Data Privacy Policy
Name and address of the controller
The responsible party within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Marcus Blümel
Freiheitsstr. 9
53842 Troisdorf
E-Mail:
Address of the data protection officer
Any data subject may contact the responsible operator directly at any time with any questions or suggestions regarding data protection.
Cookies
Course booking and registration
For course bookings or memberships, further personal data is collected in order to be able to clearly identify participants. For this purpose, we usually require the following personal data: Last name, first name, e-mail and, if applicable, optional information (e.g. credit card number, IBAN).
The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be transferred to one or more processors, such as a postal or parcel service provider or online payment company, which will also use the personal data exclusively for an internal use attributable to the controller.
The registration of the data subject by voluntarily providing personal data is used by the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the XRNAUT.COM database.
Personal data of registered users can be viewed and partially edited by the persons concerned themselves after login. Of course, data subjects may also request information from the controller as part of their right to information about what personal data is stored about the data subject. Furthermore, the controller corrects or deletes personal data at the request or indication of the data subject, insofar as this does not conflict with any statutory retention obligations. The entire staff of the controller is available to the data subject as a contact person in this context.
Transparency of data use
Contact via website
Data shall be stored for the purposes of processing or contacting the Data Subject. No disclosure of this personal data to third parties will take place.
Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Legal basis of processing
Article 6 I lit. a DSGVO serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DSGVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If there is a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DSGVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DSGVO.
Finally, processing operations could be based on Art. 6 I lit. f DSGVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).
Duration for which the personal data is stored
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.
reCaptcha
Third Party Service Providers
SevDesk
For the processing of documents (e.g. invoices) we use the platform "SevDesk", a product of SEVENIT GmbH, Hauptstr. 40, 77652 Offenburg, Germany. This is done on the basis of contract performance and legitimate interests (efficient and fast processing of inquiries and orders) within the meaning of Art. 6 (1) lit. f DSGVO. You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
Pandadoc
If we send you an offer or a contract at your request, we use Pandadoc for the electronic signature.
You can find more information about Pandadoc's privacy policy here: https://www.pandadoc.com/privacy-policy/.
Address: 153 Kearny St 94108, San Francisco, United States
The transfer of your data to Pandadoc is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). For this purpose, we have concluded a contract with Pandadoc with so-called standard contractual clauses, in which Pandadoc undertakes to process user data only in accordance with the EU data protection level. You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
Userlike
We use a chat software of the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany. You can use the chat like a contact form to chat almost in real time with our employees. When you start the chat, the following personal data is collected:
Date and time of the call,
browser type/version,
IP address,
operating system used,
URL of the previously visited website,
Amount of data sent.
And if specified: First name, last name, and email address.
Depending on the course of the conversation with our employees, further personal data may arise in the chat, which will be entered by you. The nature of these data depends on your request or the problem that you describe to us. The purpose of processing all these data is to provide you with a fast and efficient way to contact us and thus improve our customer service. Userlike stores the history of the chats for a period of three months. This serves the purpose of sparing you extensive explanations about the history of your inquiry under certain circumstances. The processing is therefore permitted pursuant to Art. 6 (1) (f) DSGVO. If you do not wish this, you are welcome to inform us of this using the contact details listed below. Stored chats will then be deleted by us immediately. You can find more information at http://www.userlike.com/terms#privacy-policy
Clickup
For order processing and web forms, we use the software of the company Clickup, 363 Fifth Ave Suite 300, San Diego , CA, United States. This is done on the basis of contract performance and legitimate interests (efficient and fast processing of inquiries and orders) within the meaning of Art. 6 (1) lit. f DSGVO. You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations. Further information on data protection can be found at: https://clickup.com/privacy
Stipe
Wür Geldtransaktionen we use the software of the payment provider Stripe Payments Europe Ltd, North Wall Quay, Dublin D01 H104, Ireland. This is done on the basis of contract performance and legitimate interests within the meaning of Art. 6 (1) lit. f DSGVO. You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. Further information on data protection can be found at: https://stripe.com/privacy
PayPal
On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
Data disclosure
Data disclosure
The Provider shall not pass on any personal data to third parties without the Customer's consent, in particular not for advertising purposes. However, there is an exception to this in the following cases:
If this serves to clarify illegal product use or is necessary for legal prosecution. In this case, personal data will be forwarded to the law enforcement authorities and, when we are legally obligated to do so, to injured third parties. The provider is also legally obliged to provide information to certain public authorities upon request. These are in particular law enforcement authorities, authorities that prosecute administrative offenses subject to fines and the tax authorities.
For certain activities, the provider uses contractually affiliated third-party companies and external service providers. This applies, for example, to accounting, storage of operational data, customer service, hosting of our services, as well as the processing of payments. In such cases, information is passed on to these companies or individuals to enable them to continue processing. These service providers may only use the data for purposes specified by the provider and in accordance with German data protection laws.
As part of the further development of our business, it may happen that the company structure changes, e.g. by changing the legal form, founding, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information is transferred along with the part of the company being transferred. In any transfer of personal data to third parties to the extent described above, the provider shall ensure that this is done in accordance with this privacy policy and the relevant data protection laws.