Privacy Policy

Personal data (hereinafter often referred to as “data”) is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Art. 4(1) of Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

With this privacy policy, we inform you in particular about the nature, scope, purpose, duration, and legal basis of the processing of personal data, to the extent that we decide either alone or jointly with others on the purposes and means of the processing. We also inform you below about the third-party components we use for optimization purposes and to increase the quality of use, to the extent that third parties process data in their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as Data Controllers
II. Rights of Users and Data Subjects
III. Information about Data Processing

I. Information about us as Data Controllers

The responsible provider of this website, in terms of data protection, is:

Chaos Cat Creations

Kim Lorenz
Ludwigstraße 59
63110 Rodgau
Deutschland

E-Mail: kiimesca@gmail.com

II. Rights of Users and Data Subjects

With regard to the data processing described in more detail below, users and data subjects have the right:

to confirm whether data concerning them is being processed, to obtain information about the processed data, to receive further information about the data processing, and to obtain copies of the data (see also Art. 15 GDPR);
to request the correction or completion of incorrect or incomplete data (see also Art. 16 GDPR);
to request the immediate deletion of data concerning them (see also Art. 17 GDPR) or, alternatively, if further processing is required according to Art. 17(3) GDPR, to request the restriction of processing in accordance with Art. 18 GDPR;
to receive the data concerning them and provided by them and to transmit this data to other providers/data controllers (see also Art. 20 GDPR);
to lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in breach of data protection provisions (see also Art. 77 GDPR).

Furthermore, the provider is obliged to inform all recipients to whom data has been disclosed by the provider about any rectification or erasure of data or the restriction of processing carried out in accordance with Articles 16, 17(1), 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, the user has the right to information about these recipients.

Users and data subjects also have the right, pursuant to Art. 21 GDPR, to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6(1)(f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about Data Processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage ceases to apply, the deletion of the data does not conflict with any statutory retention obligations, and no other information on individual processing procedures is provided below.

Server Data

For technical reasons, especially to ensure a secure and stable website, data is transmitted to us or to our web space provider by your internet browser. These so-called server log files include the type and version of your internet browser, the operating system, the website from which you accessed our website (referrer URL), the websites of our website that you visit, the date and time of each access, and the IP address of the internet connection from which our website is accessed.

The data collected is temporarily stored but not stored together with other data related to you.

This storage is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted at the latest after seven days, unless further storage is required for evidentiary purposes. Otherwise, the data is excluded from deletion until the incident is finally clarified.

Contract Processing

The data transmitted by you for the purpose of using our goods and/or services will be processed by us for the purpose of contract processing and is necessary in this regard. Conclusion and fulfillment of a contract are not possible without providing your data.

The legal basis for processing is Art. 6(1)(b) GDPR.

We delete the data with complete fulfillment of the contract, but we must observe the tax and commercial retention periods.

As part of contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, as far as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6(1)(b) GDPR.

Contact Inquiries / Contact Options

If you contact us via contact form or email, the data you provide will be used to process your inquiry. Providing the data is necessary for processing and responding to your inquiry – without providing it, we may not be able to answer your inquiry or do so only to a limited extent.

The legal basis for this processing is Art. 6(1)(b) GDPR.

Your data will be deleted as soon as your inquiry has been conclusively answered, and there are no legal retention obligations standing in the way, such as, for example, in the case of subsequent contract processing.

Linking Social Media via Graphics or Text Link

On our website, we also promote presences on the social networks listed below. The integration is done by using a linked graphic of the respective network. By using this linked graphic, it is prevented that when calling up a website with a social media promotion, there is automatically a connection to the respective server of the social network to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network.

After the user is redirected, information about the user is collected by the respective network. It cannot be ruled out that processing of the data thus collected takes place in the USA.

Initially, this data includes the user’s IP address, date, time, and visited page. If the user is logged into their user account of the respective network during this time, the network operator may be able to assign the information collected about the specific visit of the user to the user’s personal account. If the user interacts via a “Share” button of the respective network, this information may be stored and possibly published in the user’s personal user account. If the user wishes to prevent the collected information from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site by linking:

Twitter

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Management, Organization, and Tools

We use services, platforms, and software provided by other providers (hereinafter referred to as “third-party providers”) for the purposes of organization, management, planning, and provision of our services. When selecting third-party providers and their services, we comply with the legal requirements.

Within this context, personal data may be processed and stored on the servers of the third-party providers. Various data may be affected, which we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes, and their contents.

If users are referred to the third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. Therefore, we kindly ask you to observe the data protection notices of the respective third-party providers.

Legal Basis Information

If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Furthermore, their use may be a part of our (pre)contractual services if the use of third-party providers has been agreed upon within this context. Otherwise, the data of users will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

Processed Data Types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
Data Subjects: Communication partners, users (e.g., website visitors, users of online services).
Purposes of Processing: Contact inquiries and communication.
Legal Bases: Consent (Art. 6(1)(a) GDPR), Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Services and Service Providers Used

Trello: Project management tool; Service provider: Trello Inc., 55 Broadway New York, NY 10006, USA, Parent company: Atlassian Inc. (San Francisco, Harrison Street Location), 1098 Harrison Street, San Francisco, California 94103, USA; Website: https://trello.com/; Privacy Policy: https://trello.com/privacy.

Communication via Messenger

For communication purposes, we use messenger services, and we kindly ask you to take note of the following information on the functionality of the messengers, encryption, the use of communication metadata, and your options to object. You can also contact us through alternative means, such as by phone or email. Please use the contact details provided to you or the contact information specified within our online offerings. In the case of end-to-end encryption of content (i.e., the content of your messages and attachments), we would like to inform you that the communication contents (i.e., the content of the message and attached images) are encrypted end-to-end. This means that the message contents cannot be viewed, not even by the messenger providers themselves. To ensure the encryption of message contents, you should always use an up-to-date version of the messenger with encryption enabled. However, we would like to additionally inform our communication partners that the messenger providers may still gain knowledge of when and with whom communication partners are communicating, as well as technical information about the communication partner’s device and, depending on the device settings, location information (referred to as metadata).

Legal Basis Information

If we ask communication partners for their permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and communication partners, for example, contact us on their own initiative, we use messengers in relation to our contractual partners and within the context of contract initiation as a contractual measure. In the case of other interested parties and communication partners, we use messengers based on our legitimate interests in quick and efficient communication and meeting the needs of our communication partners regarding communication via messenger. Furthermore, we would like to point out that we will not transmit the contact data provided to us to messengers without your consent.

Revocation, Objection, and Deletion

You can revoke your consent at any time and object to communication with us via messengers at any time. In the case of communication via messenger, we will delete the messages in accordance with our general deletion policies (i.e., e.g., after the end of contractual relationships, within the context of archiving requirements, etc.) and, otherwise, as soon as we can assume that any requests from communication partners have been answered if there is no expectation of a reference to a previous conversation and there are no legal retention obligations.

Reserving the Right to Use Other Communication Channels

Finally, we would like to point out that, for reasons of your security, we reserve the right not to respond to inquiries via messenger. This is the case, for example, when contractual matters require special confidentiality or when a response via messenger does not meet formal requirements. In such cases, we will direct you to more appropriate communication channels.

Processed Data Types: Contact data (e.g., email, phone numbers), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses), content data (e.g., entries in online forms).
Data Subjects: Communication partners.
Purposes of Processing: Contact inquiries and communication, Direct marketing (e.g., via email or postal mail).
Legal Bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Services and Service Providers Used

Telegram: Telegram messenger with end-to-end encryption; Service provider: Telegram, Dubai; Website: https://telegram.org/; Privacy Policy: https://telegram.org/privacy.