Privacy­Policy

1Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

2Controller

Tim Litwinschuh
10783 Berlin
Deutschland

E-Mail: hello@getcolli.de

Impressum: www.getcolli.de/impressum.html

3Overview of Processing Activities

Die nachfolgende Übersicht fasst die Arten der verarbeiteten Daten und die Zwecke ihrer Verarbeitung zusammen und verweist auf die betroffenen Personen.

Types of data processed

• Inventory data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication and process data
• Log data

Categories of data subjects

• Recipients of services and clients
• Prospective customers
• Communication partners
• Users
• Business and contract partners

Purposes of processing

• Provision of contractual services and fulfilment of contractual obligations
• Communication
• Security Measures
• Direct marketing
• Office and organisational procedures
• Feedback
• Marketing
• Provision of our online offer and user-friendliness
• Information technology infrastructure
• Sales promotion
• Business processes and business management procedures

4Applicable Legal Bases

Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or establishment may apply.

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or for pre-contractual steps taken at their request.
• Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG).

5Security Measures

We implement appropriate technical and organisational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

Measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data.

TLS/SSL encryption (HTTPS): Our online services are transmitted over encrypted connections. A website secured by an SSL/TLS certificate is indicated by HTTPS in the URL.

6International Data Transfers

Where we transfer data to a third country (i.e. outside the EU or EEA) or where this occurs through the use of third-party services, this is always done in compliance with legal requirements.

For data transfers to the USA, we primarily rely on the EU-US Data Privacy Framework (DPF), recognised as a safe legal framework by an EU Commission adequacy decision of 10 July 2023. Additionally, we have concluded standard contractual clauses with the respective providers.

Further information on the DPF and a list of certified companies can be found on the US Department of Commerce website at dataprivacyframework.gov.

7General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal bases for processing exist.

Statutory retention periods under German law:

• 10 years – Books, records, annual financial statements, inventories (§ 147(1)(1) AO, § 257(1)(1) HGB)
• 8 years – Accounting documents such as invoices and receipts (§ 147(1)(4) AO, § 257(1)(4) HGB)
• 6 years – Other business documents, received commercial letters (§ 147(1)(2) AO, § 257(1)(2) HGB)
• 3 years – Data for handling warranty and damage claims (§§ 195, 199 BGB)

8Rights of Data Subjects

As a data subject, you have various rights under the GDPR, in particular arising from Art. 15 to 21 GDPR:

• Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. Where personal data is processed for direct marketing purposes, you have the right to object at any time.
• Right to withdraw consent: You have the right to withdraw consent at any time.
• Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to receive information about such data.
• Right to rectification: You have the right to request the completion or correction of inaccurate data concerning you.
• Right to erasure and restriction of processing: You have the right, subject to legal requirements, to request the immediate deletion of data concerning you, or alternatively to request restriction of processing.
• Right to data portability: You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, if you believe that the processing of your data violates the GDPR.

9Business Services

We process personal data of our contractual and business partners, including customers, clients, prospects, suppliers and other cooperation partners (collectively "contract partners"), for the initiation, performance and settlement of contractual relationships and comparable legal relationships.

Data processed includes in particular master data such as name, address and company name, contact data such as email address and telephone number, contract and service data, as well as payment and billing data.

Data will be deleted as soon as it is no longer required for the aforementioned purposes and no statutory retention obligations stand in the way.

• Types of data processed: Inventory data; payment data; contact data; contract data.
• Data subjects: Recipients of services and clients; prospective customers; business and contract partners.
• Purposes of processing: Provision of contractual services; communication; office and organisational procedures; business processes.
• Legal bases: Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Further note: Software and platform services – We process data of our users, registered users and any test users in order to provide them with our contractual services, and on the basis of legitimate interests to ensure the security of our offer and to further develop it. Legal basis: Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR).

10Payment Methods

In the context of contractual and other legal relationships, we offer data subjects efficient and secure payment options and for this purpose, in addition to banks and credit institutions, use further service providers. All payment transactions are conducted exclusively over encrypted connections.

Data processed includes inventory data, bank details, passwords, TANs and checksums as well as contract, amount and recipient-related information. We do not receive account or credit card information, only confirmations or negative notifications of payment.

• Legal bases: Contract performance (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Payment service providers used:

• Apple Pay – Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Datenschutzerklärung.
• Klarna – Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Schweden. Datenschutzerklärung.
• Stripe – Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Datenschutzerklärung. Basis for third-country transfer: Data Privacy Framework (DPF).

11Provision of the Online Offer and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Types of data processed: Usage data; meta, communication and process data; log data.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Hosting provider:

• Alfahosting – Alfahosting GmbH, Ankerstraße 3b, 06108 Halle (Saale), Deutschland. Datenschutzerklärung. A data processing agreement is in place.

Log files: Server log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose continued storage is required for evidentiary purposes is exempt from deletion until the incident is resolved.

12Use of Cookies

The term "cookies" refers to functions that store and retrieve information on users' end devices. We use cookies in accordance with legal requirements and, where necessary, obtain users' prior consent.

Storage duration:

• Temporary cookies (session cookies): Deleted at the latest after a user leaves the online offer and closes their device.
• Permanent cookies: Remain stored even after the device is closed. The storage duration can be up to two years.

Users can revoke their consent at any time and also object via the privacy settings of their browser.

• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

13Contact and Request Management

When contacting us (e.g. by email or via the contact form), the data of the requesting persons is processed to the extent necessary for responding to the contact requests and any requested measures. We use this data exclusively for the stated purpose of making contact.

• Verarbeitete Datenarten: Kontaktdaten; Inhaltsdaten; Meta-, Kommunikations- und Verfahrensdaten.
• Data subjects: Communication partners.
• Legal bases: Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

14Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications only with the consent of the recipients or on a legal basis. To sign up to our newsletter, providing your email address is sufficient.

Deletion: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given.

Content: Information about us, our services, campaigns and offers.

• Verarbeitete Datenarten: Bestandsdaten; Kontaktdaten; Meta-, Kommunikations- und Verfahrensdaten.
• Legal bases: Consent (Art. 6(1)(a) GDPR).
• Right to object (opt-out): You can cancel receipt of our newsletter at any time. An unsubscribe link can be found at the end of each newsletter, or you can use the email address provided above.

15Advertising Communication via Email, Post, Fax or Telephone

We process personal data for the purposes of advertising communication, which may be carried out via various channels such as email, telephone or post, in accordance with legal requirements.

Recipients have the right to withdraw consent at any time or to object to advertising communication free of charge at any time. After withdrawal or objection, we store the necessary data for up to three years after the end of the year of withdrawal or objection.

• Verarbeitete Datenarten: Bestandsdaten; Kontaktdaten; Inhaltsdaten.
• Legal bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

16Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We update the privacy policy as soon as changes to the data processing operations we carry out make this necessary. We will inform you as soon as changes require your participation (e.g. consent) or another individual notification.

17Definitions

• Inventory data: Essential information for the identification and management of contract partners, user accounts and profiles, e.g. names, contact information and user IDs.
• Content data: Information generated in the course of creating, editing and publishing content of all kinds, including texts, images, videos and metadata.
• Contact data: Essential information for communication, e.g. telephone numbers, postal addresses and email addresses.
• Meta, communication and process data: Information about how data is processed, transmitted and managed – e.g. IP addresses, timestamps, identification numbers, communication histories and audit logs.
• Usage data: Information capturing how users interact with digital products – e.g. page views, click paths, dwell time, device information and IP addresses.
• Personal data: All information relating to an identified or identifiable natural person (Art. 4(1) GDPR).
• Log data: Information about events or activities logged in a system, e.g. timestamps, IP addresses, user actions and error messages.
• Controller: Natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (Art. 4(7) GDPR).
• Processing: Any operation or set of operations performed on personal data – e.g. collection, storage, transmission or deletion (Art. 4(2) GDPR).
• Contract data: Specific information relating to the formalisation of an agreement between two or more parties, e.g. durations, price agreements, payment terms.
• Payment data: All information required to process payment transactions, e.g. credit card numbers, bank details, transaction data.

Created with free Privacy Policy Generator by Dr. Thomas Schwenke