1. Responsible person
Hermann-Mayrhofer-Str. 3, 94036 Passau, Germany
E-Mail: contact gender-api.com
Our data protection officer, the IITR Datenschutz GmbH, Dr. Sebastian Kraska, can be contacted by email at firstname.lastname@example.org.
The data protection declaration uses the following terms as defined in the General Data Protection Regulation:
- "personal data": any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- "processing" any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- "processor" a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- "recipient" a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- "third party" a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- "consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
"cross-border processing" either
- processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
- processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
3. Type, scope and purpose of processing, legal bases
3.1 We process the following types of data:
- Customer data (name, gender, address, e-mail, bank data);
- Content data (data of customers specifying names)
- Usage data (visited websites, access times, location etc.).
- Communication data (device information, IP addresses etc.).
- Contract data (contract text, payments)
3.2 The following categories of affected persons exist:
- Visitors to our websites (hereinafter also "users") and other interested parties;
- Customer of services (hereinafter also "customer"); further business partners.
3.3 The data was processed for the following purposes and on the basis of the legal bases mentioned below:
- Presentation, maintenance and improvement of our websites, including all functions vis-à-vis users, for evidence purposes; this is done on the basis of Article 6 paragraph 1 letter f GDPR (protection of our legitimate interests). Communication and usage data are processed; the data will not be passed on to third parties unless there is a legal obligation to do so (Article 6 paragraph 1 letter c GDPR).
- Processing of usage data (visited websites, viewed products) and content for advertising purposes, in particular for personalised product information; this is done on the basis of Article 6(1)(f) GDPR (protection of our legitimate interests).
- Responses to requests via a contact form, e-mail correspondence with users and customers, processed on the basis of Article 6(1)(b) GDPR.
- Create a user account. When creating or changing a user account for our websites, customer data, contractual data and, where applicable, content are processed in order to to provide services on the websites to registered users, Article 6(1)(b) GDPR; in addition, communication data may be used for evidence purposes and to protect against misuse of the functions, Article 6 paragraph 1 letter f GDPR (protection of our legitimate interests).
- Customer data and contract data are processed for the execution of contractual obligations towards customers and other contractual partners. Processing is based on Article 6(1)(b) and (c) GDPR.
- To display the user's own contents. If necessary, users can post their own content in forums or similar functions on our websites; this is generally made possible anonymously. IP addresses are stored for reasons of evidence and thus on the basis of our legitimate interests in accordance with Article 6 paragraph 1 letter f GDPR.
- Own marketing; if consent was obtained, processing was carried out in accordance with Article 6(1)(a) and Article 7 GDPR, in other respects for the protection of our legitimate interests: Article 6(1)(f) GDPR.
If our processing is based on further legal bases, they are specified below in the further explanations.
4. Recipients of data, third countries
Data will only be passed on to third parties if this is necessary for the provision of our services. For payment processing, the data required in payment transactions (name, account or credit card data, e-mail address, purchase price) may be forwarded by us to a payment service provider and/or to a credit institution or PayPal commissioned with payment. Other categories of recipients are hosting providers, participants in the merchandise management and financial accounting system, external providers for customer service.
The transfer and disclosure of data to recipients, order processors or third parties shall only take place within the framework of the legal basis (see 2.4 above) or if there is a more extensive legal obligation. Access to data for contractors was granted in strict compliance with Article 28 of the GDPR. Processing of data in a third country (outside the European Union (EU) or European Economic Area (EEA)) shall be carried out in accordance with Articles 44 to 50 of the GDPR. Processing takes place at a level of data protection that corresponds to the GDPR, in particular through guarantees given by contract processors, e.g. on the basis of special contractual obligations (standard contractual clauses).
5. Data deletion
Data will be deleted on the basis of Articles 17 and 18 of the GDPR; the same applies to restrictions on the processing and blocking of data. The data will be deleted or processed in a limited manner if and to the extent that it is no longer necessary to achieve a specified purpose, unless deletion is prohibited by law (e.g. retention obligations under commercial or tax law) or something else has been agreed.
According to § 257 of the German Commercial Code (HGB) and § 147 paragraph 1 of the Fiscal Code (AO), every businessman is in particular obliged to keep commercial books and records, inventories, opening balance sheets including work instructions, annual financial statements, other organisational documents and accounting records for ten years; a period of six years applies to commercial and business letters.
6. California Consumer Privacy Act (CCPA)
Under California Civil Code Section 1798.82, Gender-API.com customers who are California residents may request information about the disclosure of your personal information by Gender-API.com to a third party for the third party's direct marketing purposes. Gender-API.com does not sell personal data to any entity. If you would like to request more information, you may contact us here.
"Cookies" are small files that are stored on the user's computer with different information. They serve to establish the identity of the user and his device as well as to secure information provided by the user during the stay. In addition to temporary cookies ("session cookies", e.g. the contents of a shopping basket), which are deleted after leaving the web pages and closing the browser. Permanent cookies (e.g. last login, viewed websites) are not deleted after leaving the websites. In the case of so-called "Third-Party-Cookies" the cookies do not originate from the person responsible, but from a third party.
You can prevent cookies from being stored on your computer. You have the possibility to select the option in the settings of your browser that cookies are not allowed in general and related to certain pages. You can also delete existing cookies there. As a precaution, it is pointed out that the functions of our websites may be restricted if cookies are deactivated or removed.Edit cookie settings here
When registering for the newsletter, your e-mail address will be used for our own advertising purposes (sending e-mails) until you unsubscribe from the newsletter. You can unsubscribe at any time. If necessary, you have expressly given us the following consent and we have recorded the consent. We are obliged to keep the content of the consent available at all times. You can revoke your consent at any time with effect for the future. Repetition of the consent text for the newsletter:
"Subscribe to our developer newsletter for useful tips, news and resources. You may unsubscribe from these communications at any time."
The registration is made by the so-called double opt-in procedure. After registering, you will be asked by e-mail to confirm your subscription to the newsletter. The registration is logged for evidence purposes, in this case usage data (time of registration and confirmation, IP address) is processed. The legal basis for this is your consent in accordance with Article 6 paragraph 1 letter a, Article 7 GDPR in connection with § 7 UWG; logging is based on legal requirements (Article 6 paragraph 1 letter c GDPR) and to protect our legitimate interests (Article 6 paragraph 1 letter f GDPR).
We use the services of Amazon Web Service, Inc. to send the newsletter, for which purpose your email address, usage and communication data will also be processed by this provider. The service provider is employed on the basis of our legitimate interests (Article 6 paragraph 1 letter f GDPR) and an order processing contract (Article 28 paragraph 3 sentence 1 GDPR).
You can revoke your consent to receive the newsletter at any time by clicking the "Unsubscribe" link at the end of the newsletter or by sending us an email about the withdrawal. Even after revocation, email addresses can remain stored for up to three years to protect our legitimate interests in order to be able to prove our consent for the newsletters sent until revocation.
9. Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
10. Social Media And Analytics
On the basis of our legitimate interests (operation, improvement of our pages, analysis), we use the following connections to social networks, so-called social plugins (hereinafter "plugins") and so-called tracking pixels,in the sense of Art. 6 para. 1 lit. f. GDPR .
10.1 Facebook Tracking Pixel
10.2 Our pages in Social Networks
In addition, we are features in social networks and platforms with our own pages, where we offer information on our company and contact information. When we collect data, this is done to response to inquiries and for further correspondence with users and customers. The processing is based on Article 6(1)(a) and (b) GDPR. Please note the Terms and Conditions and the data guidelines of the respective networks and platforms when accessing them. Operator.
10.3 Google Tag Manager
This website uses Google Tag Manager. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager is a solution that allows marketed website tags to be managed using an interface. Google Tag Manager only implements tags. This means that no cookies are used and no personal data collected. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
10.4 Google Ads Conversion Tracking (formerly Google AdWords)
Our website uses Matomo (www.matomo.org), an open-source, self-hosted software, to collect usage data for this website. Your IP address will be anonymized immediately after processing and before storage. Matomo stores cookies on your end device, allowing an analysis of the use of our website by you. The data collected this way is stored exclusively on our server. These data are:
- Anonymized IP addresses
- Device information
- The website from which the user has accessed the website (referrer)
- The subpages accessed from the website
- Date and the time spent on the website
- The frequency with which the website is accessed
- The main language of the browser
- User-agent of the browser
Here you can decide whether to allow a unique web analytics cookie to be stored in your browser to collect and analyze statistical data regarding your activity on our website. You can also opt-out of the collection and use of this information at a later time.
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
12. Rights of the persons concerned
According to the GDPR, you have different rights with regard to your data:
- You may request confirmation as to whether the data concerned are being processed; if this is the case, you may request information on these data and further information and a copy of the data, Article 15 GDPR.
- You have the right to request without delay the correction of inaccurate personal data and the completion of incomplete personal data, Article 16 GDPR.
- You may request that the data concerned be deleted without delay (Article 17 GDPR) or restricted with regard to processing (Article 18 GDPR).
- Under the conditions of Article 20 of the GDPR, you have the right to receive the data provided by you and to transmit these data to another person responsible without our interference.
- You may lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR.
- In accordance with Article 7 paragraph 3 GDPR, you can revoke consents granted with future effect and object at any time to future processing of the data concerning you in accordance with Article 21 GDPR.