Privacy Policy

We are pleased that you are visiting our website (hereinafter referred to as "website"). This data protection declaration also applies to our services on our platform (hereinafter "platform") and other online presences, such as our social media appearances. In the following, we inform you in detail about the type, scope and purpose of the personal data collected, used and processed by us and inform you about your rights as a data subject.

We reserve the right to change the privacy policy at any time with effect for the future. If you visit our website again, the updated and published data protection declaration will apply. The current version of the data protection declaration can be called up, saved and printed out at any time on our website.

With regard to the terms used (e.g. personal data, person responsible) we refer to the definitions of the General Data Protection Regulation (GDPR).

I. Name and address of the data controller

The data controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states is:

Mooncamp GmbH
Im Mediapark 5
50670 Cologne, Germany

Phone: +49 221 954 9095 0
E-Mail: info@mooncamp.com

II. Name and address of the data protection officer

The data protection officer of the data controller is:

Joel Schneider
c/o Mooncamp GmbH
Im Mediapark 5
50670 Cologne, Germany

E-Mail: privacy@mooncamp.com

III. General information on data processing

1. Scope of processing

As a matter of principle, we collect and use personal data only to the extent that this is necessary to provide a functioning website, contents and services, as well as when you have given your consent or the processing of the data is permitted by a legal regulation.

2. Legal basis for the processing of personal data

Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data which is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Legitimate interests in the processing

If the processing of your personal data is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest, unless otherwise stated, is the performance of our business activities. In all other respects, we have stated our purposes and interests in each case within the framework of the above list of processing.

4. Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you revoke your consent. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. If the purpose of storage ceases to apply, if you revoke your consent or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.

5. Recipient of the collected data / data transmission

Recipients of the data collected via our website are primarily us as a responsible company. In addition, any processors (web host, IT service provider, etc.) may have access to the data collected via our website. Compliance with the legal regulations is, however, ensured in this respect by means of data processing agreements which we conclude with our processors based in the EU. Data will only be transferred to so-called third countries outside the EU if and insofar as this has been pointed out below.

6. Need to disclose personal data

You can visit our website without personal data being collected. However, if you wish to make use of our services, the provision of personal data is mandatory for the execution of the contract.

7. Existence of automated decision making

We do not carry out automatic decision making or profiling in the sense of Art. 22 GDPR.

8. Data security

We secure our website and other systems through comprehensive technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement in order to guarantee the current state of the art.

IV. Data processing when using our website and our services

1. Access data in server log files

Our hosting provider automatically stores access data in so-called server log files every time our website and platform is accessed.

This includes the date and time of access, the browser used and its version, the operating system used, IP address and requested URL including sub-pages.

Temporary storage of the IP address by the system is necessary to enable delivery of the website and platform to your end device. For this purpose, your IP address must remain stored for the duration of the session.

The legal basis for the temporary storage of your data and log files is Art. 6 para. 1 lit. f GDPR.

This data is evaluated exclusively to ensure the permanent and trouble-free operation of the website and the platform, to improve the content and to transmit it to law enforcement authorities in the event of a cyber attack and to ensure the security of our information technology systems. For this purpose, the above-mentioned data is stored for a maximum of 7 days. Data whose further storage is required for evidence purposes will be stored until the respective incident has been finally clarified.

The collection of data for the provision of the website and the platform and the storage of the data in log files is absolutely necessary for the operation of our website and the platform. There is therefore no possibility of objection.

2. Use of cookies

When calling up our website, you will be informed about the use of cookies. You can declare your consent to the processing of personal data used in this context within the framework of the so-called cookie banner. In this context, there is also a reference to this privacy policy. You can revoke your consent at any time with effect for the future.

Many cookies contain a so-called cookie ID. It consists of a character string by which websites and servers can be assigned to a specific browser in which the respective cookie was stored.

We set the following cookies:

Name of Cookie	Function of Cookie	Collected Data	Storage Time
_ga	Google Analytics. Identification of the user	Unique User-ID, anonymized IP-address	2 years
_gid	Google Analytics. Identification of the user	Unique User-ID, anonymized IP-address	24 hours
_gat	Google Analytics. Throttling requests	Amount of requests	24 hours
cookieconsent_status	Stores the status of the cookie consent query	Status of consent to the processing of cookies	1 year
session	Session Cookie. Authentication of the user for doing requests to the server	Session Token	7 days. Deleted on logout
origin	Storage of redirect urls	URL	Active during session

The purpose of using technically necessary cookies is to simplify the use of our website for you (e.g. your settings are saved). Some functions of our website cannot be offered without the use of cookies. For these it is necessary that your browser is recognized even after a page change. If cookies are not accepted or deactivated, the functionality of our website may be limited.

The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR.

In addition, we use cookies on our website which enable us to analyse your surfing behaviour. We inform you about these in the corresponding section of this data protection declaration.

Some third party services that we integrate may also use cookies. Please refer to the websites of the respective providers for information on how they work and how they process data. The services used by us can be found in this privacy policy.

When you access our website, you will be informed about the use of cookies.

The legal basis for the processing of personal data using cookies, which are not necessary for the operation of our website, is Art. 6 para. 1 lit. a GDPR, if you have given your consent to this.

Cookies are stored on your end device and transmitted to our website. You therefore have control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general or set it so that the setting of cookies is prevented and thus permanently contradict the setting of cookies. In addition, you can delete already set cookies at any time via your browser. A comprehensive objection to online marketing cookies can also be declared at http://www.youronlinechoices.com/ This also applies to all third-party cookies listed below.

3. Data collection and use during registration and use of our services/use of our services

You have the possibility to register on our platform. When you create a user account or register, you must provide certain mandatory information in order to gain access to your user account and to manage it ("Mandatory Information"). Mandatory data within the scope of registration are marked and are required for the conclusion of the user contract. Which data is collected can be seen from the respective input forms. Within the scope of the registration these are: Your name and your e-mail address. You must also create a password. If you do not provide this data, you cannot create a user account.

The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

We use the information you provide to authenticate you when you log in and to respond to requests to reset your password, to verify your authorization to manage the user account, to enforce the Platform's terms of service and all related rights and obligations, and to contact you in order to send you technical or legal notices, updates, security messages or other messages concerning, for example, the management of the user account. We therefore only use the data you provide us with to process the contract and to provide our services to be rendered within the scope of the contract. We may also pass on your data to one or more processors who will also use your data exclusively for internal use on our behalf.

We also store your IP address and the date and time of registration in order to prevent misuse of our website and the services offered on it and, if necessary, to clarify any criminal offences committed. The storage of this data is therefore necessary for our own protection. The legal basis for this processing of personal data is Art. 6 para. 1 lit. f GDPR. The above-mentioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

Within the framework of the use of our services, we also use the data you provided during registration.

The legal basis for the processing of your data is the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

In principle, this data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.

After complete processing of the contract or deletion of your account, your data will first be blocked for further use and then deleted after the legal retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you below.

You have the possibility to object to the processing at any time and to delete your account. In such a case the contractual relationship with you cannot be continued.

4. Data collection and use when using our services as employees

If you use our platform as an employee, your employer may collect data about you via our platform, e.g. through surveys. Your employer alone is responsible for this data collection and processing. In this case we only act as a processor for your employer and are bound by the instructions of your employer.

Your employer will provide you with further information on data processing by your employer when you use the platform.

5. Alternative login via Single-Sign-On (SSO)

Alternatively, you can also log in via Single-Sign-On with just a few clicks. An additional registration is not necessary in this case.

We will redirect you to the appropriate service after you have clicked the registration button. There you can log in with your existing login data. By logging in, your profile of the SSO service and our service will be linked together. Through the link we automatically receive your name and email address from the SSO service.

This information is mandatory for the conclusion of the contract in order to register and identify you. The legal basis for the processing of your data is accordingly the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

We use the following social log-ins on our platform:

Log-in via Google Sign-in

Google Sign-In is a service of Google LLC (www.google.com), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The entity responsible for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

We process on behalf of our customers, the following categories of personal data when you use or interact with our products and services: email, profile information (e.g. name).

For more information about Sign in with Google, please see the Google Privacy Statement at: https://policies.google.com/privacy

Log-in via Microsoft

Microsoft offers a sign in over its own software "Azure", which is operated by the Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). The security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

For more information about Sign in with Microsoft, please see the Microsoft Privacy Statement at: https://privacy.microsoft.com/de-de/privacystatement

The same provisions on revocation and deletion periods apply as for registration via our website in accordance with the above clause.

6. Integrations

Our customers have the option of activating third-party services through integrations, for example with the communications provider Slack or the SSO services described above.

In this case, additional information may be shared with the third-party providers. The third party providers usually clarify about shared information, but they are not explicitly controlled by Mooncamp. Third parties who have been granted access to additional information may have their own policies and practices regarding collection and use of the information. Please check the privacy settings and notices of third party services or contact the third party service provider if you have any questions. The decision to use a third party service provider is the responsibility of the customer.

In addition to the SSO services described above, integrations with the following service providers are currently offered:

Slack Technologies, Inc.

Slack is a communication tool from Slack Technologies, Inc. (www.slack.com) , 500 Howard Street, San Francisco, CA 94105, USA.

For more information about Slack, please see the Slack Privacy Policy at: https://slack.com/intl/en-de/privacy-policy

Microsoft Teams

Microsoft Teams is a communication tool from Microsoft Corporation One, Microsoft Way, Redmond, WA 98052-6399, USA („Microsoft“).

For more information about MS Teams, please see the Slack Privacy Policy at: https://learn.microsoft.com/en-us/microsoftteams/teams-privacy

7. Use of third-party tools

In order to provide and continuously improve our services, we rely on the services of the following third-party providers, through which personal data may also be processed. We have selected these third-party providers carefully and in accordance with the provisions of the GDPR.

a) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google LLC (www.google.com), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google Analytics"). The responsible body for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses methods that enable an analysis of your use of the website, in particular from which internet page you came to our website (so-called referrers), which subpage you access or how often and for how long you view a subpage. Google Analytics uses cookies for this purpose. Every time you call up a page of our website on which Google Analytics has been integrated, your browser on your end device is automatically prompted to transmit data to Google Analytics for analysis.

The generated information about your use of our website can also be transferred to a Google LLC server in the USA and stored there. The USA is an unsafe third country. However, the security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

By activating IP anonymization on our website, the IP address is shortened before transmission within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

Google will use this information on our behalf to evaluate the use of our website by you and our other users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR, provided that you have given your consent to this effect.

You can give your consent via our cookie banner and revoke it at any time in the settings with effect for the future.

The terms of use and privacy policy of Google and Google Analytics can be found here: https://policies.google.com/privacy or here http://www.google.com/analytics/terms/de.html .

b) Hubspot (CRM, Contact-Form and Newsletter)

We use Hubspot on our websites, a service provided by Hubspot Inc, a U.S. software company with a European office located at HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland ("Hubspot"). The information generated about your use of this site may be transmitted to and stored on a Hubspot server in the United States. The USA is an unsafe third country. However, the security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.

We use Hubspot for analysis and marketing purposes and also use Hubspot to manage our customer relationship management (CRM) and to handle your inquiries through our contact form and newsletter.

Hubspot uses "web beacons" and "cookies" that are stored on your device and allow us to analyze your use of our site. Hubspot may use this information (e.g., IP address, geographic location, browser type, length of visit, pages viewed) to generate reports on our behalf.

If you contact us through our contact form, necessary information such as last name, first name, email address, phone number and the text you enter will be collected through our site to respond to your request.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR on the basis of our justified interest in effective customer service.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent via contact form, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.

We also store your data in Hubspot's CRM, which allows us to respond more quickly and efficiently to your requests. We therefore use Hubspot to improve our services and marketing.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR if you have given your consent to do so or, if a contractual relationship exists with you, the fulfilment of our contract with you in accordance with Art. 6 para. 1 lit. B GDPR.

You can give your consent via our cookie banner and revoke it at any time in the settings with effect for the future.

If you do not want HubSpot to record your data, you can prevent the storage of cookies at any time by changing your browser settings accordingly.

We also send our newsletter via Hubspot. To subscribe, you must provide us with your e-mail address. You can voluntarily provide us with additional information, such as your name. The registration is done in a so-called double opt-in procedure. After registering on our website, you will receive a confirmation email from us in which you must confirm your registration again. This entire process is documented and stored. This includes the storage of the registration and confirmation time as well as your IP address. The collection of this data is necessary so that we can trace the processes in the event of misuse of the email address and therefore serves as a legal safeguard. By subscribing to our newsletter, you agree to receive it.

The legal basis for the processing of your data after you have registered for the newsletter is Art. 6 para. 1 lit. a GDPR, if you have given your consent.

Your data will be stored on the servers of Hubspot in the USA. Hubspot uses this information to send and evaluate the newsletter. The evaluation is done on our behalf, but Hubspot may also use the data to ensure and improve the quality of its services.

You may withdraw your consent to the storage and use of your personal information to receive the newsletter and the analysis described above at any time with effect for the future. To revoke your consent, you can use the link provided for this purpose in the newsletter or notify us of your revocation by email to the following address: privacy@mooncamp.com.

Your data will be deleted as soon as they are no longer required for the purpose of their collection. Your email address will therefore be stored as long as the subscription to the newsletter is active.

For more information, please refer to Hubspot's privacy policy https://legal.hubspot.com/de/privacy-policy .

c) Mail dispatch by Mailjet

If you register as a user on our platform, we will send you system and service emails. To send the system emails (e.g. reset password) and our other emails, we use the mailjet service, which is operated by Mailjet SAS, 13 - 13 bis Rue de l'Aubrac, 75012 Paris, France ("mailjet").

We use the system and service mails to send you the system and service mails to enable you to manage your user account with us.

mailjet may use the data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. to technically optimise the sending and display of emails or for statistical purposes. mailjet does not, however, use the data to contact you itself or to pass the data on to third parties.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR or if the processing is necessary for the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection or as soon as the contractual relationship with you is terminated.

Further information on data protection can be found in the data protection regulations https://www.mailjet.de/privacy-policy/ of mailjet.

d) Datadog Inc.

We use on our websites and our platform "Datadog", a service of Datadog Inc, 620 Eight Avenue, 45th Floor, New York, NY 10018, USA. The security of the transfer is secured by so-called standard contractual clauses (SCC), which ensure that the processing of personal data is subject to a level of security that complies with the GDPR. The information generated is processed in EU data centers.

We use Datadog to control and monitor the performance of our infrastructure, as well as for troubleshooting. The service collects IP addresses as well as tenant and user ID.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR or if the processing is necessary for the fulfilment of our contract with you Art. 6 para. 1 lit. b GDPR.

Further information on data protection can be found in the data protection regulations https://www.datadoghq.com/security/ by Datadog.

e) Usercentrics

We use "Usercentrics" on our websites, a service provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. Usercentrics is a consent management service that is used to obtain consents required by data protection law. In this context, the following data are processed:

Browser-Information
Opt-in- and Opt-out-Data
Website page path
Geographic location
Date of the visit
Device Information

The legal basis for the processing of your data is Art. 6 para. 1 lit. c GDPR.

The data (consent and revocation of consent) is stored for as long as necessary for processing -- regularly this is three years.

f) Cloudflare

For security purposes and to provide static content (CDN), our websites and platform use the services of Cloudflare Inc, 101 Townsend St, San Francisco, USA. As part of the processing by Cloudflare, your IP address is collected and processed. This data may be transmitted to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in processing is to ensure the security and user-friendliness on our website for users.

g) Custify (Customer Service)

To assist our customers with the implementation of our Platform, we use Custify, a tool provided by Custify S.R.L, Zagazului Street, No. 4E Bucharest, Romania ("Custify"). For this purpose, when you use our Platform, your data such as name, email and IP address are transmitted to Custify.

The legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. The personal data are kept for as long as they are necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

7. Social Media

Besides this website, we also maintain presences in various social networks. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the data you specifically entered in this social network, further information may also be processed by the social network provider. Thus, your data is usually processed for market research and advertising purposes, among other things, to create corresponding user profiles and to display personalised advertising to you. For this purpose, the social network provider usually stores cookies on your end device, in which your usage behaviour and interests are stored. In addition, the social network provider may process the most important data of the computer system from which you visit it - for example your IP address, the type of processor used and browser version including plug-ins.

If you are logged in during your visit to such a network with your personal user account of the respective network, this network can assign the visit to your account. If you do not wish such an assignment, you must log out with your account and delete the cookies before visiting our social media presence.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR. Provided that you have given your consent for the processing to the respective provider of the social network, the legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR.

We maintain presences in the respective social networks in order to be able to communicate with you there and inform you about our services. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

For further information on the purpose and scope of data collection as well as on the further processing and use of your data and the possibility of opting out, please refer to the data protection regulations of the respective network:

Facebook

Facebook is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have entered into a data sharing agreement with Facebook pursuant to Art. 26 GDPR. For more information on shared data processing, please see the Facebook terms and conditions.

Twitter

Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

LinkedIn

LinkedIn is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing

Xing is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

8. Contact via Email

Due to legal regulations, we provide information on our website that enables rapid electronic contact with us and direct communication with us. This includes above all our email address. If you contact us by email, the personal data you provide will be stored automatically.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

However, we will use the personal data transmitted by you exclusively for the processing of your specific inquiry. The data provided will always be treated confidentially.

Your details may be stored in a customer relationship management system (so-called CRM system) or another organisation tool for customer data.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent by email, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case the conversation cannot be continued.

9. Payment service provider

We use the external payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland to process payments.

You provide the payment service provider with your inventory data, such as first name, last name, address, date of birth, gender, e-mail address, IP address, telephone number, cell phone number, as well as your bank details, insofar as they are necessary for processing the payment, e.g. account numbers, credit card numbers, passwords, TANs, verification numbers, expiration date and CVC code. Also necessary for the processing of the payment are such personal data that are related to your respective order, such as prices and tax charges or information on previous ordering behavior, which we transmit to the payment service provider.

The transmission of the data is solely for the purpose of payment processing. The legal basis for the transmission of data to the payment service provider is therefore Art. 6 para. 1 lit. b. GDPR, if the payment serves to fulfill a contract. Otherwise, we use external payment service providers on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR in order to offer you an effective and secure payment option.

We do not get access to the entered data, they are processed and stored exclusively by the payment service provider. The payment service provider may transfer your data to credit agencies for identity and credit checks and fraud prevention.

The terms and conditions of the payment service provider apply to the payment transactions. For further information on data protection, please refer to the Privacy Policy:

Stripe Payments Europe Ltd: https://stripe.com/en-de/privacy

V. Data subject rights

If your personal data are processed, you have the following rights as a data subject within the meaning of the GDPR:

1. Right to gain access to the stored personal data (Art. 15 GDPR)

You have the right to receive free information from us at any time about the personal data stored about you and a copy of this information. You also have a right to information regarding the following information:

the processing purposes,
the categories of personal data being processed,
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organisations,
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
the existence of a right of rectification or erasure of personal data relating to them or of a right of opposition to or limitation of the processing by the controller,
the existence of a right of appeal to a supervisory authority,
if the personal data are not collected from the data subject: all available information on the origin of the data and,
the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject.

You also have a right of information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, you also have the right to be informed of the appropriate guarantees relating to the transfer.

2. Right of correction (Art. 16 GDPR)

You have the right to request the immediate correction and/or completion of incorrect or incomplete personal data concerning you. We must make the correction without delay.

3. Right to limit data processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject, for a period of time sufficient to enable the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to assert, exercise or defend legal claims.
The data subject has lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right of deletion (Art. 17 GDPR)

You have the right to ask us to delete your personal data immediately if one of the following reasons applies and if the processing is not necessary:

The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
The data subject withdraws the consent on which the processing was based pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, and there is no other legal basis for the processing.
The data subject lodges an objection to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Art. 21 para. 2 GDPR.
The personal data were processed unlawfully.
The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If the personal data have been made public by us and if we, as data controllers, are obliged to delete the personal data pursuant to Art. 17 para. 1 GDPR, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary.

The right of erasure shall not apply insofar as the processing is necessary:

to the exercise of the right to freedom of expression and information;
to comply with a legal obligation to which the processing relates under Union or national law to which the controller is subject or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health pursuant to Article 9 paragraph 2 letters h and i and Article 9 paragraph 3 of the GDPR;
for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to in a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or limitation of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients.

6. Right to data transferability (Art. 20 GDPR)

You have the right to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance from us, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR, and provided that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to us.

Furthermore, when exercising your right to data transfer pursuant to Art. 20 para. 1 GDPR, you have the right to request that personal data be transferred directly from us to another responsible party, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

The right to data transferability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6, paragraph 1, letters e or f of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

You can contact us at any time to exercise your right to object.

8. Right to revoke a consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time. Revocation of your consent does not affect the lawfulness of the processing that has taken place on the basis of your consent until revocation.

9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR.

The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

[Deutsche Version anzeigen]

Last updated: March 2023