PRIVACY POLICY

This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter “data”) within the scope of providing our services and within our online offering and the websites, functions, and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

With regard to the terminology used (e.g., “processing” or “controller”), we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

CONTROLLER

Dominik Hauke
Am Leimbach 11
37296 Ringgau

Phone: 0176 / 60 36 47 29
Email: [[email protected]]

Website: www.Krypto-Horizont.de

Controller: Dominik Hauke

TYPES OF DATA PROCESSED

- Inventory data (e.g., master personal data, names, or addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).

CATEGORIES OF DATA SUBJECTS

Visitors and users of the online offering (hereinafter we refer to the affected persons collectively as “users”).

PURPOSE OF PROCESSING

- Provision of the online offering, its functions, and content.
- Responding to contact inquiries and communicating with users.
- Security measures.
- Reach measurement / marketing

TERMS USED

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

RELEVANT LEGAL BASES

Pursuant to Art. 13 GDPR, we inform you of the legal bases for our data processing. For users within the scope of the GDPR (i.e., the EU and EEA), the following applies if the legal basis is not explicitly stated in this Privacy Policy:

- The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR.
- The legal basis for processing to fulfill our services and to carry out contractual measures and to respond to inquiries is Art. 6(1)(b) GDPR.
- The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR.
- In case vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
- The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.
- The legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR.
- Processing of data for purposes other than those for which the data were collected is determined by the requirements of Art. 6(4) GDPR.
- Processing of special categories of data (as per Art. 9(1) GDPR) is determined by the requirements of Art. 9(2) GDPR.

SECURITY MEASURES

In accordance with the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data as well as access, input, disclosure, securing availability, and separation. We also have procedures in place to ensure the exercise of data subject rights, deletion of data, and responses to data threats.

Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

COOPERATION WITH PROCESSORS, JOINT CONTROLLERS, AND THIRD PARTIES

If, within the scope of our processing, we disclose data to other persons and companies (processors, joint controllers, or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of data to third parties such as payment service providers is required for contract fulfillment), user consent, a legal obligation, or our legitimate interests (e.g., use of agents, web hosts, etc.).

If we disclose, transmit, or otherwise grant access to data to other companies in our corporate group, this is done in particular for administrative purposes as a legitimate interest and additionally on a basis that complies with legal requirements.

TRANSFERS TO THIRD COUNTRIES

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or if this occurs within the scope of using third-party services or disclosure/transmission of data to other persons or companies, this is only done if it is necessary to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests.

Subject to statutory or contractual permissions, we process or have data processed in a third country only if the legal requirements are met. This means, for example, processing takes place on the basis of specific safeguards, such as an officially recognized determination of an adequate level of data protection corresponding to that of the EU, or compliance with officially recognized special contractual obligations.

RIGHTS OF DATA SUBJECTS

You have the right to request confirmation as to whether data concerning you are being processed and to obtain information about these data as well as further information and a copy of the data in accordance with the legal requirements.

You also have, in accordance with the legal requirements, the right to request completion of data concerning you or correction of inaccurate data concerning you.

You have the right, in accordance with the legal requirements, to request that data concerning you be deleted without undue delay, or alternatively to request restriction of processing of the data.

You have the right to receive the data concerning you that you provided to us in accordance with the legal requirements and to request their transmission to other controllers.

You also have the right, in accordance with the legal requirements, to lodge a complaint with the competent supervisory authority.

RIGHT OF WITHDRAWAL

You have the right to withdraw consent given with effect for the future.

RIGHT TO OBJECT

You may object at any time to the future processing of data concerning you in accordance with the legal requirements. In particular, you may object to processing for direct marketing purposes.

COOKIES AND RIGHT TO OBJECT TO DIRECT MARKETING

“Cookies” are small files stored on users’ computers. Cookies can store various information. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after their visit within an online offering.

Temporary cookies (also known as “session cookies” or “transient cookies”) are cookies that are deleted after a user leaves an online offering and closes their browser. For example, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie.

“Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, the login status can be stored if users return after several days. Interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes.

“Third-party cookies” are cookies offered by providers other than the controller who operates the online offering (otherwise, if only the controller’s cookies are used, they are “first-party cookies”).

We may use temporary and permanent cookies and provide information about this in this Privacy Policy.

If users do not want cookies stored on their computer, they are asked to disable the corresponding option in their browser settings. Stored cookies can be deleted in the browser settings. Disabling cookies may lead to functional limitations of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for many services—especially in the case of tracking—via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, storage of cookies can be prevented by disabling them in the browser settings. Please note that in this case not all functions of this online offering may be usable.

DELETION OF DATA

The data processed by us are deleted or restricted in processing in accordance with the legal requirements. Unless explicitly stated otherwise in this Privacy Policy, the data stored with us are deleted as soon as they are no longer necessary for their intended purpose and no statutory retention obligations prevent deletion.

If data are not deleted because they are required for other legally permissible purposes, their processing is restricted. This means the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

CHANGES AND UPDATES TO THIS PRIVACY POLICY

Please regularly inform yourself about the content of our Privacy Policy. We will adapt the Privacy Policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or another individual notification.

BUSINESS-RELATED PROCESSING

In addition, we process:
- Contract data (e.g., subject matter of the contract, term, customer category).
- Payment data (e.g., bank details, payment history)
from our customers, prospects, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.

ORDER PROCESSING IN THE ONLINE SHOP AND CUSTOMER ACCOUNT

We process our customers’ data within the scope of ordering processes in our online shop to enable them to select and order the chosen products and services and to facilitate payment and delivery or performance.

The processed data include inventory data, communication data, contract data, payment data. The data subjects include our customers, prospects, and other business partners. Processing is carried out for the purpose of providing contractual services as part of operating an online shop, billing, delivery, and customer service.

We use session cookies to store the contents of the shopping cart and persistent cookies to store the login status.

Processing is carried out to fulfill our services and to perform contractual measures (e.g., processing orders) and where legally required (e.g., legally required archiving of business transactions for commercial and tax purposes). The information marked as required is necessary for the establishment and fulfillment of the contract.

We disclose data to third parties only as part of delivery, payment, or within the scope of legal permissions and obligations, as well as where this is based on our legitimate interests, about which we inform you in this Privacy Policy (e.g., legal and tax advisors, financial institutions, freight companies, and authorities).

Users may optionally create a user account, in particular to view their orders. During registration, the required mandatory information is communicated to users. User accounts are not public and cannot be indexed by search engines. If users cancel their user account, their data relating to the user account will be deleted, subject to retention requirements under commercial and tax law.

Information in the customer account remains until it is deleted, with subsequent archiving in the event of a legal obligation or our legitimate interests (e.g., in the event of legal disputes). It is the users’ responsibility to secure their data before the end of the contract if they cancel.

During registration and renewed logins as well as use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the users’ interests in protection against misuse and other unauthorized use.

We do not disclose this data to third parties as a rule, unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation to do so.

Deletion takes place after the expiry of statutory warranty and other contractual rights or obligations (e.g., payment claims or performance obligations from contracts with customers); the necessity of retaining the data is reviewed every three years; where data is retained due to statutory archiving obligations, deletion occurs after their expiry.

AGENCY SERVICES

We process our customers’ data within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.

In doing so, we process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage and meta data (e.g., within the scope of analysis and performance measurement of marketing measures).

We generally do not process special categories of personal data unless they are part of commissioned processing. The data subjects include our customers, prospects, and their customers, users, website visitors or employees, as well as third parties. The purpose of processing is the provision of contractual services, billing, and our customer service. The legal bases for processing arise from Art. 6(1)(b) GDPR (contractual services) and Art. 6(1)(f) GDPR (legitimate interests).

EXTERNAL PAYMENT SERVICE PROVIDERS

We use external payment service providers via whose platforms users and we can carry out payment transactions (e.g., each with a link to the privacy policy: PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

Within the scope of fulfilling contracts, we use the payment service providers on the basis of Art. 6(1)(b) GDPR. Otherwise, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers include inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. The information is necessary to carry out the transactions. However, the entered data are processed and stored only by the payment service providers. This means we do not receive any account or credit card-related information, but only information confirming or negatively reporting the payment. Under certain circumstances, data may be transmitted by payment service providers to credit agencies. This transmission serves identity and creditworthiness checks. For this, we refer to the terms and privacy notices of the payment service providers.

Payment transactions are subject to the terms and privacy notices of the respective payment service providers, which can be accessed on their respective websites or transaction applications. We also refer to these for further information and for exercising withdrawal, information, and other data subject rights.

AMAZON EU AFFILIATE PROGRAM

Based on our legitimate interests (i.e., interest in the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we participate in the Amazon EU affiliate program, which was designed to provide a medium for websites through which advertising costs can be earned by placing ads and links to Amazon.de (so-called affiliate system). This means: as an Amazon Partner we earn from qualifying purchases.

Amazon uses cookies to be able to track the origin of orders. Among other things, Amazon can recognize that you clicked an affiliate link on this website and subsequently purchased a product from Amazon.

Further information on Amazon’s use of data and objection options can be found in the company’s privacy policy:
https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010

Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliated companies.

DIGISTORE24 AFFILIATE PROGRAM

Based on our legitimate interests (i.e., interest in the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we participate in the affiliate program of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany, which was designed to provide a medium for websites through which advertising costs can be earned by placing ads and links to Digistore24 (so-called affiliate system).

Digistore24 uses cookies to be able to track the origin of the contract conclusion. Among other things, Digistore24 can recognize that you clicked an affiliate link on this website and subsequently concluded a contract with or via Digistore24.

Further information on Digistore24’s use of data and objection options can be found in the company’s privacy policy:
https://www.digistore24.com/page/privacyl

PRIVACY NOTICE IN THE APPLICATION PROCESS

We process applicant data only for the purpose and within the scope of the application process in accordance with legal requirements. Processing of applicant data is carried out to fulfill our (pre-)contractual obligations within the application process within the meaning of Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, insofar as data processing becomes necessary for us, for example, in the context of legal proceedings (in Germany, § 26 BDSG also applies).

The application process requires that applicants provide us with the applicant data. The necessary applicant data are marked if we offer an online form, otherwise they result from the job descriptions and generally include information about the person, postal and contact addresses, and the documents belonging to the application such as cover letter, resume, and certificates. In addition, applicants can voluntarily provide additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this Privacy Policy.

NEWSLETTER

Newsletter content:
We send newsletters, emails, and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described as part of a subscription, they are decisive for users’ consent. Otherwise, our newsletters contain information about our services and about us.

Double opt-in and logging:
Subscription to our newsletter takes place in a double opt-in process. This means you will receive an email after registering in which you are asked to confirm your subscription. This confirmation is necessary so that no one can register with someone else’s email address. Newsletter subscriptions are logged so that the subscription process can be proven in accordance with legal requirements. This includes storing the time of subscription and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Subscription data:
To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you for a name for personalized addressing in the newsletter.

The sending of the newsletter and associated performance measurement is based on recipients’ consent pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with § 7(2) No. 3 UWG, or if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

Logging of the subscription process is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest is to use a user-friendly and secure newsletter system that serves our business interests as well as users’ expectations and also allows us to prove consent.

Cancellation/withdrawal:
You can cancel receiving our newsletter at any time, i.e., withdraw your consent. You will find a link to unsubscribe at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove prior consent. Processing of this data is restricted to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

NEWSLETTER – SHIPPING SERVICE PROVIDER

Newsletters are sent via the mailing service provider [NAME, ADDRESS, COUNTRY]. You can view the mailing service provider’s privacy policy here: [LINK TO THE PRIVACY POLICY]. The mailing service provider is used on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR and a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR.

Due to technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the mailing service provider to monitor individual users. The analyses help us understand our users’ reading habits and adapt our content to them or send different content according to users’ interests.

A separate withdrawal of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled.

HOSTING AND EMAIL DELIVERY

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services, which we use for the operation of this online offering.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects, and visitors of this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

COLLECTION OF ACCESS DATA AND LOG FILES

We, or our hosting provider, collect data about each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR.

The access data include the name of the accessed web page, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the incident has been fully clarified.

GOOGLE ANALYTICS

Based on our legitimate interests (i.e., interest in analysis, optimization, and the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield framework and thereby offers a guarantee to comply with European data protection law:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google will use this information on our behalf to evaluate users’ use of our online offering, compile reports on activity within this online offering, and provide us with other services related to the use of this online offering and internet usage. Pseudonymous usage profiles of users can be created from the processed data.

We use Google Analytics only with activated IP anonymization. This means the IP address of users is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not merged with other Google data.

Users can prevent the storage of cookies by adjusting their browser software settings; users can also prevent the collection of data generated by the cookie and related to their use of the online offering, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de

Further information on data use by Google, settings, and objection options can be found in Google’s Privacy Policy:
https://policies.google.com/privacy
and in the settings for displaying Google ads:
https://adssettings.google.com/authenticated

Users’ personal data are deleted or anonymized after 14 months.

GOOGLE ADSENSE WITH PERSONALIZED ADS

Based on our legitimate interests (i.e., interest in analysis, optimization, and the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

We use the AdSense service, which enables ads to be displayed on our website and allows us to receive compensation for their display or other use. For these purposes, usage data such as clicks on an ad and users’ IP addresses are processed, whereby the IP address is shortened by the last two digits. As a result, processing of users’ data is pseudonymized.

We use AdSense with personalized ads. On the basis of websites visited by users or apps used and the user profiles created thereby, Google draws conclusions about users’ interests. Advertisers use this information to align their campaigns with these interests, which benefits both users and advertisers. For Google, ads are personalized when collected or known data determine or influence the ad selection. This includes, among other things, prior search queries, activities, website visits, app usage, demographic and location information. Specifically, this includes: demographic targeting, targeting by interest categories, remarketing, and targeting by customer match lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.

Further information on data use by Google, settings, and objection options can be found in Google’s Privacy Policy for ads:
https://policies.google.com/technologies/ads
and in Google ad settings:
https://adssettings.google.com/authenticated

FACEBOOK PIXEL, CUSTOM AUDIENCES AND FACEBOOK CONVERSION

Within our online offering, due to our legitimate interests in analysis, optimization, and the economic operation of our online offering and for these purposes, the so-called “Facebook Pixel” of the social network Facebook is used. It is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield framework and thereby offers a guarantee to comply with European data protection law:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

With the help of the Facebook Pixel, Facebook is able to determine visitors of our online offering as a target group for the display of ads (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to show the Facebook Ads we place only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined by the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to users’ potential interest and are not annoying.