Перейти к материалам

Privacy Statement as of 12 March 2024

Preamble

(1) This privacy statement is intended to inform the users («You») of this website, its associated pages and social media accounts («Website») about the type, scope and purpose of the processing of personal data by the operator Medusa Project DE GmbH («We», «Us»). We take Your data protection very seriously and treat Your personal data confidentially and according to the legal regulations. Your personal data will only be processed by Us if this is permitted by law.

(2) As new technologies and the constant development of this Website may result in changes to this privacy statement, We recommend that You read the privacy statement again at regular intervals.

§ 1 Information on the processing of personal data

(1) In the following We will inform You about the processing of personal data when using Our Website. Personal data are all data that can be related to You personally, such as name, address, email address, user behaviour (Art. 4(1) of the General Data Protection Regulation («GDPR»).

(2) The person responsible pursuant to Art. 4(7) GDPR is Medusa Project DE GmbH, legally represented by its Managing Directors Ivan Kolpakov, Brückenstraße 1, 10179 Berlin, Germany. You can also contact Us by email at [email protected].

(3) We also involve service providers in Our activities. When processing Your personal data as described below, these service providers may therefore also receive Your personal data and process it on Our behalf for the purposes specified below. Our service providers include email service providers, data centers, payment service providers, tax and legal advisors, marketers of digital advertising spaces, reach meters and analysis service providers. Please also note the following information on the other service providers and partners involved.

§ 2 Information on the protection of Your personal data

(1) We take appropriate technical and organizational security precautions to protect Your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons and to ensure the protection of Your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany.

(2) The measures taken are intended to ensure the confidentiality and integrity of Your data as well as the availability and resilience of the systems and services when processing Your data in the long term. They are also intended to restore the availability of the data and access to them quickly in the event of a physical or technical incident.

(3) Our security measures also include the encryption of Your data. All information that you enter online is technically encrypted and only then transmitted. This means that this information cannot be viewed by unauthorized third parties at any time.

(4) Our data processing and security measures are continuously improved in line with technological developments.

(5) Our employees are of course bound to confidentiality in writing (data secrecy).

§ 3 Provision of mandatory personal data

If certain data fields are marked as mandatory and/or marked with an asterisk (*), the provision of this personal data is either required by law or contract or We require this personal data for the conclusion or fulfilment of the contract, the desired service or the stated purpose. It is of course at Your discretion to provide the personal data, even in the mandatory fields. Failure to provide this personal data may mean that the contract cannot be fulfilled by Us, the desired service cannot be provided or the stated purpose cannot be achieved.

§ 4 Purposes of personal data processing

§ 4.1 Purpose of personal data processing when contacting Us or interacting with Us

(1) If You contact Us or interact with Us in any other way, We may process the following personal data of You:

  • Your name (if provided by You),
  • Your contact details (if provided by You),
  • Your message to Us,
  • data and time You sent the message,
  • data and time We received Your message,
  • IP address.

(2) We have a legitimate interest in processing these personal data as We need these personal data to respond to Your inquiry. This interest overrides Your interest in data secrecy. The legal basis for data processing is Art. 6(1) (1) (f) GDPR.

(3) We store the personal data from Your request for one year after answering the request in the event of further inquiries, unless it concerns commercial or business letters; We store these for at least six years in accordance with the statutory provisions (Sec. 257(1) no. 2, (4) HGB, Art. 6(1) (1)© GDPR).

§ 4.2 Purpose of personal data processing when visiting the Website; Use of cookies

(1) If You visit the Website, We only process the following personal data of You that Your browser transmits to Our server:

  • Your IP address,
  • date and time of the request,
  • time zone difference from Greenwich Mean Time (GMT),
  • content of the request (specific page),
  • access status/HTTP status code,
  • amount of data transferred in each case,
  • website from which the request came,
  • duration of stay on a specific page,
  • browser,
  • operating system and its interface,
  • language and version of the browser software.

(2) If You subscribe to Our Website, We additionally process the following personal data of You:

  • Your name,
  • Your user name,
  • Your password,
  • Your email address.
  • Your payment details.

(3) Processing these personal data is necessary for the performance of the subscription contract to which You are party or to take steps at Your request prior to entering into a subscription contract. The legal basis for data processing is Art. 6(1) (1) (b) GDPR.

(4) In addition to the aforementioned personal data, cookies are stored on Your computer when You visit the Website. Cookies are small text files that are stored on Your hard drive assigned to the browser You are using and through which certain information flows to the location that sets the cookie (here by Us). Cookies cannot execute programs or transmit viruses or other malicious software to Your computer. They serve to make the Website more user-friendly and effective.

(5) Use of cookies:

(a) We use the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (see (b)),
  • Persistent cookies (see ©).

(b) Transient cookies are automatically deleted when you close Your browser. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests from Your browser to the shared session. This enables Your computer to be recognised when You return to the Website. The session cookies are deleted when You log out or close Your browser.

© Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete cookies at any time in the security settings of Your browser.

(6) You can set Your browser so that You are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You can regularly obtain the procedure for deactivating cookies via the «Help» function of Your Internet browser. If cookies are deactivated, the functionality and/or full availability of the Website may be restricted. For further cookie-specific setting and deactivation options, please also see the individual explanations below on the specific cookies and associated functions/technologies used when visiting the Website.

(7) Some of the cookies We use on the Website come from third parties who help Us to analyze the impact of the Website content and the interests of Our visitors, to measure the performance of the Website or to place needs-based advertising and other content on Our or other websites. As part of the Website, We use both first party cookies (only visible from the domain You are currently visiting) and third party cookies (visible across domains and regularly set by third parties).

(8) The cookie-based data processing is carried out on the basis of Your consent in accordance with Art. 6(1) (1) (a) GDPR (legal basis) or on the basis of Art. 6(1) (1) (f) GDPR (legal basis) to safeguard our legitimate interests. Our legitimate interests lie in particular in being able to provide You with a technically optimized, user-friendly and needs-based website and to ensure the security of our systems. You can revoke any consent You have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. By making the appropriate settings, you can also object to processing based on legitimate interests.

(9) In detail, the following cookie-based tools/plugins are used on this website:

(10) Google Analytics: The Website uses the functions of Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of Your consent given to Us (Art. 6(1) (1) (a) GDPR). You can give Us Your consent voluntarily by clicking on the corresponding button in the «cookie banner» when You visit the Website. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as «Google». Google Analytics uses cookies (first-party cookies) that enable Your use of the Website to be analyzed. However, this does not mean that We obtain direct knowledge of Your identity. Google uses the information generated by the cookies on Our behalf to evaluate the use of the Website, to compile reports on Website activity and to provide Us with other services relating to Website activity and internet usage. This enables Us to improve the quality of the Website and its content. On the basis of statistical analyses, We learn how the Website is used and can thus constantly optimize Our offer.

(11) The information generated by Google Analytics cookies about Your use of the Website (e.g. time, place and frequency of Your Website visit, including IP address) is transmitted to a Google server in the USA and stored there. The European Commission has certified that the USA has an adequate level of data protection. We have set the storage period at Google for corresponding data at user and event level to 14 months (shortest possible setting option).

(12) We have activated the IP anonymization function on the Website. As a result, Your IP address will be shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA and thus anonymized. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Googleʼs own information, the IP address transmitted by Your browser as part of Google Analytics will not be merged with other Google data relating to Your person.

(13) You can prevent the storage of Google Analytics cookies by selecting the appropriate settings in Your browser software (see above). You can also prevent Google from collecting the data generated by the cookie and relating to Your use of the Website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

(14) Deactivation sets a cookie that prevents the collection of your data on future visits to this website.

(15) Specifically, the following tracking cookies are used by Google Analytics: __utmz, __utma, __utmb, __utmc, __utmt.

(16) You can find more information on how Google Analytics handles user data and the security and data protection principles as well as setting and objection options in Googleʼs privacy policy, available via the following link: https://support.google.com/analytics/answer/6004245?hl=en.

(17) Google Firebase: The Website uses the functions of Google Firebase, an analysis and monitoring service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. An overview of the services offered by Google Firebase can be found at: https://firebase.google.com/terms/.

(18) Some Google Firebase services use so-called «Instance IDs». «Instance IDs» are uniquely assigned identifiers that are provided with a time stamp and enable the linking of different events or processes in connection with the Website. This data is used to analyze and optimize user behavior, such as the evaluation of crash reports. According to Google, Instance IDs do not process any personally identifiable data. Further information on the «Instance IDs» used and the management of the data concerned can be found at: https://firebase.google.com/support/privacy/manage-iids.

(19) In connection with Google Firebase, We use the following services:

  • Firebase Analytics

We use the analytics service Firebase Analytics to monitor and evaluate the user behavior of this Website. There are no cookies in mobile apps. Instead, identifiers (advertising IDs) are used, which are issued by the mobile deviceʼs operating system and can be reset by the user. These advertising IDs are used to record user activities and use them for advertising purposes.

When using the standard version of Firebase Analytics, the following data types are processed:

  • Number of users and sessions,
  • session duration,
  • operating systems,
  • device models,
  • region,
  • first-time launches,
  • app executions,
  • app updates and
  • in-app purchases.

A complete list of the events and user properties automatically recorded in Google Firebase can be found at: https://support.google.com/firebase/answer/6318039 and at: https://support.google.com/firebase/answer/6317486?hl=en.

We process the data obtained through the use of Firebase Analytics on the basis of Our overriding interest in the optimal marketing of Our online offer in accordance with Art. 6(1) (1) (f) GDPR. This interest overrides Your interest in data secrecy.

You can object to the collection of data by Google at any time with effect for the future by deactivating the collection of data for Firebase Analytics in the app settings or by restricting the use of the advertising ID in the device settings of your mobile device.

If it is an Android device, proceed as follows in the menu of your device: Settings > Google > Ads > Reset advertising ID.

If it is an iOS device, select «No ad tracking» under Settings > Privacy > Advertising.

When using Firebase Analytics, it cannot be ruled out that processed data will also be transferred to the USA.

Further information on data protection at Google Firebase can be found at: https://firebase.google.com/support/privacy/

  • Crashlytics

We use Crashlytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland («Google»). We use Crashlytics to collect data about the behavior of the Website in the event of crashes or errors. In the event of a crash, a crash report is created and transmitted to Googleʼs servers. This server receives information about Your use of the Website and the status of your end device (app version, device type, operating system, operating system version, device ID, location, time). This data is analyzed by Us for troubleshooting, solving problems and improving the Website. We process the data obtained in this way due to our overriding interest in the development of a functional Website and the elimination of operating errors in accordance with Art. 6(1) (1) (f) GDPR. This interest overrides Your interest in data secrecy.

You can object to the collection of data by Google at any time with effect for the future by deactivating the collection of data for crash reports in the app settings.

You can find more information on data protection at: https://policies.google.com/privacy?hl=de&gl=en

(20) Stripe: The Website uses the functions of Stripe, an online payment service of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland («Stripe») to manage and process Your subscription fee payments. To do so, Stripe processes transaction data such as Your name, Your email address, Your payment details (including credit card or bank account details), currency, amount due, date of payment. Furthermore, Stripe may also collect your name, address, telephone number and country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and to be able to offer its own services in full.

(21) Stripe also uses cookies to collect data. Stripe may set the following cookies during the payment process: m, __stripe_mid, __stripe_sid.

(22) We use Stripe to process contractual or legal obligations (Art. 6(1) (1) (b) GDPR). Insofar as the use of Stripe requires the approval of cookies, the processing is based on Your consent (Art. 6(1) (1) (a) GDPR). You can revoke your consent at any time for the future.

(23) Stripe also processes your data in the USA, among other places. The European Commission has certified that the USA has an adequate level of data protection. Personal data is generally stored for the duration of the service provision. This means that the personal data will be stored until We terminate the cooperation with Stripe. However, to comply with legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. You can delete, deactivate or manage cookies that Stripe uses for its functions in your browser.

(24) You can find more information on how Stripe handles user data and the security and data protection principles as well as setting and objection options in Stripeʼs privacy policy, available via the following link: https://stripe.com/en-gb-us/privacy.

§ 4.3 Other purposes of data processing

(1) Compliance with legal requirements: We also process Your personal data to comply with other legal obligations that may apply to Us in connection with Our business activities. These include, in particular, retention periods under commercial, trade or tax law. We process Your personal data in accordance with Art. 6(1) (1)© GDPR (legal basis) to fulfill a legal obligation to which We are subject.

(2) Enforcement of rights: We also process Your personal data to assert Our rights and enforce Our legal claims. We also process Your personal data to be able to defend Ourselves against legal claims. Finally, We process Your personal data insofar as this is necessary for the prevention or prosecution of criminal offenses. We process Your personal data to protect Our legitimate interests in accordance with Art. 6(1) (1) (f) GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses (legitimate interest).

(3) Consent: If You have given Us Your consent to process personal data for specific purposes (e.g. sending information material and offers), the lawfulness of this processing is based on Your consent. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to Us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future and processing up to that point is not affected.

§ 5 Recipient of personal data

(1) Within Our company, those departments that need Your personal data to fulfill Our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by Us (e.g. technical service providers) may also receive personal data for these purposes. We limit the transfer of Your personal data to what is necessary in accordance with data protection regulations. In some cases, the recipients receive Your personal data as processors and are then strictly bound by Our instructions when handling Your personal data. In some cases, the recipients act independently under their own responsibility under data protection law and are also obliged to comply with the requirements of the GDPR and other data protection regulations.

(2) Finally, in individual cases, We transfer personal data to Our consultants in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.

§ 6 Data transfer to third countries

As part of the use of the above tools, e.g. Google and Stripe, We may transfer selected personal data of You to third countries (see above). The data transfer is based on the decision of the European Commission on the adequacy of the protection provided by the USA. Otherwise, We do not transfer Your personal data to countries outside the EU or the EEA or to international organizations, unless expressly stated otherwise in this privacy statement.

§ 7 Retention policy

(1) We initially process and store Your personal data for the duration for which the respective purpose of use requires corresponding storage (see above for the individual processing purposes). This may also include the periods for the initiation of a contract (pre-contractual legal relationship) and the performance of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of Our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

  • fulfillment of statutory retention obligations arising, for example, from the German Commercial Code (Sec. 238, 257(4) HGB) and the German Fiscal Code (Sec. 147(3), (4) AO). The retention and documentation periods specified there are up to ten years;
  • Preservation of evidence, taking into account the statute of limitations. According to Sec. 194 et seqq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

§ 8 Your rights

(1) You are entitled to the following rights as a data subject under the legal requirements:

(a) Right to information: You are entitled to request confirmation from Us at any time within the framework of Art. 15 GDPR as to whether We process personal data concerning You; if this is the case, You are also entitled within the framework of Art. 15 GDPR to receive information about this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate guarantees) and a copy of your data. The restrictions of Sec. 34 BDSG apply.

(b) Right to rectification: In accordance with Art. 16 GDPR, You are entitled to demand that We rectify the personal data stored about You if it is inaccurate or incorrect.

© Right to erasure: You are entitled, under the conditions of Art. 17 GDPR, to demand that We erase personal data concerning You without undue delay. The right to erasure does not exist if the processing of personal data is necessary, e.g. to fulfill a legal obligation (e.g. statutory retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of Sec. 35 BDSG apply.

(d) Right to restriction of processing: You are entitled to demand that We restrict the processing of Your personal data under the conditions of Art. 18 GDPR.

(e) Right to data portability: You have the right to request that We provide You with the personal data concerning You that You have provided to Us in a structured, commonly used and machine-readable format in accordance with the requirements of Art. 20 GDPR.

(f) Right of withdrawal: You can withdraw Your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to Us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. An informal notification, e.g. by email to Us, is sufficient to declare Your revocation.

(g) Right to object: You are entitled to object to the processing of Your personal data under the conditions of Art. 21 GDPR, so that We must stop processing Your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, Our interests may conflict with the termination of processing, so that We are entitled to process Your personal data despite Your objection. We will consider an objection to any direct marketing measures immediately and without further consideration of the existing interests.

You have the right to object at any time to the processing of Your data on the basis of Art. 6(1) (1) (f) GDPR (data processing on the basis of a balancing of interests) or Art. 6(1) (1) (e) GDPR (data processing in the public interest) if there are reasons for this arising from Your particular situation.

If You object, We will no longer process Your personal data unless We can demonstrate compelling legitimate grounds for the processing which override Your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

The objection can be made informally and should preferably be addressed to

Medusa Project DE GmbH, Dircksenstraße 3, 10178 Berlin, Germany. Email: [email protected]

(h) Right to lodge a complaint with a supervisory authority: Under the conditions of Art. 77 GDPR, You have the right to lodge a complaint with a competent supervisory authority. In particular, You can lodge a complaint with the supervisory authority responsible for Us,

Berliner Beauftragte für Datenschutz und Informationsfreiheit Alt-Moabit 59-61 10555 Berlin Germany Phone: +49 (0)30 13889-0 Fax: +49 (0)30 2155050 Email: [email protected],

or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

§ 9 Automatic decision making; profiling

We do not use automated decision-making or profiling (an automated analysis of Your personal circumstances).

§ 10 Amendment of this privacy statement

(1) This privacy statement is valid as of March 12, 2024.

(2) It may become necessary to amend this privacy statement as a result of the further development of the Website and our offers on it or due to changes in legal or official requirements.

Berlin, 12 March 2024

Поделиться

Читайте также на Schön