This is an unofficial English translation of the original German privacy policy. Only the German version
Privacy Policy is legally binding. In case of discrepancies or legal questions, the German version is the sole authoritative source.
1 Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is CodeAttack - Carlo Nölle, Bonner Straße 18, 50677 Cologne, Germany, Tel.: +49 221 42364393, Email: carlo@codeattack.io. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2 Data Collection When Visiting Our Website
2.1 When you use our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
3 Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), others remain on your device longer and enable us to save page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.
If personal data is also processed by individual cookies we use, processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of a contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4 Contacting Us
When contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5 Use of Customer Data for Direct Advertising
5.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure to ensure that you only receive newsletters after you have expressly confirmed your consent to receive newsletters by clicking on a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. In this context, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration to be able to trace possible misuse of your email address at a later date. The data collected by us when registering for the newsletter will be used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
5.2 Sending the email newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. For this, we do not need to obtain separate consent from you in accordance with § 7(3) UWG. Data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, no email will be sent by us.
You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning. For this, you only incur transmission costs according to the basic rates. After receiving your objection, the use of your email address for advertising purposes will be stopped immediately.
6 Data Processing for Order Handling
6.1 Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provided when ordering (name, address, email address) to inform you personally about upcoming updates within the legally prescribed period via an appropriate communication channel (e.g., by post or email) in accordance with our legal information obligations pursuant to Art. 6(1)(c) GDPR. Your contact data will be used strictly for notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s) who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
6.2 Use of payment service providers
- Paypal
One or more online payment methods from the following provider are available on this website or sub-sites: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you select a payment method from the provider where you pay in advance, your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is solely for the purpose of payment processing with the provider and only to the extent necessary for this.
If you select a payment method where we pay in advance, you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data on an alternative means of payment).
To safeguard our legitimate interest in determining your ability to pay in such cases, this data will be forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider checks, based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), whether the payment option you have selected can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Stripe
One or more online payment methods from the following provider are available on this website or sub-sites: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
If you select a payment method from the provider where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data in this case is solely for the purpose of payment processing with the provider and only to the extent necessary for this.
If you select a payment method where the provider pays in advance (e.g., invoice or installment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data on an alternative means of payment).
To safeguard our legitimate interest in determining the payment ability of our customers, this data will be forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider checks, based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), whether the payment option you have selected can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
7 Rights of the Data Subject
7.1 The applicable data protection law grants you the following rights as a data subject with respect to the controller regarding the processing of your personal data (rights of access and intervention), with reference to the legal basis for the respective exercise requirements:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent given pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
7.2 Right to Lodge a Complaint with a Supervisory Authority
You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia Kavalleriestraße 2-4 40213 Düsseldorf Phone: +49 211 38424-0 Email: poststelle@ldi.nrw.de Website: https://www.ldi.nrw.de/
7.3 Right to object
If we process your personal data on the basis of our overriding legitimate interest as part of a balancing of interests, you have the right at any time, for reasons arising from your particular situation, to object to this processing with effect for the future.
If you exercise your right to object, we will stop processing the data concerned. However, further processing remains reserved if we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, fundamental rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.
If your personal data is processed by us for direct advertising purposes, you have the right to object at any time to the processing of your personal data for such advertising. You can exercise the objection as described above.
If you exercise your right to object, we will stop processing the data concerned for direct advertising purposes.
8 Duration of Storage of Personal Data
The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing, and—if relevant—additionally based on the respective statutory retention period (e.g., commercial and tax retention periods).
When processing personal data on the basis of explicit consent in accordance with Art. 6(1)(a) GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that are processed within the scope of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, these data will be routinely deleted after the retention periods have expired, provided they are no longer required for contract fulfillment or contract initiation and/or there is no legitimate interest on our part in further storage.
When processing personal data on the basis of Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object in accordance with Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
When processing personal data for direct advertising purposes on the basis of Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object in accordance with Art. 21(2) GDPR.
Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.