Language

Privacy

Controller

Kalemodo UG
Wildkamp 2
30916 Isernhagen, Germany

CEO: Alexander Hallmich

Overview of processing

The following overview summarizes the types of data processed, the purposes of processing, and the data subjects concerned.

  • Types of data processed: Usage data (e.g., pages visited, interest in content, access times); meta/communication data (e.g., IP addresses, time stamps, identifiers, consent status); content data (e.g., entries in online forms); contact data (e.g., email address).
  • Data subjects: Users (e.g., website visitors, users of online services), communication partners.
  • Purposes of processing: Provision of our online services and user-friendliness; security measures; responding to contact requests and communication; contract performance and pre-contractual inquiries (if applicable).

Relevant legal bases

We process personal data in accordance with the following legal bases under Article 6(1) GDPR, depending on the specific purpose:

  • Consent (Art. 6(1)(a) GDPR): If you have given consent for a specific purpose.
  • Contract performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract or to take steps prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation.
  • Legitimate interests (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of our legitimate interests, provided such interests are not overridden by your interests or fundamental rights and freedoms.

Security measures

We implement appropriate technical and organizational measures in accordance with the legal requirements to ensure a level of protection appropriate to the risk. This includes, in particular, securing the confidentiality, integrity and availability of data.

Our website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the lock symbol in your browser bar.

Erasure of data

We delete personal data in accordance with legal requirements as soon as the consents permitting processing are revoked or other permissions cease to apply and the data is no longer necessary for the purposes for which it was collected. If data must be retained for legal reasons, processing will be restricted to these purposes.

Rights of data subjects

Under the GDPR, data subjects have various rights, in particular under Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent at any time with effect for the future.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and information in accordance with the law.
  • Right to rectification: You have the right to obtain the completion of incomplete personal data or the rectification of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: You have the right to obtain the erasure of personal data concerning you without undue delay or, alternatively, restriction of processing in accordance with the legal requirements.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
  • Right to lodge a complaint: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Provision of the online offering and web hosting

We process users' data to provide our online services. For this purpose, we process users' IP addresses, which are necessary to transmit the content and functions of our online services to users' browsers or devices.

  • Types of data processed: Usage data (e.g., pages visited, interest in content, access times); meta/communication/procedural data (e.g., IP addresses, time stamps, identifiers, consent status); content data (e.g., entries in online forms).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment); security measures.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing, procedures and services:

  • Provision of online offering on rented infrastructure: We use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider ("web host"); Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, messages about successful access, browser type and version, the user's operating system, referrer URL and, as a rule, IP addresses and the requesting provider. Log files are used, among other things, for security purposes (e.g. to prevent server overload due to abusive attacks, so-called DDoS attacks) and to ensure server utilization and stability; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Data deletion: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data required for evidentiary purposes is excluded from deletion until the respective incident is finally clarified.
  • Email dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information regarding the email dispatch (e.g. the participating providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that emails on the internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received, unless end-to-end encryption is used; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Hetzner: Services in the area of providing IT infrastructure and related services (e.g., storage and/or computing capacities); Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz. Data Processing Agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Registration, login and user account

Users can create a user account. During registration, the required mandatory information is communicated to users and processed for the purpose of providing the user account on the basis of contractual performance. The processed data includes, in particular, login information (username, password and an email address).

In the context of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. As a rule, these data are not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by email about processes relevant to their user account, such as technical changes.

  • Types of data processed: Inventory data (e.g., names); contact data (e.g., email); content data (e.g., entries in online forms); meta/communication/procedural data (e.g., IP addresses, time stamps, identifiers, consent status).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; administration and answering of inquiries; provision of our online offering and user-friendliness.
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing, procedures and services:

  • Registration with pseudonyms: Users may use pseudonyms as usernames instead of real names; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • User profiles are public: User profiles are publicly visible and accessible.
  • Deletion of data after termination: If users have terminated their user account, their data will be deleted with regard to the user account, subject to legal permission, obligation or users' consent; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Contact and request management

When contacting us (e.g., by post, contact form, email, telephone or via social media) and within existing user and business relationships, we process the information of the requesting persons to the extent necessary to answer contact requests and any requested measures.

  • Types of data processed: Contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., pages visited, interest in content, access times); meta/communication/procedural data (e.g., IP addresses, time stamps, identifiers, consent status).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact requests and communication; administration and answering of inquiries; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further notes on processing, procedures and services:

  • Contact form: If users contact us via our contact form, email or other communication channels, we process the data communicated to us in this context to process the request; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Plugins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or city maps (hereinafter referred to uniformly as "content").

Integration always requires that the third-party providers of this content process the users' IP address, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore required to display this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users' devices and contain, among other things, technical information about the browser and operating system, referring websites, visit time as well as further information on the use of our online offering, and may be combined with such information from other sources.

  • Types of data processed: Usage data (e.g., pages visited, interest in content, access times); meta/communication/procedural data (e.g., IP addresses, time stamps, identifiers, consent status).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing, procedures and services:

  • Integration of third-party software, scripts or frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from the servers of other providers (e.g., function libraries that we use to display or improve the user-friendliness of our online offering). In doing so, the respective providers collect the users' IP address and may process it for the purpose of transmitting the software to the users' browsers as well as for security purposes and for evaluating and optimizing their offering; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Google Fonts (retrieved from Google server): Retrieval of fonts (and icons) for the purpose of technically secure, maintenance-free and efficient use of fonts and icons with regard to up-to-dateness and loading times, their uniform display and consideration of possible license restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. When visiting our online offering, users' browsers send their browser HTTP requests to the Google Fonts Web API. The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wishes to load fonts. This data is logged so that Google can determine how often a particular font family is requested. The user agent must adapt the font that is generated for the respective browser type. The user agent is primarily logged and used for debugging and for generating aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts page "Analytics". Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations can be generated based on the number of font requests. According to Google, none of the information collected by Google Fonts is used to create profiles of end users or to serve targeted ads; Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Legal basis for third country transfer: EU-US Data Privacy Framework (DPF). More information: https://developers.google.com/fonts/faq/privacy?hl=en.
  • Font Awesome (served from own server): Display of fonts and icons; Provider: The Font Awesome icons are hosted on our server; no data is transmitted to the provider of Font Awesome; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Changes and updates to this Privacy Policy

Please review the content of our Privacy Policy regularly. We will adapt the Privacy Policy as soon as changes to our data processing make this necessary. We will inform you if the changes require your cooperation (e.g., consent) or another individual notification.

If we provide addresses and contact information of companies and organizations in this Privacy Policy, please note that addresses may change over time and check the information before contacting them.