Home »Knowledge base»Data privacy policy

Kall, Germany on June 3rd 2018

Data privacy note of wikiloops.com

The operator of the platform made available on the

URL www.wikiloops.com and its subdomains (hereafter referred to as “the platform” or “wikiloops”) is the

wikiloops media UG (haftungsbeschränkt)

Am Pferdekopf 7,

53925 Kall, Germany.

In the following paragraphs, wikiloops informs about the manner, the purposes of, the processing of and the scope in which personal user data is collected, used and stored by the platform.

This document serves as the “Datenschutzerklärung” (German for “data privacy statement”) as required by the General Data Protection Regulation (GDPR).

Preamble

One of the GDPRs requirements is to inform the platform visitors in an easy to comprehend, yet complete and detailed document covering:

  • purpose and use of their personal data

  • about the technical means used to collect and process data

  • about the visitors various rights concerning private data

  • about options and means to control or opt-out of data collection.

Since we are asked to make sure understanding these in fact quite complicated things is easy for anyone, we are offering some explanations on the technical and legal terms first.

We are aware reading such a long document might be unacceptable or impossible to some of our visitors, which is why we would like to add the most relevant information before going into the details:

wikiloops.com cares about your privacy and personal data, and only stores a minimum of data as absolutely needed to provide its service.

Our service does not use any data-based automated decision taking processes (like for example, offering different services depending on your analysed user behaviour),

while some of our external partners may do so (like for example the advertising networks who deliver the ads to the platform).

We are happy to answer questions concerning our use of your personal data,

feel free to reach out to us via info@wikiloops.com.

 

01 Explanatory part

01.1 Why is personal data collected and processed on wikiloops?

Except where otherwise noted, the data collection and processing performed by wikiloops serves the legitimate interest (Article 6(1) lit. f GDPR) of operating the platform and providing the best possible user experience.

In addition, personal data is collected and processed to:

  • Meet the requirements of taxation legislation when services are purchased

  • Verify ownership and copyright infringement responsibilities of user-submitted content

  • Prevent abuse of the platform by identifying and keeping out bots and trolls

Anonymized personal data is also collected and processed to allow statistical evaluation, which is needed to monitor the server infrastructure and to improve the user interface by analysing how people navigate the site.

As you will find explained in detail in this document, wikiloops.com is making use of a range of embedded functionalities which are served by 3rd party providers.

This quite common technical set-up leads to additional transit of visitors personal data to these 3rd party servers, where data is processed according to the 3rd party services data privacy policy. Mind, these services may be operating outside of the European Union, please do refer to § 02.3 to see more details about the 3rd party plug-in providers we currently work with.

Wikiloops will at no time sell or pass on any of the data processed on our end to anyone except the services we are working with to provide wikiloops (such as our server host) who have no right to process the data on their own behalf.

Neither the mentioned 3rd party services nor anyone else do receive data from wikiloops. The data records we process to meet our before mentioned interests are kept separate from each other, and wikiloops is not creating visitor profiles by merging the different data sets.

We also do not make use of any automated decision taking processes (“profiling”) which are based on user data analysis.

01.2 A quick guide to the terminologies used in this document

Whenever we make mention of a user, member, visitor or “data subject” in this document, we are referring to you and any other private or public entity visiting our platform.

“Platform” describes the whole of the services provided by the wikiloops media UG (haftungsbeschränkt), including its several sub domains and servers.

“Controller” describes the platform in its role as the entity which controls the data processing this document informs about.

The wikiloops media UG (haftungsbeschränkt) serves as the provider of the platform,

and has contracted several professional services to provide single functionalities and infrastructure. These contracted services who act on behalf of the platform are referred to as “processors”, and generally do not perform any data processing outside of their intended and contracted purpose.

Last, there are the so called “plug-in providers”, these are 3rd party services who deliver extra features like advertisement banners, embeddable videos, or payment processing.

This group of services processing of your data falls outside of the providers immediate influence and is regulated by each plug-in providers own data policies.

Last, we would like to point out the important distinction between “profiling” and “user profiles”. Profiling describes the use of personal data from all kinds of data sources to generate the profile of an individual visitor (mostly with the intention to exploit the expectable preferences of the subject of profiling).

“Creating and maintaining a user profile on the platform” is something else, because the data displayed on a members user profile is assembled on behalf of the individual, and only sourcing data as needed for that purpose.

Please note that while the platform offers user profiles, the platform itself does not perform any profiling in the sense of the law.

01.3 Kinds of data which is processed and stored

01.3.1 Meta Data

Anytime a web-browser contacts a web server, the following data is transmitted to the server along with the request:

  • the IP-Address of the visitor

  • Browser-type and Browser-version

  • The operating system used by the visitor

  • The current, and the previously requested websites URLs

  • A timestamp representing the time of the request

As the platform is requested by the user, such server contacts are being executed between the users browser and the platforms own server, as well as with additional 3rd-party servers which provide additional data assets and functionality. As it will be explained in detail in the following paragraphs, the above-listed meta-data is used in different ways depending on which server is being contacted.

01.3.2 Personal data distinctions

You may think of personal data is any set of data that reveals the distinct individual, like most obviously your real world name.

The use of the platform does not necessarily require stating such details,

but there are some use-cases in which entering such data is mandatory.

For the sake of clarifying the different legal rules which apply when actively using the platform, we need to make a distinction here, as there are:

01.3.2.1 Public content data

As it is the nature of any web community, the platforms service does offer you various ways to enter data, with the intention to make this data publicly available on your behalf.

Any data which is deliberately shared with the intention of publishing it is classified as “public content data” and will not be subject of data protection by the platform once it has been submitted to be displayed publicly.

This applies to any text or images, with the exception of album related data (see “creative content data” below) and private messages (see “private content data”).

Such “public content” can always be edited and / or removed from public view by the authoring user.

01.3.2.2 Creative content data

“Creative content data” also describes data which may be published by users on the platform.

The main difference to the previously mentioned public content data is that the dataset resembling the creative contribution may no longer be edited or removed by the user.

This is the case with audio submissions to the platform, which require explicit, active user consent per audio upload and grant the platform the permanent on-platform publishing and related data-processing rights.

01.3.2.3 Private Content data

“Private content data” describes any data which users may submit by sending private messages to other users of the platform. These messages may not be edited or deleted once they have been sent. The content of such messages is not monitored automatically by the platform, and delivered to the recipient(s) on the sending users behalf. Again, the platform can not be held liable for any personal data you are deliberately sharing with other users.

Last, and most relevant for GDPR, the platform collects and processes additional personal data for the tasks stated in § 01.1, whichs purpose may not be as self-explanatory, or as obviously required to perform some user intended activity.

01.3.2.4 Personal data

The common denominator of this last group of relevant personal data records is that they are either added to other data records automatically (like, for example, storing the users IP and the timestamp when a comment is entered), or that data is processed for reasons that are possibly unknown to the end user.

To give proper insight into these rather hidden data processing moves, and to inform the users of the platform of the measures taken to keep your data safe from abuse is the whole point of this document.

You will find the most relevant events in which data processing happens covered in chapter 03.

 

02 Data processing services and server locations

02.1 Platform core services

Any connections between your browser and the platform or one of the following services are executed via secured https connections to increase data transfer security.

The storage and processing of the data collected by the platform happens on rented servers located in Germany, and which are provided by all-inkl.com / Rene Munich, who act as contracted data processors of the platform.

The platform is making use of so called Content Delivery Network (CDN)-services.

By utilizing a CDN service, static assets of the platform (such as audio files, images and layout related CSS and JavaScript code) are being fetched from extremely fast and regionally close-by or less heavily used servers, leading to significantly faster page loading times.

The CDN providers are operating servers located all around the globe. Even if the user is a resident of the European Union, getting connected to servers which may be outside of the European union cannot be excluded due to technical reasons.

In these events, the personal meta-data as listen in paragraph 1 will be sent into the country where the CDN server resides immediately. In this case, the user agrees to surrender the data to the USA and/or the country where the CDN server resides.

The CDN-providers are making use of Log-Files to create use-statistics and for billing purposes. An association between these log files and individual users does not happen in these processes.

The platform is making use of CDNsun.com, Czeck Republic

and Amazon S3 Cloud storage servers.

The platform makes use of Amazon SES professional email sending service. To be able to deliver our emails, the recipients addresses are passed on to the services servers in Ireland, where they are processed only as needed to send the particular email.

02.2 Internal statistics tool

This website uses Matomo (formerly known as Piwik), the open source software for statistic evaluation of the user accesses. This statistics software is provided by the Matomo project, but hosted on the platforms own servers. This means all data processing is happening on the platforms server in Germany. Matomo uses so-called 'cookies', text files, which are set on your computer in order to analyse your use of the website. The information about your use of the provided internet service, supplied by the cookie, is stored on the server of the internet service provider in Germany. The IP address is made anonymous immediately after the processing and before storage.

You can prevent the installation of the cookies by changing your browser settings accordingly; however, we point out that in this case you will possibly not be able to use all functions of this website to the full extent.

The data collected by Matomo is not being associated to single users. No attempts to merge the data with other data sources are being made. The stored data is exclusively used for the purpose of creating statistical evaluations.

02.3 3rd party plug-ins and services

02.3.1 YouTube Video Plug-in

The platform allows embedding YouTube-videos within chat messages, private messages, comments and forum posts. The video files are hosted on YouTubes servers. The YouTube video plug-in as offered on the platform contacts the plug-in providers server to display the preview image of the embedded video.

The plug-in provider receives the information that the user has visited the website offering the plug-in in this event. Additionally, the meta-data as listed in § 01.3.1 is being transferred.

The plug-in provider saves the collected data in use-profiles and uses these for advertising, market surveys and/or to optimize the service towards the preferences of the user.

This happens regardless of the visitors log in status or of having a user account on YouTube. The platform utilizes the plug-in in the so called “privacy-enhanced mode”.

If the platforms visitor is logged in to the plug-in providers service, the data collected by the plug-in will only get associated with the visitors YouTube user account if the user actively starts the embedded videos playback. The plug-in provider is making use of cookies to perform the data collection and evaluation.

02.3.2 Google Adsense Plug-in

The platform is utilizing the so called “Adsense” advertisement plug-in offered by Google Inc. to display advertisement banners to the platforms visitors.

The displayed banners are being requested from the plug-in providers servers.

The plug-in provider receives the information that the user has visited the website offering the plug-in in this event. Additionally, the meta-data as listed in § 01.3.1 is being transferred.

The plug-in provider saves the collected data in use-profiles and uses these for advertising, market surveys and/or to optimize the service towards the preferences of the user.

This kind of data evaluation is especially aimed at the display of advertisements which are relevant to the individual visitor, and happens regardless of the users log-in status.

The plug-in provider is making use of cookies to perform the data collection and evaluation.

02.3.3 Affiliate Partner links

wikiloops media UG (haftungsbeschränkt) is offering links to so called. „Affiliate

Partners“ like the online instrument store Thomann.de. The technical realization is handled by the company Sunlab GmbH AM, Germany (referred to as „Affiliate-partner-provider“).

To display the banner of an affiliate partner, the affiliate-partner-providers server is being contacted. The affiliate-partner-provider receives the information that the user has visited the site offering the affiliate link in this event. Additionally, the meta-data as listed in § 01.3.1 is being transferred.

The affiliate-partner-provider is using the collected data to associate purchases made on the affiliate-partners site to the websites that offered the banner which lead to the purchase, with the purpose of granting a provision to the websites operator.

To perform this operation, the affiliate-partner-provider is making use of Cookies.

02.3.4 Paypal Payment-Plugin

wikiloops media UG (haftungsbeschränkt) is making use of payment processing plug-ins offered by PayPal (Europe) S.à r.l. et Cie and Amazon Europe Core S.à.r.l to collect online payments.

To display the plug-in, the plug-in providers server is being contacted. The plug-in provider receives the information that the user has visited the site offering the plug-in in this event. Additionally, the meta-data as listed in § 01.3.1 is being transferred.

The plug-in provider stores these data records as use-profiles and uses these for advertising purpose, market analysis and to optimize their services. The data evaluation is especially focusing (including user who are not logged in) on assessing whether the user does hold a user account with the provider.

The providers are using Cookies in this process.

02.3.5 Responsibility and suggestions concerning 3rd party plug-ins

wikiloops media UG (haftungsbeschränkt) does neither have any influence on the scope of data collection performed by external providers, nor on the data processing performed.

Neither does wikiloops media UG (haftungsbeschränkt) hold all information on the purpose, scope of collected data and data storage terms applied by external providers.

The user may have a right to object against the creation of user-profiles as performed by some external providers, but will have to contact the external service provider directly to object (for contact addresses, see 02.3.7).

Since most external providers are making use of Cookies to collect data, wikiloops suggests the user should either delete any cookies set by these providers before visiting the platform, or disable the storage of third party cookies in the users browser.

wikiloops does not suggest blocking all kinds of cookies regardless of origin, because some of the functionality offered on the platform does rely on cookies being present (see § 02.4).

02.3.6 Further Information concerning 3rd party plug-ins

More information on the scope and purpose of data collecting and processing performed by the plug-in-providers can be found in the data privacy information provided by the plug-in providers on the pages linked in the following paragraph. These documents also include further information on user rights and concerning the privacy settings and options to protect your privacy.

02.3.7 Addresses of 3rd-party providers and links to their data privacy regulations

a) Google, Inc., 1600 Aphitheater Parkway, Mountainview, California 94043, USA; https://www.google.de/intl/de/policies/privacy/;

b) PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

c) Amazon Europe Core S.à.r.l., 5, Rue Plaetis, L-2338 Luxemburg

https://www.amazon.de/gp/help/customer/display.html/?nodeId=3312401

d) Sunlab GmbH, Bamberger Str. 9,63743 Aschaffenburg, Deutschland

https://www.sunlab.de/datenschutz/


e) CDNsun s.r.o, Czech Republic

https://cdnsun.com/privacy-policy

f) Amazon Web Services, Inc.,P.O. Box 81226,Seattle, WA 98108-1226 USA

https://aws.amazon.com/privacy/


02.4 Use of Cookies

Cookies are small data records which are being stored in the visitors browser, and transmitted back to the origin server whenever a page, an image or any other asset is requested from that origin server.

In addition to the previously mentioned use of Cookies by external services, the platform may set the following cookies in your browser:

  1. wikiloops.com sets a preferences cookie, which stores nothing but your chosen audio player volume, your audio auto-play preference, whether you have noticed and hidden some info-banner and navigation related things. This cookie holds no personal data, and no data is processed beyond these purposes. The cookie is auto-deleted by your browser 30 days after your 1st visit to the platform

  2. wikiloops.com sets a session cookie for the duration of your visit. This cookie is automatically deleted one hour after your last visit to the platform, and contains a unique string of letters and numbers, by which your browsers requests can be identified and matched to a “session” (a temporary database record on the platforms server), which also gets automatically deleted one hour after your last server contact (or, in the case of active membership, immediately on logging out).

This session cookie is used to store your location (based on continent distinction), to make sure you will be connected to the closest available audio server. The session cookie also serves as your identification of being “logged in”, or of having purchased a “download ticket”, so you will not need to provide your password / ticket code on every page you visit. This Cookie is only used to process data as stated here.

  1. wikiloops.it sets the MATOMO / PIWIK tracking cookies which are needed for the anonymized usage statistics collection.

It is possible to prevent the storage of cookies in your browser if you would like to do that. You may continue to use the platform regardless of accepting or blocking the Cookies, but some functionality of the platform (like, most prominently, logging in) may not be available to you if you do block them.

02.5 Log-Files

When being visited by the user, the platform stores the meta-data as listed in paragraph 1 on the platforms server. The visitors IP-address is anonymized before it is stored, and the platform is using these anonymized log files exclusively for the purpose of creating statistical evaluations, in which no assignment between the data and an individual user is being made.

02.6 Geolocation

As the platform is being visited by the user, the users IP-Addresses is utilized to gather the users country by matching the IP-Address with a maxmind GeoIp-Database which is hosted on the platforms servers. The gathered country result is needed to display the user interface in the desired language, and to be able to connect the user to the regionally closest CDN server (see § 02.1). The country-matching result is being saved as part of the visitors Cookie (see § 02.4) for the duration of the current visit. The users IP-Address (which is needed to perform the geolocation) is not being stored on the platforms server during the geolocation detection process.

 

03 Detailed description of data processing depending on your use of the service

This chapter covers in detail which personal data is collected, stored and processed in certain use cases, ranging from visiting the platform as a guest to using the platforms services as an active member of the community. While the previous paragraphs already covered the reasons for data collection and the involved parties, we will go into more detail here and focus on the question of when which of the mentioned processes are happening, which kind of data is being processed and for which time period the data is stored.

03.1 Visiting the platform as a guest

When browsing the platform, the following before-mentioned processes are executed on every page visit, starting with the initial one:

  1. Log file entry of anonymized meta data (see ).

  2. Session cookie & preferences Cookie are set by wikiloops.com (see )

  3. Tracking cookie is set by wikiloops.it (see )

  4. Anonymized browser data is sent to and processed by the platforms Matomo statistics tool (see )

  5. 3rd party servers are contacted depending on the plug-ins embedded in the individual page. The plug in providers may set cookies and collect and process your data according to their individual terms (see ).

  6. Geolocation is used to determine the audio server closest to the visitors location. The resulting country and continent code is stored in a temporary database record for the duration of the current visit. (see )

03.2 Using the contact form

The contact form on the platform offers the option to send questions, opinions and suggestions towards the platform.

The entered data is exclusively used to respond to the requests sent thru the contact form.

The contact from processes the following mandatory data-categories of users personal data (mandatory data is marked with an *):

  • E-Mail-Address (text field)

  • Message content (text field to enter free text as needed)

03.3 Registering & setting up a user profile

To be able to register a user account on the platform, the registering user needs to choose a username and a password, and must provide the following mandatory personal data (mandatory data-fields are marked with an * ):

  • First name and family name,

  • Street address and

  • A valid Email address.


Additionally, the user may provide optional data to be displayed on the users user-profile or to represent the user in interactions on the platform.

The following data-fields and ways to edit them are offered:

  • nationality (choose country flag from drop-down-menu),

  • location (text input)

  • information on played instruments (text input),

  • biographical information (text input)

  • information on used recording equipment (text input)

  • Images/Photo to be displayed on the user profile or used as the user avatar (file upload)

  • Date of birth (drop-down-menu)

  • A standardized forum signature (text input)


The mandatory personal data is exclusively used for communications between the platform and the user, or (in the case of registering a payed membership) to provide the required billing information needed to document the purchase.

Any transfer of this data to third parties is out of question, as long as the platform is not forced by law or by court order.

The user profiles offered on the platform are available to registered users and non-registered visitors of the platform, so the profile data is in no way protected from access thru third parties.

03.4 Logging In

During the log-in-procedure, the users IP-Address is stored in a database.

The record of the IP-Address stored on previous visits is being deleted and replaced in this event.

The stored IP-Address is exclusively used by the platform to ensure the safety of the platform. Unwanted access attempts, SPAM abuse or multiple registrations are being prevented by matching IP-Addresses. If not rewritten on following log-ins, the stored IP-Address is automatically deleted after 30 days after having been stored.


03.5 Data storing along with audio uploads and other user generated content

Whenever a registered user uploads audio files to the platform, the uploads timestamp and the users IP-Address are being stored to a database and associated permanently with the uploaded audio file. This data record remains stored for the duration of the audio files presence on the platform, and may be used exclusively for the purpose of associating the uploaded audio with the uploading user in the event of copyright infringement claims or other legal conflicts concerning the audio file.

 

04 Users rights

This chapter covers the various user rights as demanded by the GDPR, which the platform is bound to inform you about.

Since these rights are not in any way customized to the use of our platform, we are simply using the information provided by

the Privacy Policy Generator of the External Data Protection Officers (https://dg-datenschutz.de/services/external-data-protection-officer/?lang=en) that was developed in cooperation with the Media Law Lawyers (https://www.wbs-law.de/eng/practice-areas/media-law/) from WBS-LAW, whom we would like to thank for composing the information offered in chapters 04 and 05.

As previously explained in § 01.2, the term „data subject“ is used to resemble the visitor of the platform (in other words: You!), while the ”controller” refers to the platform.

04.1 Right of confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.

04.2 Right of access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing;

  • the categories of personal data concerned;

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;

  • the existence of the right to lodge a complaint with a supervisory authority;

  • where the personal data are not collected from the data subject, any available information as to their source;

  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

04.3 Right to rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

04.4 Right to erasure (Right to be forgotten)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

  • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

  • The personal data have been unlawfully processed.

  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the wikiloops media UG (haftungsbeschränkt), he or she may, at any time, contact any employee of the controller. An employee of wikiloops media UG (haftungsbeschränkt) shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employees of the wikiloops media UG (haftungsbeschränkt) will arrange the necessary measures in individual cases.

04.5 Right of restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the wikiloops media UG (haftungsbeschränkt), he or she may at any time contact any employee of the controller. The employee of the wikiloops media UG (haftungsbeschränkt) will arrange the restriction of the processing.

04.6 Right to data portability

Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact any employee of the wikiloops media UG (haftungsbeschränkt).

04.7 Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The wikiloops media UG (haftungsbeschränkt) shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If the wikiloops media UG (haftungsbeschränkt) processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the wikiloops media UG (haftungsbeschränkt) to the processing for direct marketing purposes, the wikiloops media UG (haftungsbeschränkt) will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the wikiloops media UG (haftungsbeschränkt) for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of the wikiloops media UG (haftungsbeschränkt). In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

04.8 Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, the wikiloops media UG (haftungsbeschränkt) shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the wikiloops media UG (haftungsbeschränkt).

04.9 Right to withdraw data protection consent

Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the wikiloops media UG (haftungsbeschränkt).

 

05 Legal information

05.1 Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.

Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

05.2 The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders.

05.3 Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us.

The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

 

06 Contact information

wikiloops media UG (haftungsbeschränkt)

Herr Richard Kaiser,

Am Pferdekopf 7,

53925 Kall,

Germany
Email: datenschutz@wikiloops.com

Please note: As you are visiting wikiloops, any personal data that is being processed is treated in compliance to the European General Data Protection Regulation.
You may review our data privacy policy to learn how and why we are using Cookies and other techniques as we are providing our service to you.