August 7th, 2020
Date: June 2020
- how we handle personal data in the context of your use of Aixterior;
- whether and how this data is used, passed on or otherwise processed.
Represented by the Managing Directors: Manuel Casasola Merkle, Tobias Müller, Achim August Tietz, Christian Tyroller
Register Court and Company-ID: Amtsgericht München, HRB 176 529
Contact: E-Mail: firstname.lastname@example.org Tel. +49 89 2000 134-0
3. Data Privacy Officer
We are not obliged to appoint a Data Protection Officer.
4. Definitions of terms
5. Processing of your Personal Data
- Integration of Paddle.com into the checkout process of Aixterior.
All orders of "Credits" are not processed directly through Aixterior but through the UK-based service provider Paddle.com, which acts as a reseller (Paddle.com Market Limited,15 Briery Close, Great Oakley, Corby, Northamptonshire, NN18 8JG, United Kingdom). Thus, when you purchase "Credits", there is no direct contractual relationship between you and Aixterior, but with Paddle. All personal data that you enter during the checkout process is collected directly by Paddle.com and processed there under their own responsibility.
The integration of Paddle.com into the Aixterior checkout process is necessary for reasons of international tax compliance. Due to international legal requirements, we are obliged to pay VAT on our digital goods directly in the country in which you, our customer, are resident. In practice, we would therefore be accountable to each individual state tax administration and would have to maintain direct contacts with the tax administration in each state. The integration of Paddle.com as a central reseller of credits serves to reduce the administrative effort in the area of tax compliance to a reasonable level, as we sell our digital goods or credits exclusively to a single contractual partner, namely Paddle.com. The integration of Paddle.com into the Aixterior-Shop is based on our aforementioned interests; the legal basis for the integration is therefore Art. 6 para. 1 lit. f GDPR.
In the course of the order processing Paddle.com will set Cookies in the checkout process. These cookies are necessary to complete the order process via Paddle.com. The legal basis for setting cookies is Art. 6 Para. 1 p. 1 lit. f GDPR.
Used to determine which domain the user comes from. This information is only used when the user completes the purchase.
Is used to test different designs of the checkout.
Used to provide customers with the ability to resume an interrupted purchase process.
Is used to save the currently selected language.
- Transfer of data from Paddle.com to us.
After successful payment processing, the data from your order at Paddle.com that is necessary to redeem your purchased credits in "Aixterior Assets" is transferred to us. This serves to enable you to redeem the credits for "Aixterior Assets". We get access to the ordered products, their quantity, your name, your address, your e-mail address, your phone number and the order number of Paddle.com. We do not have access to the details of the payment process, such as account numbers or credit card numbers. We will use these information only to the extent necessary to process your order with Aixterior and to respond to your customer inquiries. This processing of your data is necessary for the fulfilment of the contract. The legal basis is Art. 6 para. 1 lit. b GDPR.
We delete these data as soon as we no longer need them to fulfil our contractual obligations and the deletion does not result in any legal obligation to retain them. We review the necessity of data storage every six months.
- When accessing our Shop
When you access our shop without logging in, i.e. when you do not (yet) register or provide us with information, we or our host provider Domain Factory (domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany) collect only the personal data that your browser sends to our server in Germany. If you wish to view our website, we collect the following data:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
- Information about your end device
This data is technically necessary for us to display and make our website available to you. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. For security reasons (e.g. to clarify misuse or fraud), this data is stored for a maximum of 14 days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.
- When opening a user account for our online shop
If you order in our shop, you can optionally create a user account, where you can especially view your orders. During the registration process, you will be provided with the required mandatory data. The user accounts are not public and cannot be indexed by search engines. The processing is carried out for the purpose of contract implementation in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR.
We store your data until you cancel your user account. After that, your data relating to the user account will be deleted, unless it is necessary to store it for reasons of commercial or tax law in accordance with Art. 6 Paragraph 1 S.1 lit. c GDPR.
Within the scope of registration and renewed applications as well as the use of our online services, we will store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as your interest in protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 S.1 lit. c GDPR.
- When contacting by e-mail
We process e-mails that you send to us and that we send to you using the services of our e-mail provider Domain Factory (domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany). Within the scope of e-mail communication, Domain Factory processes personal data on our behalf in order to enable us to communicate with you by e-mail or, if you are our customer, for the purpose of contract processing. The processing of your personal data is based on Art. 6 para. 1 clause 1 lit. f or Art. 6 para. 1 clause 1 lit. b GDPR. We delete the data, as far as they are no longer necessary and no legal obligations stand in the way. We review the necessity every six months.
Right of objection: You have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating a specific situation. If you wish to exercise your right of objection, you can inform us by e-mail to [email@example.com]. Alternatively, you can also use the contact details given in 2. above.
- When contacting by telephone
If you contact us by telephone, we need your personal data (e.g. name, telephone number, address or e-mail address) in order to process your inquiry or request. The processing of your personal data is based on Art. 6 para. 1 p. 1 lit. b GDPR. We delete this data as long as it is no longer required and no legal obligations stand in the way. We review the necessity every six months.
6. Engagement of Processors
To fulfil our contractual obligations, we rely on the services of carefully selected third parties who process the data on our behalf. These are in each case processors with whom we have concluded an agreement in accordance with Art. 28 GDPR. In addition, we naturally ensure in advance that our contract processors comply with all data protection regulations, so that your data is always safe.
7. Transfer to Third Countries
We process your personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) only if it is necessary for the fulfilment of our (pre)contractual obligations (in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR), on the basis of your consent (pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR), on the basis of a legal obligation (pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR) or on the basis of our legitimate interests (pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR). The same applies if third parties process your data on our behalf in a third country. Furthermore, your data will only be transferred to a third country if this is expressly permitted under Art. 44 ff. GDPR.
8. Deletion of Data
The data processed by us will be deleted in accordance with Art. 17 GDPR or restricted in their processing in accordance with Art. 18 GDPR.
In accordance with legal requirements in Germany, the retention or storage, in particular of books, records, management reports, accounting vouchers, commercial and business letters as well as documents relevant for taxation, etc., is carried out for ten years in accordance with § 147 para. 1 AO. This also applies to the personal data of data subjects possibly contained in the aforementioned documents.
9. Rights of Data Subjects
You have the right
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
- in accordance with Art. 16 GDPR, to demand the correction of incorrect or complete personal data stored by us without delay;
- to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller;
- to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
10. Revocation of Consent
If we process your personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to revoke any consent granted to us pursuant to Art. 7 para. 3 GDPR with effect for the future.
If you would like to make use of your right of revocation, you can inform us by e-mail to [firstname.lastname@example.org]. Alternatively, you can also use the contact data listed under 2. above.
11. Objection in case of processing on the basis of our legitimate interest
If we process your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection to direct advertising is directed. In the latter case, you have a general Right to object, which we will implement without specifying a particular situation.
If you would like to exercise your Right to object, you can inform us by e-mail to [email@example.com]. Alternatively, you can also use the contact data listed under 2. above.
12. Security Measures
We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.
13. Concluding provisions