Privacy policy

We would like to inform you below about the purpose, type and scope of the collection, processing and use of personal data on this website. The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is

Ghostthinker® GmbH
Hunoldsberg 5
86150 Augsburg, Germany

dst@ghostthinker.de

Further information can be found in our imprint.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form. Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

If we receive your consent to contact you by telephone, we store your telephone number and your address data (first and last name, address data, telephone number). We use your data during a telephone call exclusively for the following purposes:

To make contact and clarify inquiries.
To provide advice and information about our products and services.

The legal basis for the processing of your data during a telephone call results from your consent in accordance with Art. 6 para. 1 lit. a GDPR.

What rights do you have with regard to your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the authorization, blocking or deletion of this data. You can contact us at any time at the address given above if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority. The controller responsible for data processing on this website is: Ghostthinker GmbH. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Where is your data collected?

Newsletter

If you have registered for our newsletter with your e-mail address, we will store and use your e-mail address to send you our newsletter with information and advertising about us until you have unsubscribed from our newsletter. For our newsletter service, we use the newsletter service “rapidmail”; rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany (“rapidmail”). If you enter your e-mail address to receive the newsletter, it will first be stored by rapidmail for the purpose of sending the owner an e-mail in which he/she can confirm the registration for the newsletter mailing (“double opt-in”). After such confirmation, the e-mail address will be stored permanently by rapidmail until you unsubscribe from the newsletter or until it is deleted by us. Rapidmail only processes contact data (telephone number, e-mail address); your e-mail address will not be passed on to third parties in any other way. The data is processed on German servers. An order processing contract has been concluded with the subcontractor, which complies with the requirements of Art. 28 GDPR. You can unsubscribe from our newsletter at any time. Every email containing our newsletter contains an unsubscribe link. You can also revoke your consent to us using your email address for the future at any time. To do so, please use the contact details provided in the legal notice

Contact form

You have the option of contacting us directly on our website. If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. For this purpose, we use the services of third parties who process data on our behalf (subcontractors): The data is processed on German servers of the companies Hetzner Online GmbH and Limtec GmbH. Both subcontractors take technical and organizational measures for data security within the meaning of Art. 32 GDPR. We have concluded an order processing contract with both subcontractors that meets the requirements of Art. 28 GDPR. The data you enter in the contact form will remain with us until the purpose for data storage no longer applies, i.e. after your request has been processed. Mandatory statutory provisions – in particular retention periods – remain unaffected. This data is stored in our customer data management system (CRM). To manage our customer data, we use the CRM service “Teamleader”, NV TEAMLEADER, Dok-Noord 3A, Bfk. 101, 9000 Ghent (Belgium), dpo@teamleader.eu. We would like to point out that the information we store with Teamleader is stored and processed on servers in Ireland.

We process your data on the basis of Art. 6 para. 1 lit. b) GDPR for the fulfillment of contractual or pre-contractual purposes.

Protocol data

When you visit our website, data is collected, processed and used for which a personal reference cannot always be ruled out. In order for the pages to be displayed in your browser, the IP address must be collected and stored. As a rule, an IP address is currently assigned dynamically by your provider. This address usually changes regularly so that we cannot establish a personal reference from the IP address. With static IP addresses, however, it would theoretically be possible to establish a personal link in individual cases. We store the IP address for a period of 21 days and then anonymize it so that it is no longer possible to establish a personal reference.

In detail, the following data record is stored for each retrieval:

  • IP address of the accessing computer
  • Operating system of the accessing computer
  • Browser version of the accessing computer
  • Name of the retrieved file
  • Date and time of access
    amount of data transferred
  • referring URL

 

In addition, the session duration is also recorded at application level. The stored data is only evaluated for statistical purposes and not to establish a specific personal reference. The data may also be used to enable errors to be rectified.

In this respect, we process the data on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR.

Cookies

Wir setzen auf unserer Internetseite sog. Cookies ein. Cookies sind kleine Textinformationen, die auf Ihrer Festplatte gespeichert werden. Die Cookies sind erforderlich, um bestimmte Funktionen des Dienstes zu ermöglichen. Sie haben die Möglichkeit, das Setzen von Cookies durch entsprechende Einstellungen in Ihrem Browser zu unterbinden. Wir weisen jedoch darauf hin, dass die Nutzung unserer Internetseiten dann ggf. nur eingeschränkt möglich ist. Durch Cookies werden keine Programme oder sonstige Applikationen auf Ihrem Rechner installiert oder gestartet.

Sie können Ihre Zustimmung(en) hier ansehen und aktualisieren.

Folgende Cookies werden von uns verwendet:

  • Cookies that do not require consent: Necessary cookies can be technical cookies that are absolutely necessary for the provision of the service or for the website to function properly. These cookies anonymously ensure basic functions and security features of the website. Example: Storage of a language setting or a “login” status. These cookies are all deleted at the end of the session. We process these cookies on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR.
  • Cookies requiring consent: These include functional and non-essential cookies. Functional cookies help to perform certain functions, e.g. sharing the content of the website on social media platforms, improving the usability of the site, collecting feedback and other third-party functions. Analytical cookies are used to understand how visitors interact with the website. These cookies provide information on metrics such as number of visitors, bounce rate, traffic source. Performance cookies are used to understand and analyze the key performance indicators of the website to provide visitors with a better user experience. Advertising cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies follow visitors across websites and collect information to deliver customized ads.

We process the cookies requiring consent exclusively with your consent in accordance with Art. 6 para. 1 lit. a) GDPR until you revoke this consent.

Usage data, web analysis and cookies

In order to constantly improve our offer, we use the statistical evaluation tool “Matomo” (formerly “Piwik”) to analyze the use of our website. We can use the statistics obtained to regularly improve our offer and make it more interesting for you as a user. We use “Matomo” for the purpose of optimizing our website in accordance with a balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

Cookies are stored on your computer for this analysis. We store the information collected in this way exclusively on our server in Germany. You can prevent the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. You can prevent the storage of cookies by changing the settings in your browser. If you do not want your navigation to be analyzed anonymously by “Matomo”, you can deactivate this function. You can decide here whether a unique web analysis cookie may be stored in your browser to enable the operator of the website to collect and analyze various statistical data.


If you wish to opt out, click the following link to place the Matomo deactivation cookie in your browser:

This website uses “Matomo” with the “AnonymizeIP” extension. This means that IP addresses are processed in abbreviated form, so that they cannot be directly linked to individuals. The IP address transmitted by your browser using “Matomo” is not merged with other data collected by us.

The “Matomo” program is an open source project. Information from the third-party provider on data protection can be found at matomo.org/privacy-policy/  

YouTube

On our website, we use YouTube, a video service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”). YouTube uses cookies to store and process usage data when videos are played. Personal data, such as your IP address and information about your interaction with YouTube, may also be collected.

When you play a video, YouTube establishes a connection to Google’s servers. Google may use information for the purpose of personalizing advertising or analysing user behaviour.

Further information on data processing by YouTube and Google can be found in the privacy policies of YouTube (YouTube Policy – How does YouTube work?) and Google (Privacy Policy – Privacy Policy & Terms of Use – Google).

Stripe

For the processing of payments we use the service provider

Stripe Payments Europe, Limited (SPEL)
1 Grand Canal Street Lower
Grand Canal Dock
Dublin, Ireland

This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. GDPR):

  • Name of the cardholder
  • e-mail address
  • customer number
  • order number
  • bank details
  • Credit card details
  • Credit card expiry date
  • Credit card verification number (CVC)
  • Date and time of the transaction
  • Transaction amount
  • Name of the provider
  • Location
 

The processing of the data provided in this section is neither legally nor contractually required. We cannot process a payment via Stripe without the transmission of your personal data.

Stripe assumes a dual role as controller and processor for data processing activities. As a controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process.

Stripe acts as a processor in order to complete transactions within the payment networks. Within the framework of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR.

Stripe also processes your data in the USA, among other places. Stripe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. https://www.dataprivacyframework.gov/list

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Stripe commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission.

You can find further information on objection and removal options vis-à-vis Stripe at: https://stripe.com/privacy-center/legal 

Right to information and revocation of consent to data use

According to the Federal Data Protection Act, you have a right to free information about your stored personal data as well as a right to correction, blocking or deletion of this data. If you have any questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of consent given, please use the contact options given in the imprint with us.

Information, blocking or deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.

Questions about data privacy policy​

We have appointed a data protection officer for our company. If you have any questions about data protection or wish to assert your rights as a data subject, you can contact our data protection officer Andreas Bethke at dst@ghostthinker.de at any time.

Amendment of these provisions

In the event of a change in legal regulations or our service, it may be necessary to amend this privacy policy. The current version of the data protection provisions can be viewed at any time on our website.

Stand: 07/2024