Content

1. Name and address of the responsible person
2. General information on data processing
3. Provision of the website and creation of log files
4. Use of Google services (Google Fonts & Google reCAPTCHA)
5. Newsletter & newsletter tracking
6. Email contact option
7. Rights of the data subject

At this point you will find our information on data processing. For the purpose of clarity and transparency, we have divided the explanations into individual sections

1. name and address of the responsible person

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

Cyber Manatee GmbH
Eichendorffstr. 12
50823 Cologne
Germany

Contact details:
E-mail: info@cybermanatee.com

Authorized managing directors (address as above):

• Jonah Fintz
• Marc Kelbling
• Sven Gießelmann

2 General information on data processing

2.1 Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

2.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

2.3 Storage period and deletion of the data

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

3. provision of the website and creation of log files

3.1 Description and scope of data processing

Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

• Name of the retrieved file
• date and time of the call
• amount of data transferred
• Message about successful retrieval
• browser type and browser version
• operating system used
• referrer URL (the previously visited page)
• the requesting provider
• the IP address of the user

This data is also stored in the log files of our system.

This data is not stored together with other personal data of the user.

3.2 Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

3.3 Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

3.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 7 days at the latest.

3.5 Possibilities of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

4. use of Google services (Google Fonts and Google reCAPTCHA)

4.1 Description and scope of data processing

On our website, the services "Google Fonts" and "Google reCAPTCHA" of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") are used. When calling up the website, the following data may be transmitted to Google for the correct integration of these services:

• Information about the browser type and version used.
• The operating system of the user
• The user's internet service provider
• The IP address of the user
• Date and time of access
• Pages that are called up by the user's system on our website

4.2 Legal basis for data processing

The legal basis for the processing of personal data using Google services is Art. 6 (1) lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of the consent pursuant to Art. 6 para. 1 lit. a DSGVO.

4.3 Purpose of the data processing

The web fonts from Google allow us to present our website to the user in an appealing design and across all devices in the same quality. Only in this way is it technically possible for all visitors to our homepage to have a consistent and pleasant user experience. This purpose is also our legitimate interest in processing the personal data according to Art. 6 (1) lit. f DSGVO. 

Google reCAPTCHA is intended to verify whether the data entry on our website is made by a human or by an automated program. This purpose is also our legitimate interest in processing the personal data according to Art. 6 para. 1 lit. f DSGVO.

4.4 Duration of storage

No data is collected by us in this context. We have no knowledge of the exact storage period at Google - nor do we have any influence on the storage period there.

4.5 Possibility of objection and removal

The collection of data for the provision of the website and the transmission of the data is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

You can find more information about your objection and removal options against Google at: https://privacy.google.com/.

5. newsletter and newsletter tracking

5.1 Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. For this, it is only necessary to provide an e-mail address.

In addition, the following data is collected when subscribing to the newsletter:

• The IP address of the user at the time of registration.
• Date and time of registration
• Date and time of confirmation (double opt-in procedure)
• Consent to the terms of use

In addition, the following data is collected during the period of use of the newsletter:

• The newsletter open rate, i.e. how many recipients opened the newsletter email).
• The click-through rate, i.e. how often recipients clicked on links contained in the newsletter.
• Whether or how many e-mails could not be delivered (so-called "bounce").
• How many recipients unsubscribed from the newsletter after receiving an e-mail.

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. The data collected in connection with the newsletter is stored and processed by our service provider xxx on our behalf; we remain the sole responsible parties for this.

The data will be used exclusively for sending the newsletter.

If you unsubscribe from the newsletter distribution list in the future, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary.

The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

5.2 Legal basis for data processing

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 (1) lit. a DSGVO if the user has given his consent. For the data collected during the period of use as well as additionally at the time of registration, Art. 6 para. 1 lit. f DSGVO is additionally the legal basis.

The legal basis for the storage of e-mail addresses in a blacklist is Art. 6 para. 1 lit. f DSGVO.

5.3 Purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. These purposes are also our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

The collection of further data within the scope of use serves to analyze whether the newsletter is functioning properly, whether the newsletters are actually read and appeal to our users. In these purposes also lies our legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

The purpose of storing the email address in a blacklist is to prevent future mailings and thus to comply with our legal requirements. The data from the blacklist will only be used for this purpose and will not be merged with other data. These purposes are also our legitimate interest as defined by Art. 6 Para. 1 lit. f DSGVO.

5.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored as long as the subscription to the newsletter is active.

The other personal data collected as part of the registration process is usually deleted together with the termination of the subscription. This also applies to the other data collected in the course of use.

5.5 Possibilities of objection and removal

The subscription to the newsletter can be cancelled by the affected user at any time. For this purpose, a corresponding link can be found in each newsletter.

This also enables revocation of consent to the storage of personal data collected during the registration process and the use of the newsletter.

6. e-mail contact option

6.1 Description and scope of data processing

It is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data is not passed on to third parties. The data is used exclusively for processing the conversation.

6.2 Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

6.3 Purpose of the data processing

The processing of personal data from the e-mail is solely for the purpose of processing the contact. This also constitutes the necessary legitimate interest in processing the data.

6.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation shall be deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

6.5 Possibility of objection and removal

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

The objection can be made at any time informally to any contact option provided by us (e.g. by mail or telephone). You will find our contact options at the beginning of this privacy policy.

All personal data stored in the course of contacting us will be deleted in this case.

7. rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

7.1 Right to information - Art. 15 DSGVO.

With the right to information, the data subject receives a comprehensive insight into the data concerning him and some other important criteria, such as the processing purposes or the duration of storage. The exceptions to this right regulated in Section 34 BDSG apply.

7.2 Right of rectification - Art. 16 DSGVO

The right to rectification includes the possibility for the data subject to have incorrect personal data concerning him corrected.

7.3 Right to erasure - Art. 17 GDPR

The right to erasure includes the possibility for the data subject to have data deleted from the data controller. However, this is only possible if the personal data concerning him or her is no longer necessary, is being processed unlawfully or if consent in this regard has been revoked. The exceptions to this right regulated in § 35 BDSG apply.

7.4 Right to restriction of processing - Art. 18 DSGVO

The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data concerning him or her for the time being. A restriction occurs primarily in the examination phase of other rights perceptions by the data subject.

7.5 Right to data portability - Art. 20 GDPR

The right to data portability includes the possibility for the data subject to receive the personal data concerning him or her from the controller in a common, machine-readable format in order to have it forwarded to another controller, if necessary. However, according to Article 20 (3) sentence 2 DSGVO, this right is not available if the data processing serves the performance of public tasks.

7.6 Right to object - Art. 21 DSGVO

The right to object includes the possibility for data subjects to object to the further processing of their personal data in a specific situation, insofar as this is justified by the performance of public tasks or public as well as private interests. The exceptions to this right regulated in Section 36 BDSG apply.

7.7 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

7.8 Automated decision in individual cases including profiling.

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, 
3. is carried out with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the Controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the Controller, to express your point of view and to contest the decision.

7.9 Right to complain to a supervisory authority.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.