Privacy Policy & Cookie Policy

А. Responsible party

The responsible party for the purposes of the General Data Protection Regulation and other national data protection laws of the European Member States as well as other data protection regulations for the processing of personal data within the context of the “apk-one.com” and “apk-one” portal (hereinafter referred to as “the portal”) is:

Email: admin@apk-one.com (Developers can use this e-mail for complaints. We will delete all your apps from our website, if you want).
Website: apk-one.com


B. Contact details of the data protection representative

The data protection representative of the responsible party can be reached as follows:

Email: admin@apk-one.com


C. Processing of personal data

The following terms are used in the following data protection policy:


Visitors: Persons who access the portal without registering (no use of the portal's functions and services is possible).
Users: Persons who have registered to use the portal and use the portal within the context of a user agreement on the basis of the responsible party's terms of use.

I. Visitor portal and contact

1. Visiting our portal
1.1. Description of data processing
When you access our portal, the browser used on your device automatically sends information to the server of our portal/website. The following information is collected:


The visitor’s IP address
Date and time of access
Information about the browser type and version used
The visitor’s operating system
Websites from which the visitor’s system reaches our website
This data is saved in log files in our system, whereby the IP address is made anonymous. This data is not saved together with the visitor's other personal data.


Likewise, this data is not passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


1.2. Purpose of data processing
The system's temporary storage of the IP address is necessary to enable the website to be transmitted to the visitor's computer. The visitor's IP address must be stored for the duration of the session for this purpose.


The data is stored in log files to ensure the functionality of the website. In addition, the files serve to optimize the website and to ensure the security of our information technology systems.


1.3. Legal basis of the processing
The legal basis for temporarily saving data as well as saving log files is Art. 6 para 1. lit. f) GDPR.


The legitimate interest in data processing required for this purpose exists in the processing purposes mentioned under Section 1.2 above.


1.4. Duration of data processing/deletion
The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or processed. In cases in which the data is collected and saved for the purposes of providing the website, the data is deleted when the respective session has ended.


If the data is stored in log files, it is deleted thirty days after it is collected.


1.5. Right of objection
In accordance with Article 21 of the GDPR, you have the right at any time to object to the processing of the data in accordance with Section 1.1 for reasons resulting from your particular situation. In this case, we will no longer process the data, unless compelling reasons to process the data are demonstrated that outweigh your interests, rights and freedoms, or if the processing serves to make, process, or defend legal claims.


To exercise a right of objection, the visitor can contact us via email using the email address feebcks@gmail.com.


If the objection is justifiable, the data will be deleted.


2. Contact form and email address
2.1. Description and scope of data processing
There is a contact form on our website, which can be used for electronic communication. If a visitor takes advantage of this option, the data entered in the input form will be transferred to us and saved. This data includes:


Name
Email address
The message
At the time the message is sent, the following data is saved:


The IP address of the visitor
Date and time
When sending the message using the contact form, your consent is obtained for the processing of the data and you will be referred to this data protection policy.


You can alternatively contact us via the email address provided. In this case, the visitor's personal data transmitted by email will be saved.


The data are used exclusively for the processing of the respective inquiry. In this context, the data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


2.2. Purpose of data processing
The processing of personal data from the input form and/or your email inquiry takes place solely for the purposes of establishing contact. If you contact us by email, this likewise constitutes the necessary legitimate interest to process the data.


The other personal data processed during the transmission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.


2.3. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a) GDPR if the visitor has given his or her consent (for inquiries via the contact form).


The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f) GDPR. If the email contact is aimed at the conclusion of a contract, then the additional legal basis for processing the data is Art. 6 para. 1 lit. b) GDPR.


2.4. Duration of processing
The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected. For personal data from the input form of the contact form and sent by email, this data is deleted when the visitor's respective conversation or inquiry has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in questions have finally been clarified.


The additional personal data collected during the transmission process will be deleted at the latest after a period of 30 days from the time the data was collected.


2.5. Right of objection and revocation
The visitor has the possibility at any time to revoke his consent to the processing of personal data which he has given when using the contact form. The processing of the data that has taken place before the revocation is not affected by the revocation.


If the visitor contacts us via email, he or she can object to his personal data being stored at any time in accordance with Art. 21 GDPR. In this case, the conversation cannot be continued.


In order to make a corresponding objection or revocation, the visitor can contact us using the email address feebcks@gmail.com.


The data stored in the process of establishing contact will be deleted in the aforementioned cases.


II. Registration and user profile
1. Registering with apk-one
1.1. Description and scope of processing
In order to be able to use the services and functions offered within the context of the portal, registration is required for users. The following data is required for registration.


Email address
Password (saved as SHA hash)
User name (freely selectable)
Acceptance of terms of use and data protection policy
Newsletter user settings
At the time the registration request is sent, the following metadata is saved:


The user’s IP address
Date and time the registration is submitted
Language
Type of registration (via email, Facebook or Google, the user from Facebook or Google may be saved)
The user-agent of the user’s end device
Date of the validation of the user account (confirmation of registration)
Receipt of welcome message
Without the aforementioned data, the conclusion or implementation of the contract is not possible. The processing of this data is necessary in this context.


With the exception of the metadata, this data is entered via a corresponding input form. We store all this data. This data is processed to conclude and implement the user contract for the use of the portal’s services and functions.


With the exception of the user name, this data is not publicly accessible via the portal.


If the user uses his or her account from the internet platforms Facebook or Google to register, we receive the user’s corresponding email address directly via Facebook or Google. With this configuration, it is not necessary for the responsible party to collect the password. Furthermore, reference is made in this context to the data protection information provided by Facebook or Google.


In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


1.2. Purpose of processing
The processing of the data collected during registration serves to conclude and implement the user contract with the user with respect to the use of the portal or its services and functions.


The metadata also serves to prevent misuse of the registration and to ensure the security of our information technology systems.


1.3. Legal basis of the processing
The legal basis for the processing of login data collected in the context of registration is Art. 6 para. 1 lit. b) GDPR.


1.4. Duration of processing
After complete processing of the contract of use concerning the use of the services in the portal or deletion of the user’s profile, the data will be deleted and processing will be restricted to the extent necessary for tax and commercial obligations to save it. The data will be deleted at the latest after the expiry of the corresponding legal retention period, unless the user has expressly consented to further use of the data.


2. User’s profile details
2.1. Description and scope of processing
The user has the option to complete his user profile with voluntary information that is publicly visible in the portal. The following optional data may be collected and saved:


Profile image
About me text
List of the user’s end devices
Forum signature
Link to user’s Google, Twitter, Facebook, and YouTube profile
The aforementioned data can be viewed publicly via the portal and is processed for the purposes of the contract or to perform the functions offered within the scope of the portal. In particular, this data is also processed for the user to present it.


In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


2.2. Purpose of processing
The processing of the data collected during registration serves the purpose of implementing the user contract with the user regarding the use of the portal or its services and functions.


2.3. Legal basis of the processing
The legal basis for the processing of data is Art. 6 para. 1 lit. b) GDPR.


2.4. Duration of processing
After complete processing of the user contract or deletion of the user profile, the data will be deleted and processing will be restricted to the extent necessary for tax and commercial obligations to save it. The data will be deleted at the latest after the expiry of the corresponding legal retention period, unless the user has expressly consented to further use of the data.


III. Comments, forum and gamification
1. Comments
1.1. Description and scope of processing
Users have the opportunity to comment on articles published on the portal.


The user submits his or her comment using the appropriate input form. They also have the option of subscribing to notifications from the portal via email when users reply to their comments. Other users can also be informed about the user's answers.


If the user sends the comment, it will be published and stored in a publicly accessible form on the portal. The publication and storage of the comment is linked to the user name and profile picture of the user as well as the date and time of the comment.


Apart from that, the data from the comment will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


1.2. Purpose of processing
The processing of the data serves the use of the comment function and serves in particular for the interaction, the exchange and the formation of opinions in the framework of the portal.


This processing therefore takes place for the execution of the portal functions that are provided within the context of the user relationship and used by the user.


1.3. Legal basis of the processing
The legal basis for the processing of data is Art. 6 para. 1 lit. b) GDPR.


1.4. Duration of processing
The user has the option to delete comments he or she has made at any time. In this case, the comment data will be deleted.


2. Forum
2.1. Description and scope of processing
Users have the option to participate in the forum within the context of the portal by writing and publishing contributions. The user must first select the forum via the corresponding input form, and then leave a title and message. If the user publishes his or her contribution (and saves the contribution), it will be published on the portal with his or her user name, the profile picture and the time of the contribution.


The user additionally has the option to answer, evaluate and observe contributions in the forum. The user can view and manage his or her saved messages as well as forums he or she has viewed in the forum overview within the scope of his or her profile.


Apart from this, the forum data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


2.2. Purpose of processing
The processing of the data serves the purpose of providing users with the opportunity to participate in the forum, and therefore to inform, exchange and form opinions within the context of the portal.


This processing therefore takes place for the execution of the portal functions that are provided within the context of the user relationship and used by the user.


2.3. Legal basis of the processing
The legal basis for this processing of the project data is Art. 6 para. 1 lit. b) GDPR.


2.4. Duration of processing
With the discontinuation of the purpose of processing, i.e. after complete processing of the user contract or deletion of the user's profile, the user’s subscriptions to the contributions in the forum for the user concerned will be deleted. The contributions will then no longer allow any conclusions to be drawn about the user’s identity.


3. Gamification
3.1. Description and scope of processing
Within the framework of the portal, users can playfully measure their user activity on the portal and compare it with other users. Users can earn points for various campaigns on the portal and collect them on a corresponding account.


Gamification events are saved in the user’s profile; these are actions within the context of the portal, for which the user can acquire points. Depending on the score, the user can reach different levels. In addition, the score, the level reached and corresponding ranking will be saved. However, only the corresponding user ranking can be viewed by the public.


Apart from this, the forum data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


3.2. Purpose of processing
The processing of the aforementioned data serves to document user activity on the portal for use by the user in the context of the playful competition through gamification.


This processing therefore takes place for the execution of the portal functions provided within the context of the user relationship and used by the user.


3.3. Legal basis of the processing
The legal basis for the processing of data is Art. 6 para. 1 lit. b) GDPR.


3.4. Duration of processing
During the period of use of the portal by the user (user relationship), the corresponding data is saved and processed within the scope of the corresponding functions. When the purpose of processing ceases to apply, i.e. after complete processing of the user contract or deletion of the user's profile, reference to the user in this data is terminated, while this data is still retained. This means that from then on no conclusions can be drawn about the user’s identity.


IV. Newsletter and messages
1. Newsletter
1.1. Description and scope of processing
Within the framework of the portal, visitors and users have the opportunity to subscribe to the available newsletters free of charge.


Users have the opportunity to subscribe to the newsletter during registration. In addition, users have the option of subscribing to and unsubscribing from the newsletter at any time via the settings for email, notifications and newsletters within the scope of their profile.


If the user registers for the newsletter, it will be sent to the email address provided during registration. With the exception of the selection of the newsletter that is subscribed to, the user does not have to provide any further information when registering for the newsletter.


Within the scope of the respective registration, the user's consent to receive the newsletter is obtained and documented. Furthermore, it is particularly pointed out that the consent he or she provided can be revoked at any time with immediate future. This can be done, for example, by simply logging off in the notification settings in the user's profile or by sending an email to feebcks@gmail.com or through the unsubscribe link in the newsletter. This option is also indicated separately in each newsletter.


In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


We integrate a service provider (contract processor) based in the USA to dispatch the newsletter. The service provider is certified under the EU-US Privacy Shield. As a result of the agreement between the US and the European Commission, the European Commission has established an adequate level of data protection for companies certified under the Privacy Shield.


1.2. Purpose of processing
The data is processed for the purpose of sending the newsletter.


1.3. Legal basis of the processing
The legal basis for the processing of the data in the context of the dispatch of the newsletter is Art. 6 para. 1 lit. a) GDPR.


1.4. Duration of processing
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address will therefore be saved for as long as the subscription to the selected newsletter is active. The email address will then be deleted unless the user has given us permission to use it for other purposes or we are entitled by law to process the email address for other purposes.


1.5. Right of revocation
The user's consent can be revoked at any time and the corresponding subscription to the newsletter can be cancelled. In this case, the processing of the email address remains unaffected until the time of revocation.


2. Private messages
2.1. Description and scope of processing
As an essential function of the portal, users have the option to send private messages via a messaging system internal to the portal. Every user on the portal can receive messages from other users, but sending private messages is only possible when one has reached level 3 of the gamification status (cf. under C.III.3.). After sending the message via the portal, the messages are then sent to the corresponding users via email. The recipient receives an email from the portal in which he or she receives the sender’s message.


The message is sent via a corresponding messaging form within the portal. When sending a message, the user only has to enter his or her message and decide whether he or she would like to receive a copy of the message. The users’ user names are used to identify the sender and recipient. Apart from the user names and the content of the message, none of the user’s other data is involved in the transmission of the private message. The user has the option of rejecting the receipt of private messages in the settings of his or her user profile.


2.2. Purpose of processing
The purpose of the processing is to send private messages via the portal, which represents an essential function in the portal within the context of the user relationship.


2.3. Legal basis of the processing
The legal basis for processing the data is Art. 6 para. 1 lit. b) GDPR.


V. Cookies, web analysis and other third-party services
1. Cookies
1.1. Description and scope of processing
Cookies are used within the context of the portal. These are small text files that are stored on your end device in the browser that you use and through which certain information flows to the location where the cookie was set.


We use these cookies to make your visit to our portal attractive, to enable the use of certain functions and to be able to display suitable products to you.


Some of the cookies that are used within the context of the portal are deleted after the end of the respective session, i.e. after closing your browser (session cookies). Other cookies, on the other hand, remain on your terminal device even after the end of the session and enable us to recognize your browser the next time you visit our portal (persistent cookies).


The duration of the storage of the respective cookies can be seen in the overview in the cookie settings of your browser. You can also set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. With respect to how long cookies are saved, we refer to the respective cookie settings in browsers.


We would like to point out, however, that the functionality of our portal may be limited if the use of cookies is prevented.


The cookies used also collect data about usage behavior in the portal. However, the data collected in this way is pseudonymized through technical measures. It is therefore no longer possible to assign the data to a respective user.


1.2. Purpose of processing
The purpose of the processing is primarily to simplify the use of websites for users. Furthermore, some functions on our portal cannot be offered without the use of cookies. It is also necessary that the user’s browser is recognized even when a user leaves the website and returns.


Cookies are used for analysis purposes in order to improve the quality of our website and its contents. These analysis cookies tell us how the website is used and enable us to constantly optimize our services.


In the aforementioned purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f) GDPR.


1.3. Legal basis of the processing
The legal basis for the processing of data using cookies is Art. 6 para. 1 lit. f) GDPR.


1.4. Duration of processing
The cookies are stored on your end device and transmitted to our portal, which means the respective user has full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the cookie settings in your internet browser. Cookies already stored on your end device can be deleted at any time. This can also be done automatically. However, if cookies are deactivated for our portal, it may no longer be possible to use all functions on the portal to their full extent.


2. Google Analytics
2.1. Description and scope of processing
The portal also uses Google Analytics for web analysis. This is an analysis service of Google LLC (www.google.com). Google Analytics enables an analysis of users’ use of our portal. In this way, we are able to optimize our services and adapt them to the needs of the users.


The automatically collected information about the users’ use of the portal is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization as part of our portal, the IP address is shortened prior to transmission within the Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser within the context of Google Analytics is not aggregated with other Google data.


Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. As a result of this agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.


2.2. Purpose of processing
The purpose of the processing is to analyze user behavior in order to optimize the offer and to adapt our portal to the needs of users.


This also constitutes legitimate interest within the scope of Art. 6 para. 1 lit. f) GDPR.


2.3. Legal basis of the processing
The legal basis for processing the data within the context of web analysis is Art. 6 para. 1 lit. f) GDPR.


2.4. Duration of processing
After we have finished using the data for the purposes of Google Analytics, the data collected in this context will be deleted.


You can prevent Google from collecting and processing the data that the cookie generates and that relates to your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en


Alternatively, by clicking on this link, you prevent Google Analytics from collecting data about you within this website. By clicking on the link above you can download an "opt out cookie". Your browser must therefore allow cookies to be stored. If you delete your cookies regularly, you will need to click on the link again each time you visit this website.


3. Google reCAPTCHA
3.1. Description and scope of processing
Within the framework of the portal we use reCAPTCHA to avoid abusive and in particular automated access to our portal. This is a service of Google LLC (www.google.com).


With the help of this service, the user’s behavior that is targeted is automatically analyzed on the basis of various features as soon as our portal is accessed. reCAPTCHA evaluates various information, such as the IP address and the duration of stay on the portal, which is necessary for the functioning of the portal. The data collected in this context is forwarded to Google.


Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. As a result of this agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.


For further information on this service and the associated data processing, please refer to Google's data protection information, available at https://policies.google.com/privacy?hl=en.


3.2. Purpose of processing
The purpose of processing is the protection and integrity of our portal and our IT systems by preventing abusive and in particular automated access. This also constitutes our legitimate interest in the processing of the data.


3.3. Legal basis of the processing
The legal basis for processing the data is Art. 6 para. 1 lit. f) GDPR.


4. Google Fonts
4.1. Description and scope of processing
Within the framework of the portal we use Google Fonts to display fonts. This is a service of Google LLC (www.google.com).


To present certain fonts in the context of our portal, a connection to the servers is established by Google when accessing our portal. This enables Google to determine from which website the request was sent and to which IP address the request is sent to display the font.


Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. As a result of this agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.


For further information on this service and the associated data processing, please refer to Google's data protection information, available at https://policies.google.com/privacy?hl=en.


4.2. Purpose of processing
The purpose of the processing is the uniform representation of certain fonts within the context of our portal when it is accessed and therefore the optimization of the portal.


This also constitutes legitimate interest within the scope of Art. 6 para. 1 lit. f) GDPR.


4.3. Legal basis of the processing
The legal basis for the processing of data is Art. 6 para. 1 lit. f) GDPR.


6. Google AdSense and Ad Exchange
6.1. Description and scope of processing
As part of our portal, we also market advertising space for third-party advertising and advertising networks. In this context we use Google AdSense and Ad Exchange. Google AdSense and Ad Exchange are services of Google LLC (www.google.com). In connection with the use of the Google AdSense and Ad Exchange services, the Google DoubleClick cookie is also used. In this way, the service is able to collect certain information about user behavior in order to determine users’ interests through their visits to our portal and other websites and to display appropriate advertising. The user is assigned a pseudonymous UserID.


Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. As a result of this agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield.


For further information on this service and the associated data processing, please refer to Google's data protection information, available at https://policies.google.com/privacy?hl=en.


You can also use the following link to disable the DoubleClick cookie: https://adssettings.google.com/authenticated?hl=en


6.2. Purpose of processing
The purpose of the data processing described above is to optimize and economically design the operation of our portal. This also constitutes our legitimate interest in processing this data.


6.3. Legal basis of the processing
The legal basis for the processing of data is Art. 6 para. 1 lit. f) GDPR.


D. Rights of the Peoples Concerned

If your personal data is processed, you are affected within the scope of the GDPR and you have the following rights against us, the responsible party (unless already explained above under D in conjunction with the respective processing of your data).


1. Right to information
In accordance with Art. 15 GDPR, you can request a confirmation from the responsible party as to whether personal data that concerns you will be processed by us.


If such processing has taken place, you can request the following information from the responsible party:


The purposes for which the personal data is processed.
The categories of personal data processed.
The recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed.
The planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period.
The existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the data processor or a right to object to such processing.
The existence of a right of appeal to a supervisory authority.
Any available information on the origin of the data if the personal data is not collected from the person involved.
The existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR, and at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the person involved.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.


2. Right to rectification
In accordance with Article 16 of the GDPR, you have the right to correct and/or complete your data in relation to the data processor if the personal data processed concerning you is incorrect or incomplete. The responsible party shall make the correction without delay.


3. Right to limitation of processing
In accordance with Art. 18 GDPR, you may request that the processing of personal data concerning you be restricted under the following conditions:


If you dispute the accuracy of the personal data concerning you for a period of time that allows the person responsible to verify the accuracy of the personal data.
The processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted.
The responsible party no longer needs the personal data for the purposes of the processing, but you require the data to make, process or defend legal claims.
If you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the responsible party’s legitimate reasons outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed, with the exception of being saved, with your consent or for the purpose of making, processing or defending claims or to protect the rights of another natural or legal person or on grounds of the important public interest of the Union or an EU Member State.


If the processing restriction has been restricted according to the above conditions, you will be informed by the responsible party before the restriction is revoked.


4. Right to Deletion
4.1. Obligation to Delete
You may request the data processor to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following circumstances applies:


The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
The personal data concerning you has been processed unlawfully.
The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is bound.
The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
4.2. Information on Third Parties
If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controller who process the personal data and links to this personal data and copies or replications of this personal data that you, as the subject of the data, have requested be deleted.


4.3. Exceptions
The right to deletion does not exist, if the processing of the data is:


For the right to freedom of expression and information.
For the fulfillment of a legal obligation required for processing under the law of the European Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or for the exercising of official authority that has been delegated to the data controller.
For reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h) and lit. i) GDPR and Art. 9 para. 3 GDPR.
To make, process or defend legal claims.
5. Right to information
If you have exercised your right to have the data controller correct, delete or restrict the processing, the data controller is obliged under Article 19 of the GDPR to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves unreasonable measures.


You have a right to be informed by the responsible party about these recipients.


6. Right to Data Transferability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to the responsible party in a structured, current and machine-readable format. In addition, you have the right to pass this data on to another party without obstruction by the data controller to whom the personal data was provided, provided that:


The processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR.
The processing is carried out using automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.


The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.


7. Right of Appeal to a Supervisory Authority
Without prejudice to any other administrative or judicial appeal, Article 77 of the GDPR gives the user the right of appeal to a regulatory authority, in particular in the Member State where he or she resides, works or is suspected of having infringed the GDPR, if he or she considers that the processing of his or her personal data in question is contrary to the GDPR.


The regulatory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial appeal under Article 78 GDPR.


E. Data Privacy

1. Login Status
1.1. Description and scope of processing
For the security of user data and the portal’s IT systems, the following user data is collected and stored in the context of a so-called login status in connection with login attempts:


IP addresses of the last ten logins
Date of last ten logins
Date of last failed login
Total number of failed logins
The data is stored by Fonpit and is not publicly available. Furthermore, login data will not be passed on to third parties. In strict compliance with relevant data protection regulations, our carefully selected service providers involved in hosting and maintaining our systems are the only recipients of the data, if there are any recipients at all. This is done on the basis of order processing agreements, to which the service providers are contractually bound, and we remain responsible for the processing of the data in this respect.


1.2. Purpose of processing
Processing ensures the security of user data and the security of the portal's IT systems.


1.3. Legal Basis of Processing
The legal basis of processing is Art. 6 Abs. 1 lit. b) GDPR.


1.4. Duration of processing
When the purpose of processing ceases to apply, i.e. usually following termination of the user’s contract or deletion of the user’s profile, the user’s login data will be deleted.


2. Encryption
To keep your data secure, we use the most common SSL (Secure Socket Layer) procedure with the highest level of encryption supported by your browser. If a single page of our website is transmitted in encrypted form, this is indicated by a key or a lock symbol on the side of the status bar in your browser.