This privacy policy explains the nature, scope and purpose of the collection and processing of personal data when using the online service "Mailfriends". Terms like "personal data" are defined in Art. 4 of the General Data Protection Regulation (GDPR).
Due to the further development of the online service or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current version can always be accessed via the links within the online service. All prior communications or agreements are superseded by the current version.
The date of this version is November 18, 2018.
For the provision of the online service, the controller (hereinafter also referred to as the "operator") collects personal data (hereinafter also referred to as "data" or "information") from data subjects (hereinafter also "users").
The operator processes the data of the users directly or with the help of processors (hereinafter referred to as "service providers"), treats it confidentially and takes appropriate technical and organizational measures for the security of the data processing in accordance with Art. 32 GDPR.
The controller within the meaning of the GDPR is: Christoph Ziegenberg, Husarenstr. 45, 38104 Braunschweig, Germany
The processing of data is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the operator.
Provided that the respective legal basis is not explicitly mentioned in this privacy policy, the following legal bases apply:
Unless explicitly stated in this privacy policy, stored data is routinely erased as soon as it is no longer required for its intended purpose and no further statutory retention requirements have to be met.
In case the deletion is not possible because the data is required for other and legitimate purposes, processing of the data will be restricted instead.
Personal data will not be disclosed to third parties, unless ...
The operator makes the online service available with the help of processors, which provide the necessary technologies and/or services.
The processors contracted by the operator must be able to confirm or prove that they process the users' data in accordance with statutory provisions, or special guarantees must exist to ensure a corresponding level of data protection.
The infrastructure - the basic technical means for the operation of the online service - is provided by service providers, based on the legitimate interests of the operator in a secure, efficient and economic provision of the online service.
These services include:
The use of these services may technically require that content from service providers is integrated into the online service in such a way that it's loaded by the user's browser software (hereinafter referred to as "browser"). In this case the browser sends requests to the servers of service providers and for technical reasons transmits the user's IP address and other request data.
When using the online service, the browsers used by the users transmit general data with each request made to the online service, some of which are processed and stored.
The data transmitted include:
The IP address is technically required to answer the request. In addition, the data will be processed based on the following legitimate interests of the operator:
The operator of the online service uses the storage techniques described in the following subsections for the following purposes:
The use for these purposes is mandatory for the provision of the online service and is based on the legitimate interests of the operator. If the aforementioned techniques are used for any other purpose, a separate description of this use will be given in the following sections of this privacy policy.
As far as necessary for a purpose, the data storage in the browser is pointed out separately within the online service and the necessary consent of the users obtained.
Cookies are a common technique used to transmit information from an online service to users' browsers in order to store it for a defined period of time. The browsers automatically send this information back to the online service on later requests, so that information can be exchanged between the two sides.
The storage period for cookies depends on the purpose. Either cookies are stored for the duration of the current session only (until the browser is closed) or for a certain period of time, so that they persist even after the browser has been closed (for example, 30 days).
Regardless of the set storage time, users can delete cookies from their browsers at any time or configure their browsers to not accept cookies or to confirm each acceptance in advance. The self-acting deletion, the complete deactivation of cookies or the rejection of individual cookies can lead to the fact that the online service can no longer be used to its full extent.
Where appropriate, information is also stored in users' browsers using JavaScript. In contrast to the use of cookies, the information is only available within the browsers, so the browsers do not automatically send this information back to the online service on later requests.
As in the case of cookies, data is automatically deleted or persisted when closing the browser, depending on its purpose. The exact storage time is managed by the browser itself.
Regardless of the set storage time, users can delete the data at any time or configure their browsers so that the data storage features or JavaScript as a whole are not available. The self-acting deletion, the complete deactivation of these features or of JavaScript as a whole can lead to the fact that the online service can no longer be used to its full extent.
The following subsections provide detailed information on the nature, scope and purpose of the collection and processing of personal data that occurs when certain features and contents of the online service are used.
The operator provides different ways of contact, e.g. by mail, e-mail, telephone or via provided functions within the online service.
The transmitted data is processed and stored for the following purposes:
The processing of contacts via provided functions within the online service takes place with the prior consent of the user. Contacts by other means are processed due to a legitimate interest of the operator. In addition, if the establishment of contact aims at concluding a contract, the legal basis of processing is Art. 6 para. 1 lit. b GDPR.
The data transmitted during a contact can be stored in programs or databases for managing contacts and customer relationships (for example in a customer relationship management system).
When contacting by e-mail, data may be transmitted unencrypted (for example, between the participating e-mail servers). Furthermore, an email may not arrive at the intended recipient due to spam filters or technical issues.
When contacting by phone, the phone number of the user can be transmitted. It may be displayed in the device of the called party and stored there for the purpose of recall (for a device-dependent duration).
The transmission of the user's phone number can be prevented, if the user suppresses it before contacting.
By using the feature to leave your opinion about the operator's online service for the purpose of publication (in anonymous, shortened or translated form), the following personal information will be processed:
The information is stored for an indefinite period of time.
Only the operator has access to the original information. The information can be made accessible to all users of the online service in anonymised, possibly shortened or translated form.
When using the feature to verify a user's identity using the e-mail address, the following personal information will be processed:
In order to verify new e-mail addresses, the e-mail address is buffered until the confirmation e-mail is sent (usually a few seconds), after which it is deleted and stored only anonymously.
With the confirmation of the e-mail address by the recipient of the confirmation e-mail, the e-mail address is stored in a readable form until it is blocked, replaced, or the user account is deleted.
The blocking of e-mail addresses by the recipient of an e-mail is done using hash values. The e-mail addresses are not saved for this purpose. The hash values are stored for an indefinite period of time..
Only the operator has access to saved e-mail addresses.
The creation of a user account is required for the use of additional functions, so that other users learn something about the user for the purpose of getting to know each other. The following personal data is processed:
The storage takes place until the user account has not been deleted by the user and the operator can assume that the user is still interested in further use (usually 90 days after the last use of functions).
All users of the online service have access to the above information.
When using the feature to create an ad for the purpose of beeing contacted by other users, the following personal information will be processed:
The ad will be stored from the moment the ad is saved to the expiration of the ad, plus a transitional period of 7 days, during which users may extend the ad. The ad expires 30 days after the ad has been checked or 30 days after the last extension by the user.
All users of the online service have access to the above information.
By using the feature to contact other users and continue these contacts, the following personal information will be processed for the purpose of communicating with other users:
The data is stored until the contact is terminated by one of the communication participants or the user account of one of the communication participants is deleted.
Only the communication participants have access to the written messages. The operator usually has no access, since the storage is encrypted and only the communication partners have the key. However, a communication participant may grant access to the operator, e.g. in case of violations of the terms of use.
Users may request information on the categories of processed data, processing purposes, potential recipients of the data and the planned storage period (Art. 15 GDPR) as well as the correction of inaccurate and the supplement of incomplete data (Art. 16 GDPR). They has the right to receive previously provided data and transmit it to others (Art. 20 GDPR).
Under certain conditions, users have the right to request the deletion of data, in particular if the data is no longer required for its intended purpose or unlawfully processed (Art. 17 GDPR), or they may request the restriction of data, as far as a deletion is not possible or the deletion is disputed (Art. 18 GDPR).
Users may withdraw previously given consent as well as data processing for the purpose of direct marketing at any time with effect for the future (Art. 7 para. 3 GDPR and Art. 21 para. 2 GDPR). In addition, they may object the data processing that is performed due to a legitimate interest of the operator, for reasons arising from their specific situation (Art. 21 para. 1 GDPR).
Users have the right to submit a complaint to the competent supervisory authority (Art. 77 GDPR) if they consider that the processing of their personal data violates the GDPR.