Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both as part of the provision of our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Effective date: August 1, 2024

Table of Contents

• Preamble
• Data Controller
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• Rights of Data Subjects
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Contact and Request Management

Data Controller

Edgar Hammerbeck
Sitsi 28.
10617, Tallinn, Estonia

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected individuals.

Types of Data Processed

• Inventory data.
• Contact data.
• Content data.
• Usage data.
• Meta, communication, and procedural data.
• Log data.

Categories of Data Subjects

• Communication partners.
• Users.

Purposes of Processing

• Communication.
• Security measures.
• Organizational and administrative procedures.
• Feedback.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.

Relevant Legal Bases

Relevant Legal Bases under the GDPR: Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or domicile may apply. Should more specific legal bases be applicable in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 sent. 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6 para. 1 sent. 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

Measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and separation of data. Furthermore, we have established procedures that ensure the exercise of data subject rights, data deletion, and responses to data endangerment. Additionally, we consider the protection of personal data already in the development or selection of hardware, software, and procedures according to the principle of data protection through technology design and through data protection-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect users' data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being securely and encryptedly transmitted.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw consent given at any time.
• Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and further information, as well as a copy of the data, in accordance with legal requirements.
• Right to rectification: You have the right to request the completion or rectification of inaccurate personal data concerning you in accordance with legal requirements.
• Right to erasure and restriction of processing: You have the right to request the erasure of personal data concerning you without undue delay, or alternatively to request restriction of processing of the data in accordance with legal requirements.
• Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller, in accordance with legal requirements.
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR, without prejudice to any other administrative or judicial remedy.

Provision of the Online Offering and Web Hosting

We process users' data to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or end device.