Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Status: July 30, 2024

Responsible Party

Valérie Madoka Naito
Oschatzer Straße 7
01127 Dresden
Germany

Email: contact@wirc.network

Overview of Processing

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected individuals.

Types of Processed Data

  • Inventory data (e.g., names, addresses).
  • Content data (e.g., text entries, photographs, videos).
  • Contact data (e.g., email, telephone numbers).
  • Meta/communication data (e.g., device information, IP addresses).
  • Usage data (e.g., visited websites, interest in content, access times).

Categories of Affected Persons

  • Users (e.g., website visitors, users of online services).

Purposes of Processing

  • Content Delivery Network (CDN).
  • Feedback (e.g., collecting feedback via online form).
  • Security measures.
  • Managing and responding to inquiries.

Relevant Legal Bases

Below, we inform you about the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the regulations of the GDPR, national data protection regulations in your or our country of residence may apply.

  • Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Protection of Vital Interests (Art. 6(1)(d) GDPR): The processing is necessary to protect the vital interests of the data subject or another natural person.
  • Legitimate Interests (Art. 6(1)(f) GDPR): The processing is necessary to safeguard the legitimate interests of the controller or a third party unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

National Data Protection Regulations in Germany

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes, and the transmission as well as automated decision-making in individual cases, including profiling. Additionally, it regulates the data processing for employment purposes (§ 26 BDSG), especially concerning the establishment, execution, or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, in accordance with legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transmission, availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, deletion of data, and responses to data threats. Additionally, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Transmission and Disclosure of Personal Data

In the context of our processing of personal data, it may happen that the data is transmitted to other entities, companies, legally independent organizational units, or persons or disclosed to them. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers tasked with IT tasks, or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosure or transmission of data to other persons, entities, or companies, this only happens in accordance with legal requirements.

Subject to express consent or contractual or legally required transmission, we process or allow the data to be processed only in third countries with a recognized level of data protection, which includes the US processors certified under the "Privacy Shield," or based on special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission).

Provision of the Online Offer and Web Hosting

To provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services.

The data processed in the context of providing the hosting offer may include all information relating to the users of our online offer that is incurred in the context of use and communication. This includes regularly the IP address, which is necessary to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.

Email Sending and Hosting

The web hosting services we use also include the sending, receiving, and storing of emails. For these purposes, the addresses of the recipients and senders, as well as other information concerning the email dispatch (e.g., the involved providers) and the contents of the respective emails, are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission path of the emails between the sender and the reception on our server.

Collection of Access Data and Logfiles

We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful access, browser type along with version, the user's operating system, referrer URL (the previously visited page), and IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g., to avoid server overload (especially in case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the utilization and stability of the servers.

Content-Delivery-Network

We use a "Content-Delivery-Network" (CDN). A CDN is a service with which the content of an online offer, especially large media files, such as graphics or scripts, can be delivered more quickly and securely with the help of regionally distributed servers connected via the Internet.

Processed Data Types

  • Content data (e.g., text entries, photographs, videos)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Affected Persons

  • Users (e.g., website visitors, users of online services)

Purposes of Processing

  • Content Delivery Network (CDN)

Legal Bases

  • Legitimate Interests (Art. 6(1)(f) GDPR)

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as their permitted consents are revoked or other permissions cease to apply (e.g., if the purpose of processing this data has ceased to apply or they are not necessary for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person.

Further information on the deletion of personal data can also be provided in the context of the individual data protection notices of this privacy policy.

Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to check the information before contacting us.

Rights of the Affected Persons

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

  • Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is carried out based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw granted consents at any time.
  • Right to Access: You have the right to request confirmation as to whether relevant data is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right to request the completion of the data concerning you or the correction of incorrect data concerning you in accordance with legal requirements.
  • Right to Erasure and Restriction of Processing: You have the right to demand that the data concerning you be deleted immediately, or alternatively, to demand a restriction of the processing of the data in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with legal requirements or to request their transfer to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority: You also have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, workplace, or the place of the alleged infringement if you consider that the processing of your personal data violates the GDPR.

Definitions of Terms

This section provides an overview of the terminology used in this privacy policy. Many of the terms are taken from the law and defined mainly in Art. 4 GDPR. The legal definitions are binding. The following explanations, however, are primarily intended to aid understanding. The terms are sorted alphabetically.

  • Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service that helps deliver content of an online offer, especially large media files, such as graphics or program scripts, faster and more securely with the help of regionally distributed servers connected via the Internet.
  • Personal Data: "Personal Data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Controller: "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Imprint Privacy contact@wirc.network