en flag
en flag

Here’s the English translation of the Privacy Policy (Datenschutzerklärung):

Privacy Policy

Effective Date: November 12, 2024

Table of Contents:

- Responsible Party

- Overview of Data Processing

- Relevant Legal Bases

- Security Measures

- Transmission of Personal Data

- International Data Transfers

- General Information on Data Storage and Deletion

- Rights of Data Subjects

- Business Services

- Provision of Online Services and Web Hosting

- Use of Cookies

- Contact and Inquiry Management

- Web Analytics, Monitoring, and Optimization

- Customer Reviews and Rating Procedures

- Plug-ins, Embedded Features, and Content

Responsible Party:

Tactical Sandbox

Daniel Vagner & Nando Olffers

Aegidienwall 7

33378 Rheda-Wiedenbrück

Email: info@tacticalsandbox.com

---

Overview of Data Processing:

This section outlines the types of data processed, their purposes, and the affected individuals.

Types of Data Processed:

- Inventory Data

- Payment Data

- Location Data

- Contact Data

- Content Data

- Contract Data

- Usage Data

- Meta, Communication, and Procedural Data

- Log Data

Categories of Affected Individuals:

- Service Recipients and Clients

- Prospects

- Communication Partners

- Users

- Business and Contract Partners

Purposes of Processing:

- Provision of contractual services and fulfillment of obligations

- Communication

- Security measures

- Reach measurement

- Organizational processes

- Feedback

- Marketing

- User profiling

- Providing online services and user-friendliness

- IT infrastructure management

- Business processes and operational procedures

Relevant Legal Bases:

Here is an overview of the legal bases under the GDPR (General Data Protection Regulation) upon which we process personal data:

- Consent (Art. 6 (1) S. 1 lit. a) GDPR): The data subject has given their consent for processing their personal data for one or more specific purposes.

- Contract fulfillment and pre-contractual inquiries (Art. 6 (1) S. 1 lit. b) GDPR): The processing is necessary to fulfill a contract with the data subject or for pre-contractual actions taken at their request.

- Legal Obligation (Art. 6 (1) S. 1 lit. c) GDPR): The processing is required to meet a legal obligation the controller is subject to.

- Legitimate Interests (Art. 6 (1) S. 1 lit. f) GDPR): The processing is necessary for the legitimate interests pursued by the controller or a third party, provided these interests do not override the rights and freedoms of the data subject.

National Data Protection Regulations in Germany:

In addition to the GDPR regulations, national data protection rules in Germany also apply. This includes the Federal Data Protection Act (BDSG), which outlines special rules regarding the right to access, deletion, objection, processing of special categories of data, and data transfers.

Security Measures:

We implement technical and organizational measures to ensure a level of security appropriate to the risks, including protecting data confidentiality, integrity, availability, and implementing procedures for responding to data breaches and exercising data subject rights.

Transmission of Personal Data:

We may transmit personal data to third parties, such as service providers for IT-related tasks, under strict data protection agreements.

International Data Transfers:

Data transfers outside the EU/EEA occur in compliance with GDPR requirements, including through standard contractual clauses or other lawful transfer mechanisms. Information on transfers can be found through the EU Commission and the Data Privacy Framework for certified US companies.

General Information on Data Storage and Deletion:

Personal data is deleted when no longer needed, or when the legal basis for processing no longer applies. Exceptions may occur when laws require the retention of data for specific periods (e.g., for tax or legal reasons).

Feel free to ask if you'd like further details on any specific section!

Here's the translation of the further notes on processing procedures, methods, and services from the Privacy Policy:

Retention and Deletion of Data:

The following general retention periods apply for storage and archiving under German law:

- 10 years – Retention period for books and records, financial statements, inventories, management reports, opening balance sheets, and necessary documents for understanding them (e.g., accounting vouchers, invoices) in compliance with Section 147 (3) in connection with (1) Nos. 1, 4, and 4a of the German Tax Code (AO), Section 14b (1) of the Value Added Tax Act (UStG), and Section 257 (1) Nos. 1 & 4, (4) of the Commercial Code (HGB).

- 6 years – Other business documents such as received business correspondence, copies of sent business letters, and other records relevant to taxation (e.g., wage slips, cost accounting documents, invoices, pricing details, and payroll documents) as per Section 147 (3) in connection with (1) Nos. 2, 3, 5 AO and Section 257 (1) Nos. 2 & 3, (4) HGB.

- 3 years – Data required for potential warranty or damage claims, or similar contractual claims and rights, stored for the regular statutory limitation period of three years (**Sections 195, 199 of the German Civil Code (BGB)**).

Rights of Data Subjects:

As a data subject under the GDPR, you have various rights outlined in Articles 15-21 of the GDPR:

- Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or public interest, particularly if the processing involves profiling for marketing purposes.

- Right to Withdraw Consent: You have the right to withdraw consent at any time if it was the basis for processing.

- Right to Information: You can request confirmation about whether your personal data is being processed, along with details of the data and further information.

- Right to Rectification: You have the right to request corrections or completion of your personal data if it is incorrect or incomplete.

- Right to Erasure and Restriction of Processing: You can request that your data be deleted or, if applicable, request a restriction on its processing.

- Right to Data Portability: You can request a copy of your personal data in a structured, commonly used format or ask for it to be transferred to another controller.

- Right to File a Complaint with a Supervisory Authority: If you believe your data is being processed unlawfully, you can file a complaint with a supervisory authority, especially in your place of residence or work.

Business Services:

We process the data of our contract and business partners (e.g., clients and prospects, collectively referred to as "contract partners") within the scope of contractual and comparable legal relationships, including communications with these partners.

We use this data to fulfill our contractual obligations, including providing agreed services, ensuring updates, and addressing warranty or performance issues. Additionally, the data is used to protect our rights and to support administrative tasks related to these obligations, as well as for organizational purposes.

We may also process this data for legitimate business interests, including proper company management, data security, and protecting against misuse or threats to client data.

We retain the data as long as required by legal obligations, typically for at least four years following the end of the business relationship, unless legally required for longer retention (e.g., for tax purposes, typically 10 years).

Processed Data Types:

- Inventory Data (e.g., full name, address, contact info, customer number)

- Payment Data (e.g., bank details, invoices, payment history)

- Contact Data (e.g., postal/e-mail addresses, phone numbers)

- Contract Data (e.g., contract subject, duration, customer category)

- Usage Data (e.g., page views, time spent, interaction with content)

- Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, involved persons

Further Notes on Online Store and E-commerce:

We process customer data for selecting, purchasing, or ordering products, services, and handling payments and delivery. We work with third-party service providers (e.g., postal, courier, and payment companies) to fulfill these orders.

We collect the necessary details in the order process, including contact information and details required for delivery, payment, or customer inquiries.

The legal basis for processing is contract fulfillment and pre-contractual inquiries under Article 6 (1) (b) of the GDPR.

Let me know if you need further details on any part of this translation!

Provision of the Online Service and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit content and functionalities of our online services to the user’s browser or device.

Processed Data Types:

  • Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types, and operating systems used, interactions with content and features)

  • Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons)

  • Log data (e.g., logfiles related to logins or data retrieval or access times)

Affected Persons:

  • Users (e.g., website visitors, users of online services)

Purpose of Processing:

  • Provision of our online services and user-friendliness

  • Information technology infrastructure (operation and provision of information systems and technical devices like computers, servers, etc.)

  • Security measures

Retention and Deletion:

  • Data is deleted according to the information provided in the section "General Information on Data Storage and Deletion."

Legal Basis:

  • Legitimate interests (Art. 6(1)(f) GDPR)

Further Notes on Processing Procedures, Methods, and Services:

Collection of Access Data and Logfiles: Access to our online service is logged in the form of “server logfiles.” These logfiles may contain the address and name of the retrieved webpages and files, the date and time of retrieval, data amounts transferred, success messages, browser type and version, user’s operating system, referring URL (previously visited page), and typically IP addresses and the requesting provider. The server logfiles are used for security purposes, such as preventing server overload (especially during attacks like DDoS), and to ensure server load and stability.

Retention of Data: Logfile information is stored for a maximum of 30 days and is then deleted or anonymized. Data that must be retained for evidence purposes remains until the specific issue is resolved.

Use of Cookies

The term “Cookies” refers to functions that store and read information on users’ devices. Cookies can be used for different purposes, such as ensuring the functionality, security, and comfort of online services, and for analyzing visitor traffic.

We use cookies in accordance with legal requirements, obtaining user consent when necessary. If no consent is required, we rely on our legitimate interests, particularly when storing and reading information is essential to provide explicitly requested content or functionality.

Types of Cookies and Their Duration:

  • Temporary Cookies (Session Cookies): These cookies are deleted as soon as the user leaves the online service and closes their device.

  • Permanent Cookies: These remain stored even after the device is closed, allowing, for example, login status to be preserved or preferred content to be displayed on a subsequent visit. Permanent cookies may remain for up to two years unless specified otherwise.

Legal Basis:

  • Consent (Art. 6(1)(a) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR)

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or social media), we process the data provided by the inquirer as necessary to answer the inquiries and take any requested actions.

Processed Data Types:

  • Inventory data (e.g., name, contact information, customer number)

  • Contact data (e.g., addresses, emails, phone numbers)

  • Content data (e.g., messages or posts)

  • Usage data (e.g., page visits, interaction with content)

Affected Persons:

  • Communication partners

Purpose of Processing:

  • Communication

  • Organizational and administrative processes

  • Feedback collection

  • Provision of online services

Retention and Deletion:

  • Data retention and deletion according to the section "General Information on Data Storage and Deletion."

Legal Basis:

  • Legitimate interests (Art. 6(1)(f) GDPR)

  • Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR)

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. When users rate us through the relevant review platforms or processes, the general terms and conditions and privacy policies of the providers also apply. Typically, leaving a review requires registration with the respective providers.

To ensure that the reviewers have actually used our services, we transmit the necessary data, with the customer's consent, to the respective review platform, including the customer's name, email address, and order number or article number. This data is used solely for verifying the authenticity of the user.

Processed Data Types:

  • Contract data (e.g., subject of the contract, duration, customer category)

  • Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types, operating systems used, interactions with content and features)

  • Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons)

Affected Persons:

  • Service recipients and clients

  • Users (e.g., website visitors, online service users)

Purpose of Processing:

  • Feedback (e.g., collecting feedback via online forms)

  • Marketing

Legal Basis:

  • Legitimate interests (Art. 6(1)(f) GDPR)

Further Information on Processing Procedures, Methods, and Services:

Review Widget: We integrate so-called "review widgets" into our online offerings. A widget is a functional and content element embedded in our online service that displays dynamic information. It may be shown as a seal or similar element, sometimes referred to as a "badge." While the content of the widget is displayed within our online offering, it is retrieved from the servers of the widget provider. This is the only way to ensure the most up-to-date content, particularly the current review.

For this to happen, a data connection is established from the user’s browser to the widget provider’s server, where certain technical data (access data, including IP address) is transmitted to display the widget content. Furthermore, the widget provider receives information that the user visited our online service. This information may be stored in a cookie and used by the widget provider to track which online offerings the user has visited. The data may be used for advertising or market research purposes.

Legal Basis:

  • Legitimate interests (Art. 6(1)(f) GDPR)

Plug-ins and Embedded Functions and Content:

We integrate functional and content elements into our online offering that are sourced from third-party servers (referred to as "third-party providers"). These may include graphics, videos, or maps (collectively referred to as "content").

The integration requires third-party providers to process the users' IP addresses since they cannot send the content to users’ browsers without it. We aim to use only those content providers who apply the IP address solely to deliver content. Third-party providers may also use pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes, which can track user activity on our site. This data may be stored in cookies and include technical details such as browser type, operating system, referring websites, and visit time.

Legal Basis:

  • Consent (Art. 6(1)(a) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR)

Processed Data Types:

  • Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types, operating systems used, interactions with content and functions)

  • Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons)

  • Location data (e.g., geographic position of a device or person)

Affected Persons:

  • Users (e.g., website visitors, online service users)

Purpose of Processing:

  • Provision of online services and user-friendliness

Retention and Deletion:

  • Data deletion as specified in the section "General Information on Data Storage and Deletion." Cookies may be stored for up to two years.

Legal Basis:

  • Consent (Art. 6(1)(a) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR)

info@tacticalsandbox.com

© 2024. Tactical Sandbox

AGB

Imprint

Data Protection

Shipping Information