Skip to main content

Privacy Policy

Effective Date: July 9, 2024

Table of Contents

Responsible Person

Felix Ude

Ohlsdorfer Str. 66

22297 Hamburg

 

Email Address: info@dockside-data.com

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Location data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Data Subjects

  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contract partners.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact requests and communication.
  • Security measures.
  • Audience measurement.
  • Office and organizational procedures.
  • Management and response to inquiries.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.

Relevant Legal Bases

Relevant Legal Bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1) sentence 1 lit. c) GDPR) – The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the law on the protection against misuse of personal data in data processing (Federal Data Protection Act – BDSG). The BDSG contains special regulations, in particular on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Notice on GDPR and Swiss DPA applicability: This privacy notice serves both to provide information under the Swiss Federal Data Protection Act (Swiss DPA) and under the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “sensitive personal data” used in the Swiss DPA, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories of data” used in the GDPR are used. The legal meaning of the terms, however, remains determined under the Swiss DPA within the scope of its applicability.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies, this is done only in accordance with the legal requirements. If the level of data protection in the third country is recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers will only take place if the data protection level is otherwise guaranteed, in particular through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Art. 49(1) GDPR). Furthermore, we will inform you about the basis of the third-country transfer in the respective cases. Information on third-country transfers and existing adequacy decisions can be obtained from the EU Commission’s information offering: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.

EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as safe within the framework of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We inform you within the privacy notices which of our service providers used are certified under the Data Privacy Framework.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1) lit. e or f GDPR, including profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and certain information in accordance with the legal requirements.
  • Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  • Right to erasure and restriction of processing: You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively to obtain a restriction of the processing of your personal data in accordance with the legal requirements.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content, or used functions of an online offer. Cookies can also be used for various purposes, e.g., for purposes of functionality, security, and convenience of online offers as well as the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with the legal regulations. Therefore, we obtain prior consent from users, except where this is not required by law. Consent is particularly not necessary if the storage and reading of information, including cookies, is absolutely necessary to provide a telemedia service (our online offer) expressly requested by the users. Essential cookies generally include cookies with functions that serve the display and operability of the online offer, load balancing, security, storage of user preferences and choices, or similar purposes related to the provision of the main and secondary functions of the online offer requested by the users. The revocable consent is clearly communicated to the users and includes information on the respective cookie usage.

Notes on data protection legal bases: The legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies will be processed based on our legitimate interests (e.g., in the business operation of our online offer and its improvement) or, if this is necessary to fulfill our contractual obligations, if the use of cookies is required to fulfill our contractual obligations. The purposes for which the cookies are processed are clarified in the course of this privacy policy or within the framework of our consent and processing procedures.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device has been closed. For example, the login status can be stored or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected with the help of cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and the storage duration can be up to two years.

General information on revocation and objection (so-called “opt-out”): Users can revoke the consents they have given at any time and object to the processing in accordance with the legal requirements. Users can, among other things, restrict the use of cookies in the settings of their browser (whereby the functionality of our online offer may also be restricted). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Further information on processing, procedures, and services:

  • Processing of cookie data based on consent: We use a cookie consent management procedure, within the framework of which the consents of the users for the use of cookies, or the processing and providers mentioned in the context of the cookie consent management procedure, are obtained, managed, and revoked by the users. The consent declaration is stored to avoid having to request it again and to be able to prove the consent in accordance with the legal obligation. The storage can take place server-side and/or in a cookie (so-called opt-in cookie or with the help of comparable technologies) to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is formed and stored with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and used device; Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Business Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as “contractual partners”) within the framework of contractual and comparable legal relationships and related measures and within the framework of communication with the contractual partners (or pre-contractually), e.g., to answer inquiries.

We process these data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedy of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for purposes related to the administrative tasks and organizational structure associated with these obligations. Furthermore, we process the data on the basis of our legitimate interests in proper and economic business management as well as security measures to protect our contractual partners and our business operations against misuse, endangerment of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of the applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Further forms of processing, e.g., for marketing purposes, are communicated to the contractual partners within the framework of this privacy policy.

Which data are required for the aforementioned purposes, we inform the contractual partners before or in the course of the data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., in principle after 4 years unless the data are stored in a customer account, e.g., as long as they must be kept for legal reasons of archiving. The statutory retention period for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the instructions necessary for understanding these documents, and other organizational documents and booking documents is ten years, and for received commercial and business letters and copies of sent commercial and business letters six years. The period begins at the end of

the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, furthermore, the record was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

  • Types of data processed: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, telephone numbers); contract data (e.g., subject matter of the contract, term, customer category).
  • Data subjects: Interested parties. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; contact requests and communication; office and organizational procedures. Management and response to inquiries.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); legal obligation (Art. 6(1) sentence 1 lit. c) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing, procedures, and services:

  • Project and development services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) to enable them to select, acquire, or commission the chosen services or works as well as related activities, and their payment and provision or execution. The required information is marked as such in the context of the order, purchase, or similar contract conclusion and includes the information required for the provision of services and billing as well as contact information to be able to make any necessary clarifications. Insofar as we gain access to information of the end customers, employees, or other persons, we process this in accordance with the legal and contractual requirements; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR).

Provision of Online Services and Web Hosting

We process the data of users to be able to provide our online services to them. For this purpose, we process the IP address of the user, which is necessary to deliver the content and functions of our online services to the user’s browser or device.

  • Types of data processed: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing, procedures, and services:

  • Collection of access data and log files: Access to our online offer is logged in the form of so-called “server log files.” The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, transferred data volumes, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the stability and performance of the servers; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum duration of 30 days and then deleted or anonymized. Data that need to be retained for evidence purposes are exempt from deletion until the final resolution of the respective incident.
  • Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/legal/privacy-policy. Data processing agreement: https://docs.hetzner.com/general/general-terms-and-conditions/data-privacy-faq/.

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, phone, or via social media) and in the context of existing user and business relationships, the information of the inquiring persons is processed as necessary to respond to the contact requests and any requested measures.

  • Types of data processed: Contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact requests and communication; management and response to inquiries; feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR).

Further information on processing, procedures, and services:

  • Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the communicated request; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online offer and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used or invite for reuse. Likewise, we can track which areas require optimization.

In addition to web analysis, we may also use test procedures, e.g., to test and optimize different versions of our online offer or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, and information may be created and stored in a browser or device for these purposes. The collected data include, in particular, visited websites and used elements, as well as technical information, such as the used browser, the used computer system, and information on usage times. If users have consented to the collection of their location data to us or the providers of the services we use, location data may also be processed.

IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, the data collected in the context of web analysis, A/B testing, and optimization are not stored as clear data of the users (such as email addresses or names), but as pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the data stored in their profiles for the respective procedures.

  • Types of data processed: Usage data (e.g., visited websites, interestin content, access times); meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing, procedures, and services:

  • Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offer based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to associate analysis information with a device, to recognize which content the users have accessed within a usage process or across multiple usage processes, which search terms they used, and whether they accessed the content again or interacted with our online offer. Likewise, the time and duration of use, as well as the sources of users referring to our online offer, and technical aspects of their devices and browsers are stored. Pseudonymous profiles of users are created with information from the use of different devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used solely for this derivation of geolocation data, after which it is immediately deleted. It is not logged, not accessible, and not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded for processing to Analytics servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com/about/analytics/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Third-country transfer basis: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and processed data).

Plugins and Embedded Functions and Content

We integrate functional and content elements obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”) into our online offer. These may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate the visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and include, among other things, technical information about the browser and operating system, referring websites, visit times, and other information about the use of our online offer, as well as be combined with such information from other sources.

  • Types of data processed: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, consent status). Location data (information on the geographical position of a device or a person).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing, procedures, and services:

  • Google Fonts (obtained from Google Server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free, and efficient use of fonts and symbols regarding up-to-dateness and loading times, their uniform display, and consideration of possible licensing restrictions. The IP address of the user is communicated to the provider of the fonts so that the fonts can be made available in the user’s browser. Furthermore, technical data (language settings, screen resolution, operating system, used hardware) necessary for the provision of the fonts depending on the used devices and the technical environment are transmitted. This data can be processed on a server of the font provider in the USA – When visiting our online offer, the users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the user for accessing the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families that the user wants to load fonts for. This data is logged so that Google can determine how often a particular font family is requested. The user agent must be logged for the Google Fonts Web API to customize the font generated for the respective browser type. The user agent is primarily logged for debugging purposes and used to generate aggregated usage statistics to measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report of the top integrations based on the number of font requests can be generated. According to Google, none of the information collected by Google Fonts is used to create user profiles or target advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Third-country transfer basis: EU-US Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=en.
  • Google Maps: We integrate the maps of the service “Google Maps” of the provider Google. The processed data mayinclude, in particular, IP addresses and location data of the users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/; Privacy policy: https://policies.google.com/privacy. Third-country transfer basis: EU-US Data Privacy Framework (DPF).

Sounds interesting?

Contact us at info@dockside-data.com.