Privacy Policy Website

Introduction

Below we inform you about the processing of personal data when using

our website https://www.crew-clickr.com
our website https://www.crewclickr.com
our website https://www.crew-clkcr.com
our website https://www.crewclikr.com
our profiles on social media.

Personal data are all data that can be related to a specific natural person, such as their name or IP address.

1.1. Contact details

The data controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Handmade Systems, Inh. Mariusz Kogut, Dorfstraße 32, 87616 Marktoberdorf, Germany, Email: [email protected]. We are legally represented by Mariusz Kogut.

Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, Email: [email protected].

1.2. Scope of data processing, processing purposes and legal bases

We provide detailed information on the scope of data processing, processing purposes and legal bases below. The following legal bases generally apply to data processing:

Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. when a visitor to our website purchases a product from us or we provide a service for him/her. This legal basis also applies to processing operations that are necessary for pre-contractual measures, such as inquiries about our products or services.
Art. 6 para. 1 sentence 1 lit. c GDPR applies if we are required to process personal data in order to fulfill a legal obligation, as may be the case, for example, in tax law.
Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis when we can rely on legitimate interests for the processing of personal data, e.g. for cookies that are necessary for the technical operation of our website.

1.3. Data processing outside the EEA

To the extent that we transfer data to service providers or other third parties outside the EEA, adequacy decisions of the European Commission pursuant to Art. 45 para. 3 GDPR guarantee the security of the data during transmission, to the extent that they exist, as is the case, for example, for Great Britain, Canada and Israel.

If no adequacy decision exists (e.g. for the USA), the legal basis for the transfer of data is usually standard contractual clauses, unless we provide a different indication. These are a set of rules adopted by the European Commission and part of the contract with the respective third party. Pursuant to Art. 46 para. 2 lit. b GDPR, they ensure the security of the data transfer. Many of the providers have given contractual guarantees that go beyond the standard contractual clauses and protect the data beyond the standard contractual clauses. These may include guarantees regarding the encryption of the data or regarding an obligation of the third party to notify data subjects if law enforcement authorities want to access data.

1.4. Storage period

Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal retention obligations to the contrary. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax reasons.

1.5. Rights of data subjects

Data subjects have the following rights with regard to their personal data:

Right to information,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent at any time

Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details for the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

1.6. Obligation to provide data

Customers, prospective customers or third parties are only required to provide us with personal data that is necessary for the establishment, performance and termination of the business relationship or for the other relationship, or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service or will no longer be able to perform an existing contract or other relationship.

Mandatory information is marked as such.

1.7. No automated decision-making on an individual basis

We generally do not use fully automated decision-making processes in accordance with Article 22 GDPR to establish and conduct a business relationship or other relationship. If we use these procedures in individual cases, we will inform you separately if this is required by law.

1.8. Contact

When contacting us, e.g. by email or telephone, we store the data provided to us (e.g. names and email addresses) in order to answer questions. The legal basis for processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in answering inquiries addressed to us. We delete the data that arises in this context after storage is no longer necessary or restrict processing if there are legal retention obligations.

1.9. Customer surveys

From time to time, we conduct customer surveys to better understand our customers and their needs. In doing so, we collect the data requested in each case. It is our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We delete the data once the survey results have been evaluated.

2. Newsletter

We reserve the right to inform customers who have already used our services or purchased goods from us by email or other electronic means about our offers from time to time, unless they have objected to this. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time at no additional cost, for example by clicking on the link at the end of each email or by sending an email to the above-mentioned email address.

Prospective customers have the opportunity to subscribe to a free newsletter. We process the data provided during registration exclusively for the purpose of sending the newsletter. Registration is done by selecting the corresponding field on our website, by checking the corresponding field in a paper document, or by any other clear action by which prospective customers give their consent to the processing of their data, so the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Consent can be revoked at any time, e.g. by clicking on the corresponding link in the newsletter or by notifying us at the above-mentioned email address. The processing of data until revocation remains lawful even in the event of revocation.

Based on the consent of the recipients (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the opening and click rates of our newsletters in order to understand which content is relevant to our recipients.

We send newsletters using the Sendinblue tool provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (Privacy Policy: https://de.sendinblue.com/legal/privacypolicy/). The provider processes content, usage, meta/communication data, and contact data in the EU.

3. Data processing on our website

3.1. Notice for website visitors from Germany

Our website stores information on the end device of website visitors (e.g. cookies) or accesses information that is already stored on the end device (e.g. IP addresses). The specific information can be found in the following sections.

This storage and access is based on the following provisions:

Insofar as this storage or access is absolutely necessary for us to provide the website service expressly requested by website visitors (e.g. to carry out a chatbot used by website visitors or to ensure the IT security of our website), it is based on § 25 para. 2 no. 2 TTDSG.
Otherwise, this storage or access is based on the consent of the website visitors (§ 25 para. 1 TTDSG).

Subsequent data processing is carried out in accordance with the following sections and on the basis of the provisions of the GDPR.

3.2. Informational use of the website

When the website is used for purely informational purposes, i.e. when visitors to the site do not provide us with information separately, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

This data includes:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

This data is also stored in log files. It will be deleted if storage is no longer necessary, but no later than 14 days.

3.3. Web hosting and provision of the website

We host our website

Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data, or contact data, in the EU. Further information can be found in the provider's privacy policy at https://www.hetzner.com/de/rechtliches/datenschutz.
Microsoft Azure. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data, or contact data, in the EU. Further information can be found in the provider's privacy policy at https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE.

It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

We use the Cloudflare Content Delivery Network for our website. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. The provider processes personal data transmitted via the website, such as content, usage, meta/communication, or contact data, in the USA. Further information can be found in the provider's privacy policy at https://www.cloudflare.com/de-de/privacypolicy/.

We have a legitimate interest in using sufficient storage and delivery capacities to ensure optimal data throughput even during peak loads. The legal basis for the described data processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR.

The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses adopted pursuant to the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.

3.4. Contact form

When contacting us via the contact form on our website, we store the data requested there and the content of the message. The legal basis for processing is our legitimate interest in answering inquiries addressed to us. The legal basis for processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR. We delete the data that arises in this context after storage is no longer necessary or restrict processing if there are legal retention obligations.

3.5. Third-party providers

3.5.1. Plausible Analytics

We use Plausible Analytics for analysis. The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. The provider processes usage data (e.g. visited websites, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can revoke their consent at any time by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing carried out until the revocation.

The data will be deleted once the purpose of their collection has ceased and there are no retention obligations. Further information can be found in the provider's privacy policy at https://plausible.io/privacy.

3.5.2. Cloudflare

We use Cloudflare for the security of our applications. The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses) in the USA.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in increasing the security of our app by preventing malicious traffic from reaching our server.

4. Data processing on social media platforms

We are present on social media networks to present our organization and our services. The operators of these networks regularly process data from their users for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. To do this, the operators of the networks store information about the usage behavior in cookies on the users' computers. It is also possible that the operators combine this information with other data. Further information and instructions on how users can object to processing by the site operators can be found in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, so that they process data there. This may entail risks for users, e.g. because the enforcement of their rights is made more difficult or because government authorities have access to the data.

When users of the networks contact us through our profiles, we process the data provided to us in order to answer the inquiries. This is our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

4.1. Twitter

We maintain a profile on Twitter. The operator is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy can be found here: https://twitter.com/de/privacy. An option to object to data processing is available through the ad settings: https://twitter.com/personalization.

4.2. LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be found here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. An option to object to data processing is available through the ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5. Changes to this privacy policy

We reserve the right to change this privacy policy with effect for the future. The current version is always available here.

6. Questions and comments

For questions or comments regarding this privacy policy, please contact us using the contact details provided above.