Below we inform you about the nature, extent and purpose of the processing of your data when using our website www.1planet4all.net (henceforth, ‘platform’). The term «Personal Data» is all the information, which relates to an identified or identifiable individual.
1. Responsible Entity
The responsible entity or person in accordance with German law and the EU General Data Protection Regulation (GDPR) is the individual or legal entity, who, alone or together with others, makes decisions regarding the purposes and means of the processing of personal data. For the personal data processed whilst visiting our platform, the company ECOsoft.net Germany GmbH, Im Dörfli 15, D-79400 Kandern-Hammerstein (henceforth, ‘provider’ or ‘we’) is the responsible party in accordance with GDPR.
We have named Mr. Christian Heyner as the data protection officer.
2. When you visit our platform
When you visit our platform, our server gathers the following information from your terminal: browser type and version, operating system, the previously visited internet site (‘referrer’), IP address and time of the site view.
We gather and process this data, in order to ensure the smooth running of our platform and to recognise, to fend off and to pursue a misuse of our services. Furthermore, we use the gathered data for statistical purposes, in order to evaluate with which terminals and browser our platform is viewed, in order to continuously adapt and improve our offer on the basis of the users’ needs.
This data processing takes place on the basis of Article 6 Paragraph 1 Letter f of the GDPR. All of the technical data with personal reference mentioned in the first paragraph, we anonymise 30 days after collecting.
3. User Profile
When you create a user profile on our platform, we collect your e-mail address and a user name (pseudonym), freely chosen by you; without this data, we cannot create a user profile for you. Beyond that, you may voluntarily add further information to your user profile, for instance a profile photo.
When you have a user profile with us, we can, if requested, keep you informed about news from our platform. You can also change the settings in your user profile, to specify which notifications you wish to receive. You may revoke your consent at any time with future effect by adjusting the settings.
We retain the personal data associated with the user profile until the contractual relationship regarding the user profile has been ended with us. The legal basis for the processing of data in Article 6 Paragraph 1 Letter b of the GDPR.
4. Paid Services
If you want to use the paid services, alongside your e-mail address and username, we also collect your real name, or that of your company, as well as your address or company’s address. This data is vital to conclude a contract with us; we process it for the purpose of fulfilling the contract in accordance with Article 6 Paragraph 1 Letter b of the GDPR. We keep the data saved, until all the reciprocal claims from the contractual relationship are definitively settled and all commercial and tax legal retention periods have expired.
5. No automated decision making, no profiling
When deciding on the conclusion of a contract, we do not make use of automated decision making and profiling.
6. Data processor
For the operation of our platform, we make use of the following data processors in accordance with Article 28 of the GDPR:
- for web hosting: Hostsharing eG, Flughafenstr. 52a, 22335 Hamburg, Germany;
- for our 1planet4all PROD environment: basta!media, Thorsten Bastian, Weinsbergstr. 190, 50825 Köln, Germany;
- for our DEV1 and BETA environment: Regenesis Computers Network, Lole Ribara 191, 11250 Belgrade, Serbia.
When you write a post on our platform, for instance a discussion contribution or an event announcement, we save and publish your post in the corresponding place together with your username. You can determine in your user profile, which information from your user profile should be disclosed and to whom.
If your user profile with us is deleted, certain posts remain on our platform, so that other users can continue to work on them and continue to understand the course of a discussion, however we anonymise the user name previously shown with your posts. Personal data contained within the text of post – if you, for instance, wrote your own name – remain obtained after the deletion of a user profile.
8. Contact Form and Communication via E-mail
When you send us a message via the contact form on our platform or via e-mail, we save your message with the sender data contained in it (name, e-mail address and, if applicable, further information added by your e-mail programme). To receive and save your messages, as well as sending our e-mails to you, we use our own mail service.
Legal basis for this data processing is our legitimate interest to answer your message and to be able to react to potential follow-up questions (Article 6 Paragraph 1 Letter f GDPR).
If you provide us with a legally relevant communication regarding an existing contractual relationship with us, the legal basis for its processing, regardless of how it was sent, is also Article 6 Paragraph 1 Letter b GDPR. In such a case, we delete the data connected with your explanation, as soon as all reciprocal claims from our contractual relationship are definitively settled and all commercial and tax legal retention periods have expired.
The e-mail servers used by us work with TLS and SSL, so that the transmission between your and our mail server is encrypted, if your e-mail provider also supports at least one of these encryption technologies. Also the data, which you submit in our contact form, is transmitted encrypted with SSL to our server.
When you have logged into your user profile, we deposit ‘Cookies’ on your terminal. These are small text files, with which we can recognise your terminal again, if you visit our platform again at a later point. This includes a cookie that remembers your login status and remains stored for 60 days after every login, so that you do not need to login with your data again during this period (login cookie).
With the help of other cookies, we can also prevent improper use of our services (cross-site cookie), as well as analyse certain user behaviour (web analysis cookie), for instance, which parts of our platform you use, how long you stay on our platform and when and how often you return to our platform. We do not deposit a web analysis cookie if you have activated the ‘Do not track’ option in your browser settings.
This data processing takes place on the basis of Article 6 Paragraph 1 Letter f GDPR in order to enable you a safe and comfortable operation of our platform, in order to align our platform even better with the interests of our visitors and the technology they use (terminals and browser types), and to analyse and optimise the technical functions of our website and the efficiency of any possible advertising.
A deposited cookie expires at the latest twelve months after your last visit to the platform, which means, that your terminal automatically deletes it after the expiry of this time.
You can prevent the depositing of cookies by going to the cookie settings of your internet browser and object to the depositing of cookies for our platform or generally for all websites. There you can also delete previously deposited cookies.
10. Your Rights
Regarding the personal data, which we process about you, you have the following rights:
You have the right to demand a confirmation from us, as to whether we are processing your personal data. If this is the case, we will share with you the saved personal data about you and further information in accordance with Article 15 Paragraph 1 and 2 GDPR.
You have the right to correct any incorrect personal data concerning you without delay. In consideration of the purposes of processing, you also have the right to demand the completion of incomplete personal data – also via a supplementary communication.
You can demand the immediate deletion of personal data concerning you under the provisions of Article 17 Paragraph 1 GDPR, if their processing is not required by Article 17 Paragraph 3 GDPR.
You may require us to restrict the processing of your data, if one of the requirements from Article 18 Paragraph 1 GDPR exists. You can particularly request a restriction instead of a deletion.
We will share every amendment to or deletion of your personal data and a restriction of the processing with all recipients, with whom we have disclosed your personal data, unless this proves to be impossible or is associated with a disproportionate effort. We will also inform you about these recipients, if you demand it.
You have the right to receive the personal data which you have provided us in a structured, accessible and machine-readable format and you may request, that we transmit this data to another responsible person, in as far as this is technically possible.
In as far as data processing is based on your consent, you have the right to withdraw your consent at any time. By withdrawing your consent, the lawfulness of the data processing that has taken place until your withdrawal is not affected.
RIGHT TO OBJECT: FOR REASONS THAT RESULT FROM YOUR SPECIFIC SITUATION, YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME; this right to object exists with regards to the processing of data, which, on the basis of Article 6 Paragraph 1 letter f GDPR, protects legitimate interests on our part or a third party, so far as your interests or fundamental rights and freedoms, which the protection of personal data demands, do not outweigh it. If you exercise your right to object, we will no longer process the data in question, unless we can prove compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or that the processing serves the enforcement, exercise or defence of legal claims.
IN THE CASE THAT WE PROCESS PERSONAL DATA FOR DIRECT MAILING (FOR INSTANCE, NEWSLETTER), YOU CAN OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE CONSEQUENCE THAT WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.
When you are of the opinion, that the processing of your personal data violates the GDPR, you can lodge a complaint with a regulatory authority, particularly in the state of your place of residence, your workplace or the location of the alleged violation. This does not exclude other administrative or legal challenges.
For us, the locally responsible supervisory authority for data protection is the
Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin.