Our website is an information website. Nonetheless, some data is processed when our website is visited.
Regarding the terminology (e.g. “personal data” or “processing”), we refer the reader to Art. 4 of the General Data Protection Regulation (GDPR).
The following Privacy Policy serves to inform you about the nature, scope and purpose of the processing of personal data by WODOTO GbR.
WODOTO GbR
represented by Maya de Silva-Witte
Humboldtstr. 71
28203 Bremen
Germany
E-Mail: maya.desilva@wodoto.app
Webseite: wodoto.app
Imprint
1. Terms
Regarding the used terms,
a) “personal data” means any information relating to an identified or identifiable natural per-son (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factor(s) specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
c) “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
d) “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Processed Data
We process the following types of data:
– usage data (e.g. access times)
– meta data (e.g. device information, such as operating system and browser version, IP addresses)
– analysis data (e.g. session duration, viewing contact data, playing media, adding favourites, campaign tracking)
– device data (e.g. device type, device settings)
– location data
3. Data Subjects
Visitors of our online presence.
4. Data Processing Purpose
The purpose of data processing by us is to keep our online presence incl. its contents and functions available. Furthermore, we process data to optimise our own security measures and the online presence as well as to improve the success monitoring of our web presence.
5. Legal Bases for Personal Data Processing
To the extent that we obtain a consent from the data subject for processing operations of personal data, point (a) of Art. 6(1) GDPR serves as the legal basis.
To the extent that any processing of personal data is necessary for compliance with a legal obligation to which our company is subject, point (c) of Art. 6(1) GDPR serves as the legal basis.
For the case that the vital interests of the data subject or of another natural person requires any processing of personal data, point (d) of Art. 6(1) GDPR serves as the legal basis.
If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, point (e) of Art. 6(1) GDPR serves as the legal basis.
Where the processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party, except where such interest is overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Art. 6(1) GDPR serves as the legal basis for the processing.
The processing of data for purposes other than those for which it has been collected by us is governed by Art. 6(4) GDPR.
6. Data Erasure and Retention Period
The data subject’s personal data will be erased or blocked once the purpose of retention ceases to be relevant. In addition, data may be retained if this is provided for by the European or national legislator in legal EU regulations, laws or other regulations to which the controller is subject. Data is also blocked or erased if a retention period prescribed by these norms expires. A verification is regularly performed every 14 months.
You have the right to obtain confirmation as to whether or not data concerning you is being processed. The controller provides a copy of the personal data undergoing processing.
2. Right to Rectification
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
3. Right to Erasure / Restriction of Processing
You have the right to obtain the erasure of data concerning you without undue delay or a restriction of processing of the data in accordance with the legal stipulations.
4. Right to Data Portability
You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller in accordance with the legal stipulations.
5. Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you are of the opinion that the processing of the personal data concerning you infringes the GDPR.
6. Right of Withdrawal
You have the right to withdraw granted consents with effect for the future. This does not affect the lawfulness of the data processed based on consent before its withdrawal.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1). Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
Where our online services are utilised, we may log the IP address and access time and duration. This is based on our legitimate interests as well as on those of the visitors in the protection against misuse or similar unauthorised use. This data is disclosed to third parties only to the ex-tent that this is necessary to pursue our claims under point (f) of Art. 6(1) GDPR or a legal obligation exists in the sense of point (c) of Art. 6(1) GDPR. The retention period is usually one month.
2. Hosting
The server capacities utilised by us serve to provide infrastructure services, computing capacities, memory space and database services, security as well as technical maintenance services used by us to provide our online presence. Within this framework, we process meta data of visitors of our online presence. Our legitimate interest is an efficient and safe provision of our online presence. The legal bases for this are point (f) of Art. 6(1) and Art, 28 GDPR.
3. Log Files
We collect data on every access to the server on which www.wodoto.app is located (log files); this data collection is based on legitimate interests as per point (f) of Art. 6(1) GDPR. This includes the accessed webpage, access date and time, transferred data volumes, browser type and version, operating system, previously accessed website (referrer URL), IP address and provider of the access request. This serves the security of our online presence.
Log files are retained for a duration of 7 days and erased afterwards. This does not apply to data requiring retention for evidentiary purposes.
4. Cookies
Our website uses cookies. Cookies are text files saved in or by the Internet browser on the user’s computer system. Where a user accesses a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic string allowing to unequivocally identify the brows-er the next time the website is accessed.
We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to also remain identifiable after changing to a different webpage.
In this context, the following data is stored in the cookies and transmitted:
– language settings
In addition, we use cookies on our website that allow to analyse the users’ browsing habits.
In doing so, the following data may be transmitted:
– frequency of site and page views
– utilisation of website functions
The users’ data collected in this manner is pseudonymised by technical precautions. It is thus no longer possible to assign the data to the accessing user. The data is not retained together with other personal data of the users.
When accessing our website, the users are informed by an info-banner about the use of cookies for analysis purposes and referred to this Privacy Policy.
The legal basis for personal data processing using cookies is point (f) of Art. 6(1) GDPR.
Technically required cookies are used to make it easier for the users to use websites. Some functions of our website cannot be provided without using cookies. These require that the browser is recognised even after a change to a different webpage.
We need cookies for the following applications:
– adoption of language settings
The user data collected by technically required cookies is not used to create user profiles.
Analysis cookies are used to improve the quality and contents of our website. By using analysis cookies, we can find out how the website is used and can thus constantly optimise our services.
These purposes are also the basis for our legitimate interest in personal data processing under point (f) of Art. 6(1) GDPR.
Cookies are saved and stored on the user’s computer and transmitted from there to our website. Consequently, you as the user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or limit the transfer of cookies. Cookies al-ready saved on your computer may be erased at any time. This can also be done automatically. If cookies are disabled for our website, it might no longer be possible to use all functions of the website in full.
5. Google Analytics
This website uses the “Google Analytics” service offered by Google Ireland Limited (a company registered and operated under Irish law (register number: 368047), based in Gordon House, Bar-row Street, Dublin 4, Ireland) to analyse the website use by visitors (for U.S. based users: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 USA) This service uses “cookies”, i.e. text files that are saved and stored on your device. This allows to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus to analyse a visitor’s activities across multiple devices. Cookies and app instance IDs serve to measure the visitors’ interactions with the website. IP addresses are used to ensure the security of the service and to give us information about where our visitors come from.
The information collected by the cookies is usually sent to a server in the US and stored there.
This website uses IP anonymisation. The visitors’ IP address is shortened within the Member State of the EU and the European Economic Area (“IP masking”). This shortening eliminates the possibility of establishing a connection between your person and your IP address. Google Ireland Limited uses the collected information to create an evaluation of your website use and the website activities and renders services associated with the Internet use under the order data processing agreement concluded between us and it. The IP address transmitted by your browser as part of Google Analytics is not merged with other data of Google.
The legal basis for using Google Analytics is your consent as per point (a) of Art. 6(1) GDPR. The recipient of the collected data is Google. The personal data is transmitted into the US under the EU-US Privacy Shield based on the adequacy decision of the European Commission. The certificate is available at the following link (the link takes you to the website of a third-party provider).https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI%22%20target=%22_blank
The data sent by us will be automatically erased after 14 months. Data, whose retention period has expired, is automatically erased once a month.
You have the possibility to prevent the saving of the cookies on your device by setting your browser accordingly. We cannot guarantee that you will be able access all function of this web-site without any restrictions if your browser does not accept cookies.
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Ireland Limited.
By clicking on this link, you prevent Google Analytics from collecting data about you within this website. By clicking on the link, you download an “opt-out cookie”. This requires your browser to generally allow the saving of cookies. If you erase your cookies regularly, the link must be clicked again every time you visit this website.
6. Data Erasure
The data processed by us is erased in accordance with the legal stipulations or restricted in its processing. Unless provided for otherwise in this Privacy Policy, the data stored by us will be erased once it is no longer needed for its intended purpose, unless the erasure conflicts with legal retention obligations.
A verification is regularly performed every 14 months.
7. Data Security / Server Location
We maintain technical measures to ensure data security pursuant to the state of the art.
Our server is located in Frankfurt (IP: 46.101.XXX.XXX).
As of November 2019
Regarding the terminology (e.g. “personal data” or “processing”), we refer the reader to Art. 4 of the General Data Protection Regulation (GDPR).
The following Privacy Policy serves to inform you about the nature, scope and purpose of the processing of personal data by WODOTO GbR.
Privacy Policy
This Privacy Policy refers to the processing of personal data (data) as part of our online presence.I. Controller
The controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions under privacy law is:WODOTO GbR
represented by Maya de Silva-Witte
Humboldtstr. 71
28203 Bremen
Germany
E-Mail: maya.desilva@wodoto.app
Webseite: wodoto.app
Imprint
II. General Information on Data Processing
We process personal data of our visitors and interested parties (visitors) only to the extent that this is necessary for the provision of a functioning website and our marketing measures.1. Terms
Regarding the used terms,
a) “personal data” means any information relating to an identified or identifiable natural per-son (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factor(s) specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
c) “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
d) “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Processed Data
We process the following types of data:
– usage data (e.g. access times)
– meta data (e.g. device information, such as operating system and browser version, IP addresses)
– analysis data (e.g. session duration, viewing contact data, playing media, adding favourites, campaign tracking)
– device data (e.g. device type, device settings)
– location data
3. Data Subjects
Visitors of our online presence.
4. Data Processing Purpose
The purpose of data processing by us is to keep our online presence incl. its contents and functions available. Furthermore, we process data to optimise our own security measures and the online presence as well as to improve the success monitoring of our web presence.
5. Legal Bases for Personal Data Processing
To the extent that we obtain a consent from the data subject for processing operations of personal data, point (a) of Art. 6(1) GDPR serves as the legal basis.
To the extent that any processing of personal data is necessary for compliance with a legal obligation to which our company is subject, point (c) of Art. 6(1) GDPR serves as the legal basis.
For the case that the vital interests of the data subject or of another natural person requires any processing of personal data, point (d) of Art. 6(1) GDPR serves as the legal basis.
If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, point (e) of Art. 6(1) GDPR serves as the legal basis.
Where the processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party, except where such interest is overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Art. 6(1) GDPR serves as the legal basis for the processing.
The processing of data for purposes other than those for which it has been collected by us is governed by Art. 6(4) GDPR.
6. Data Erasure and Retention Period
The data subject’s personal data will be erased or blocked once the purpose of retention ceases to be relevant. In addition, data may be retained if this is provided for by the European or national legislator in legal EU regulations, laws or other regulations to which the controller is subject. Data is also blocked or erased if a retention period prescribed by these norms expires. A verification is regularly performed every 14 months.
III. Data Subject Rights
1. Right of AccessYou have the right to obtain confirmation as to whether or not data concerning you is being processed. The controller provides a copy of the personal data undergoing processing.
2. Right to Rectification
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
3. Right to Erasure / Restriction of Processing
You have the right to obtain the erasure of data concerning you without undue delay or a restriction of processing of the data in accordance with the legal stipulations.
4. Right to Data Portability
You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller in accordance with the legal stipulations.
5. Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you are of the opinion that the processing of the personal data concerning you infringes the GDPR.
6. Right of Withdrawal
You have the right to withdraw granted consents with effect for the future. This does not affect the lawfulness of the data processed based on consent before its withdrawal.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1). Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
IV. Website / Contents
1. Meta DataWhere our online services are utilised, we may log the IP address and access time and duration. This is based on our legitimate interests as well as on those of the visitors in the protection against misuse or similar unauthorised use. This data is disclosed to third parties only to the ex-tent that this is necessary to pursue our claims under point (f) of Art. 6(1) GDPR or a legal obligation exists in the sense of point (c) of Art. 6(1) GDPR. The retention period is usually one month.
2. Hosting
The server capacities utilised by us serve to provide infrastructure services, computing capacities, memory space and database services, security as well as technical maintenance services used by us to provide our online presence. Within this framework, we process meta data of visitors of our online presence. Our legitimate interest is an efficient and safe provision of our online presence. The legal bases for this are point (f) of Art. 6(1) and Art, 28 GDPR.
3. Log Files
We collect data on every access to the server on which www.wodoto.app is located (log files); this data collection is based on legitimate interests as per point (f) of Art. 6(1) GDPR. This includes the accessed webpage, access date and time, transferred data volumes, browser type and version, operating system, previously accessed website (referrer URL), IP address and provider of the access request. This serves the security of our online presence.
Log files are retained for a duration of 7 days and erased afterwards. This does not apply to data requiring retention for evidentiary purposes.
4. Cookies
Our website uses cookies. Cookies are text files saved in or by the Internet browser on the user’s computer system. Where a user accesses a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic string allowing to unequivocally identify the brows-er the next time the website is accessed.
We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to also remain identifiable after changing to a different webpage.
In this context, the following data is stored in the cookies and transmitted:
– language settings
In addition, we use cookies on our website that allow to analyse the users’ browsing habits.
In doing so, the following data may be transmitted:
– frequency of site and page views
– utilisation of website functions
The users’ data collected in this manner is pseudonymised by technical precautions. It is thus no longer possible to assign the data to the accessing user. The data is not retained together with other personal data of the users.
When accessing our website, the users are informed by an info-banner about the use of cookies for analysis purposes and referred to this Privacy Policy.
The legal basis for personal data processing using cookies is point (f) of Art. 6(1) GDPR.
Technically required cookies are used to make it easier for the users to use websites. Some functions of our website cannot be provided without using cookies. These require that the browser is recognised even after a change to a different webpage.
We need cookies for the following applications:
– adoption of language settings
The user data collected by technically required cookies is not used to create user profiles.
Analysis cookies are used to improve the quality and contents of our website. By using analysis cookies, we can find out how the website is used and can thus constantly optimise our services.
These purposes are also the basis for our legitimate interest in personal data processing under point (f) of Art. 6(1) GDPR.
Cookies are saved and stored on the user’s computer and transmitted from there to our website. Consequently, you as the user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or limit the transfer of cookies. Cookies al-ready saved on your computer may be erased at any time. This can also be done automatically. If cookies are disabled for our website, it might no longer be possible to use all functions of the website in full.
5. Google Analytics
This website uses the “Google Analytics” service offered by Google Ireland Limited (a company registered and operated under Irish law (register number: 368047), based in Gordon House, Bar-row Street, Dublin 4, Ireland) to analyse the website use by visitors (for U.S. based users: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 USA) This service uses “cookies”, i.e. text files that are saved and stored on your device. This allows to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus to analyse a visitor’s activities across multiple devices. Cookies and app instance IDs serve to measure the visitors’ interactions with the website. IP addresses are used to ensure the security of the service and to give us information about where our visitors come from.
The information collected by the cookies is usually sent to a server in the US and stored there.
This website uses IP anonymisation. The visitors’ IP address is shortened within the Member State of the EU and the European Economic Area (“IP masking”). This shortening eliminates the possibility of establishing a connection between your person and your IP address. Google Ireland Limited uses the collected information to create an evaluation of your website use and the website activities and renders services associated with the Internet use under the order data processing agreement concluded between us and it. The IP address transmitted by your browser as part of Google Analytics is not merged with other data of Google.
The legal basis for using Google Analytics is your consent as per point (a) of Art. 6(1) GDPR. The recipient of the collected data is Google. The personal data is transmitted into the US under the EU-US Privacy Shield based on the adequacy decision of the European Commission. The certificate is available at the following link (the link takes you to the website of a third-party provider).https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI%22%20target=%22_blank
The data sent by us will be automatically erased after 14 months. Data, whose retention period has expired, is automatically erased once a month.
You have the possibility to prevent the saving of the cookies on your device by setting your browser accordingly. We cannot guarantee that you will be able access all function of this web-site without any restrictions if your browser does not accept cookies.
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Ireland Limited.
By clicking on this link, you prevent Google Analytics from collecting data about you within this website. By clicking on the link, you download an “opt-out cookie”. This requires your browser to generally allow the saving of cookies. If you erase your cookies regularly, the link must be clicked again every time you visit this website.
6. Data Erasure
The data processed by us is erased in accordance with the legal stipulations or restricted in its processing. Unless provided for otherwise in this Privacy Policy, the data stored by us will be erased once it is no longer needed for its intended purpose, unless the erasure conflicts with legal retention obligations.
A verification is regularly performed every 14 months.
7. Data Security / Server Location
We maintain technical measures to ensure data security pursuant to the state of the art.
Our server is located in Frankfurt (IP: 46.101.XXX.XXX).
As of November 2019