Datenschutz
This privacy policy explains which personal data is processed when visiting and using this website.
1. Controller
Norbert Ferdinand Stemmer
PLEASE-ENTER-ADDRESS
Email:
PLEASE-ENTER-EMAIL
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.
2. Overview of Data Processing
| Website visit | IP address, date and time, pages accessed, browser and device information, referrer, technical log data. |
|---|---|
| Registration and login | Name, alias/username, email address, password hash, customer number, preferred language, license name, consent confirmations, login and security data. |
| Purchases and digital content | Order data, product data, entitlements/activations, vouchers, gift access, payment status and, where applicable, invoice data. |
| Contact and newsletter | Type of inquiry, message, contact details, newsletter email address, confirmation and unsubscribe data. |
| Security and bot protection | Technical data used to secure forms, particularly when using Cloudflare Turnstile. |
3. Legal Bases
We process personal data on the basis of the following legal grounds:
- Art. 6 para. 1 lit. b GDPR, where processing is necessary for the performance of a contract or pre-contractual measures, for example registration, login, purchases, digital access and support.
- Art. 6 para. 1 lit. c GDPR, where legal obligations exist, for example tax or commercial law retention obligations.
- Art. 6 para. 1 lit. f GDPR, where we have a legitimate interest in the secure, stable and abuse-free operation of the website.
- Art. 6 para. 1 lit. a GDPR, where consent has been given, for example for optional analytics functions, external media or newsletters.
4. Hosting and Server Logs
This website is operated by a hosting provider. When the website is accessed, the server automatically processes technical access data. This may include, in particular, the IP address, date and time of access, requested URL, HTTP status code, amount of data transferred, referrer, browser type, operating system and technical device information.
Processing is carried out to provide the website, ensure stability and security, analyze errors and defend against attacks. The legal basis is Art. 6 para. 1 lit. f GDPR.
Hosting provider: PLEASE ENTER HOSTING PROVIDER, e.g. name, address, country.
6. User Account, Registration and Login
When registering and using a user account, we process the data entered, in particular first name, last name, alias/username, email address, password hash, customer number, preferred language, license name and confirmation of the Terms and Conditions, Privacy Policy and license terms.
Passwords are not stored in plain text, but as a cryptographic hash. Login attempts may be logged and limited for security reasons. The legal basis is Art. 6 para. 1 lit. b GDPR for account and contract functions, and Art. 6 para. 1 lit. f GDPR for security measures.
7. Cloudflare Turnstile
We use Cloudflare Turnstile to protect registration and login forms against abuse, spam and automated attacks. The provider is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.
Cloudflare Turnstile may process technical information, for example IP address, browser and device information, interaction data with the website and technical verification values. The purpose is to distinguish between human users and automated access, as well as to prevent abusive behavior.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the security of the website, the protection of user accounts and the prevention of abusive registrations and login attempts.
When using Cloudflare, data may also be transferred to the USA. Cloudflare provides information on data protection and GDPR compliance. For production use, a data processing agreement or the appropriate privacy agreement with Cloudflare should be reviewed and concluded.
8. Purchases, Vouchers, Gift Access and Support
If digital content, books, support levels, vouchers or gift access are used or purchased, we process the data required for this purpose. This includes user account, product, order status, payment status, currency, price, activations, voucher or gift code and, where applicable, recipient details for gift access.
Processing is carried out for the performance of the contract, the provision of purchased or activated content, fraud prevention and compliance with legal retention obligations. The legal bases are Art. 6 para. 1 lit. b, lit. c and lit. f GDPR.
Payment provider: Please add the payment provider actually used here, e.g. Stripe, PayPal or bank transfer. Payment data may be processed directly by the respective payment provider.
9. Contact Form and Inquiries
If you contact us via the contact form or by email, we process the information you provide, in particular name, email address, subject, message and time of the inquiry.
Processing is carried out to handle the inquiry. The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as the inquiry is related to a contract or pre-contractual measures; otherwise Art. 6 para. 1 lit. f GDPR.
11. External Media and Embedded Content
External media or embedded content may be used on the website, for example audio, video, map or social media content. Such content is only loaded after consent has been given, unless it is technically necessary.
When external content is loaded, personal data, in particular IP address and technical browser data, may be transferred to the respective provider. Consent can be changed or withdrawn via the privacy settings.
12. Retention Period
We store personal data only for as long as is necessary for the respective purposes or as long as statutory retention obligations exist. User account data is generally stored until the account is deleted, unless statutory retention obligations or legitimate interests prevent deletion.
- Server logs: generally only for a limited period, unless security-related retention is required.
- Contact inquiries: until final processing and thereafter in accordance with statutory or legitimate retention periods.
- Order and invoice data: in accordance with statutory tax and commercial law retention obligations.
- Newsletter data: until consent is withdrawn or the user unsubscribes; proof data may be retained for a longer period where applicable.
13. Rights of Data Subjects
Under the GDPR, you have the following rights in particular:
- Right of access pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to object pursuant to Art. 21 GDPR
- Right to withdraw consent previously given with effect for the future pursuant to Art. 7 para. 3 GDPR
To exercise your rights, you can contact us using the contact details provided above.
Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.
14. Security
We implement technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration or disclosure. These include, in particular, access restrictions, password hashing, CSRF protection, rate limiting, bot protection and encrypted transmission, insofar as supported by the hosting provider.
15. Changes to This Privacy Policy
We may update this privacy policy if website functions, services used or legal requirements change. The version published on this page shall apply.
This privacy policy was created for the current technical implementation of the website and must be checked against the actual service providers, contracts and operator details before production use.