Privacy

Thank you for your visit to the website of makandra GmbH (hereinafter “makandra” or “we”) at https://makandracards.com (hereinafter the “Website”).

The processing of personal data on, and through, our Website is made in compliance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) and the German Telemedia Act (Telemediengesetz - TMG). In this privacy statement, we inform you of the collection of personal data from the data subject on, and through, our Website in accordance with Article 13 GDPR.

In this privacy statement, the definitions in Article 4 GDPR apply.

1. Name and contact details of the controller

The controller for the processing of personal data in accordance with this privacy statement is:

makandra GmbH
Melli-Beese-Straße 5
86159 Augsburg
Germany
E-Mail: info@makandra.com
Website: https://makandra.com

2. Contact details of the data protection officer

makandra has appointed a data protection officer in accordance with Article 37 GDPR and § 38 BDSG with the following contact details:

makandra GmbH
- Datenschutzbeauftragter -
Melli-Beese-Straße 5
86159 Augsburg
E-Mail: info@makandra.com

3. Purposes and legal basis of the processing of personal data

If you visit or use the Website, makandra will collect, process and use your personal data for the following purposes.

a) Collection and processing of personal data upon a visit to the Website

Upon a visit to the Website, we collect and process only that information and those personal data which are automatically transmitted to us by your Internet browser such as:

That information and those personal data are required to correctly deliver the contents of the Website, to optimise the contents of, and advertising for, the Website, as well as to ensure network and information security, and to protect the Website against attacks, disruption and damage.

The personal data and information collected on that basis are evaluated by makandra statistically and for the purpose of enhancing data protection and data security in order to ensure a level of security for the personal data processed by us which is appropriate to the risk. The personal data collected when you access the website, in particular, the user’s IP address, will be deleted, at the latest, seven days from their collection, unless an attack or a threat by the user was discovered.

To the extent that we collect and use personal data of the user such as, in particular, the user’s IP address, upon an access to the Website, the legal basis therefor is Article 6(1)(f) GDPR, as that processing is necessary for the purposes of the legitimate interests pursued by makandra. The legitimate interests pursued by makandra are the enhancement of data protection and data security in order to ensure a level of security for the personal data processed by makandra which is appropriate to the risk, to ensure network and information security, to optimise the Website and to protect the Website against attacks, disruption and damage.

b) Contacting through the Website

You can contact makandra while providing your personal data (name, company name, email address, phone number). The personal data transmitted by you to makandra in that context result from the relevant contact form on the Website. The personal data transmitted to makandra in that respect will only be collected and stored for the purpose of processing your contact request.

Legal basis for processing these personal data is Article 6(1)(b) GDPR as the processing is necessary for the performance of a contract between makandra and the data subject or in order to take steps at the request of the data subject prior to entering into a contract.

c) Subscription for makandracards

You can sign-up and subscribe for the use of the makandracards application through the Website by providing your personal data (organisation, name, e-mail address and password). When you choose to purchase a paid subscription plan, you also have to provide us with your billing address and credit card information for billing purposes. The personal data transmitted to makandra in that respect will only be collected, stored and processed for the purpose of administering your subscription of makandracards and for invoicing.

Legal basis for processing these personal data is Article 6(1)(b) GDPR as the processing is necessary for the performance of a contract between makandra and the data subject or in order to take steps at the request of the data subject prior to entering into a contract.

d) User-generated content

When you sign-up for and use the makandracards application you can create user-generated content of any kind which will be stored at makandra through the Website. We store this content so we can later make it available to you and the people you decide to share it with. We do not use your content for any other purposes. You can control which content you enter into the makandracards application, and with whom you share your content with. You can delete your content at any time. The personal data transmitted to makandra in that respect will only be collected, stored and processed for the purpose of providing the makandracards application to you.

Legal basis for processing these personal data is Article 6(1)(b) GDPR as the processing is necessary for the performance of a contract between makandra and the data subject or in order to take steps at the request of the data subject prior to entering into a contract.

e) Use of cookies

In using the Website, cookies will be used. The purpose of cookies is the personalisation of the Website for your visit and the facilitation of the use of the Website. Cookies are small text files which the Website transmits to the cookie file of the Internet browser on your terminal device and which are kept there for a later retrieval, so that the Website can, inter alia, remember who you are. Typically, a cookie will include the name of the domain from where it was set, the “lifetime” of the cookie and a unique identifier. The following types of cookies are used on the Website:

If you do not want to accept cookies of the Website, you can deactivate them and object to the access to information stored before by setting your Internet browser accordingly. The settings of your browser which allow you to do this vary from browser to browser and can normally be found under “Data Protection” or “Cookies” of the “Internet Options” or “Settings” menu of your browser. If you need help to deactivate or delete cookies, you should use the “Help” menu in your browser. Details regarding the management and deletion of cookies, as well as relevant instructions for the most common browsers, are available, for example, at http://www.allaboutcookies.org/. Please note, however, that you may not be able to use all of the interactive features and functions of the Website if cookies are blocked or deleted.

f) Use of Matomo

This Website uses the open source tool Matomo for analytics to gather statistics about the use of this Website. Matomo is hosted on servers operated by makandra.

No data is sent to third parties. All data stored is anonymized, including the user's IP address. No cookies are stored on the user's device.

Legal basis for using Matomo is Article 6(1)(f) GDPR, as using Matomo is necessary for the purposes of the legitimate interests pursued by makandra. The legitimate interests pursued by makandra are to evaluate the number of visits and to analyse the use of the Website in order to improve the Website, its user-friendliness and the offers from makandra and make them more interesting for the user.

g) Use of Google reCAPTCHA

makandra has integrated the service reCAPTCHA from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") on its Website.

When using reCAPTCHA, to our knowledge the following information and personal data of the user will be transferred to Google: IP address, data, time and time zone of the request, website visited, transferred amount of data, browser type and version as well as browser settings and operating system. By using reCAPTCHA the Website can differentiate whether entries on the Website are made by an individual or through a robot or malware.

By visiting the Website Google receives information that you have accessed the respective sub-site of the Website. In addition, the information and personal data of the user listed above will be transferred to Google, regardless whether Google provides a user account where you are logged-in or whether no user account exists. If you are logged-in with Google your data will be assigned to your user account. If you do not want such assignment to your profile with Google please log-out from Google before accessing the sub-site where reCAPTCHA is integrated. Google will store your data as user profile and will use them for advertisement, market research and/or in order to design the website in a needs-based manner. Such assessment will be carried out in particular (even for users which are not logged-in) for the provision of needs-based advertisement and in order to inform other users of such social network about your activities on our Website. You have a right to object to such creation of user profiles and you have to contact Google for exercising such right.

Google LLC is certified under the EU-U.S. Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and thus has provided the legal requirements for ensuring an adequate level of data protection for the provision of the reCAPTCHA service.

Further information and the current privacy policies of Google can be retrieved at https://www.google.de/intl/de/policies/privacy/ and https://policies.google.com/privacy?hl=en.

Legal basis for using reCAPTCHA from Google is Article 6(1)(f) GDPR, as using Google reCAPTCHA is necessary for the purposes of the legitimate interests pursued by makandra. The legitimate interests pursued by makandra are to protect our Website against misuse and the entry of data through a robot or malware.

4. Recipients of personal data / transfer to a third country

We will only transfer your personal data to the companies stated in section 3 and to the following companies:

a) Hosting

PlusServer GmbH, Hohenzollernring 72, D-50672 Köln which hosts our Website as data processor.

b) Payment provider

For processing your payments for the subscription of makandracards we will transfer your personal data necessary for payment (organisation, billing address, credit card information, payment amount) to the payment provider Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Stripe, Inc. is certified under the EU-U.S. Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active) and thus has provided the legal requirements for ensuring an adequate level of data protection.

c) No transfer to a third country

Other than in the cases stated in section 3 and section 4 b), we will not transfer your personal data to a third country.

5. Storage period of personal data

We only store your personal data as long as necessary for the purposes for which the personal data have been collected or processed unless statutory data retention periods require a longer storage.

6. Your rights as a data subject

You have the following rights:

7. Your duty to provide personal data and potential consequences of a failure to provide personal data

The provision of personal data is necessary to use the Website and the makandracards application. If personal data are not provided, the Website and the makandracards application may not be used at all, or only be used with a limited scope of functions; in particular, no contact requests can be sent to makandra and no subscription for the makandracards application is possible.

8. No automated decision-making / no profiling

We do not make any automated decision-making or profiling.

9. Changes to this privacy statement

It could be necessary to update and change the content of this privacy statement from time to time. Therefore, makandra reserves the right to change this privacy statement and will provide the changed privacy statement on the Website and will notify the data subjects prior to implementing the change if makandra intends to further process the personal data for another purpose.

Information about the right to object pursuant to Article 21 GDPR

1. Right to object on grounds relating to the particular situation

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) (public safety) or Article 6(1)(f) GDPR (data processing based on weighing of interests), including profiling based on those provisions. makandra shall no longer process the personal data unless makandra demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defense of legal claims.

2. Right to object in case of direct marketing

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

3. Exercising the right to object

The right to object can be exercised informally, e.g. by post to makandra GmbH, Melli-Beese-Straße 5, 86159 Augsburg, Germany or by e-mail to datenschutz@makandra.de.