Privacy Policy

Effective Date: July 19, 2024

Table of Contents

1. Controller
2. Overview of Processing Activities
3. Legal Basis
4. Security Measures
5. Transfer of Personal Data
6. International Data Transfers
7. General Information on Data Storage and Deletion
8. Rights of Data Subjects
9. Business Services
10. Provision of the Online Offering and Web Hosting
11. Use of Cookies
12. Blogs and Publication Media
13. Contact and Inquiry Management
14. Web Analysis, Monitoring, and Optimization
15. Plugins and Embedded Functions and Content

Controller

Basler, Florian
Graf-Erpo Str. 22
31515 Wunstorf, Germany

Email: iftheyhadheldbitcoin@gmx.de

Overview of Processing Activities

Types of Data Processed

• Inventory data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication, and procedural data
• Log data

Categories of Data Subjects

• Service recipients and clients
• Interested parties
• Communication partners
• Users
• Business and contract partners

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations
• Communication
• Security measures
• Reach measurement
• Office and organizational procedures
• Organizational and administrative procedures
• Feedback
• Profiles with user-related information
• Provision of our online offering and user-friendliness
• IT infrastructure
• Business processes and economic procedures

Legal Basis

Relevant Legal Basis under GDPR

Below is an overview of the legal basis of the GDPR on which we process personal data. Please note that national data protection regulations in your or our country of residence or seat may apply in addition to the GDPR regulations. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a Contract and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
• Legal Obligation (Art. 6(1)(c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate Interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National Data Protection Regulations in Germany

In addition to the GDPR, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (BDSG), which contains special provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. State data protection laws of the individual federal states may also apply.

Note on the Applicability of GDPR and Swiss Data Protection Act (DSG)

These privacy notices serve both to provide information under the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader geographical application and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms used in the Swiss DSG "processing" of "personal data," "overriding interest," and "particularly sensitive personal data," the terms "processing" of "personal data," "legitimate interest," and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms is determined according to the Swiss DSG within the scope of its applicability.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the relevant access, input, transmission, securing availability, and separation. We have also established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures according to the principle of data protection through technology design and by default privacy-friendly settings.

Transfer of Personal Data

In the course of our processing of personal data, it happens that this data is transferred to other locations, companies, legally independent organizational units, or persons or disclosed to them. The recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of services from third parties or the disclosure or transfer of data to other persons, bodies, or companies, this is done only in accordance with the legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the data protection level is otherwise guaranteed, in particular through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Art. 49(1) GDPR). Additionally, we will inform you about the foundations of third country transfer in the context of individual providers from third countries, whereby the adequacy decisions are given priority. Information on third country transfers and existing adequacy decisions can be found on the European Commission's website: EU Commission Data Protection.

EU-US Trans-Atlantic Data Privacy Framework

In the context of the "Data Privacy Framework" (DPF), the European Commission has also recognized the data protection level for certain companies from the USA as safe through the adequacy decision dated 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce: Data Privacy Framework. We inform you in our privacy notices which service providers we use that are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the consents on which the processing is based are revoked or other legal grounds no longer exist. This applies to cases where the original processing purpose ceases to exist or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require a longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or data whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on data storage and deletion specifically applicable to certain processing activities.

If multiple retention periods or deletion deadlines for data are specified, the longest period is always decisive.

If a period does not explicitly begin on a certain date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the effective date of termination or other termination of the legal relationship.

Data that is no longer needed for the original purpose but must be retained due to legal requirements or other reasons will only be processed for the purposes justifying its retention.

Further Information on Processing Activities, Procedures, and Services

Data Retention and Deletion:

The following general periods apply to retention and archiving under German law:

• 10 Years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the necessary work instructions and other organizational documents for their understanding, booking receipts, and invoices (§ 147(3) in conjunction with (1) Nos. 1, 4, and 4a AO, § 14b(1) UStG, § 257(1) Nos. 1 and 4, (4) HGB).
• 6 Years - Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant for taxation, e.g., time sheets, cost accounting sheets, calculation documents, price labels, but also payroll documents if they are not already booking receipts and cash register tapes (§ 147(3) in conjunction with (1) Nos. 2, 3, 5 AO, § 257(1) Nos. 2 and 3, (4) HGB).
• 3 Years - Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries, are stored for the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of Affected Individuals under the GDPR

As an affected individual, the GDPR grants you various rights, particularly from Articles 15 to 21 GDPR:

• Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling related to such direct marketing.
• Right to Withdraw Consent: You have the right to withdraw consents given at any time.
• Right to Access: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data along with further information and copies of the data as stipulated by law.
• Right to Rectification: You have the right, as stipulated by law, to request the completion or correction of your data.
• Right to Erasure and Restriction of Processing: You have the right, under the legal stipulations, to request the immediate erasure of your data or, alternatively, to request a restriction of processing of your data under the legal stipulations.
• Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal stipulations.
• Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

Business Services

We process data from our contractual and business partners, such as customers and interested parties (collectively referred to as "contractual partners"), within the scope of contractual and similar legal relationships, as well as associated measures and for communication with the contractual partners (or pre-contractual), e.g., to respond to inquiries.

We use this data to fulfill our contractual obligations, including the obligations to provide the agreed services, any update obligations, and remedies in case of warranty and other service disruptions. Additionally, we use the data to protect our rights and for administrative tasks and business organization related to these obligations. We also process the data based on our legitimate interests in proper and economic business management and security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only share the data of contractual partners with third parties as necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, such as for marketing purposes, within this privacy policy.

We inform contractual partners about which data is necessary for the aforementioned purposes before or during data collection, e.g., in online forms, through specific markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of legal warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it needs to be retained for legal reasons (e.g., for tax purposes, typically ten years). Data disclosed to us by the contractual partner as part of an order is deleted according to the specifications and generally after the end of the order.

Processed Data Types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta-, communication-, and procedural data (e.g., IP addresses, time details, identification numbers, involved persons). Affected Individuals: Service recipients and clients; interested parties; business and contractual partners. Processing Purposes: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and economic procedures. Storage and Deletion: Deletion as per the information in the "General Information on Data Storage and Deletion" section. Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing, Procedures, and Services:

• Online Shop, Order Forms, E-Commerce, and Delivery: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, especially postal, forwarding, and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers for processing payment transactions. The necessary details are marked as such during the order or comparable purchase process and include the information needed for delivery or provision and billing, as well as contact information to clarify any queries; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Provision of Online Services and Web Hosting

We process users' data to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device.

Processed Data Types: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta-, communication-, and procedural data (e.g., IP addresses, time details, identification numbers, involved persons); log data (e.g., log files related to logins or data retrieval or access times). Affected Individuals: Users (e.g., website visitors, users of online services). Processing Purposes: Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures. Storage and Deletion: Deletion according to the information in the "General Information on Data Storage and Deletion" section. Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing, Procedures, and Services:

• Collection of Access Data and Log Files: Access to our online offer is logged in the form of "server log files." Server log files can include the address and name of the retrieved websites and files, date and time of retrieval, transmitted data volumes, message about successful retrieval, browser type and version, user's operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overloads (especially in case of abusive attacks, such as DDoS attacks), and to ensure the server's stability and performance; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Data Deletion: Log file information is stored for up to 30 days and then deleted or anonymized. Data required for evidence purposes are excluded from deletion until the incident is finally clarified.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read from them. They are used, for example, to save login statuses in a user account, a shopping cart content in an online shop, the retrieved content or used functions of an online offer. Cookies can also be used for different purposes, such as ensuring the functionality, security, and comfort of online offers and creating analyses of visitor flows.

Consent Notice: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless it is not required by law. Permission is not necessary, particularly if the storage and reading of information, including cookies, is absolutely necessary to provide users with a service they expressly requested (i.e., our online offer). The revocable consent is clearly communicated to them and contains information on the respective cookie usage.

Legal Basis Notice: The legal basis for processing personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in a commercially viable operation of our online offer and its improvement) or, if necessary for fulfilling our contractual obligations, if the use of cookies is required to fulfill our contractual obligations. The purposes for which cookies are used are explained in this privacy policy or within our consent and processing processes.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

• Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after closing the device. For example, the login status can be saved, and preferred content can be displayed directly when users visit a website again. User interests used for range measurement or marketing purposes can also be stored in such a cookie.
• First-Party Cookies: First-party cookies are set by us.
• Third-Party Cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
• Necessary Cookies (also: Essential or Absolutely Necessary Cookies): Cookies can be absolutely necessary for the operation of a website (e.g., to save logins or other user entries or for security reasons).
• Statistics, Marketing, and Personalization Cookies: Furthermore, cookies are also generally used in the context of range measurement and when a user's interests or behavior (e.g., viewing certain content, using functions, etc.) are to be stored on individual websites in a user profile. These profiles are used to display users, e.g., content that matches their potential interests. This procedure is also referred to as "tracking," i.e., tracking the potential interests of users. If we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or as part of obtaining consent.

Further Notes on Processing, Procedures, and Services:

• Processing Cookie Data Based on Consent: We use a cookie consent management procedure in which users' consents to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, can be obtained and managed and revoked by the users. The consent declaration is stored to avoid repeated requests and to be able to prove consent in accordance with the legal obligation. The storage can be server-side and/or in a cookie (so-called opt-in cookie or with comparable technologies) to be able to assign the consent to a user or their device. Subject to individual information about the cookie consent service providers, the following information applies: The duration of storing the consent can be up to two years. A pseudonymous user identifier is created and stored together with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, system, and end device used. Legal Bases: Consent (Art. 6(1)(a) GDPR). Management, Deletion, and Further Information: If users do not want cookies to be stored on their device, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

Blogs and Publication Media

We use blogs and similar online communication and publication media (hereinafter referred to as "Publication Medium"). The data of readers is processed only to the extent necessary for the presentation and communication between authors and readers, or for security reasons. For further information regarding the processing of visitors' data on our Publication Medium, please refer to the privacy information provided.

Processed Data Types:

• Personal Data: Such as full name, home address, contact information, customer number, etc.
• Contact Data: Such as postal and email addresses or phone numbers.
• Content Data: Such as textual or visual messages and contributions, including information related to authorship or creation time.
• Usage Data: Such as page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features.
• Meta-, Communication- and Procedural Data: Such as IP addresses, timestamps, identification numbers, involved parties.

Affected Persons: Users (e.g., website visitors, online service users).

Purposes of Processing:

• Feedback collection (e.g., via online forms)
• Providing and improving our online offerings
• Security measures
• Organizational and administrative processes

Storage and Deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion."

Legal Bases:

• Legitimate Interests (Art. 6(1)(f) GDPR)

Additional Information on Processing Processes, Procedures, and Services:

Comments and Contributions: If users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done to ensure our security in case someone posts unlawful content (e.g., insults, prohibited political propaganda). We may also need to know the identity of the author to avoid liability for such content.

Spam Detection: Based on our legitimate interests, we may process user data to detect spam.

Surveys: IP addresses may be stored during surveys to prevent multiple voting and cookies may be used.

Retention of Personal Information: Information provided in comments and contributions, including contact and website information and content details, will be stored until users object, based on our legitimate interests (Art. 6(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., via post, contact form, email, phone, or social media) or in the context of existing user and business relationships, the details of the inquiring persons are processed as necessary to answer inquiries and handle requested actions.

Processed Data Types:

• Personal Data: Such as full name, home address, contact information, customer number.
• Contact Data: Such as postal and email addresses or phone numbers.
• Content Data: Such as textual or visual messages and contributions, including authorship or creation time.
• Usage Data: Such as page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features.
• Meta-, Communication- and Procedural Data: Such as IP addresses, timestamps, identification numbers, involved parties.

Affected Persons: Communication partners.

Purposes of Processing:

• Communication
• Organizational and administrative procedures
• Feedback collection (e.g., via online forms)
• Providing and improving our online offerings

Storage and Deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion."

Legal Bases:

• Legitimate Interests (Art. 6(1)(f) GDPR)
• Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR)

Additional Information on Processing Processes, Procedures, and Services:

• Contact Form: When contacting via our contact form, email, or other communication methods, we process the personal data provided to address and handle the inquiry. This usually includes details like name, contact information, and any additional information necessary for adequate processing. This data is used exclusively for the purpose of contact and communication. Legal bases include contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also known as "reach measurement") is used to evaluate visitor traffic on our online offerings and may include pseudonymous data on behavior, interests, or demographics, such as age or gender. Web analysis helps us understand how our online offering is used, identify frequently used functions or content, and determine areas needing optimization.

In addition to web analysis, we may use testing procedures to evaluate different versions of our online offering or its components.

Processed Data Types:

• Usage Data: Such as page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features.
• Meta-, Communication- and Procedural Data: Such as IP addresses, timestamps, identification numbers, involved parties.

Affected Persons: Users (e.g., website visitors, online service users).

Purposes of Processing:

• Reach measurement (e.g., access statistics, identifying recurring visitors)
• Creating user profiles with user-related information
• Providing and improving our online offerings

Storage and Deletion: Data deletion according to the section "General Information on Data Storage and Deletion." Cookies may be stored for up to 2 years.

Security Measures: IP masking (pseudonymization of IP addresses).

Legal Bases:

• Consent (Art. 6(1)(a) GDPR)
• Legitimate Interests (Art. 6(1)(f) GDPR)

Additional Information on Processing Processes, Procedures, and Services:

Google Analytics: We use Google Analytics to measure and analyze the use of our online offerings based on pseudonymous user identification numbers. These numbers do not contain personal data like names or email addresses but help link analysis information to an end device. Google Analytics does not store individual IP addresses for EU users but provides broad geographical location data. For EU traffic, IP addresses are used only for geographic location and are deleted immediately. Google Analytics only processes pseudonymous data and does not record personal identifiers.

• Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Legal Bases: Consent (Art. 6(1)(a) GDPR)
• Website: Google Analytics
• Privacy Policy: Google Privacy Policy
• Contract for Data Processing: Google Ads Processor Terms
• Basis for Transfers to Third Countries: Data Privacy Framework (DPF)
• Opt-Out Option: Opt-Out Plugin
• Ad Personalization Settings: Google Ad Center
• More Information: Google Ads Services

Plug-ins and Embedded Functions

We incorporate functional and content elements into our online offering from third-party servers (hereinafter referred to as "Third-Party Providers"). This may include graphics, videos, or maps.

Incorporating these elements usually requires the Third-Party Providers to process the IP address of users, as without it, they cannot send the content to the users' browsers. We strive to use only content from providers who use the IP address solely for content delivery. Third-Party Providers may also use pixel tags (invisible graphics) for statistical or marketing purposes, allowing them to track visitor traffic on the site.

Processed Data Types:

• Usage Data: Such as page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features.
• Meta-, Communication- and Procedural Data: Such as IP addresses, timestamps, identification numbers, involved parties.

Affected Persons: Users (e.g., website visitors, online service users).

Purposes of Processing:

• Providing and improving our online offerings.

Storage and Deletion: Data deletion according to the section "General Information on Data Storage and Deletion." Cookies may be stored for up to 2 years.

Legal Bases:

• Consent (Art. 6(1)(a) GDPR)
• Legitimate Interests (Art. 6(1)(f) GDPR)

Additional Information on Processing Processes, Procedures, and Services:

Google Fonts (Fetched from Google Servers): Fonts and symbols are used for a technically secure, maintenance-free, and efficient usage experience. The provider of the fonts receives the IP address to provide the fonts to the users' browsers. Technical data, such as language settings and screen resolution, may also be transmitted. This data may be processed on a server in the USA. Google Fonts does not log or analyze IP addresses and uses collected data only for technical support and aggregated usage statistics.

• Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR)
• Website: Google Fonts
• Privacy Policy: Google Privacy Policy
• Basis for Transfers to Third Countries: Data Privacy Framework (DPF)
• More Information: [Google Fonts FAQ](https://developers.google.com/fonts/faq/privacy?hl=