Protecting your privacy and your identity is important to us, F&P GmbH, Karl-Liebknecht-Straße 12, 04107 Leipzig, Germany. In this document we set out how your data is processed in accordance with data protection legislation on the basis of the applicable regulations (GDPR). This Data Protection Policy relates to the online services we offer, referred to generally in this Policy as “online offerings” and specifically as the “platform” on websites and the “app” on mobile applications. This term describes both the functionalities of a website and mobile applications, commonly referred to as “apps”.
As a matter of principle we process personal data only as necessary in order to provide functional online offerings and our content and services. As a rule, personal data is processed only after you have granted your consent.
An exception is made in those cases in which it is not possible for practical reasons to obtain your prior consent and the processing of data is permitted by law.
1. Name and contact details of the controller and the Data Protection Officer
This Data Protection Policy applies to data processing by:
04107 Leipzig, Germany
1.2 Data Protection Officer
Our Data Protection Officer can be contacted as follows:
Attn Mr Werner Rönnebeck
04107 Leipzig, Germany
2. Collection and storage of personal data and nature and purpose of its use
The operation of our online offering is subject to the natural dynamics of the online economy, and for this reason it is not possible to set out all the details of its functioning. Our goal in this Policy is to cover the most important elements of our data processing. Data must be processed in order to enable us to present the offerings you want, to fulfil our contractual obligations, and to enable us to take the required pre-contractual measures in response to your enquiry. Further purposes of the processing are primarily:
- to optimise your user experience and the associated technical and content development
- to provide basic functions and algorithms that are in line with the core concept of a community and the associated expectations regarding networking. As a rule, personal data is deleted as soon as it is no longer needed in order to fulfil the purpose for which it was collected and no statutory retention periods would oppose its deletion. If not explicitly stated, the retention periods for third-party tools can be found in the data protection policy of the respective third-party provider.
2.1 Accessing our online offerings
Information is automatically sent to our servers each time our online offerings are accessed. This information is stored temporarily in a log file. During this process, the following information is collected and saved until it is deleted automatically:
- IP address of the querying device
- Date and time of visit
- Name and URL of the accessed file or interface
- Website from which the access originated (referrer URL)
- Browser/browser ID (user agent) installed on your device, the operating system and name of the device, and the name of your Internet service provider
- If apps are used: the app version
- User account if registered, user ID and session ID
- Any errors which may occur (anonymised)
We process the above data for the following purposes:
- To deliver online content correctly to different devices and browsers
- To protect our IT systems and technology against misuse
- To ensure the continuous functionality of our IT systems and technology
- To provide necessary information to law enforcement authorities for prosecution
- To evaluate system security and stability
- To optimise online content and advertising
The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the purposes of the data collection listed above. We will never use the collected data for the purpose of identifying you as an individual. The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected.
2.2 Subscribing to the newsletter
Provided you have granted your express consent under Art. 6 (1) (a) GDPR, we use your email address to send you our newsletter at regular intervals. To receive the newsletter, you only need to provide your email address. The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected. You can unsubscribe at any time using the link which appears at the end of each newsletter. Alternatively you can email us at email@example.com to unsubscribe at any time.
2.3 Using contact forms and support functions
If you have any questions, we provide means of contacting us. To do so, you must provide your email address or an active login so that we know from whom the enquiry originated and can reply to it. You can provide further information voluntarily.
Data is processed for the purpose of answering contact queries either on the basis of Art. 6 (1) (b) GDPR in order to take steps prior to entering into a contract or to fulfil contractual obligations, or in accordance with Art. 6 (1) (a) GDPR on the basis of your freely granted consent.
The personal data we collect on you when you make contact and communicate with us is automatically deleted once your enquiry has been answered.
Registered users also have the option to report content and request support services. In such cases we store the name of the person who sent the enquiry, the content of the enquiry and the content, if any, that is reported. The conversation with the user is stored in our support system. Calls via support hotlines are handled without data being stored unless it was essential to establish the caller’s identity in order to clarify the situation and the caller provided this information. In such cases, a support ticket is created. This records the information provided during the conversation or any unresolved issues.
Data is processed in order to provide support services under Art. 6 (1) (a) GDPR on the basis of your freely granted consent, under Art. 6 (1) (b) GDPR in order to fulfil contractual or pre-contractual matters with us or with a contracted payment service provider, and under Art. 6 (1) (c) and (f) GDPR to secure the handling of content notifications, such as notifications that must be documented in accordance with the Network Enforcement Act (NetzDG).
The personal data we collect on you in order to provide support functions is automatically deleted as soon as the enquiry has been resolved, provided there is no legal obligation to retain this data.
2.4 Ordering a product via NetDebit
When you purchase a fee-based membership via our partner NetDebit, your membership number is transmitted to NetDebit for the purpose of associating the membership purchased with your profile. In this process, we receive from NetDebit the NetDebit customer number, the order number, and information on the type and duration of the membership.
We also receive information from NetDebit on status changes during the ordering process, such as termination or cancellation of the order, so that we can change the membership status accordingly. No further personal data (e.g. credit card data, name, address, etc.) is exchanged.
This data is stored in order to fulfil contractual obligations under Art. 6 (1) (b) GDPR. The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected.
2.5 Ordering a product in an app store
When you buy a product or subscription via an app store (iTunes or Google Play Store), the transaction ID for the purchase and the product or subscription purchased are stored in order to associate these with your account. This data is stored in order to fulfil contractual obligations on the basis of Art. 6 (1) (b) GDPR. The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected.
2.6 User accounts and profiles
As a user of our online offerings, you have the option to use the offering as a guest without a registered account or to register in order to be able to use further functions. The scope of functions available without registration may be strictly limited.
When you visit our online offering, a contractual relationship is established. The data collected is processed under Art. 6 (1) (b) GDPR in order to fulfil a contract or to take steps prior to entering into a contract. No further fees arise unless you intentionally purchase membership and expressly consent to this after registering.
Guests can access our online offering without obligation and use the basic functions and content provided. During the visit user data and technical data are collected to provide and optimise the content as described in this Data Protection Policy. No further personal data is collected. Since guests cannot enter any further personal data, no data is processed or stored. For special types of use such as subscribing to a newsletter that do not require separate registration, the relevant passages of this Data Protection Policy apply.
Guests can access a registration form for the purpose of registering a user account. Once the registration process has begun, you have to enter the required data as shown on the input form. This data is stored for a short time so that you can verify your email address (opt-in). If you do not opt in, the data is deleted immediately.
2.6.2 Registered users
You have the option to register by providing additional personal data. The additional personal data that is transmitted to us depends on which input form you use to register. We require this data in order to provide you with the service offering that you have requested within the framework of the existing user relationship.
You can also use the input options to optimise your image within the community and thus increase your chances of making contact. This data includes information such as your user name, age, region and personal preferences. Additional privacy settings are also available for some functions and types of input. These can be used to activate or block display.
Sensitive data such as your exact date of birth or email address is generally not publicly visible and is collected and stored for internal use only. We can forward the data to one or more contracted external processors, which also use it exclusively for internal purposes on our behalf. You can deactivate the annual display of your birthday on your date of birth yourself at any time using the privacy settings. Registered users have the option at any time to correct the data entered during registration.
Data that is accessible only to you is stored to ensure various functions. These include the internal email communication system, the visitors to your profile and other data which as a rule does not appear in your public profile or which can be excluded from being displayed using the privacy settings.
For statistical purposes and to optimise our offering, we collect key data on the use of the online offering by individual registered users at regular intervals and in the event of relevant incidents.
You can also provide various data voluntarily. In this case, the purpose of the storage and processing is the general provision of the online offering with community functions (Art. 6 (1) (a) GDPR). We also have a legitimate interest under Art. 6 (1) (f) GDPR in making specific data accessible in the form of profiles within the online offering and in connecting functions which serve the operation of the online offerings in order to provide the basic functionality that the majority of users expect.
We will provide information on request at any time on which personal data is stored. We will also correct or delete personal data on request or on receipt of instructions provided that this does not conflict with any statutory retention periods or breach the purpose limitation. Data not subject to retention periods is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected, at the latest however when your user account is deleted. Our Data Protection Officer is your contact person for questions relating to this.
2.7 Sweepstakes and surveys
If you participate in surveys or sweepstakes, you have the chance to win virtual and physical prizes. In the latter case, the prize must be shipped to the winner, and for this reason we collect your postal address. This data is processed on the basis of your express consent under Art. 6 (1) (a) GDPR for the purpose of shipping the prize.
Address data will be deleted following the shipment.
3. Disclosure of data
Your personal data will only be disclosed to others for the purposes listed below.
We will only disclose your personal data to third parties if:
- you have granted your express consent to this under Art. 6 (1) (a) GDPR
- the disclosure is required under Art. 6 (1) (f) GDPR in order to establish, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in your data not being disclosed
- we are legally obliged to disclose it under Art. 6 (1) (c) GDPR
- the disclosure is permitted by law and is necessary under Art. 6 (1) (b) GDPR in order to process contractual relationships or orders with you.
- a legitimate interest in optimising our offering exists under Art. 6 (1) (f) GDPR
Information relating to the specific device in use is stored in the cookie. However, this does not mean that we obtain direct knowledge of your identity.
We also use temporary cookies to optimise user-friendliness; these are stored on your device for a specific period of time. When you revisit our website to use our services, we automatically recognise that you have visited our website before and which input and settings you have entered so that you do not have to re-enter them.
Cookies are also used to compile statistics on the use of our website and to perform analyses to enable us to optimise our offering for you. When you revisit our website, these cookies allow us to automatically recognise that you have visited our website before. These cookies are automatically deleted after a specified period.
The data processed by the cookies is necessary for the stated purposes in order to safeguard our legitimate interests and the legitimate interests of third parties under Art. 6 (1) (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notification appears each time before a new cookie is placed. Please note that complete deactivation of cookies can severely restrict some functions of our website or result in them not functioning as expected. No claims may be brought on the grounds of loss of functionality due to the deactivation of cookies.
5. Tracking and analysis tools
The tracking and analysis methods described below are used by us on the basis of Art. 6 (1) (f) GDPR.
We use these tracking methods to ensure that the design of our online offerings is tailored to our users’ needs and continually optimised. We also use tracking methods to compile statistics on the use of our online offerings and to evaluate them in order to optimise our offering for you. These interests are legitimate within the meaning of the above legislation.
The purposes of the data processing and the categories of data are set out under the respective tracking tools.
We use the products and tools of Google Ireland Limited (hereinafter referred to as “Google”). Different data protection regulations of the Google company apply for data processed by Google. You can view these here: https://www.google.com/intl/en/policies/privacy/. You can find out specifically how we use the products below.
5.1.1 Google Analytics
In order to tailor the design of our web pages to our users’ needs and to continuously optimise them, we use Google Analytics and cookies (see section “Cookies”). Analytics is an online tracking programme.
The information generated by the cookie about how you use our website (such as browser type and version, operating system used, referrer URL, host name / IP address of accessing computer, time of server request) is transmitted to a Google server in the USA and stored there.
This information is used to evaluate use of the platform, to compile reports on online activities and to provide further services related to the platform and Internet use for the purposes of market research and needs-based design. This information is also transferred to third parties where this is required by law or where the data is processed by contracted third parties.
Under no circumstances is your IP address associated with other data by Google. IP addresses are anonymised so that association with an individual user is impossible (IP masking).
5.1.2 Google AdWords and Google conversion tracking
To compile conversion statistics and optimise our advertising accordingly, we use the Google AdWords online advertising programme and carry out conversion tracking (evaluation of user actions as an analytic service) within this framework.
When you click on an ad displayed by Google, a conversion tracking cookie is placed on your computer. These cookies are valid for a limited period of time, contain no personal data and hence cannot be used to identify you personally. If you visit specific pages of our website and the cookie has not yet expired, Google and we can identify that you have clicked on the ad and were forwarded to this page. Each Google AdWords client is given a different cookie. This means that it is impossible to track the cookies beyond the platforms of AdWords clients.
The information collected with the aid of the conversion cookie is used to compile conversion statistics. These inform us of the total number of users who clicked on our ad and were forwarded to a page containing a conversion tracking tag. However, we do not receive any information that would enable us to personally identify users. The data is processed under of Art. 6 (1) (1f) GDPR on the basis of our legitimate interest in targeting advertising and analysing the effectiveness and efficiency of this advertising.
5.1.3 Google Firebase
To optimise our applications and to publish push notifications, we use Google Firebase. The anonymised information on your use and duration of use is transferred to a Google server in the USA and stored there. This information is also transferred to third parties where this is required by law or where the data is processed by contracted third parties. Under no circumstances is your IP address associated with other data by Google. IP addresses are anonymised so that association with an individual user is impossible (IP masking). You can find more information on data protection and how this works in connection with Google Firebase, as well as information on data storage periods, at https://firebase.google.com/support/privacy/
The data is processed under of Art. 6 (1) (1f) GDPR on the basis of our legitimate interest in opportunities for the needs-based design and continuous optimisation of our applications and in issuing push notifications.
5.1.4 Google reCAPTCHA
We protect our community by using the reCAPTCHA service. The purpose of the reCAPTCHA challenge is to detect if responses are from humans or if the system is being misused by bots.
Only authentication data is transmitted by us to Google in the process. This contains no personal data and serves only to authenticate our software at Google.
The embedded reCAPTCHA sends standard client information (e.g., browser, IP address) and any other data required by Google for the reCAPTCHA service to a Google server in the USA, where it is stored and used for further purposes. This information may also be transferred to third parties if required by law or if the data is processed by contracted third parties. Under no circumstances is your IP address associated with other data by Google. IP addresses are anonymised so that association with an individual user is impossible (IP masking). Only in exceptional cases will the full IP address be sent to a Google server in the USA and anonymised there.
By using reCAPTCHA, you declare your consent for your character recognition to be used in the digitalisation of old material.
5.1.5 Opt-out for Google cookies
You have the right on grounds relating to your particular situation to object at any time to the processing of your personal data under Art. 6 (1) (f) GDPR.
You can prevent cookies from being stored by configuring the relevant technical settings in your browser. However, please note that if you do so, you may not be able to use all the functions of our online offerings to their full extent.
You can deactivate personalised ads using Google’s advertising settings. You can find instructions on this at https://support.google.com/ads/answer/2662922?hl=en
You can also deactivate the use of third-party cookies by accessing the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/ and following the opt-out instructions there.
Our platform uses Mouseflow, a Web analysis service provided by Mouseflow ApS. Mouseflow enables the analysis of user behaviour on our platform (such as mouse clicks, mouse movements, scrolling, activities involving form boxes). We use this anonymised information in order to further develop our offerings for you and to improve their user-friendliness. The data on your use of the platform, including your IP address, is transmitted to a Mouseflow server inside Europe and stored there. Your IP address is deleted after it has been geolocalised. Mouseflow uses the anonymised data to evaluate user behaviour on our platform and to present the results in the form of reports. This information is also transferred to third parties where this is required by law or where the data is processed by third parties on Mouseflow’s behalf. By using this platform, you agree to the processing of the data collected about you by Mouseflow in the manner described above and for the purpose set out above. You can deactivate Mouseflow at any time with future effect at https://mouseflow.com/opt-out/ You can find further information on data collection by Mouseflow and on the data storage periods in the Mouseflow privacy statement at https://mouseflow.com/privacy/.
The data is processed in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in optimising user-friendliness.
To analyse and eliminate vulnerabilities and crashes and to improve our applications, we use the HockeyApp analysis tool. HockeyApp is a test platform developed by Microsoft Corporation. The objective of this tool is to prevent future crashes by collecting data on a crash the moment it happens. The transmitted crash report contains the date and time of the crash, the source text on which the error occurred, the operating system version, the telephone version, the selected language and the type of device and IP address. Data you have entered, such as written text, is not transferred. The sending of a crash report is always voluntary, and you must explicitly agree to it on each occasion. HockeyApp also contains a feedback function which, when used, results in the storage and processing of the data entered for the purpose of processing the feedback provided. Some of the data processing for HockeyApp is performed in the US.
You can call up further information on data protection for HockeyApp and on the data storage period
The data is processed in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in optimising user-friendliness and eliminating software crashes.
5.4 Use of AppsFlyer technology
We use the services of AppsFlyer Ltd., 14 Maskit Street, Herzliya, Israel (“AppsFlyer”, www.appsflyer.com), to learn more about how our users get to know about our app and how they use it. Certain information, such as the devices used by users, their online usage behaviour and content retrieved, may be collected, processed and used. This includes, but is not limited to:
- individual user identifiers, such as IP addresses, user agent, IDFA (identifier for advertisers), Android ID (for Android devices), Google advertising ID
- technical data such as information about the operating system of the device used, device information and settings, applications, opt-out declarations for advertising, downloads, impressions, clicks and installation of apps, in-app behaviour, movement details.
AppsFlyer uses this data on our behalf to analyse and assess the performance of our marketing actions and channels so as to find out how users respond to certain campaigns and how they use and interact with the app. The above data is not used to identify individual users or associate the data with a particular person. The information may also be used in cases of so-called “mobile fraud”, i.e., to discover and prevent manipulative and fraudulent acts in connection with our marketing activities. AppsFlyer uses the collected and subsequently aggregated data to reveal to us whether certain actions related to our app, such as downloads or installations, have been caused by manipulative acts. This is also in our economic interest, given that actions attributable to mobile fraud are taken into consideration in the remuneration of our partners (advertising networks and affiliate sites that display our advertisements). Data is therefore processed on the basis of the clause on legitimate interest in Article 6(1)(f) of the General Data Protection Regulation (GDPR) and is within the scope of our interest as described above.
If you would like to prevent AppsFlyer from collecting your data, you can deactivate the “Diagnosis & usage” item in the “Privacy” section of the app settings. By deactivating this item, you will prevent your data from being sent to AppsFlyer.
6. Social media plug-ins and other providers
6.1 Facebook Connect
Within our online offering you can find links to third-party websites (such as the Facebook “like” button) to allow you to quickly access further information or other relevant content. When you click these links, you exit our online offerings. We have absolutely no control over these websites or their data protection practices, which may differ from ours. By providing a link to third-party websites, we expressly do not endorse or support the content of these websites. The personal data you provide to these third parties or the data collected by them is not covered by our Data Protection Policy. For this reason you should read the data protection policy of every company before revealing any personal information.
If you register for our services via third-party connecting functions (such as a Facebook login), selected data from your profile with the third party is transferred to our database. When you register via a connecting function, you agree to the third party’s terms and conditions and you consent to your data being transferred to our database.
The data is deleted as soon as it is no longer required in order to fulfil the purpose for which it was collected, at the latest however when your user account is deleted.
6.2 Videos and GIFs
6.2.1 YouTube Player and Vimeo
We use the providers YouTube and Vimeo to embed videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Ireland Limited, headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. Videos from YouTube are embedded into our online content with enhanced data protection mode activated. This means that no information about visitors to our online presence is collected and stored by YouTube unless the visitor plays the video. Further information regarding data processing and data protection at YouTube (Google) can be found at https://policies.google.com/privacy and https://www.youtube.com/static?template=privacy_guidelines.
Vimeo is operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. Further information regarding data processing and data protection is available at https://vimeo.com/privacy.
6.2.2 Giphy, Tenor
We use the providers Tenor and Giphy to embed animations (GIFs). Tenor is operated by Tenor, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Further information regarding data processing and data protection can be found at https://tenor.com/legal-privacy.
Giphy is operated by Giphy Inc., 416 West 13th Street, Suite 207, New York, New York 10014, USA. Further information regarding data processing and data protection can be found at https://support.giphy.com/hc/en-us/articles/360020028332-GIPHY-Privacy-Policy.
The legal basis for the processing of users’ personal data is Article 6, paragraph 1f of the GDPR. Processing our users’ personal data enables us to display useful information visually.
When you access our online content, the technology used to embed files can transmit data such as your IP address back to the platforms. You can prevent tracking cookies from being set when playing videos by activating the corresponding setting in your browser to disable their storage. However, we advise you that should you choose to do so, you may not be able to use all of the functionalities of our online content to their full extent.
We have no influence over how the platforms use the data. You can find further information regarding the individual operators via the links provided above, and adjust your privacy settings as you deem necessary.
7. Rights of data subjects
You have the right:
- to obtain information about your personal data processed by us under Art. 15 GDPR. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or is disclosed, the envisaged duration for which it will be stored, the existence of a right to rectification and erasure, and to restrict the processing or object to it, the existence of a right to complain, the source of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if appropriate, meaningful information concerning its details
- to have incorrect personal data stored by us rectified or completed without undue delay under Art. 16 GDPR
- to have your personal data stored by us erased under Art. 17 GDPR, provided processing is not necessary to exercise the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims
- to request that the processing of your personal data be restricted under Art. 18 GDPR and to object to the processing under Art. 21 GDPR
- to receive the personal data that you have provided to us in a structured, commonly used, machine-readable format or to have it transmitted to another controller under Art. 20 GDPR
- to withdraw the consent that you have granted to us at any time under Art. 7 (3) GDPR. This has the consequence that we may not continue to process data based on this consent
- to lodge a complaint with a supervisory authority under Art. 77 GDPR, in particular within the member state of your residence, place of work or place of the alleged infringement if you are of the opinion that the processing of your personal data infringes the GDPR.
8. Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data where there are grounds relating to your particular situation or the objection relates to direct marketing. In the latter case, you have a general right to object that we will implement without the need to specify a particular situation.
If you wish to exercise your right to withdraw consent or to object, simply email firstname.lastname@example.org.
9. Data security
When our online offerings are accessed, we use the widely used SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption that your device supports. Generally this is 256-bit encryption. If your device does not support 256-bit encryption, we use 128-bit v3 technology instead.
We make use of appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction and against unauthorised access by third parties. Our security measures are continually enhanced in line with technological advances.
10. Validity of and changes to this Data Protection Policy
This Data Protection Policy (correct as of 27 February 2019) is currently in force.
It may be necessary to make changes to this Data Protection Policy following further development of our online offerings or due to legislative or administrative changes. You can access and store the currently valid Data Protection Policy at any time.