To receive and save your messages, as well as sending our e-mails to you, we use the services of our web host (see above), who works for us as a data processor in accordance with Article 28 of the GDPR.

Legal basis for this data processing is our legitimate interest to answer your message and to be able to react to potential follow-up questions (Article 6 Paragraph 1 Letter f GDPR). We delete the data gather with your message at the very latest by the end of the calendar year, which follows the last communication with you regarding your concern, subject to the regulation in the following paragraph.

If you provide us with a legally relevant communication regarding an existing contractual relationship with us, the legal basis for its processing, regardless of how it was sent, is also Article 6 Paragraph 1 Letter b GDPR. In such a case, we delete the data connected with your explanation, as soon as all reciprocal claims from our contractual relationship are definitively settled and all commercial and tax legal retention periods have expired.

The e-mail servers used by us work with TLS and SSL, so that the transmission between your and our mail server is encrypted, if your e-mail provider also supports at least one of these encryption technologies. Also the data, which you submit in our contact form, is transmitted encrypted with SSL to our server.

8. Nutzung von Cookies

a. General Information

When you have logged into your user profile, we deposit ‘Cookies’ on your terminal. These are small text files, with which we can recognise your terminal again, if you visit our platform again at a later point. This includes a cookie that remembers your login status and remains stored for 60 days after every login, so that you do not need to login with your data again during this period (login cookie).

With the help of other cookies, we can also prevent improper use of our services (cross-site cookie), as well as analyse certain user behaviour (web analysis cookie), for instance, which parts of our platform you use, how long you stay on our platform and when and how often you return to our platform. We do not deposit a web analysis cookie if you have activated the ‘Do not track’ option in your browser settings.When you first visit we provide you with a cookies permission banner seeking your consent to use of cookies as required by law. From this banner you will be able to access our cookies management tool. By clicking „Accept“ or clicking through to any part of the site, we will start to manage your visit using cookies.

b. Purpose of data processing

Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

c. Legal basis for data processing

The legal basis for such processing is based on your given consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR.

d. Duration of storage

This data processing takes place on the basis of Article 6 Paragraph 1 Letter f GDPR in order to enable you a safe and comfortable operation of our platform, in order to align our platform even better with the interests of our visitors and the technology they use (terminals and browser types), and to analyse and optimise the technical functions of our website and the efficiency of any possible advertising.

A deposited cookie expires at the latest twelve months after your last visit to the platform, which means, that your terminal automatically deletes it after the expiry of this time.

VIII. Other transmission of data to third parties

1. General information

BothAnd.eu does not pass on any personal data to third parties unless there is a legal obligation to do so. We do not sell or market any personal data. However, the use of content from external providers that are integrated on the website may result in the transmission of data to them.

2. Social media links under articles

We do not use social media plug-ins, as this means that your information is immediately collected by these services with your IP address and your further activities on the Internet are logged. This would happen even if you do not click on any of the buttons. 

IX. Rights of the data subject

If your personal data is processed by us, you are the data subject within the meaning of the GDPR and you have the following rights against us:

1. Right to information

You may request confirmation from us as to whether personal data relating to you will be processed by us.

In the event of such processing, you may request the following information from us:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
  4. the planned duration of the retention of the personal data concerning you or, if it is not possible to provide specific information in this regard, criteria for determining the retention period;
  5. the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the origin of the data, if the personal data are not collected from the data subject;
  8. the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the relevant guarantees pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right of rectification and/or integration with us if the personal data processed concerning you is inaccurate or incomplete. The person responsible must rectify the data without delay

3. Right of restriction of processing

Under the following conditions, you may request that the processing of your personal data be restricted:

  1. if you dispute the accuracy of the personally identifiable information about you for a period of time that allows us to verify the accuracy of the personally identifiable information;
  2. the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
  3. we no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
  4. if you have lodged an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. If the processing restriction has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right to erasure

a) Cancellation obligation

You may request us to delete your personal information immediately and we are obligated to delete that information immediately for any of the following reasons:

  1. Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke the consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
  6. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 Para. 1 GDPR.

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist if the processing is necessary

  1. to the exercise of freedom of expression and of information;
  2. to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. on grounds of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
  4. for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under section a) presumably makes it impossible or seriously impairs the attainment of the objectives of such processing, or
  5. for the assertion, exercise or defence of legal claims.

5. Right to information

If you have exercised the right to correction, deletion or limitation of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction, deletion or limitation of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another responsible person without being hindered by the responsible person to whom the personal data has been provided, provided that

  1. the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  2. processing is carried out using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one responsible person to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR. We will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

8. Right to withdraw data protection consent

You have the right to revoke your privacy statement at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you reside, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is in breach of the GDPR. The supervisory authority with which the complaint was lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Berlin Commissioner for Data Protection and Freedom of Information
Maja Smoltczyk
An der Urania 4-10
10787 Berlin
mailbox@datenschutz-berlin.de

X. Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your next visit.

Last updated: 26 April 2020