Privacy policy

The following privacy policy informs you about the type, scope and purpose of the collection, processing and use of personal data (only called „data“ in the following) while visiting our website, all included webpages, functions and content as well as our external social media profiles (commonly expressed as „online offering“ in the following). Regarding the used terms, like for instance „processing“ or „responsible“, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Ulrich Schreistetter
Kalvarienbergstraße 10
85123 Pobenhausen, Germany

Contact:

E-Mail: hello (at) levelup-boards.com

Nature of processed data

The categories of potential data subjects

Visitors and user of the online offering (all affected persons are commonly refered to as „users“ in the following).

Purpose of the processing

Used terms

„personal data“ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

„processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

„controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

„processor“ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal basis

We inform you about the relevant legal basis according to Art. 13 GDPR. Except as otherwise described in this privacy statement, the legal basis for the aquisition of the necessary consents is Art. 6 Par. 1 lit. a and Art. 7 GDPR, the legal basis for the processing for carrying out our services and implementation of the contractual measures as well as answering queries is Art. 6 Par. 1 lit. b GDPR, the legal basis for the processing for fulfillment of our legal obligations is Art. 6 Par. 1 lit. c GDPR, and the legal basis for the processing for guarding your rightful interests is Art. 6 Par. 1 lit. f GDPR. In case the processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 Par. 1 lit. d GDPR is the legal basis.

Security measures

We are, following Art. 32 GDPR, taking technical and organisational measures which, with regard to the state of the art, the cost of their implementation and the kind, scope and purpose of processing as well as likelihood and severity of the risk for rights and freedom of natural persons, are necessary in order to archieve an appropriate protection level.

Those measures especially include the protection of confidentiality, integrity and availability of data by control of the physical access to the data, as well as the regarding access, input, transmission, securing of availability and its separation. Furthermore, we installed methods that enable fulfilment of rights, erasure of data and response to threats against data. We already take into account the protection of personal data during development and while selecting software and methods, according to the principle of data protection via technology design and by data protection friendly presets (Art. 25 GDPR).

External processors and third parties

In cases where we disclose data to other persons or companies (external processors or third parties) during processing, transfer data to them or otherwise grant them access to data, this will only happen on permission of a legal basis (e.g. if a transmission of data to third parties, like a payment provider, is necessary for contract fulfillment, in accordance with Art. 6 Par. 1 lit. b GDPR), you have given your consent, a legal obligation requires it or on basis of our legitimate interests (e.g. while utilizing web hosters, etc.).

If we charge third parties with the processing of data on basis of a so-called „Coprocessing contract“, this is done on basis of Art. 28 GDPR.

Transfers to third countries

In case we are processing data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or this is happening while utilising a service of third parties, this will only be done to fulfil our contractual obligations, on basis of your consent, due to other legal obligations or on basis of our legitimate interests. Subject to further contractual or legal permissions, we are only letting data get processed in a third country if all special prerequisites of Art. 44 ff. GDPR are present, i.e. the processing is happening e.g. on basis of special guarantees, like the officially acknowledged finding of a data protection level equivalent to the one of the EU (e.g. for the USA by the „Privacy Shield“) or officially acknowledged special contractual obligations (so called „standard contractual clauses“).

Right of access by the data subject

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access the personal data and the information according to Art. 15 GDPR.

According to Art. 16 GDPR, you have the right to demand the completion or correction of incorrect data relating to you.

You have the right, according to Art. 17 GDPR to demand the immediate erasure of relevant data or alternatively demand a restriction of the processing of data according to Art. 18 GDPR.

You have the right to receive the data concerning you, which you have provided to a us, according to Art. 20 GDPR and to transmit those data to other controllers.

Right to lodge a complaint with a supervisory authority, like stated by Art. 77 GDPR.

Right to revoke consent

You have the right to revoke any given consent with effect for the future, according to Art. 7 Par. 3 GDPR.

Right to object

You may, at any time, advise us that you object to future processing and use of your data, like described in Art. 21 GDPR. In particular, this objection can be addressed against the processing for the purpose of direct marketing.

Cookies

„Cookies“ are small files that are saved on computers of users. Our website does not create or save such cookies.

Erasure of data

The data processed by us are erased following Art. 17 and 18 GDPR or limited in their usage. If this is not otherwise explicitly stated in our privacy policy, the data stored by us are deleted as soon as they are no longer necessary for the purpose and no other legal regulations require otherwise. If data is not deleted due to other legally permitted purposes, their processing will be limited, i.e. data will be locked and not processed for other purposes. This is particularly the case for data that has to be safekept for commercial and tax reasons.

Due to legal regulations in Germany, the data safekeeping period has to be 10 years following §§ 147 Par. 1 AO, 257 Par. 1 Nr. 1 and 4, Par. 4 HGB (books, recordings, reports, accounting records, trading books, tax relevant documents, etc.) and 6 years following § 257 Par. 1 Nr. 2 and 3, Par. 4 HGB (commercial letters).

Onlineshop

We are processing data of our customers during an order process in our online shop, that allows them to select and order products as well as allowing for their payment and shipment.

The processed data are Inventory data, Communication data, Contract data and subject to this processing are our customers, interested persons and other business partners. The processing is done for the purpose of fulfillment of contracts during the operation of the online shop, accounting, shipment and customer services.

The processing is done on basis of Art. 6 Par. 1 lit. b (order process) and c (legally required archiving) GDPR. The text inputs marked as mandatory in the order process are necessary for fulfillment of the contract. The data is only disclosed to third parties for shipment, payment or if necessary for legal permissions and obligations to legal advisors and authorities. The data is only processed in third countries, if this is required for contract fulfillment (e.g. following a customer request on shipment or payment).

Data erasure takes place after expiry of legal warranty or similar obligations, the necessity of data safekeeping is checked at 3 year intervals; in case of legal safekeeping obligations, the deletion takes place after their expiry (at the end of commercial law (6 years) and tax law (10 years) periods).

Administration, Accounting, Office organisation

We are processing data for administrative tasks as well as organisation of our company, financial accounting and for compliance of legal obligations, like e.g. archiving and safekeeping. In this context we are processing the same data as for fulfillment of our contractual services. The basis for processing are Art. 6 Par. 1 lit. c. GDPR, Art. 6 Par. 1 lit. f. GDPR. Subject to this processing are our customers, interested persons and other business partners and visitors of the online offering. The purpose and our interest in this processing lies in the administration, financial accounting, office organisation and archiving of data, i.e. tasks that enable the continuation of our business and fulfillment of our services. Erasure of these data with regard to the contractual service and contractual communication corresponds to those mentioned for those tasks.

We are disclosing or transfering data to financial administration, advisors, like e.g. tax consultants or auditors as well as other authorities and payment providers.

Furthermore, we are storing details of suppliers and organisers and other business partners, e.g. for later contacting. This in most parts business related data is stored permanently.

Contact

During contacting us (e.g. via contact form, e-mail, telephone or social media), the personal details of the user are processed for the execution of the contact request following Art. 6 Par. 1 lit. b) GDPR. Inputs of the user can be stored in a Customer-Relationship-Management System ("CRM System") or similar request organisation systems.

We delete the requests if they are no longer necessary. The necessity is checked at 2 year intervals; legal archiving and safekeeping obligations apply.

Hosting

The hosting services utilised by us serve the purpose of the following services: infrastructure and plattform services, computing capacity, storage space and database services, security services and technical maintenance services, necessary to operate this online offering.

In this context, we and respectively our hosting provider are processing Inventory data, Contact data, Content data, Contract data, Usage data, Meta-/Communication data of customers, interested persons and visitors of this online offering on basis of our legitimate interest of an efficient and secure providing of this online offering following Art. 6 Par. 1 lit. f GDPR in conjunction with Art. 28 GDPR.

Social Media

We are maintaining online presences in several social networks and plattforms to stay in contact with customers, interested persons and users that are active there, and to inform them about our products and services there. When calling up such networks and plattforms, the respecting terms and conditions and privacy policy of the operator applies.

If not stated otherwise in our privacy policy, we are processing the data of users if they communicate with us on those social networks and plattforms, e.g. write posts on our online offerings or send us messages.

 
 

Customized and translated by the owner of the online offering, based on a generated version by the Privacy Generator (Datenschutz-Generator.de) by lawyer Dr. Thomas Schwenke.