Privacy policy Tapenta GmbH

Introduction

Purpose and description of data processing

1. Differentiation and use of data
   Tapenta GmbH distinguishes between the following data groups:
   1. personal data (online applications) The collection of personal data serves exclusively:
      • the provision of the online account and identification / registration;
      • The minimum requirement is a freely selectable, unique login and a freely selectable password.
   2. Settings (online applications) Settings on online applications are optional and serve to adapt the online applications and their components to the specific needs of a user.
   3. Contract / invoice and order data
      • The address of the ordering party is used for the execution of orders;
      • as well as for the conclusion of license agreements between licensors and the purchaser.
   4. Access data
      On the web servers, accesses (website, time, amount of data, source, operating system, browser model and IP address) are logged in server log files.
      • The access data is used for statistical evaluations and improvements to the websites.
      • If there are concrete indications of illegal use, Tapenta GmbH reserves the right to use the server log files for subsequent evaluation.
   5. Session data (cookies)
      Information about the current session / the current login, the shopping cart and other short-term settings are stored in the form of files (cookies) locally and temporarily on the servers of Tapenta GmbH. This data is automatically deleted when the current session ends. These cookies are necessary for the correct functioning of our services.
2. Viewing and processing of data
   Principle: Tapenta GmbH does not disclose any personal data to third parties unless it is necessary for the provision of the actual service. Regular access to customer and user data is reserved for the following persons (groups):
   1. Users: to their own personal data, settings
   2. Support: to all data
   3. Shipping service and accounting: into the contract / invoice and order data
   4. Authors, project managers, licensors: into statistics from anonymized session data for demand-oriented development and customization of products.
   5. Server administrators: into statistics from anonymized access data to optimize service provision (server capacity, bandwidth)
   The following service providers have process-related insight into data and have accordingly concluded a contract for order processing (DPA) with Tapenta GmbH so that this data may not be used elsewhere:
   • Scaleway SAS (FR), server hosting, has insight only into access data described in 1.5.
   • Mailgun Technologies, Inc. (USA) und Google LLC (USA), e-mail notifications; have insight into the e-mails delivered via them.
   • PayPal Pte. Ltd. (Singapur), payment provider service provider; have insight into orders paid through them.
   • Stripe Inc. (USA), payment provider service provider, has insight into orders paid through it.
3. Transmission and security of data
   
   • Data is transmitted via https encrypted to the servers of Tapenta GmbH.
   • Data on the servers of Tapenta GmbH are encrypted.
   • Passwords are salted per user and stored as sha512 HASH in the database.
   • Backups of the servers are stored encrypted on other servers.
   • Only the management of Tapenta GmbH has access to servers and backups.

Final provisions

Every user has the right to request free information about his/her personal data stored by Tapenta GmbH.

Every user can request the correction of incorrect data or the deletion of his/her data, as long as this data does not have to be stored by Tapenta GmbH by law. In this case, the data will be blocked and not processed for other purposes.

Every user can exercise his/her right to object and object to the further processing of his/her personal data - however, this does not release him/her from current contracts.

For Tapenta GmbH legally binding orders of authorities are excluded from all restrictions.

Data protection officer