I. Name and address of the responsible person
The person responsible in the meaning of the General Data Protection Regulation (Germany) and other national data protection laws of the member states as well as other data protection regulations is:
Gentle Troll Entertainment GmbH
CEO: Michel Wacker
Phone: +49 (0) 93140470833
II. Contact for data protection issues
Please write to firstname.lastname@example.org, if you have questions about our data protection.
III. General information about data processing
1. Extent of the processing of personal data
We only collect the personal data that you provide when using our services. Personal data are those that contain information about personal or factual circumstances.
Your legitimate concerns will be taken into account in accordance with the legal data protection provisions. In the event of default of payment, we reserve the right, if necessary, to commission a collection agency or a lawyer to collect the claim due and to pass on the necessary data within this framework.
We treat all this data confidentially and in compliance with the legal data protection regulations. In principle, we do not pass on such information to third parties without your permission, unless this is necessary for the execution and execution of the contract, for the processing of your inquiry or for your care or according to the legal data protection regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to process operations required to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c DSGVO as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.
3. Purpose of processing personal data
We collect and process data to enable you to use our Services. This also includes the processing for the purpose of data security as well as the stability and operational safety of our system as well as for billing purposes. We process data to assist you with support requests. Data is also processed to prevent misuse of multiple accounts, e.g. to detect and prevent fraud. Data processing takes place in order to attract new customers and to play advertisements that we believe match your interests.
4. Data deletion and storage time
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is omitted. Storage may also take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a contract conclusion or a contract fulfillment.
5. Data security
We take reasonable measures to prevent unauthorized access to your personal data as well as the unauthorized use or falsification of such data and to minimize the corresponding risks. However, the provision of personal information, whether in person, by telephone or over the Internet, is always associated with risks and no technological system is completely free from the possibility of being manipulated or sabotaged.
IV. Provision of services and creation of logfiles
1. Description and scope of data processing
Each time our services are accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:
- IP address
- URL of the referring website from which the file was requested
- Date and time of access
- Browser type and operating system as well as hardware information
- the page you visited
- The amount of data you have transferred
- Access status (file transfer, file not found, etc.)
- Duration and frequency of use
The data are also stored in the log files of our system.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of processing personal data
In particular, this procedure is used to prevent any cases of abuse or to educate them and to pass on the data for this purpose in individual cases to investigative authorities or to fix bugs. Incidentally, any other analysis of data is done as far as possible in an anonymous form. After the end of this period, the IP address and logfiles will be completely deleted, unless there are compulsory statutory retention requirements or specific prosecution and abuse investigation proceedings are pending. For these purposes, our legitimate and predominant interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection.
5. Possibility of objection and elimination
The collection of the data for the provision of the services and the storage of the data in log files is absolutely necessary for the guarantee of an interruption-free operation of the services. There is consequently no contradiction on the part of the user.
V. Email contact
1. Description and scope of data processing
It is possible to contact the provided e-mail address. In this case, the user's personal data transmitted by e-mail will be stored. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the request.
2. Legal basis for data processing
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
3. Purpose of the data processing
The processing of personal data serves us only for the processing of the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the purpose of fighting fraud and improving support, the data is stored for six months.
5. Possibility of objection and elimination
If the user contacts us, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data saved in the course of contacting will be deleted in this case.
VI. Cookies, web beacons, etc.
Our website does not use so-called session or flash cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO.
VII. Online presence in social media
1. Links to social media platforms
VIII. Measuring success and reach
We use Facebook Ads in order to be able to advertise our offer on Facebook. Facebook Ads is an offer from Facebook Ireland Ltd. in Ireland or the American Facebook Inc. Cookies are also used in Facebook Ads. With such advertising, we would particularly like to reach people who are interested in our online offer or who are already using our online offer. For this purpose, we transmit corresponding – possibly also personal – information to Facebook (custom audiences including lookalike audiences), in particular with the so-called Facebook pixel. We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking). Further information on the type, scope and purpose of data processing can be found in Facebook’s data protection declaration (“data policy”). In addition, Facebook users can use their advertising preferences to influence which advertisements they see on Facebook and which advertisements will be displayed to them on Facebook in the future.
X. Data protection in applications and in the application process
We collect and process the personal data of applicants for the purpose of processing the application process. The data will be used to verify your suitability for the position (or other vacancies in our companies) and to complete the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. Your application data will be viewed by the Human Resources department upon receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. Then the further procedure is tuned. In principle, only those persons in the company have access to your data, who need this for the proper execution of our application process. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents will be deleted after the rejection decision has been announced, provided that deletion does not prejudice any other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG). The legal basis for processing is Art. 6 (1) lit. b DSGVO. If the data may be required for legal prosecution after completing the application process, data processing based on the requirements of Art. 6 GDPR, in particular for the exercise of legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion or defense against claims. We will erase the data after six months of cancellation unless you have agreed to longer storage. If you have been awarded the contract for a job as part of the application process, the data from the applicant data system will be transferred to our personnel information system.
XI. Rights of the data subject
If personal data is processed by you, you are i.S.d. DSGVO and you have the following rights to the responsible person:
1. Duty of disclosure
You can ask the person in charge to confirm if personal data concerning you is processed by us. If such processing is available, you may request information from the controller about the following information:
- the purposes for which the personal information is processed;
- the categories of personal data that are processed;
- the recipients or the categories of recipients to whom the personal data relating to you have been or will be disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data if the personal data are not collected from the data subject;
- You have the right to request information about whether the personal data relating to you are transferred to a third country or an international organization. In this regard, you can request the appropriate warranties in accordance with Art. 46 GDPR to be informed in connection with the transfer.
2. Right of rectification
You have a right of rectification and / or completion to the controller, provided that the personal data you process is incorrect or incomplete. The person in charge must make the correction without delay.
3. Right to restrict processing
You may request the limitation of the processing of your personal data under the following conditions:
- if you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- the person responsible no longer needs personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims,
- or if you object to the processing pursuant according to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State. If the limitation of the processing according to the o.g. If conditions are restricted, you will be informed by the person in charge before the restriction is lifted.
4. Right of deletion
You may require the controller to delete your personal data without delay, and the controller is obliged to delete the data without delay, if any of the following is true:
- Your personal information is for the purposes for which they were collected or otherwise processed are no longer necessary.
- You revoke your consent to the processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You object to the processing according to Art. 21 para. 1 DSGVO and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 DSGVO objection to the processing.
- Your personal data has been processed unlawfully.
- The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Information to third parties
If the person responsible has made the personal data relating to you public and is in accordance with Article 17 (1) of the GDPR, it shall take appropriate measures, including technical ones, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Person requested by them to delete all links to such personal data or to make copies or replicas of such personal data.
The right of cancellation does not exist insofar as the processing is necessary
- for the exercise of the right to freedom of expression and information;
- to fulfill a legal obligation which requires processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
- to assert, exercise or defend legal claims.
5. Right of information
If you have asserted the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data relating to you have been corrected or deleted or restricted unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
6. Data Transferability
You have the right to receive personal data relating to you provided by the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, insofar as
- the processing is based on a consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract according Art. 6 para. 1 lit. b DSGVO
- and processing is done using automated procedures.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person responsible to another person responsible, as far as this is technically feasible. Freedoms and rights of other persons may not be affected. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right of objection
You have the right at any time, for reasons arising from your particular situation, against the processing of personal data concerning you, which, on the basis of Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications. You can send an email to our data protection officer.
8. Right of revocation of the data protection consent declaration
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which will have legal effect or similarly affect you in a similar manner. This shall not apply if:
- the decision to conclude or to execute a contract between you and the controller is required
- by Union or Member State legislation to which the controller is subject, and that legislation is adequate to safeguard your rights and freedoms as well as your legitimate interests
- or with your express consent. However, these decisions may not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you consider that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
11. Facebook, Custom Audiences and Facebook Marketing Services
11.1. Due to our legitimate interest in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“).
11.2. Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
11.3. With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of advertisements (so-called „Facebook ads“). Accordingly, we use the Facebook pixel to display our Facebook ads only to Facebook Users who have shown an interest in our Websites or who have specific characteristics (e. g. interests in certain topics or products determined by the websites visited) that we submit to Facebook (so-called „custom audiences“). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of Users and do not have a nuisance effect. Using the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether Users have been redirected to our website after clicking on a Facebook ad (so-called „conversion tracking“).
11.4. The Facebook pixel is directly integrated into our web pages by Facebook and can store a so-called cookie, i. e. a small file, on your device. If you then log in to Facebook or visit Facebook when you are logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, i. e. it does not allow us to draw conclusions about the identity of the Users. However, the data is stored and processed by Facebook so that it can be linked to the respective User profile and used by Facebook as well as for its own market research and advertising purposes. If we transfer data to Facebook for comparison purposes, it is encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done with the sole purpose of matching the data encrypted by Facebook.
11.5. Furthermore, when using the Facebook pixel we use the additional function „extended matching“. Inventory data such as telephone numbers, e-mail addresses or Facebook IDs of Users are transmitted to Facebook in encrypted form to form target groups for Facebook ads and used only for this purpose. Users agree to the processing of their personal information as part of the „extended matching“.
11.6. We use the Facebook’s „Custom Audiences from File“ procedure, in which case inventory data (telephone numbers, e-mail addresses, Facebook IDs) is transmitted to Facebook in encrypted form to form target groups for Facebook ads and used for this purpose only. Users agree to the processing of their personal information as part of the „Custom Audiences from File“ procedure.
11.7. Facebook's processing of the data is governed by Facebooks Data Usage Policy. Accordingly, general instructions on how to display Facebook ads, in the Facebook Data Usage Policy: https://www.facebook.com/policy.php.For specific information and details about the Facebook pixel and how it works, please visit the Facebook Help Center: https://www.facebook.com/business/help/651294705016616.
11.8. You may object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what kind of ads you see on Facebook, you can go to the page set up by Facebook and follow the instructions on how to set up use-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i. e. they are applied to all devices, such as desktop computers or mobile devices.
12. Newsletter and commercial communication
12.1. With the following declarations we would like to inform our Users about the contents of our newsletters as well as other types of business e-mails and electronic mail (short „newsletter“) as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you declare your agreement with the reception and the described procedures. The legal basis of your consent is Art. 6 (1) a, Art. 7 GDPR.
12.2. Contents of the newsletter: We send out newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as „newsletters“) only with the consent of the recipients or a legal permission. Insofar as the contents of a newsletter registration are specifically described in detail, they are decisive for the User's consent. In general, our newsletters contain information on trends in communication, marketing, our services and our business.
12.3. Newsletter service provider: The newsletters are sent by „Sendy“, a self-hosted software service using Amazon Webservices for send-out (hereinafter referred to as „newsletter service provider“). Additional information about the software can be found under https://sendy.co/.
12.4. Opt-in and logging: The registration for our newsletter is done in a so-called double opt-in procedure. This means that Users will receive an e-mail after the registration, in which Users will be asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The subscriptions to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes saving the logon and confirmation time as well as the IP address. The changes to your data stored by the shipping company are also logged.
12.5. Furthermore, the newsletter service provider can, according to his own information, use this data in a pseudonymized form, i. e. without being directly associated with a User, for the optimization or improvement of his own services, e. g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the newsletter service provider does not use the data of our newsletter recipients to contact them himself or to pass the data on to third parties.
12.6. Registration data: To subscribe to the newsletter, please fill in the e-mail-address and complete the optional information. We use this information for the individual addressing of our newsletter subscribers.
12.7. Statistical survey and analysis - The newsletters contain a so-called „web-beacon“, i.e. a pixel-sized file, which is retrieved from the newsletter service provider’s server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services based on the technical data or target groups and their reading behavior based on the retrieval locations (which can be determined by means of the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked and when. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention to monitor individual Users. The evaluations serve us much more to recognize the reading habits of our Users and to adapt our contents to them or to send different contents according to the interests of our Users.
12.8. The newsletter is sent on the basis of the consent of the recipients in accordance with Art. 6 (1) lit. a, Art. 7 GDPR. The statistical surveys and analyses are conducted on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f of the GDPR. We are interested in using a User-friendly and secure newsletter system that serves our business interests and meets the expectations of our Users. The registration procedure is recorded in accordance with Art. 6 (1)(c). GDPR on the basis of a legal obligation to prove the consent of the newsletter recipients (e.g. in accordance with Art. 7 (1) GDPR).
12.9. Cancellation/Revocation - Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. revoke their consent. Newsletter recipients will find a link to unsubscribe from the newsletter at the end of each newsletter. By unsubscribing from the newsletter, the personal data will be deleted, if they only apply to the newsletter subscription unless their storage is legally required or necessary for contractual reasons, and their processing in this case is limited to these exceptional purposes only.