LicenseJapan.com

Privacy Policy

Preamble

With the following privacy policy, we want to inform you about the types of your personal data (hereinafter also referred to as "data") that we process for which purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

As of: June 11, 2024

Table of Contents

Responsible Party

Christian Mittler
Am Schießstand 41
26122 Oldenburg

Email: info@mittlus.de

Imprint: https://licensejapan.com/imprint

Overview of Processing

The following overview summarizes the types of processed data and the purposes of their processing, and refers to the affected persons.

Types of Processed Data

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta-, communication-, and procedural data.
  • Log data.

Categories of Affected Persons

  • Service recipients and clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Target group formation.
  • Affiliate tracking.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offer and user-friendliness.
  • IT infrastructure.
  • Sales promotion.
  • Business processes and economic procedures.

Relevant Legal Basis

Relevant Legal Basis under the GDPR: The following is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1) sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special regulations on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes, and the transfer and automated decision-making in individual cases, including profiling. Additionally, the data protection laws of the individual federal states may apply.

Note on the Applicability of GDPR and Swiss DSG: These privacy notices are intended to provide information under both the Swiss DSG and the General Data Protection Regulation (GDPR). For this reason, please note that the terms of the GDPR are used due to their broader spatial application and comprehensibility. Specifically, instead of the terms "processing" of "personal data", "overriding interest", and "special categories of personal data" used in the Swiss DSG, the terms "processing" of "personal data" and "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal significance of the terms remains determined by the Swiss DSG within the framework of its applicability.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, securing availability, and separation of the data. We have also established procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, according to the principle of data protection by design and by default.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of personal data

When we process personal data, it may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing occurs as part of the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers occur only when the level of data protection is otherwise ensured, particularly through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49 para. 1 GDPR). Additionally, we will inform you of the basis for third-country transfers for each provider from the third country, with adequacy decisions being the primary basis. Information on third-country transfers and existing adequacy decisions can be found on the information portal of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure under the adequacy decision of 10.07.2023. You can find the list of certified companies as well as further information on the DPF on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We inform you in our data protection notices which service providers we use are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or there are no further legal grounds for processing. This applies to cases where the original purpose for processing ceases to exist or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or data that needs to be stored for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly.

Our data protection notices contain additional information on the retention and deletion of data that specifically apply to certain processing activities.

If multiple retention periods or deletion deadlines for a datum are specified, the longest period is always decisive.

If a period does not explicitly start on a specific date and lasts at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the time the termination becomes effective or the legal relationship otherwise ends.

Data that is no longer needed for the originally intended purpose but is retained due to legal requirements or other reasons is processed exclusively for the reasons that justify its retention.

Further information on processing activities, procedures, and services:

  • Retention and deletion of data: The following general periods apply to retention and archiving under German law:
    • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organizational documents necessary to understand them, booking vouchers, and invoices (§ 147 para. 3 in conjunction with para. 1 no. 1, 4, and 4a AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 and 4, para. 4 HGB).
    • 6 years - Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant for taxation, such as hourly wage slips, operating calculation sheets, calculation documents, price lists, as well as payroll documents, unless they are already booking vouchers, and cash register tapes (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 no. 2 and 3, para. 4 HGB).
    • 3 years - Data necessary to consider potential warranty and damage claims or similar contractual claims and rights, as well as related inquiries, based on previous business experiences and common industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly arising from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right to request confirmation as to whether your data is being processed and to obtain information about this data, as well as further information and a copy of the data, in accordance with legal requirements.
  • Right to rectification: You have the right to request the completion of your data or the correction of incorrect data concerning you, in accordance with legal requirements.
  • Right to erasure and restriction of processing: You have the right, under legal requirements, to request the immediate deletion of your data, or alternatively, under legal requirements, to request the restriction of the processing of the data.
  • Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, in accordance with legal requirements, or to request its transfer to another controller.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, particularly in the member state of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of your personal data violates the provisions of the GDPR.

Business Services

We process data from our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), in the context of contractual and similar legal relationships, as well as associated measures and in terms of communication with the contractual partners (or pre-contractually), such as to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any updating obligations, and remedies for warranty and other service disruptions. Furthermore, we use the data to safeguard our rights and for administrative tasks related to these obligations, as well as for company organization. We also process the data based on our legitimate interests in proper and economical business management, as well as in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, such as for marketing purposes, within the framework of this data protection declaration.

Which data is necessary for the aforementioned purposes is communicated to the contractual partners before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of legal warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons (e.g., usually ten years for tax purposes). Data disclosed to us by the contractual partner as part of an order is deleted in accordance with the specifications and generally after the end of the order.

  • Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved individuals).
  • Data Subjects: Service recipients and clients; interested parties; business and contractual partners.
  • Processing Purposes: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and economic procedures.
  • Retention and Deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Activities, Procedures, and Services:

  • Online Shop, Order Forms, E-Commerce, and Delivery: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, especially postal, freight, and shipping companies, to carry out the delivery or execution for our customers. For payment transactions, we use the services of banks and payment service providers. The necessary information is marked as such during the ordering or comparable acquisition process and includes the information required for delivery, provision, and billing as well as contact information for any necessary consultations; Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Business Processes and Procedures

Personal data of service recipients and clients – including customers, clients, or in special cases clients, patients, or business partners as well as other third parties – are processed in the context of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates economic operations in areas such as customer management, sales, payments, accounting, and project management.

The collected data serves to fulfill contractual obligations and to design operational processes efficiently. This includes handling business transactions, managing customer relationships, optimizing sales strategies, and ensuring internal accounting and financial processes. Additionally, the data supports the safeguarding of the rights of the controller and promotes administrative tasks and the organization of the company.

  • Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or); content data (e.g., textual or visual messages and posts as well as the information concerning them, such as authorship details). Contract data (e.g., contract subject, duration, customer category).
  • Data Subjects: Service recipients and clients; interested parties; communication partners; business and contractual partners.
  • Processing Purposes: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and economic procedures.
  • Retention and Deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Payment Procedures

In the context of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer the affected individuals efficient and secure payment options and use additional service providers alongside banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as the contract, total, and recipient-related information. The information is required to carry out the transactions. The entered data is processed only by the payment service providers and stored by them. This means that we do not receive any account or credit card information but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission is intended to verify identity and creditworthiness. For this, we refer to the terms and conditions and the data protection notices of the payment service providers.

For payment transactions, the terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information, and other data subject rights.

Business Services

We process data from our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships as well as related measures and in regard to communication with the contractual partners (or pre-contractually), for instance, to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the duties to provide the agreed services, any update obligations, and remedy in case of warranty and other performance disruptions. Furthermore, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and corporate organization. We also process the data based on our legitimate interests in proper and economic business management as well as security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., through the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only transfer the data of contractual partners to third parties to the extent that it is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, such as for marketing purposes, within the framework of this data protection declaration.

We inform the contractual partners about which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (typically ten years for tax purposes). Data disclosed to us by the contractual partner in the course of an order is deleted in accordance with the order specifications and generally after the order ends.

  • Processed data types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Service recipients and clients; prospects; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and economic procedures.
  • Retention and deletion: Deletion as per the information in the section "General information on data retention and deletion".
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing procedures, processes, and services:

  • Online shop, order forms, e-commerce, and delivery: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we employ service providers, particularly postal, forwarding, and shipping companies, to carry out delivery or execution to our customers. For payment processing, we use the services of banks and payment service providers. The required details are indicated as such in the context of the order or similar acquisition process and include the details necessary for delivery, provision, and billing, as well as contact information for any necessary consultations; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Business Processes and Procedures

Personal data of service recipients and clients – including customers, clients, or in specific cases, mandators, patients, or business partners as well as other third parties – are processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates economic processes in areas like customer management, sales, payments, accounting, and project management.

The collected data serves to fulfill contractual obligations and make business processes efficient. This includes handling business transactions, managing customer relationships, optimizing sales strategies, and ensuring internal billing and financial processes. Additionally, the data supports the protection of the controller's rights and promotes administrative tasks and corporate organization.

Personal data may be disclosed to third parties if necessary for the fulfillment of the aforementioned purposes or legal obligations

  • Processed data types: Inventory data (e.g., full name, home address, contact information, customer number); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or); content data (e.g., textual or visual messages and contributions, as well as information pertaining to them, such as authorship details); contract data (e.g., contract subject, duration, customer category).
  • Data subjects: Service recipients and clients; prospects; communication partners; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and economic procedures.
  • Retention and deletion: Deletion as per the information in the section "General information on data retention and deletion".
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Payment Procedures

In the context of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the affected individuals efficient and secure payment options and employ additional service providers besides banks and credit institutions (collectively "payment service providers").

Payment Processing

The data processed by payment service providers includes inventory data such as name and address, bank data such as account or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. These details are necessary to conduct transactions. The entered data is processed solely by the payment service providers and stored by them. This means we do not receive any account or credit card information but only information confirming or rejecting the payment. In some cases, the payment service providers may forward the data to credit agencies to verify identity and creditworthiness. We refer you to the terms and conditions and the data privacy policies of the payment service providers for more details.

The business terms and data privacy policies of the respective payment service providers apply to the payment transactions and can be accessed within their websites or transaction applications. We also refer to these for further information and the assertion of rights to withdraw consent, request information, and other rights of affected individuals.

  • Processed Data Types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., contract subject, term, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices used, operating systems, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected Individuals: Service recipients and clients; business and contractual partners; interested parties.
  • Purposes of Processing: Fulfillment of contractual services and obligations; business processes and economic procedures.
  • Retention and Deletion: Deletion according to the specifications in the section "General Information on Data Storage and Deletion".
  • Legal Basis: Fulfillment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing, Procedures, and Services:

  • Stripe: Payment services (technical integration of online payment methods); Service Provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal Basis: Fulfillment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://stripe.com; Privacy Policy: https://stripe.com/de/privacy; Third Country Transfer Basis: Data Privacy Framework (DPF).

Provision of Online Services and Web Hosting

We process the data of users to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device.

  • Processed Data Types: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices used, operating systems, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); log data (e.g., logins, data retrieval or access times).
  • Affected Individuals: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); security measures.
  • Retention and Deletion: Deletion according to the specifications in the section "General Information on Data Storage and Deletion".
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Information on Processing, Procedures, and Services:

  • Provision of Online Services on Rented Storage Space: To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a "web host"); Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called "server log files." The server log files may include the addresses and names of the accessed websites and files, date and time of access, transferred data volumes, messages about successful access, browser types and versions, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, such as to prevent server overload (especially in case of abusive attacks, such as DDoS attacks), and to ensure the stability of the servers; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes is excluded from deletion until the respective incident is finally resolved.
  • STRATO: Services in the field of IT infrastructure provision and related services (e.g., storage space and/or computing capacities); Service Provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.strato.de; Privacy Policy: https://www.strato.de/datenschutz/; Data Processing Agreement: Provided by the service provider.

Use of Cookies

Cookies are small text files or other storage markers that store and retrieve information on devices. For example, to save the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or used functions of an online service. Cookies can also be used for various purposes, such as for the functionality, security, and convenience of online services, as well as for analyzing visitor traffic.

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Permission is not necessary in particular if the storage and retrieval of information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online service) they expressly request. The revocable consent is clearly communicated to them and includes information on the respective cookie usage.

Notes on data protection legal bases: The legal basis on which we process the personal data of users using cookies depends on whether we ask them for consent. If users agree, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the economic operation of our online service and the improvement of its usability) or, if this is necessary to fulfill our contractual obligations, when the use of cookies is required to meet our contractual obligations. We clarify the purposes for which cookies are used in the course of this privacy policy or in the context of our consent and processing processes.

Storage duration: In terms of storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), they should assume that they are permanent and can be stored for up to two years.

General notes on withdrawal and objection (opt-out): Users can withdraw their given consents at any time and also object to processing according to legal requirements, including through the privacy settings of their browser.

  • Processed data types: Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, involved persons).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Consent (Art. 6(1) sentence 1 lit. a GDPR).

Further notes on processing procedures, methods, and services:

  • Processing of cookie data based on consent: We use a consent management solution to obtain user consent for the use of cookies or the procedures and providers mentioned within the consent management solution. This procedure is used to obtain, record, manage, and revoke consents, particularly concerning the use of cookies and similar technologies for storing, reading, and processing information on users' devices. In this process, users' consents for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management process, are obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated requests and to be able to provide proof of consent according to legal requirements. Storage is server-side and/or in a cookie (so-called opt-in cookie) or using similar technologies to associate the consent with a specific user or their device. Unless specific information about the providers of consent management services is provided, the following general notes apply: The storage duration of the consent is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, the details of the scope of the consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and used device; Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the framework of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested actions.

  • Processed Data Types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts, as well as information related to them, such as authorship details or creation times); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types, and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form); provision of our online offer and user-friendliness.
  • Retention and Deletion: Deletion according to the information provided in the section "General Information on Data Retention and Deletion".
  • Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); contract fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Further Notes on Processing Procedures, Methods, and Services:

  • Contact Form: When contacting us via our contact form, email, or other communication methods, we process the personal data provided to us to respond to and handle the respective request. This usually includes details such as name, contact information, and possibly other information provided to us that are necessary for appropriate handling. We use this data exclusively for the stated purpose of contact and communication; Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or based on a legal basis. If the contents of the newsletter are specified within the scope of registration, they are decisive for the consent of the users. For subscribing to our newsletter, it is usually sufficient to provide your email address. However, to offer you a personalized service, we may ask for your name for personal address in the newsletter or for additional information if necessary for the purpose of the newsletter.

Deletion and restriction of processing: We can store the unsubscribed email addresses based on our legitimate interests for up to three years before deleting them to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called "blocklist").

The logging of the registration process is based on our legitimate interests to prove its proper course. If we commission a service provider to send emails, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents:

Information about us, our services, actions, and offers.

  • Processed Data Types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail).
  • Retention and Deletion: 3 years - Contractual Claims (AT) (Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights, and to handle related inquiries, based on past business experience and common industry practices, will be stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB). 10 years - Contractual Claims (CH) (Data necessary to consider potential compensation claims or similar contractual claims and rights, and to handle related inquiries, based on past business experience and common industry practices, will be stored for the duration of the statutory limitation period of ten years, unless a shorter period of 5 years is relevant in certain cases (Art. 127, 130 OR)).
  • Legal Bases: Consent (Art. 6(1) sentence 1 lit. a GDPR).
  • Opt-Out Option: You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to unsubscribe from the newsletter can be found at the end of each newsletter, or you can use one of the above-mentioned contact options, preferably email.

Promotional Communication via Email, Mail, Fax, or Phone

We process personal data for the purposes of promotional communication, which can be carried out through various channels, such as email, phone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke consents given at any time or to object to promotional communication at any time.

After revocation or objection, we store the data necessary to prove the previous authorization to contact or send for up to three years after the end of the year of revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest to permanently observe the revocation or objection of users, we also store the data required to prevent further contact (e.g., depending on the communication channel, the email address, phone number, name).

  • Processed Data Types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., textual or visual messages and posts, as well as information related to them, such as authorship details or creation times).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail); marketing; sales promotion.
  • Retention and Deletion: Deletion according to the information provided in the section "General Information on Data Retention and Deletion".
  • Legal Bases: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Online Marketing

We process personal data for the purpose of online marketing, which may include marketing advertising space or displaying advertising and other content (collectively referred to as "content") based on potential user interests and measuring their effectiveness.

For these purposes, user profiles are created and stored in a file (the so-called "cookie") or similar procedures are used to store information relevant to the display of the aforementioned content. This may include viewed content, visited websites, used online networks, as well as communication partners and technical information such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

Additionally, the IP addresses of users are stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored within the online marketing process, but rather pseudonyms. This means that we and the providers of the online marketing procedures do not know the actual identity of the users, only the information stored in their profiles.

The statements in the profiles are usually stored in the cookies or by similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with other data stored on the server of the online marketing procedure provider.

In exceptional cases, it is possible to assign clear data to the profiles, primarily if users are, for example, members of a social network whose online marketing procedure we use, and the network connects the user profiles with the aforementioned information. We ask users to note that they may make additional agreements with the providers, such as consenting during registration.

We generally only have access to aggregated information about the success of our advertisements. However, within the scope of so-called conversion measurements, we can determine which of our online marketing procedures have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely for the purpose of analyzing the success of our marketing measures.

Unless otherwise indicated, please assume that the cookies used are stored for a period of two years.

Notes on Legal Bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

Notes on Revocation and Objection:

We refer to the privacy notices of the respective providers and the opt-out options provided to the providers (so-called "opt-out"). If no explicit opt-out option has been provided, you can disable cookies in your browser settings. However, this may limit the functionality of our online offering. Therefore, we additionally recommend the following opt-out options, which are offered collectively for specific areas:

a) Europe: https://www.youronlinechoices.eu

b) Canada: https://www.youradchoices.ca/choices

c) USA: https://www.aboutads.info/choices

d) Cross-border: https://optout.aboutads.info

  • Types of data processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication-, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, identification of recurring visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); audience building; marketing; profiles with user-related information (creating user profiles). Conversion measurement (measuring the effectiveness of marketing measures).
  • Retention and deletion: Deletion according to the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise indicated, cookies and similar storage methods may be stored on users' devices for a period of up to two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

  • Google Ads and Conversion Measurement: Online marketing method for placing content and advertisements within the service provider's advertising network (e.g., in search results, in videos, on websites, etc.), so that they are displayed to users who are presumed to have an interest in the advertisements. Additionally, we measure the conversion of the ads, i.e., whether users interacted with the ads and used the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF); Further information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing terms between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.
  • Google Adsense with personalized ads: We integrate the Google Adsense service, which allows us to place personalized ads within our online offering. Google Adsense analyzes user behavior and uses this data to display targeted advertising tailored to the interests of our visitors. We receive financial compensation for each ad placement or other uses of these ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF); Further information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing terms for Google advertising products: Information on the services, data processing terms between controllers, and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.

Offering an Affiliate Program

We offer an affiliate program, i.e., commissions or other benefits (collectively referred to as "commission") for users (referred to as "affiliates") who refer to our offers and services. The referral is made via a link assigned to the respective affiliate or other methods (e.g., discount codes) that allow us to recognize that the use of our services was based on the referral (collectively referred to as "affiliate links").

In order to track whether users have used our services due to the affiliate links used by the affiliates, it is necessary for us to know that users followed an affiliate link. The assignment of affiliate links to the respective business transactions or the use of our services serves only the purpose of commission settlement and is removed once it is no longer necessary for this purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links can be supplemented with certain values that are part of the link or otherwise stored, e.g., in a cookie. These values may include the originating website (referrer), the time, an online identifier of the operators of the website where the affiliate link was located, or an online identifier.

  • Types of data processed: Contract data (e.g., contract object, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with); log data (e.g., log files concerning logins or data retrieval).
  • Affected persons: Users (e.g., website visitors); business and contract partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; affiliate tracking.
  • Retention and deletion: Deletion according to the information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. When users rate us or provide feedback through the involved rating platforms or procedures, the general terms or usage conditions and the privacy notices of the providers also apply. Generally, the review also requires registration with the respective providers.

To ensure that the reviewing persons have actually used our services, we transmit the necessary data regarding the customer and the used service to the respective rating platform (including name, email address, and order number or item number) with the customer's consent. These data are used solely to verify the authenticity of the user.

  • Types of data processed: Contract data (e.g., contract object, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta-, communication-, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).
  • Affected persons: Service recipients and clients; users (e.g., website visitors, users of online services).
  • Purposes of processing: Feedback (e.g., collecting feedback via online form); marketing.
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

  • Review widget: We integrate so-called "review widgets" into our online offering. A widget is a functional and content element integrated into our online offering that displays variable information. It can be displayed, for example, in the form of a seal or a similar element, sometimes also called a "badge". The corresponding content of the widget is displayed within our online offering but is retrieved from the servers of the respective widget provider at that moment. This is the only way to always display the current content, especially the current rating. To do this, a data connection must be established from the website called up within our online offering to the server of the widget provider, and the widget provider receives certain technical data (access data, including IP address) that are necessary to deliver the widget's content to the user's browser. Furthermore, the widget provider receives information that users have visited our online offering. This information can be stored in a cookie and used by the widget provider to recognize which online offerings participating in the review process have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Plugins and Embedded Functions and Content

We embed functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (hereinafter collectively referred to as "content").

The embedding always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is thus necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as be linked to such information from other sources.

Notes on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta-, communication-, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; marketing. Profiles with user-related information (creation of user profiles).
  • Retention and deletion: Deletion according to the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods can be stored on users' devices for a period of two years.).
  • Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Google Fonts (Access from Google Server): Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols in terms of freshness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be provided to the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA - When visiting our online offering, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for accessing the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. At the Google Fonts Web API, the user agent must adapt the font to the browser type being generated. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and an aggregated report on top integrations based on the number of font requests can be generated. According to its own information, Google does not use any of the information collected by Google Fonts to create user profiles or to display targeted advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfers: Data Privacy Framework (DPF). Further Information: https://developers.google.com/fonts/faq/privacy?hl=en.
  • X-Plugins and Content: Plugins and buttons of the platform "X" - These may include, for example, content such as images, videos, or texts and buttons with which users can share content of this online offering within X; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://x.com/de; Privacy Policy: https://x.com/de/privacy, (Settings: https://x.com/personalization); Data Processing Agreement: https://privacy.x.com/en/for-our-partners/global-dpa. Basis for Third-Country Transfers: Standard Contractual Clauses (https://privacy.x.com/en/for-our-partners/global-dpa).

Created with the free privacy policy generator from Dr. Thomas Schwenke

© LicenseJapan.comImprintPrivacy PolicyTerms of ServiceContactSupport
    We use cookies

    We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our Privacy Policy.

    By clicking "Accept", you agree to our use of cookies.