We take the protection of your personal data very seriously. Therefore, we inform you below about all relevant questions regarding data protection on our platform. These privacy policies and any disputes concerning the execution, interpretation, and validity of this agreement are subject to the laws and jurisdiction, as well as the exclusive competence of the courts of the Federal Republic of Germany. In the event of a contradiction between the German version and a version in another language of these privacy policies, only the German version shall prevail.

1. Contact Details

The controller within the meaning of Art. 4, No. 7 of the General Data Protection Regulation ("GDPR") for the collection, processing, and use of your personal data is:

Markus Vogel Nickel-Hoffmann-Straße 2 06110 Halle (Saale)

Via email: markus@vogelvlug.de

-hereinafter also referred to as "we" or "us"-

Personal data are all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Art. 4, No. 1 GDPR).

2. What We Collect and Process Data For

2.1 Registration and Authentication

By registering or authenticating, you enable us to identify you and give you access to specific services. For this purpose, we use services provided by third parties. This allows us to access some data stored by these third-party services for registration and identification purposes.

To learn more, please read the description of each service.

2.1.1 Google OAuth

Google OAuth is a registration and authentication service provided by Google LLC or Google Ireland Limited, depending on how the data processing is managed by the owner, and is connected to the Google network.

For more information about the data processed through the use of Google OAuth, you can find in their privacy policy.

Location of processing: United States/Ireland – Privacy Policy

2.2 Hosting and Infrastructure

This type of service is designed to host data and files that enable our platform to operate and be distributed, as well as to provide a ready-made infrastructure to run specific functions or parts of our platform.

Some of the services listed below, if any, may operate over geographically distributed servers, making it difficult to determine the actual location where personal data are stored.

2.2.1 Strato

For our website, we use the web hosting provider STRATO. The service provider is the German company STRATO AG, Pascalstraße 10, 10587 Berlin, Germany.

For more information about the data processed through the use of Strato, you can find in their privacy policy.

Location of processing: Germany - Privacy Policy

2.2.2 Supabase

For storing data in an organized database structure, we use the database system "Supabase" by Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992. We use a self-hosted variant of Supabase, where no data is shared with third parties but remains exclusively on our server at STRATO.

For more information about the data processed through the use of Supabase, you can find in their Privacy Policy.

Location of processing: Germany

2.2.3 OpenAI API

The OpenAI API, provided by OpenAI, L.L.C., is a service that helps us automate tasks through their artificial intelligence GPT.

For more information about the data processed through the use of OpenAI, you can find in their Privacy Policy.

Location of processing: United States – Privacy Policy.

2.3 Analytics Data

The services included in this section enable us to generate analytics data about our platform to better understand user behavior on our platform and optimize the services for you. We use these data to tailor our website even better to your needs.

2.3.1 Plausible

We use the web analytics tool plausible.io on our website. The service provider is the Estonian company Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. We use a self-hosted variant of Plausible, which means no user data is shared with third parties but remains exclusively available to us on our server at STRATO. We also collect user data exclusively in an anonymized form and do not use a tracking cookie.

Learn more about how Plausible processes data in their Privacy Policy.

Location of processing: Germany

2.4 Payment Processing

We process all payments through external payment service providers. We are not involved in the collection and processing of your data ourselves and do not have access to sensitive payment details or personal information such as credit card data. Instead, we receive only a notification from the payment service provider about whether the payment was successfully completed.

2.4.1 Paddle

Paddle is a payment management service provided by Paddle.com Inc, Paddle.com Market Limited, or Paddle Payments Limited, depending on how the owner manages data processing, and it enables users to make online payments.

For more information about the data processed through the use of Paddle, you can find in their Privacy Policy.

Location of processing: United States/United Kingdom/Ireland – Privacy Policy

2.5 Contacting the User

2.5.1 Contact Form

By filling out the contact form with your data, you authorize us to use these details to respond to requests for information, quotations, or any other kind of request.

Location of processing: Germany

2.5.2 Mailing List or Newsletter

By registering on the mailing list or for the newsletter, your email address is added to our contact list. This authorizes us to send you information of a commercial or promotional nature about our platform. Your email address might also be added to this list as a result of registering with us or after making a purchase. You can object to receiving emails of a commercial or promotional nature at any time without affecting your ability to use our services.

Location of processing: Germany

3. Legal Basis for Processing

We process and use your data to perform the contract and provide our services, to improve and customize our services and websites, to provide updates and upgrades, to send you service-related notifications, and to issue invoices and collect payments.

Art. 6 I lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services. If we are subject to a legal obligation by which processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis covers processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, unless the interests, fundamental rights, and freedoms of the data subject prevail. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. A legitimate interest is usually assumed if the data subject is a client of the controller.

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities. This includes data analysis to improve our products and services, as well as fulfilling legal obligations, as far as the processing does not fall under Art. 6 I lit. c GDPR.

3.1 Data Transfer Abroad

European users must be aware that by using our platform, some personal data they provide may be transferred to and processed by third parties in countries outside the European Union. This transfer is in accordance with the European Commission's Decision 2010/87/EU, which provides "Standard Contractual Clauses" for the transfer of data to data processors outside the European territory. This guarantees users that their data will be processed in a manner that meets the protection standards set within the European Union.

3.2 Access to Data

We take appropriate security measures to prevent unauthorized access, disclosure, alteration, or unauthorized destruction of data. The data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes mentioned. In addition to the owner, in some cases, certain types of responsible persons involved in the operation of our platform (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed by the owner, if necessary, as data processors, may have access to the data.

4. Cookies and Their Use

Cookies are small files that allow storing specific device-related information on the user's access device (PC, smartphone, etc.). They serve to make websites more user-friendly and thus benefit the users (e.g., storing login details). On the other hand, they can be used to collect statistical data on website usage and analyze it for the purpose of improving the offer. We do not use such tracking cookies and use cookies exclusively for technically necessary purposes. You can generally prevent the use of cookies since most browsers have an option that restricts the setting and saving of cookies or completely prevents it. However, we point out that the use and especially the comfort of use of our offer may be limited without cookies.

5. Duration of Storage

Unless otherwise specified, personal data will be processed and stored as long as necessary for the purposes for which they were collected, and may be retained longer due to legal obligations or based on user consent.

Personal data collected for purposes related to the performance of a contract between the owner and the user shall be retained until the complete performance of that contract. Personal data collected for the purposes of the owner's legitimate interests shall be retained as long as necessary to fulfill these purposes. Users may find specific information regarding the legitimate interests pursued by the owner in the relevant sections of this document or by contacting the owner. The owner may be allowed to retain personal data for a longer period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the owner may be obliged to retain personal data for a longer period whenever required to fulfill a legal obligation or upon order of an authority.

Once the retention period expires, personal data shall be deleted. Therefore, the right of access, the right to deletion, the right to correction, and the right to data portability cannot be enforced after the expiration of the retention period.

6. Your Rights

6.1 Right to Access and Confirmation

You have the right to obtain from us, at any time, information about your personal data stored, and a copy of this information at no cost.

6.2 Right to Rectification

You have the right to demand immediate rectification of inaccurate personal data concerning you. Furthermore, considering the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

6.3 Right to Erasure

You have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies and processing is not necessary:

The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary. You withdraw consent on which the processing is based, and there is no other legal ground for the processing. You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR. The personal data have been unlawfully processed. The erasure of personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

6.4 Right to Restriction of Processing

You have the right to obtain restriction of processing where one of the following applies:

The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data. The processing is unlawful, you oppose the erasure of the personal data and request instead the restriction of their use. We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims. You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our side override yours.

6.5 Right to Object to Processing

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on Article 6(1) letters e or f GDPR.

We shall no longer process the personal data in the event of the objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

You have the right to object at any time to processing of personal data concerning you for direct marketing purposes.

6.6 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to Article 6(1) letter a GDPR or Article 9(2) letter a GDPR, or on a contract pursuant to Article 6(1) letter b GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Moreover, in exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

6.7 Right to Withdraw Consent

You have the right to withdraw consent to the processing of personal data at any time.

6.8 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in the Member State of your residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.