I. Name and address of the responsible person
The person responsible in the meaning of the General Data Protection Regulation (Germany) and other national data protection laws of the member states as well as other data protection regulations is:
Gentle Troll Entertainment GmbH
CEO: Michel Wacker
Phone: +49 (0) 93140470833
II. Contact for data protection issues
Please write to firstname.lastname@example.org, if you have questions about our data protection.
III. General information about data processing
1. Extent of the processing of personal data
We only collect the personal data that you provide when using our services. Personal data are those that contain information about personal or factual circumstances.
Your legitimate concerns will be taken into account in accordance with the legal data protection provisions. In the event of default of payment, we reserve the right, if necessary, to commission a collection agency or a lawyer to collect the claim due and to pass on the necessary data within this framework.
We treat all this data confidentially and in compliance with the legal data protection regulations. In principle, we do not pass on such information to third parties without your permission, unless this is necessary for the execution and execution of the contract, for the processing of your inquiry or for your care or according to the legal data protection regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to process operations required to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c DSGVO as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.
3. Purpose of processing personal data
We collect and process data to enable you to use our Services. This also includes the processing for the purpose of data security as well as the stability and operational safety of our system as well as for billing purposes. We process data to assist you with support requests. Data is also processed to prevent misuse of multiple accounts, e.g. to detect and prevent fraud. Data processing takes place in order to attract new customers and to play advertisements that we believe match your interests.
4. Data deletion and storage time
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is omitted. Storage may also take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a contract conclusion or a contract fulfillment.
5. Data security
We take reasonable measures to prevent unauthorized access to your personal data as well as the unauthorized use or falsification of such data and to minimize the corresponding risks. However, the provision of personal information, whether in person, by telephone or over the Internet, is always associated with risks and no technological system is completely free from the possibility of being manipulated or sabotaged.
IV. Provision of services and creation of logfiles
1. Description and scope of data processing
Each time our services are accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:
- IP address
- URL of the referring website from which the file was requested
- Date and time of access
- Browser type and operating system as well as hardware information
- the page you visited
- The amount of data you have transferred
- Access status (file transfer, file not found, etc.)
- Duration and frequency of use
The data are also stored in the log files of our system.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.
3. Zweck der Datenverarbeitung
In particular, this procedure is used to prevent any cases of abuse or to educate them and to pass on the data for this purpose in individual cases to investigative authorities or to fix bugs. Incidentally, any other analysis of data is done as far as possible in an anonymous form. After the end of this period, the IP address and logfiles will be completely deleted, unless there are compulsory statutory retention requirements or specific prosecution and abuse investigation proceedings are pending. For these purposes, our legitimate and predominant interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection.
5. Possibility of objection and elimination
The collection of the data for the provision of the services and the storage of the data in log files is absolutely necessary for the guarantee of an interruption-free operation of the services. There is consequently no contradiction on the part of the user.
V. Email contact
1. Description and scope of data processing
It is possible to contact the provided e-mail address. In this case, the user's personal data transmitted by e-mail will be stored. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the request.
2. Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
3. Purpose of the data processing
The processing of personal data serves us only for the processing of the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the purpose of fighting fraud and improving support, the data is stored for six months.
5. Possibility of objection and elimination
If the user contacts us, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data saved in the course of contacting will be deleted in this case.
VI. Cookies, web beacons, etc.
- Acceptance of language settings
VII. Online presence in social media
1. Links to social media platforms
VIII. Google Maps
IX. Data protection in applications and in the application process
We collect and process the personal data of applicants for the purpose of processing the application process. The data will be used to verify your suitability for the position (or other vacancies in our companies) and to complete the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. Your application data will be viewed by the Human Resources department upon receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. Then the further procedure is tuned. In principle, only those persons in the company have access to your data, who need this for the proper execution of our application process. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents will be deleted after the rejection decision has been announced, provided that deletion does not prejudice any other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG). The legal basis for processing is Art. 6 (1) lit. b DSGVO. If the data may be required for legal prosecution after completing the application process, data processing based on the requirements of Art. 6 GDPR, in particular for the exercise of legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion or defense against claims. We will erase the data after six months of cancellation unless you have agreed to longer storage. If you have been awarded the contract for a job as part of the application process, the data from the applicant data system will be transferred to our personnel information system.
X. Rights of the data subject
If personal data is processed by you, you are i.S.d. DSGVO and you have the following rights to the responsible person:
1. Duty of disclosure
You can ask the person in charge to confirm if personal data concerning you is processed by us. If such processing is available, you may request information from the controller about the following information:
- the purposes for which the personal information is processed;
- the categories of personal data that are processed;
- the recipients or the categories of recipients to whom the personal data relating to you have been or will be disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data if the personal data are not collected from the data subject;
- You have the right to request information about whether the personal data relating to you are transferred to a third country or an international organization. In this regard, you can request the appropriate warranties in accordance with Art. 46 GDPR to be informed in connection with the transfer.
2. Right of rectification
You have a right of rectification and / or completion to the controller, provided that the personal data you process is incorrect or incomplete. The person in charge must make the correction without delay.
3. Right to restrict processing
You may request the limitation of the processing of your personal data under the following conditions:
- if you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- the person responsible no longer needs personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims,
- or if you object to the processing pursuant according to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State. If the limitation of the processing according to the o.g. If conditions are restricted, you will be informed by the person in charge before the restriction is lifted.
4. Right of deletion
You may require the controller to delete your personal data without delay, and the controller is obliged to delete the data without delay, if any of the following is true:
- Your personal information is for the purposes for which they were collected or otherwise processed are no longer necessary.
- You revoke your consent to the processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You object to the processing according to Art. 21 para. 1 DSGVO and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 DSGVO objection to the processing.
- Your personal data has been processed unlawfully.
- The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Information to third parties
If the person responsible has made the personal data relating to you public and is in accordance with Article 17 (1) of the GDPR, it shall take appropriate measures, including technical ones, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Person requested by them to delete all links to such personal data or to make copies or replicas of such personal data.
The right of cancellation does not exist insofar as the processing is necessary
- for the exercise of the right to freedom of expression and information;
- to fulfill a legal obligation which requires processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
- to assert, exercise or defend legal claims.
5. Right of information
If you have asserted the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data relating to you have been corrected or deleted or restricted unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
6. Data Transferability
You have the right to receive personal data relating to you provided by the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, insofar as
- the processing is based on a consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract according Art. 6 para. 1 lit. b DSGVO
- and processing is done using automated procedures.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person responsible to another person responsible, as far as this is technically feasible. Freedoms and rights of other persons may not be affected. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right of objection
You have the right at any time, for reasons arising from your particular situation, against the processing of personal data concerning you, which, on the basis of Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications. You can send an email to our data protection officer.
8. Right of revocation of the data protection consent declaration
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which will have legal effect or similarly affect you in a similar manner. This shall not apply if:
- the decision to conclude or to execute a contract between you and the controller is required
- by Union or Member State legislation to which the controller is subject, and that legislation is adequate to safeguard your rights and freedoms as well as your legitimate interests
- or with your express consent. However, these decisions may not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you consider that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.