Home About us Wiki Webpanel

Data protection declaration

Preamble

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent in the context of providing our application.

The terms used are not gender-specific.

As of: June 22, 2024

Table of contents

Person responsible

Lukas Dieckmann
Gottfriedstraße 8.
49584 Fürstenau Germany

E-mail address: contact@ggbot.de

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons affected.

Types of data processed

Categories of persons affected

Purposes of processing

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, securing availability and separation of data. Furthermore, we have set up procedures that ensure the exercise of data subjects' rights, the deletion of data and reactions to threats to data. We also take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): In order to protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and encrypted.

Transfer of personal data

As part of our processing of personal data, it may happen that this data is transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organization: Data transfer within the group of companies: We may transmit personal data to other companies within our group of companies or grant them access to it. If the data is passed on for administrative purposes, it is based on our legitimate business and commercial interests or takes place if it is necessary to fulfill our contractual obligations or if the consent of the data subject or legal permission is available.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place as part of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Furthermore, data transfers only take place if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), explicit consent or in the case of contractual or legally required transmission (Art. 49 Para. 1 GDPR). In addition, we will inform you of the basis for the third country transfer for the individual providers from the third country, whereby the adequacy decisions apply as the primary basis. Information on third country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA as part of the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). In the privacy policy we will inform you which service providers we use are certified under the Data Privacy Framework.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or there are no further legal bases for the processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require the data to be stored or archived for a longer period.

In particular, data that must be stored for commercial or tax law reasons or whose storage is necessary for legal proceedings or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the storage and deletion of data that applies specifically to certain processing processes.

If there are several details on the storage period or deletion periods for a date, the longest period always applies.

If a period does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships within the framework of which data is stored, the event that triggers the deadline is the time at which the termination or other termination of the legal relationship takes effect.

Data that is no longer stored for the originally intended purpose but due to legal requirements or other reasons, is only processed by us for the reasons that justify its storage.

Further information on processing procedures, methods and services:

Rights of the data subjects

Rights of the data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which in particular relate to from Art. 15 to 21 GDPR:

Provision of the online offer and web hosting

We process the data of users in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Further information on processing procedures, procedures and services:

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read it from them. For example, to store the log-in status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for various purposes, such as for the purposes of the functionality, security and convenience of online offers and to create analyses of visitor flows.

Notes on consent: We use cookies in accordance with the legal regulations. We therefore obtain prior consent from users, unless it is not required by law. Permission is not necessary in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service expressly requested by them (i.e. our online offering). The revocable consent will be clearly communicated to them and contains information on the respective cookie usage.

Notes on data protection legal bases: The data protection basis on which we process users’ personal data using cookies depends on whether we ask them for consent. If users accept, the legal basis for the use of their data is their declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and the improvement of its usability) or, if this occurs as part of the fulfillment of our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We will explain the purposes for which we use cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to processing in accordance with legal requirements, including using the privacy settings of their browser.

Registration, login and user account

Users can create a user account. As part of the registration, users are provided with the required mandatory information and processed for the purposes of providing the user account on the basis of contractual obligation fulfillment. The data processed includes in particular the login information (user name, password and an email address).

When using our registration and login functions and using the user account, we save the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by email about processes that are relevant to their user account, such as technical changes.

Further information on processing procedures, procedures and services:

Single sign-on registration

"Single sign-on" or "single sign-on registration or authentication" refers to procedures that allow users to log in to a provider of single sign-on procedures (e.g. a social network), including our online offering, using a user account. The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose, or already do so in the Single sign-on provider and confirm the single sign-on registration via button.

Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that we cannot use for other purposes (so-called "user handle"). Whether additional data is sent to us depends solely on the single sign-on process used, on the data releases selected as part of the authentication and also on which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user's choice, this can be different data; usually it is the email address and the user name. The password entered as part of the single sign-on process with the single sign-on provider is neither visible to us nor is it stored by us.

Users are asked to note that the information we store can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually done. If, for example, users' email addresses change, they must change them manually in their user account with us.

We can use single sign-on registration, if agreed with users, as part of or before the contract is fulfilled, if users have been asked to do so, process it within the scope of consent and otherwise use it on the basis of our legitimate interests and the users' interests in an effective and secure registration system.

If users decide that they no longer want to use the link between their user account with the single sign-on provider for the single sign-on process, they must cancel this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

Further information on processing procedures, procedures and services:

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is only processed for the purposes of the publication medium to the extent that it is necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.

Further information on processing procedures, procedures and services:

Contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the details of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

Further information on processing processes, procedures and services:

Communication via messenger

We use messengers for communication purposes and therefore ask you to note the following information on the functionality of the messengers, encryption, the use of communication metadata and your options for objection.

You can also contact us in alternative ways, e.g. by phone or email. Please use the contact options provided to you or the contact options provided within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption activated to ensure that the encryption of the message content is guaranteed.

However, we would also like to point out to our communication partners that although the providers of the messenger cannot view the content, they can find out that and when communication partners are communicating with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us of their own accord, for example, we use messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and fulfilling the needs of our communication partners in communicating via messenger. We would also like to point out that we will not transmit the contact details provided to us to the messenger for the first time without your consent.

  • Affected persons: communication partners.
  • Purpose of processing: communication.
  • Storage and deletion: deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal basis: consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

    • Chatbots and chat functions

    We offer online chats and chatbot functions (collectively referred to as "chat services") as a means of communication. A chat is an online conversation that takes place in a certain time. A chatbot is software that answers users' questions or informs them about messages. If you use our chat functions, we can process your personal data.

    If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We can also collect information about which users interact with our chat services and when. We also store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove these in accordance with legal requirements.

    We would like to point out to users that the respective platform provider can find out that and when users communicate with our chat services, as well as collect technical information about the device used by the user and, depending on the settings of their device, location information (so-called metadata) for the purposes of optimizing the respective services and for security purposes. The metadata of communication via chat services (i.e., for example, the information about who communicated with whom) could also be used by the respective platform providers for marketing purposes or to display advertising tailored to users in accordance with their terms, to which we refer for further information.

    If users agree to activate information with regular messages to a chatbot, they have the option of unsubscribing from the information for the future at any time. The chatbot informs users how and with which terms they can unsubscribe from the messages. When you unsubscribe from chatbot messages, user data will be deleted from the list of message recipients.

    We use the aforementioned information to operate our chat services, e.g. to address users personally, to answer their inquiries, to transmit any requested content and also to improve our chat services (e.g. to "teach" chatbots answers to frequently asked questions).

    Push messages

    With the consent of the users, we can send users so-called "push notifications". These are messages that are displayed on the screens, end devices or in the browsers of the users, even if our online service is not currently being actively used.

    To register for push messages, users must confirm the request from their browser or end device to receive the push messages. This consent process is documented and saved. The storage is necessary to recognize whether users have agreed to receive the push messages and to be able to prove the consent. For these purposes, a pseudonymous identifier of the browser (so-called "push token") or the device ID of a terminal device is stored.

    Newsletters and electronic notifications

    We send newsletters, emails and other electronic notifications (hereinafter "newsletters") exclusively with the consent of the recipient or on the basis of a legal basis. If the contents of the newsletter are mentioned when registering for the newsletter, these contents are decisive for the consent of the user. To register for our newsletter, it is usually sufficient to provide your email address. However, in order to be able to offer you a personalized service, we may ask you to provide your name so that you can be addressed personally in the newsletter or for further information if this is necessary for the purpose of the newsletter.

    Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list (so-called "block list") for this purpose alone.

    The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

    Content:

    Information about us, our services, promotions and offers.

    Further information on processing procedures, methods and services:

    Sweepstakes and competitions

    We only process personal data of participants in sweepstakes and competitions in compliance with the relevant data protection regulations, insofar as the processing is contractually necessary for the provision, implementation and processing of the sweepstakes, the participants have consented to the processing or the processing serves our legitimate interests (e.g. the security of the sweepstakes or the protection of our interests against misuse through possible collection of IP addresses when submitting sweepstakes entries).

    If entries from participants are published as part of the competitions (e.g. as part of a vote or presentation of the competition entries or the winners or reporting on the competition), we would like to point out that the names of the participants can also be published in this context. Participants can object to this at any time.

    If the competition takes place within an online platform or social network (e.g. Facebook or Instagram, hereinafter referred to as the "online platform"), the terms of use and data protection provisions of the respective platforms also apply. In these cases, we would like to point out that we are responsible for the information provided by participants as part of the competition and that inquiries regarding the competition should be directed to us.

    Participants' data will be deleted as soon as the competition or contest has ended and the data is no longer required to inform the winners or because no further queries about the competition are expected. In principle, participants' data will be deleted no later than 6 months after the end of the competition. Winners' data may be retained for longer, for example in order to B. to answer questions about the prizes or to fulfill the prize services; in this case, the retention period depends on the type of prize and is, for example, up to three years for items or services in order to be able to process warranty cases, for example. Participants' data can also be stored for longer, e.g. in the form of reporting on the competition in online and offline media.

    If data was also collected for other purposes as part of the competition, its processing and retention period are based on the data protection information for this use (e.g. in the case of registration for the newsletter as part of a competition).

    Surveys and surveys

    We conduct surveys and surveys to collect information for the respective communicated survey or survey purpose. The surveys and surveys we conduct (hereinafter "surveys") are evaluated anonymously. Personal data is only processed to the extent that this is necessary for the provision and technical implementation of the surveys (e.g. processing the IP address to display the survey in the user's browser or to enable the survey to be resumed using a cookie).

    Web analysis, monitoring and optimization

    Web analysis (also known as "reach measurement") is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can, for example, see at what time our online offering or its functions or content are used most frequently, or encourage reuse. It is also possible for us to understand which areas require optimization.

    In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offering or its components.

    Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a device and then read out. The information collected includes in particular websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, the processing of location data is also possible.

    In addition, the IP addresses of the users are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

    Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

    Affiliate programs and affiliate links

    In our online offering, we integrate so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of third-party providers (collectively referred to as "affiliate links"). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third parties (collectively referred to as "commission").

    In order to be able to track whether users have taken advantage of the offers of an affiliate link used by us, it is necessary for the respective third-party providers to know that users have followed an affiliate link used within our online offering. The assignment of the affiliate links to the respective business transactions or other actions (e.g. purchases) serves solely for the purpose of commission accounting and is canceled as soon as it is no longer required for this purpose.

    For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented with certain values ​​that are part of the link or can be stored elsewhere, e.g. in a cookie. The values ​​can include in particular the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

    Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

    Customer reviews and rating procedures

    We participate in review and rating procedures in order to evaluate, optimize and promote our services. If users rate us via the rating platforms or procedures involved or otherwise provide feedback, the general terms and conditions or terms of use and the data protection notices of the providers also apply. As a rule, the evaluation also requires registration with the respective providers.

    To ensure that the people making the evaluation have actually used our services, we transmit the necessary data regarding the customer and the service used to the respective evaluation platform (including name, email address and order number or article number) with the consent of the customer. This data is used solely to verify the authenticity of the user.

    Further information on processing procedures, methods and services:

    Presences in social networks (social media)

    We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

    We would like to point out that user data may be processed outside the European Union. This may result in risks for users because it could, for example, make it more difficult to enforce user rights.

    In addition, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user's usage behavior and the resulting interests. The latter may in turn be used to place advertisements within and outside the networks that presumably correspond to the interests of the users. Cookies are therefore usually stored on the users' computers in which the user's usage behavior and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

    For a detailed description of the respective processing methods and the options for opting out, we refer to the data protection declarations and information provided by the operators of the respective networks.

    In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

    Further information on processing procedures, procedures and services:

    Plug-ins and embedded functions and content

    We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

    Die Einbindung setzt immer voraus, dass die Drittanbieter dieser Inhalte die IP-Adresse der Nutzer verarbeiten, da sie ohne IP-Adresse die Inhalte nicht an deren Browser senden könnten. Die IP-Adresse ist damit für die Darstellung dieser Inhalte oder Funktionen erforderlich. Wir bemühen uns, nur solche Inhalte zu verwenden, deren jeweilige Anbieter die IP-Adresse lediglich zur Auslieferung der Inhalte anzuwenden. Drittanbieter können ferner sogenannte Pixel-Tags (unsichtbare Grafiken, auch als „Web Beacons" bezeichnet) für statistische oder Marketingzwecke einsetzen. Durch die „Pixel-Tags" können Informationen, wie etwa der Besucherverkehr auf den Seiten dieser Website, ausgewertet werden. Die pseudonymen Informationen können darüber hinaus in Cookies auf dem Gerät der Nutzer gespeichert werden und unter anderem technische Auskünfte zum Browser und zum Betriebssystem, zu verweisenden Websites, zur Besuchszeit sowie weitere Angaben zur Nutzung unseres Onlineangebots enthalten, aber auch mit solchen Informationen aus anderen Quellen verbunden werden.

    Hinweise zu Rechtsgrundlagen: Sofern wir die Nutzer um ihre Einwilligung in den Einsatz der Drittanbieter bitten, stellt die Rechtsgrundlage der Datenverarbeitung die Erlaubnis dar. Ansonsten werden die Nutzerdaten auf Grundlage unserer berechtigten Interessen (d. h. Interesse an effizienten, wirtschaftlichen und empfängerfreundlichen Leistungen) verarbeitet. In diesem Zusammenhang möchten wir Sie auch auf die Informationen zur Verwendung von Cookies in dieser Datenschutzerklärung hinweisen.

    Further information on processing procedures, procedures and services:

    Changes and updates

    We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

    If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

    Definitions of terms

    This section provides you with an overview of the terms used in this data protection declaration. To the extent that the terms are defined by law, their legal definitions apply. The following explanations, however, are intended primarily to aid understanding.

    Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke

    GGBot Banner

    English

    • Deutsch

    • English

    Links

    Discord Wiki Panel About us Contact

    Legal

    Imprint Privacy TOS

    We are not Mojang and not partnered with Mojang or Minecraft.