Privacy Policy

Preamble

This privacy policy aims to inform you about the types of personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites, mobile applications, and external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

As of: March 8, 2023

Table of Contents

• Preamble
• Data Controller
• Overview of Processing Activities
• Legal Basis for Processing
• Security Measures
• Data Deletion
• Use of Cookies
• Provision of the Online Offering and Web Hosting
• Registration, Login, and User Account
• Contact and Inquiry Management
• Modification and Update of the Privacy Policy
• Definitions

Data Controller

help@spaceminer.de

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing, referring to the affected individuals.

Types of Processed Data

• Inventory Data
• Contact Data
• Content Data
• Usage Data
• Meta, Communication, and Process Data

Categories of Data Subjects

• Communication Partners
• Users

Purposes of Processing

• Performance of contractual services and customer service
• Contact inquiries and communication
• Security measures
• Management and response to inquiries
• Feedback
• Provision of our online offering and user-friendliness
• Information technology infrastructure

Legal Basis

Here is an overview of the legal bases of the GDPR on which we process personal data. Please note that national data protection regulations in your or our country of residence may also apply. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

• Contractual performance and pre-contractual inquiries (Art. 6(1) lit. b) GDPR) - Processing is necessary for the performance of a contract with the data subject or for the implementation of pre-contractual measures requested by the data subject.
• Legitimate interests (Art. 6(1) lit. f) GDPR) - Processing is necessary to safeguard the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

In addition to the GDPR, national data protection regulations in Germany apply, including the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of employment relationships (§ 26 BDSG), especially with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. State data protection laws of individual federal states may also apply.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation. We have also established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Furthermore, we consider data protection in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

TLS encryption (https): To protect the data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Data Deletion

We delete the data we process in accordance with legal requirements as soon as the consent for processing is revoked or other permissions are revoked (e.g., when the purpose of processing this data has ceased or they are no longer necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection notices may also contain additional information on the storage and deletion of data that applies primarily to the respective processing.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and retrieve information from end devices. For example, to store login status in a user account, shopping cart contents in an e-shop, visited content, or used functions of an online offering. Cookies can also be used for different purposes, such as functionality, security, and convenience of online offerings, as well as for analyzing visitor flows.

Consent Notes: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless it is not required by law. Consent is not necessary, in particular, if storing and reading the information, including cookies, is absolutely necessary to provide users with a telemedia service expressly requested by them (i.e., our online offering). Revocable consent is communicated clearly to users and includes information on the specific use of cookies.

Notes on Data Protection Legal Bases: The legal basis on which we process users" personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the economically viable operation of our online offering and improving its usability) or, if necessary for the fulfillment of our contractual obligations, the use of cookies is required to fulfill our contractual obligations. We will inform you of the purposes for which we process cookies as part of our consent and processing processes.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

• Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, login status can be stored or preferred content can be displayed directly when the user revisits a website. The data collected using cookies can also be used for audience measurement. If we do not provide users with explicit information about the type and duration of storage of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.

General Notes on Revocation and Objection (Opt-Out): Users can revoke any consent given at any time and also object to processing in accordance with legal requirements under Art. 21 GDPR. Users can also declare their objection through the settings of their browser, e.g., by deactivating the use of cookies (although this may also restrict the functionality of our online services).

Provision of the Online Offering and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

• Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status); Content data (e.g., entries in online forms).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Performance of contractual services and customer service.
• Legal Basis: Legitimate interests (Art. 6(1) S. 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

• Providing online services on rented storage space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a "web host"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online services is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, date and time of access, transmitted data volumes, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, such as avoiding server overload (especially in the case of abusive attacks, so-called DDoS attacks), and ensuring the servers' load and stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
• Email sending and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as additional information regarding email delivery (e.g., the involved providers) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the internet are generally not sent encrypted. In general, emails are encrypted during transport, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission of emails between the sender and the recipient on our server; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Content Delivery Network: We use a "Content Delivery Network" (CDN). A CDN is a service that helps deliver content of an online service, especially large media files such as graphics or program scripts, faster and more securely using regionally distributed servers connected over the internet; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• 1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.ionos.de; Data protection declaration: https://www.ionos.de/terms-gtc/terms-privacy; Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Registration, login, and user account

Users can create a user account. During registration, users are informed of the necessary mandatory information and processed for the purpose of providing the user account based on contractual fulfillment. The processed data includes, in particular, login information (username and password).

As part of using our registration and login functions as well as the user account, we store the IP address and the timestamp of the respective user action. Storage is based on our legitimate interests as well as those of users in protecting against misuse and other unauthorized use. In principle, this data is not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed via email about operations relevant to their user account, such as technical changes.

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Meta-, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
• Concerned individuals: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of contractual services and customer service; Security measures; Management and response to inquiries; Provision of our online services and user-friendliness.
• Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Registration with pseudonyms: Users may use pseudonyms as usernames instead of real names; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
• Data deletion after termination: If users have terminated their user account, their data regarding the user account will be deleted, subject to a legal permit, obligation, or consent of the users; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Contact and inquiry management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within existing user and business relationships, the information of the inquiring individuals is processed as far as necessary to answer the contact inquiries and any requested measures.

• Processed data types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta-, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
• Concerned individuals: Communication partners.
• Purposes of processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form); Provision of our online services and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Modification and updating of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time, and we ask you to verify the information before contacting.

Definition of terms

In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are primarily defined in Art. 4 GDPR. The legal definitions are binding. The following explanations are intended to serve understanding. The terms are sorted alphabetically.

• Personal data: "Personal data" refers to all information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special features expressing the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.
• Controller: The "controller" is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
• Processing: "Processing" is any operation or set of operations performed with or without the aid of automated processes in connection with personal data. The term is broad and practically encompasses any handling of data, whether collecting, evaluating, storing, transmitting, or deleting.

Created with the free privacy policy generator.de by Dr. Thomas Schwenke