Privacy Policy

What law applies?

Our use of your Personal Data is subject to both the German Federal Data Protection Act (“BDSG”) and the EU General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.

What is Personal Data?

Personal Data is any information about personal or factual circumstances that relate to a person. This may include name, date of birth, email address, postal address or telephone number, but also online identifiers such as IP addresses or device IDs.

What is Special Category Data?

Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.

What is processing?

"Processing" is any operation or set of operations that is performed on Personal Data, whether or not it is done automatically. The term is broad and covers virtually any handling of data.

Who is responsible for data processing?

The responsible party within the meaning of the BDSG and the GDPR is Valvoid, legally represented by Sergej Willmann, Freelancer (EStG § 18) of Maerkische Allee 140, 12681 Berlin, Germany (“Valvoid”, “we”, “us”, or “our”). If you have any questions about this policy or our data protection practices, please contact us using [email protected] or write to us at the above address.

What are the legal bases for processing?

According to the BDSG and the GDPR, we should have at least one of the following legal bases to process your Personal Data:

• To fulfill contractual obligations
  (The purposes of the data processing are primarily based on the service we provide).
  
  
• In connection with our legitimate interests. (Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples include:
  • Ensuring IT security and IT operations,
  • Corporate governance measures and further development of our services,
  • defense against claims by third parties and
  • Enforcement of our own claims).
    
    
• Based on your consent
  (If you have given us your consent to process Personal Data for specific purposes).
  
  
• To comply with legal obligations.
  (Processing to comply with our legal obligations.)
  
  

Am I obliged to provide data?

In the context of our business relationship, you are only obliged to provide Personal Data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we usually have to refuse to conclude a contract or can no longer fulfill an existing contract and may have to terminate it.

Log data

Each time you visit our website, our system automatically collects the following data from the visiting device and stores it in a so-called log file: (i) name of the file accessed, (ii) date and time of the visit, (iii) amount of data transferred, (iv) notification of successful retrieval, type of browser and version used, (v) IP address (identification of the user's device), (vi) operating system of the visiting device, (vii) Internet service provider of the visiting device, (viii) website from which you access our website, and (ix) which pages of our website you access. The legal basis for this processing is our legitimate interest.

Hosting

To provide our website, we use the services of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107 USA who handles the worldwide website access, and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf in their Frankfurt, Germany location. The legal basis for the data processing is our legitimate interest in providing our website.

Cookies

What are cookies? A cookie is a small simple file that is sent along with pages of our website and stored by your browser on the hard drive of your computer or other device. The information stored in it may be returned to our servers (or to the servers of the relevant third parties) on a subsequent visit. Doing so, Cookies transmit small amounts of data about your device to our web server and enable our website to recognize your computer, smartphone, or other device.

Why do we provide information about cookies? The provision of information about our use of cookies is required and set out in the German Data Protection and Privacy in Telecommunications and Telemedia Act (TTDSG) which implements the Privacy and Electronic Communications Directive (PECD). Accordingly, the use of functional, analysis and performance or advertising cookies (“non-essential cookies”) require your consent and thus the legal basis for the collection of your Personal Data through analysis and performance cookies, is your consent.

However, as we think it is important that you should have full control over your privacy online, we refrained from placing non-essential cookies on our website and as such we are not required to obtain any consents. Nonetheless, this may change, and we ask you to regularly check this policy for any updates.

Links to other websites

Please note that if you use a link from our website to a third-party website, that third-party may also set new cookies that are not covered by this policy. In such cases, we recommend that you read the cookie policy on the third-party website itself.

Turnstile

We use Turnstile. The service is offered by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107 USA. The purpose of Turnstile is to check whether the data input on our websites is made by a human being or by an automated programme, and Turnstile also protects our users from SPAM when using the message function. For this purpose, Turnstile analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, Turnstile evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Intuition Machines. Turnstile analyzes run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our Services from abusive automated spying and our users from SPAM.

Contact

The processing of Personal Data depends on the nature of your contact. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also contain certain Personal Data. The Personal Data collected when you contact us is used to process your request, and the legal basis is your consent.

Registration

As part of the registration process, users provide their a) Email address; b) Password. The data provided will be used for the purposes of creating and using the account and providing and/or using our services. In the context of the use of our registration and the use of your account, the legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as consent.

When you use our services

We process the Personal Data that arises when you use our services in order to provide our contractual services. In particular, this includes our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of the fulfillment of our contractual obligations and our legal obligations.

Also please note that when using our services, you become the data controller and we become the data processor in accordance with Part 3 of the BDSG and Chapter 4 of the GDPR. Where we process your Personal Data as data processor or in other words on behalf of you, we will process the Personal Data involved in your use of our services in accordance with your instructions and shall use it only for the purposes agreed between you and us.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks and the organization of our business and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the provision of our contractual services. The processing bases are our legal obligations and our legitimate interest.

Payment Data

If you make a purchase your payment will be processed via our payment service provider Stripe (Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland). Payment data will solely be processed through Stripe and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

System notifications

By using our services, you are giving your consent to receiving system notifications. Those typically include administrative information, warnings, and alerts as well as other relevant notifications relating to your account or activity on our services. To do so we use our own mail server. You cannot opt out of receiving system notifications, and the only way to stop receiving them is to delete your account. The legal basis for processing is our obligation to fulfill the contract .

Marketing

If you have given us your separate consent to process your data for marketing and promotional purposes, we are entitled to contact you for these purposes through the communication channels for which you have given your consent.

You may give us your consent in a variety of ways, such as by checking a box on a form asking for permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. In cases where your consent is implied, it is based on the assumption that you could reasonably expect to receive a marketing communication based on your interactions or contractual relationship with us.

Direct marketing is typically by email, but may include other less traditional or new channels. These forms of contact are managed by us or by our contracted service providers. Any direct addressed marketing sent or conducted by us or on our behalf will provide you with the opportunity to opt out or exclude yourself.

Economic analyses and market research

For business reasons, we analyze the data we have on business transactions, contracts, enquiries,browsing behavior etc., whereby the group of persons concerned may include contractual partners, interested parties, and users of our services.

The analyses are carried out for the purpose of business evaluations and market research. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).

Who receives my information?

Within Valvoid, those who have access to your information are those who need it to fulfill our contractual and legal obligations.

Processors used by us may also receive data for these purposes. These are companies in the areas of IT services, telecommunications, and sales and marketing. If we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of Personal Data in accordance with the relevant legal provisions.

Data is only passed on to third parties within the framework of the legal provisions. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or due to legitimate interests in the economic and effective operation of our company, or if you have consented to the transfer of data.

How long will my data be stored?

To the extent necessary, we process and store your Personal Data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract on our designated Google server in their Frankfurt, Germany location.

In addition, we are subject to various retention and documentation obligations, which result, among other things, from the statutory minimum retention periods and other retention periods prescribed in this sense, e.g. retention periods under tax or commercial law. Depending on the document and the legal regulation, the periods specified there for storage and documentation are five years (HGB), six years (A0) or ten years (HGB).

How do we secure your data?

Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of content or contact requests that you send to us. In addition, we have taken numerous security measures ("technical and organizational measures"), such as encryption or access only when necessary, to ensure the most complete protection of Personal Data processed through this website.

Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. And databases or records containing Personal Data may be breached inadvertently or by unlawful intrusion. If we learn of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as soon as possible after the breach is discovered.

Is data transferred to a third country?

We process data in the course of operating our website. We do not normally transfer Personal Data to countries outside Germany and the EEA. However, if we do, we ensure that the processing of your Personal Data is governed by processing contracts that include standard contractual clauses to ensure a high level of data protection.

Special category data

We do not process special category data unless it is necessary for the use of our services and explicit consent has been given.

Minors

We do not request Personal Data from minors and children and do not knowingly collect such data or share it with third parties.

Automated Decision Making

Automated decision making is the process of making a decision by automated means without human involvement. Automated decision making does not occur.

DO NOT SELL

We do not sell your personal information.

Your rights and privileges

Rights to protect your data Under the BDSG and the GDPR, you may exercise the following rights:

• Right to information
• Right to rectification
• Right to deletion
• Right to data portability
• Right to object
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority
• Right not to be subject to a decision based solely on automated processing
  
  

If you have any questions about the type of Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.

Updating your data

If you believe that the data we hold about you is inaccurate or that we are no longer entitled to use it and you wish to request that it be rectified or erased, or object to its processing, please contact us.

Withdrawal of your consent

You may withdraw any consent you have given at any time by contacting us. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Request for information

If you would like to make a request for information about your data, you can inform us in writing. We will respond to requests for information and correction as quickly as possible. If we are unable to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with the personal information you have requested or to make a correction, we will tell you why.

Complaint to a supervisory authority

You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) (https://www.bfdi.bund.de) is the Federal Commissioner for Data Protection. The Berlin DPA is the state Data Protection Authority for the state of Berlin. The Berlin DPA`s contact details can be found on https://www.datenschutz-berlin.de. However, we would appreciate the opportunity to address your concerns before you contact the BfDI or the Berlin DPA.