1. Responsible person
Zehnfeldstraße 109, 81825 München, Deutschland
E-Mail: contact gender-api.com
The data protection declaration uses the following terms as defined in the General Data Protection Regulation:
- "personal data": any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- "processing" any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- "processor" a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- "recipient" a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- "third party" a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- "consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
"cross-border processing" either
- processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
- processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
3. Type, scope and purpose of processing, legal bases
3.1 We process the following types of data:
- Customer data (name, gender, address, e-mail, bank data);
- Content data (data of customers specifying names)
- Usage data (visited websites, access times, location etc.).
- Communication data (device information, IP addresses etc.).
- Contract data (contract text, payments)
3.2 The following categories of affected persons exist:
- Visitors to our websites (hereinafter also "users") and other interested parties;
- Customer of services (hereinafter also "customer"); further business partners.
3.3 The data was processed for the following purposes and on the basis of the legal bases mentioned below:
- Presentation, maintenance and improvement of our websites, including all functions vis-à-vis users, for evidence purposes; this is done on the basis of Article 6 paragraph 1 letter f GDPR (protection of our legitimate interests). Communication and usage data are processed; the data will not be passed on to third parties unless there is a legal obligation to do so (Article 6 paragraph 1 letter c GDPR).
- Processing of usage data (visited websites, viewed products) and content for advertising purposes, in particular for personalised product information; this is done on the basis of Article 6(1)(f) GDPR (protection of our legitimate interests).
- Responses to requests via a contact form, e-mail correspondence with users and customers, processed on the basis of Article 6(1)(b) GDPR.
- Create a user account. When creating or changing a user account for our websites, customer data, contractual data and, where applicable, content are processed in order to to provide services on the websites to registered users, Article 6(1)(b) GDPR; in addition, communication data may be used for evidence purposes and to protect against misuse of the functions, Article 6 paragraph 1 letter f GDPR (protection of our legitimate interests).
- Customer data and contract data are processed for the execution of contractual obligations towards customers and other contractual partners. Processing is based on Article 6(1)(b) and (c) GDPR.
- To display the user's own contents. If necessary, users can post their own content in forums or similar functions on our websites; this is generally made possible anonymously. IP addresses are stored for reasons of evidence and thus on the basis of our legitimate interests in accordance with Article 6 paragraph 1 letter f GDPR.
- Own marketing; if consent was obtained, processing was carried out in accordance with Article 6(1)(a) and Article 7 GDPR, in other respects for the protection of our legitimate interests: Article 6(1)(f) GDPR.
If our processing is based on further legal bases, they are specified below in the further explanations.
4. Recipients of data, third countries
Data will only be passed on to third parties if this is necessary for the provision of our services. For payment processing, the data required in payment transactions (name, account or credit card data, e-mail address, purchase price) may be forwarded by us to a payment service provider and/or to a credit institution or PayPal commissioned with payment. Other categories of recipients are hosting providers, participants in the merchandise management and financial accounting system, external providers for customer service.
The transfer and disclosure of data to recipients, order processors or third parties shall only take place within the framework of the legal basis (see 2.4 above) or if there is a more extensive legal obligation. Access to data for contractors was granted in strict compliance with Article 28 of the GDPR. Processing of data in a third country (outside the European Union (EU) or European Economic Area (EEA)) shall be carried out in accordance with Articles 44 to 50 of the GDPR. Processing takes place at a level of data protection that corresponds to the GDPR, in particular through guarantees given by contract processors, e.g. on the basis of an agreement between the EU and the USA in accordance with the US data protection shield (hereinafter also "Privacy Shield"), or on the basis of special contractual obligations (standard contractual clauses).
5. Data deletion
Data will be deleted on the basis of Articles 17 and 18 of the GDPR; the same applies to restrictions on the processing and blocking of data. The data will be deleted or processed in a limited manner if and to the extent that it is no longer necessary to achieve a specified purpose, unless deletion is prohibited by law (e.g. retention obligations under commercial or tax law) or something else has been agreed.
According to § 257 of the German Commercial Code (HGB) and § 147 paragraph 1 of the Fiscal Code (AO), every businessman is in particular obliged to keep commercial books and records, inventories, opening balance sheets including work instructions, annual financial statements, other organisational documents and accounting records for ten years; a period of six years applies to commercial and business letters.
"Cookies" are small files that are stored on the user's computer with different information. They serve to establish the identity of the user and his device as well as to secure information provided by the user during the stay. In addition to temporary cookies ("session cookies", e.g. the contents of a shopping basket), which are deleted after leaving the web pages and closing the browser. Permanent cookies (e.g. last login, viewed websites) are not deleted after leaving the websites. In the case of so-called "Third-Party-Cookies" the cookies do not originate from the person responsible, but from a third party.
You can prevent cookies from being stored on your computer. You have the possiblity to select the option in the settings of your browser that cookies are not allowed in general and related to certain pages. You can also delete existing cookies there. As a precaution, it is pointed out that the functions of our websites may be restricted if cookies are deactivated or removed.
When registering for the newsletter, your e-mail address will be used for our own advertising purposes (sending e-mails) until you unsubscribe from the newsletter. You can unsubscribe at any time. If necessary, you have expressly given us the following consent and we have recorded the consent. We are obliged to keep the content of the consent available at all times. You can revoke your consent at any time with effect for the future. Repetition of the consent text for the newsletter:
"Subscribe to our developer newsletter for useful tips, news and resources (no spam)"
The registration is made by the so-called double opt-in procedure. After registering, you will be asked by e-mail to confirm your subscription to the newsletter. The registration is logged for evidence purposes, in this case usage data (time of registration and confirmation, IP address) is processed. The legal basis for this is your consent in accordance with Article 6 paragraph 1 letter a, Article 7 GDPR in connection with § 7 UWG; logging is based on legal requirements (Article 6 paragraph 1 letter c GDPR) and to protect our legitimate interests (Article 6 paragraph 1 letter f GDPR).
We use the services of Amazon Web Service, Inc. to send the newsletter, for which purpose your email address, usage and communication data will also be processed by this provider. The service provider is employed on the basis of our legitimate interests (Article 6 paragraph 1 letter f GDPR) and an order processing contract (Article 28 paragraph 3 sentence 1 GDPR). Amazon Web Services Inc. is certified under the Privacy Shield Agreement, guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000000TOWQAA4&status=Active#other-covered-entities).
You can revoke your consent to receive the newsletter at any time by clicking the "Unsubscribe" link at the end of the newsletter or by sending us an email about the withdrawal. Even after revocation, email addresses can remain stored for up to three years to protect our legitimate interests in order to be able to prove our consent for the newsletters sent until revocation.
We work with hosting partners to maintain, restore and improve our services, particularly in terms of storage space, computing capacity, database, infrastructure, maintenance services and similar services. This may involve the processing of data in accordance with Section 2.1 of this data protection declaration; in particular the collection of server log files (server access). Processing is carried out on the basis of a legitimate interest on our part in accordance with Article 6 paragraph 1 letter f GDPR in conjunction with Art. 28 GDPR. The data will be deleted no later than seven days after it has been stored; this does not apply if storage is necessary for reasons of evidence - the data will be deleted when the purpose of evidence has ceased to exist.
9. Rights of the persons concerned
According to the GDPR, you have different rights with regard to your data:
- You may request confirmation as to whether the data concerned are being processed; if this is the case, you may request information on these data and further information and a copy of the data, Article 15 GDPR.
- You have the right to request without delay the correction of inaccurate personal data and the completion of incomplete personal data, Article 16 GDPR.
- You may request that the data concerned be deleted without delay (Article 17 GDPR) or restricted with regard to processing (Article 18 GDPR).
- Under the conditions of Article 20 of the GDPR, you have the right to receive the data provided by you and to transmit these data to another person responsible without our interference.
- You may lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR.
- In accordance with Article 7 paragraph 3 GDPR, you can revoke consents granted with future effect and object at any time to future processing of the data concerning you in accordance with Article 21 GDPR.
10. Social Media
On the basis of our legitimate interests (operation, improvement of our pages, analysis), we use the following connections to social networks, so-called social plugins (hereinafter "plugins"),in the sense of Art. 6 para. 1 lit. f. GDPR .
We use plugins from facebook.com, operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or for EU citizens Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, ("Facebook"). Facebook is certified under the Privacy Shield Agreement, https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .
The plugins recognizable by the Facebook logo refer to specific content, text contributions or invitations to interactions. Visit https://developers.facebook.com/docs/plugins/ to learn about the form and look of Facebook plugins. When you access one of our websites that contains a plugin like this, the user's device establishes a connection to Facebook's servers. When processing plugin data, user profiles can be created. We have no influence on the amount of data that Facebook collects using the plugins. Facebook can use the plugin to collect information on what pages the user visited. If you visit one of our pages and are logged in to Facebook, Facebook is able to assign the visit to a Facebook profile. Furthermore, information from interactive plugins will be processed, e.g. by clicking on the Like button. Facebook might also recognize the IP address of non-members and at least anonymously store it.
In addition, we use the Google Plus button, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") and is identifiable by a white G on a red background with a white +. Google is certified under the Privacy Shield Agreement, guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When the button is clicked, a connection to the Google servers is established in the browser and the content of the button is transmitted. We have no control over the exact amount of data Google collects using this plugin.
On our websites we use links to the Twitter service offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.(https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
We use links on our website to the LinkedIn service, an offer of LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany ("LinkedIn"). LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.(https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).
When accessing one of our websites containing a plugin like this, the user's device establishes a connection to the LinkedIn servers; cookies can be set. When processing plugin data, user profiles can be created. We have no influence on the exact amount of data LinkedIn collects with the help of this plugin. Twitter can use the plugin to get information on what pages a user has visited. If you access our pages and are logged in to LinkedIn at the same time, LinkedIn can assign your visit to a LinkedIn account. For more information on LinkedIn's data protection, please visit https://www.datenschutz.org/linkedin/, At https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out you can limit the processing of your data by LinkedIn.
10.5 User Voice
10.6 Our pages in Social Networks
In addition, we are features in social networks and platforms with our own pages, where we offer information on our company and contact information. When we collect data, this is done to response to inquiries and for further correspondence with users and customers. The processing is based on Article 6(1)(a) and (b) GDPR. Please note the Terms and Conditions and the data guidelines of the respective networks and platforms when accessing them. Operator.