What happens to your data

Privacy Policy

Table of contents

  • 1. Name and address of the person in charge
  • 2. Contact details of the data protection officer
  • 3. Data processing in the 8PITCH App
  • 4. Rights of the data subject
  • 5. Provision of the app and creation of log files
  • 6. E-mail contact
  • 7. Contact form
  • 8. Hosting
  • 9. Content delivery networks
  • 10. Registration
  • 11. Payment options
  • 12. Telemetry data
1

Name and address of the person responsible

  • 8pitch GmbH
    Schlehenstraße 6
    90542 Eckental
    Germany
2

Contact details of the data protection officer

  • DataCo GmbH
    Dachauer Straße 65
    80335 Munich
    Germany
3

Data processing in the 8pitch app

On this page we inform you about the privacy policy of the 8pitch App for Android and iOS ("App"). The App is offered by 8pitch GmbH, Schlehenstraße 6, 90542 Eckental, Germany ("8pitch GmbH", "we" or "us").

1. Scope of processing

As a matter of principle, we only process personal data of our users as far as this is necessary to provide a functional app as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.

The following data is processed:

  • Device model
  • Operating system
  • OS version
  • Behavior within the app
  • IP address
  • Title
  • Last name
  • First name
  • E-mail address
  • Place of birth
  • Date of birth
  • Country of birth
  • Nationality
  • Tax Residence
  • US tax liability
  • PEP status (PEP = politically exposed person)
  • Address
  • Phone number
  • Date and time of registration
  • IP address of the user

2. Legal basis for the processing of personal data

The processing serves to protect a legitimate interest of our company or a third party and is based on Art. 6 Par. 1 S. 1 lit. f DSGVO as the legal basis for the processing.

3. Data deletion and storage duration

As a rule, the personal data of the person concerned will be deleted or blocked after 10 years as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data is also blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.

4. Possibility of objection and removal

The user can object to the processing by sending an informal e-mail to datenschutz@8pitch.com.

4

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the DSGVO and you are entitled to the following rights vis-à-vis the person responsible:

1. Right of information

You may request confirmation from the data controller as to whether personal data concerning you is being processed by him.

In the event of such processing, you may request the following information from the data controller:

  • the purposes for which the personal data are processed
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed
  • the planned duration of storage of the personal data concerning you or, if specific details are not possible, criteria for determining the duration of storage
  • the existence of a right to rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • all available information about the origin of the data, if the personal data is not collected from the data subject
  • the existence of an automated decision making process, including profiling, in accordance with art. 22 paras. 1 and 4 DPA and, at least in these cases, - meaningful information on the logic involved and the scope and intended effects of such processing on the data subject

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.

2. Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.

3. Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  • if you dispute the accuracy of the personal data concerning you for a period of time that allows the person responsible to verify the accuracy of the personal data
  • the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data
  • the controller no longer needs the personal data for the purposes of the processing, but you need it for the purpose of asserting, exercising or defending legal claims, or
  • if you have lodged an objection to the processing pursuant to Art. 21 para. 1 DPA and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data, apart from being stored, may be processed only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction of the processing has been restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

4. Right of deletion

a) Duty to delete

You may demand that the person responsible for the data concerning you be immediately deleted, and the person responsible is obliged to delete such data immediately if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a DSGVO and there is no other legal basis for the processing.
  • You submit an objection to the processing in accordance with Art. 21 Par. 1 DSGVO and there are no legitimate reasons for the processing, or you submit an objection to the processing in accordance with Art. 21 Par. 2 DSGVO.
  • The personal data concerning you have been processed unlawfully.
  • The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you has been collected in relation to the information society services offered in accordance with art. 8 para. 1 of the DPA.

b) Information to third parties

If the data controller has made public the personal data concerning you and is obliged to delete them in accordance with Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

  • to exercise the right to freedom of expression and information
  • for the performance of a legal obligation which requires processing under Union or national law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO
  • for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
  • to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that

  • the processing is based on a consent pursuant to Art. 6 para. 1 sentence 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO or on a contract pursuant to Art. 6 para. 1 sentence 1 letter b DSGVO and
  • the processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one person in charge to another, as far as this is technically feasible. The freedoms and rights of other persons may not be affected by this.

The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6, paragraph 1, sentence 1, letters e or f of the DPA; this also applies to profiling based on these provisions.

The person responsible will no longer process the personal data concerning you, unless he/she can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You may exercise your right of objection in connection with the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effect on you or which significantly affects you in a similar way. This shall not apply if the decision

  • is necessary for the conclusion or fulfillment of a contract between you and the person responsible,
  • is authorised by Union law or the law of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  • with your express consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or b DSGVO applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases mentioned in 1. and 3. above, the responsible person shall take appropriate measures to protect the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the responsible person, to present your point of view and to challenge the decision.

10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.

5

Provision of the app and creation of log files

1. Description and scope of data processing

Whenever you call up our app, our system automatically collects data and information from the device you are using.

The following data is collected:

  • The user's operating system
  • Date and time of access
  • Device model
  • IP address

On the one hand, the collected data has a technical relevance and serves the purpose of protection measures to prevent and detect security violations, but on the other hand, it is not associated with personal user data that enables or intends to identify a user on the basis of his technical data.

2. Purpose of data processing

The storage in log files is done to ensure the functionality of the app. Furthermore, the data is used to optimize the app and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.

3. Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 para. 1 sentence 1 lit. f DSGVO.

4. Duration of storage

The concrete technical data will be deleted as soon as they are no longer necessary for the purpose of their collection.

5. Possibility of objection and removal

The collection of data for the provision of the app and the storage of the data in log files is mandatory for the operation of the app. Consequently, there is no possibility of objection on the part of the user.

6

E-mail contact

1. Description and scope of data processing

In our app you can contact us via the provided email address. In this case, the user's personal data transmitted with the email will be stored.

The data will be used exclusively for processing the conversation.

2. Purpose of data processing

In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.

3. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is art. 6, paragraph 1, letter f of the DPA. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 letter b DSGVO.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation ends when it is clear from the circumstances that the matter in question has been finally clarified.

The legal obligation of long-term archiving of the collected data in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO) remains unaffected by this. Depending on the basis, this can be up to 30 years.

5. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

The revocation is possible by mail to datenschutz@8pitch.com.

All personal data stored in the course of the contact will be deleted in this case.

7

Contact form

1. Description and scope of data processing

In our app there is a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

At the time of sending the message, the following data is stored:

  • E-mail address
  • Last name
  • First name
  • Address
  • Telephone/mobile phone number
  • Date and time of contact
  • Message
  • IP address

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy.

Alternatively, it is possible to contact us via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.

The data will be used exclusively for processing the conversation.

2. Purpose of data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 sentence 1 lit. a DSGVO.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 letter f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b DSGVO.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

The revocation is possible by mail to datenschutz@8pitch.com.

All personal data stored in the course of the contact will be deleted in this case.

8

Hosting

The app is hosted on servers by a service provider contracted by us.

Our service provider is:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information is:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Date and time of server request
  • IP address

This data is not merged with other data sources. The collection of these data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose the server log files must be recorded.

The server of the website is geographically located in Germany.

9

Content delivery networks

Microsoft Azure CDN

1. Description and scope of data processing

On our website we use functions of the content delivery network Microsoft Azure CDN of Microsoft Corporation, One Microsoft Way, Redmond, WA 8052-6399, USA (hereinafter referred to as Microsoft Azure CDN). A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet, with which content - especially large media files such as videos - is delivered. Microsoft Azure CDN provides web optimization and security services, which we use to improve the load times of our website and to protect it from misuse. When you visit our website, a connection to the Microsoft Azure CDN servers is established, e.g. to retrieve content. Personal data can be stored and evaluated in server log files, especially the activity of the user (especially which pages have been visited) and device and browser information (especially the IP address and operating system). Further information on the collection and storage of data by Microsoft Azure CDN can be found here: https://www.microsoft.com/de-de/TrustCenter/Privacy/default.aspx

2. Purpose of data processing

Using the features of Microsoft Azure CDN is designed to deliver and accelerate online applications and content.

3. Legal basis for data processing

The collection of these data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose the server log files must be recorded.

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

5. Possibility of objection and removal

For information on opposition and removal options against Microsoft Azure CDN, please see https://www.microsoft.com/de-de/TrustCenter/Privacy/default.aspx

10

Registration

1. Description and scope of data processing

On our website we offer users the possibility to register by providing personal data. The data is entered into an input mask, transmitted to us and stored. The data will only be passed on to third parties for delivery and invoicing purposes. The following data is collected during the registration process:

  • Title
  • Last name
  • First name
  • E-mail address
  • Nationality
  • Tax Residence
  • US tax liability
  • PEP status (PEP = politically exposed person)
  • Address
  • Phone number
  • Date and time of registration
  • IP address of the user

During the registration process, the user's consent to the processing of this data is obtained. In addition, it is necessary for the use of our services that the identification of the user takes place within the framework of the Money Laundering Act.

2. Purpose of data processing

A registration of the user is required for the provision of certain contents and services on our app.

3. Legal basis for data processing

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 sentence 1 lit. a DSGVO.

4. Duration of storage

The data will be deleted as soon as they are no longer required for the purpose of their collection or the existing declaration of consent is revoked.

5. Possibility of objection and removal

As a user you have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time.

The user of the app has the possibility to change or delete his entered data including uploaded pictures via the menu item "My Account". In addition, the user has the option to delete the app from his end devices at any time and to have the entire account deleted by sending an informal e-mail to service@myposter.de.

11

Payment options

1. Description and scope of data processing

We offer our customers various payment options for the processing of their orders. For this purpose we redirect customers to the platform of the respective payment service provider depending on the payment option. After completion of the payment process, we receive the customers' payment data from the payment service providers or our house bank and process them in our systems for invoicing and accounting purposes.

Payment by Klarna

There is a possibility to settle the payment transaction with the payment service provider Klarna.

Klarna is a payment service provider that enables purchase on account or payment by instalments.

The European operating company of Klarna is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

If you select "purchase on account" or "installment purchase" as your payment option during the Klarna transaction, your personal data will be automatically transmitted to Klarna. The personal data transmitted to Klarna includes in particular

  • First name
  • Last name
  • Address
  • Date of birth
  • Gender
  • E-mail address
  • IP address
  • Telephone/mobile phone number
  • Bank account
  • Credit card number including expiration date and CVC code
  • Article number
  • Data on goods and/or services
  • Transaction sums and fiscal charges

The transmission of data is intended in particular for identity verification, payment administration and fraud prevention. The personal data exchanged between Klarna and us may be transferred by Klarna to credit reporting agencies.

The purpose of this transmission is to check identity and creditworthiness. Klarna may also transfer personal data to affiliated companies (Klarna Group) and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed by order.

For more information on how your data is processed by Klarna, please refer to Klarna's privacy policy available at: https://pay.amazon.com/de/help/201751600 https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

Payment by instant bank transfer

It is possible to pay by instant bank transfer. In this case the data will be collected by Sofort GmbH, Theresie nhöhe 12, 80339 Munich, Germany.

The responsible person does not collect or store the data himself.

With the issuance of an instant bank transfer, you instruct Sofort GmbH to automatically check, whether your account covers the amount to be transferred (account coverage check), and any immediate transfers from your account within the last 30 days have been successfully completed, and after a positive check, to send the transfer order approved by you to your bank in electronic form, and to inform us, as the payee selected by you (online provider), of the successful completion of the transfer.

For this, Sofort GmbH requires the IBAN as well as PIN and TAN of your online banking account. During the ordering process you will be automatically redirected to the secure payment form of Sofort GmbH.

Immediately afterwards you will receive a confirmation of the transaction. Thereupon we will directly receive the transfer credit note.

Anyone who has an activated online banking account with PIN/TAN procedure can use Sofortüberweisung as payment method.

Please note that a few banks do not yet support payment via Sofortüberweisung.

You can obtain more information about this via the following link:
https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworten/.

For more information on the stored data, please visit: https://www.klarna.com/sofort/#cq-0

Further payment options

Furthermore we offer a payment with the following options: Apple Pay, Card Bleue, iDeal, Bancontact, Google Pay, direct debit

When using these options, please observe the corresponding data protection information of the respective provider or your house bank.

2. Purpose of data processing

The transmission of payment data to payment service providers is used to process the payment, e.g. when you purchase a product and/or use a service.

3. Legal basis for data processing

The legal basis for the data processing is Art. 6 para. 1 sentence 1 letter b DSGVO, as the processing of the data is necessary for the execution of the concluded sales contract.

4. Duration of storage

All payment data as well as data on possible charge-backs will only be stored as long as they are needed for the handling of payments and a possible processing of charge-backs and the collection of receivables as well as for combating abuse.

Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with legal retention periods or to prosecute a specific case of misuse.

Your personal data will be deleted upon expiration of the statutory storage obligations, i.e. after 10 years at the latest.

5. Possibility of objection and removal

You can object to the processing of your payment data at any time by notifying the person responsible or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and for as long as this is necessary to process the payment in accordance with the contract.

12

Telemetry data

1. Description and scope of data processing

We collect telemetry data on our platform. We implement this with the Azure Monitor tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In the course of telemetry data processing, the behavior within the app and device information such as

  • Model
  • OS version
  • Hardware information

of the user.

2. Information about app permissions

To implement the functions in the app the following permissions are requested:

  • Push Notification

This authorization is required to inform the user about updates.

3. Purpose of data processing

The data are processed for the following purposes:

  • Application monitoring
  • Troubleshooting

4. Legal basis for data processing

The collection of these data is based on Art. 6 para. 1 lit. f DSGVO. The platform operator has a legitimate interest in the technically error-free display and optimization of his platform - for this purpose the server log files must be recorded.

5. Storage duration

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

6. Objection and elimination possibilities

To make the objection valid, users can write an informal e-mail to datenschutz@8pitch.com.

This privacy policy has been created with the assistance of DataGuard.