Privacy policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process for what purposes and to what extent as part of the provision of our application.

The terms used are not gender specific.

As of: August 27, 2023

Table of contents

• Preamble
• Responsible person
• Overview of processing
• Relevant legal bases
• Security measures
• Transmission of personal data
• Deletion of data
• Rights of data subjects
• Provision of online offerings and web hosting
• Registration, login and user account
• Single sign-on login
• Changes and updates to the privacy policy
• Definitions of terms

Responsible person

Anselm Jonas Scholl
Hainholzweg 111c
21077 Hamburg, Germany

Email address: time-wallet@mail-overflow.de

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

• Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures which at the request of the person concerned.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject are violated , which require the protection of personal data, predominate.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the validity of the GDPR and the Swiss GDPR: This data protection notice serves to provide information in accordance with both the Swiss Federal Data Protection Act (Swiss GDPR) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to their broader spatial application and comprehensibility. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss DSG, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories” used in the GDPR are used of data”. However, the legal meaning of the terms will continue to be determined according to the Swiss Data Protection Act within the scope of the Swiss Data Protection Act.

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data.
• Contact details.
• Content data.
• Usage data.
• Meta, communication and procedural data.

Categories of data subjects

• Users.

Purposes of processing

• Provision of contractual services and fulfillment of contractual obligations.
• Security measures.
• Managing and responding to inquiries.
• Registration procedure.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and its separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

TLS encryption (https): We use TLS encryption to protect your data transmitted via our online offering. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transfer of personal data

As part of our processing of personal data, the data may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent permitted for processing is revoked or other permissions no longer apply (e.g. if the purpose for processing this data no longer applies or it is not necessary for the purpose). Unless the data is deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Our data protection information may also contain further information on the storage and deletion of data, which applies primarily to the respective processing.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

• Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para. 1 lit. e or f of the GDPR ; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
• Right to revoke consent: You have the right to revoke your consent at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
• Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to request a restriction on the processing of the data in accordance with the legal requirements.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.
• Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data violates the requirements of the GDPR.

Provision of online offerings and web hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
• Affected persons: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Provision of online offerings on rented storage space: To provide our online offerings, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called a “web host”); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

  The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Registration, login and user account

Users can create a user account. As part of registration, users are provided with the required mandatory information and processed for the purpose of providing the user account on the basis of contractual fulfillment of obligations. The data processed includes, in particular, login information (username, password and an email address).

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the users in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by email about processes that are relevant to their user account, such as technical changes.

• Types of data processed: Inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
• Affected persons: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Managing and responding to inquiries. Provision of our online offering and user-friendliness.
• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• User profiles are not public: User profiles are not publicly visible or accessible.
• Deletion of data after termination: If users have terminated their user account, their data relating to the user account will be deleted, subject to a legal permission, obligation or consent of the user; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Single sign-on login

“Single sign-on” or “single sign-on registration” or “authentication” are procedures that allow users to use a user account to log in to a provider of single sign-on procedures (e.g. a social network), including our online offering. The prerequisite for single sign-on authentication is that the user is registered with the respective single sign-on provider and enters the required access data in the online form provided, or is already registered with the single sign-on provider and confirm the single sign-on login via button.

Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that we cannot use for other purposes (so-called “user handle "). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected as part of the authentication and also on what data users enter in the privacy or other settings of the user account during single sign-on. On providers have released. Depending on the single sign-on provider and the user's choice, there can be different data, usually the email address and the user name. The password entered as part of the single sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us.

Users are asked to note that the information we store can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually done. For example, if the users' email addresses change, they must change them manually in their user account with us.

If agreed with the users, we can use the single sign-on registration as part of or before the fulfillment of the contract, if the users have been asked to do so, process it as part of their consent and otherwise use it on the basis of our legitimate interests and the Users' interests in an effective and secure registration system.

If users decide that they no longer want to use the link to their user account with the single sign-on provider for the single sign-on procedure, they must delete this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

• Types of data processed: Inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
• Affected persons: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures. Registration procedure.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Google Single Sign-On: Authentication service; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.google.de; Privacy Policy: https://policies.google.com/privacy; Base on third country transfer: EU-US Data Privacy Framework (DPF). Option to object (opt-out): Settings for the display of advertising: https://adssettings.google.com/authenticated.

Changes and updates to the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.

Definitions of terms

This section provides an overview of the terms used in this privacy policy. To the extent that the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are intended primarily to provide understanding.

• Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
• Controller: The “controller” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
• Processing: “Processing” means any operation or series of operations carried out on personal data, whether or not by automated means. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.