PRIVACY POLICY

Last updated: May 2018

We respect privacy. Therefore we want you to know how careful we handle personal data collected through our online systems.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Generation Digitale GmbH & Co. KG. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

I. Contact details of the person responsible


The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Generation Digitale GmbH & Co. KG

Spielbudenplatz 24-25, 20359 Hamburg
Phone: 040 – 410 984 31 -0
E-mail: Contact us - please activate javascript to see our e-mail address
Website: www.generationdigitale.net

represented by the managing director Mr. Michael Reinermann.

II. General information about data processing


The GDPR defines "personal data" as all information relating to an identified or identifiable natural person (“data subject”).; an identifiable natural person is considered, who directly or indirectly can be identified by reference to an identifier such as a name, an identification number, online identification or location data or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.


1. Scope of the processing of personal data

We only collect and use personal data of users who contact us.
By using vhisper.to, you communicate via internet with our servers. Our servers use information to generate a session and collect protocol information, so-called log files, within the scope of such usage. Recorded log files do not contain any personal data. In particular, IP addresses are anonymised by MD5 hashing.
On the site www.vhisper.to anonymised IIS web logs are also stored. We only use log files for statistical purposes and to analyse errors.
vhisper.to may, in some cases, temporarily store the transferred video and thumbnail during its usage in order to facilitate the broadcast. All uploaded data will automatically be deleted as soon as the number and duration of access set by the user expires, weather it has been received or not. No videos and thumbnails will be reused by vhisper or second or third parties.

2. Legal Basis for the processing of personal data

Insofar as we obtain the consent for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR serves as a legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as a legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.

3. Erasure and storage duration of data

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is expired. Furthermore storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.


III. Provision of the website and creation of log files


1. Description and scope of data processing

If the user agrees to our cookie policy (LINK), our system automatically collects and anonymizes data and information from the computer system of the calling computer.
On doing so, the following data is collected:
(1) Information about the user agent (browser incl. version, operating system) of the user
(2) Date and time of access
(3) Websites from which the system of the user reaches our website (referer)
(4) Web sites accessed by the user's system through our website
(5) Click paths
(6) Cookies to improve the performance of the website
(7) The user‘s IP address will be stored while uploading a file due to legal reasons.
(8) The user‘s IP address as well as the exact time of the uploading process will remain stored until it is manually removed from the system by the operator.
(9) In cases of suspected breaches of copyright law or in the event of attacks on our information technology systems the user’s IP address as well as the exact time of the upload process of the offender will be given to the person raising a complaint once a written justification of the objection is available.
(10) Contact data will be stored in the user’s address book until the user himself deletes the data or his account.

The data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allows the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for the data processing

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

In general, using our service does not require the provision of personal information. Beyond the freely accessible area of our website, e.g. when watching videos your contacts gave you access to via e-mail, you can register a personal account to send video messages.

Registration
The data subject has the possibility to register on the website of the controller with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes. The controller may request transfer to one or more processors that also uses personal data for an internal purpose which is attributable to the controller.
By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.
The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.
The data controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. The entirety of the controller’s employees are available to the data subject in this respect as contact persons.

4. Duration of storage

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. Log files are written anonymously.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
User accounts can be deleted completely at any time and with all the data stored.

5. Possibility of opposition and removal

The collection of the data for the provision of the website and the storage of the data in log files is not absolutely necessary for the operation of the website and takes place only with the prior consent of the users.


IV. Cookies

Cookies are small files that are stored on your device. These can be used to determine if your device has already communicated with our sites. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system.

1. Description and scope of data processing

To provide a more user-friendly service, vhisper.to uses cookies and similar technologies such as "HTML5 storage" or "Local shared objects" (hereafter referred to collectively as "cookies") only after your consent and anonymized to recognize website visitors' preferences to make the service as user-friendly as possible.

We categorize cookies as follows:
Technical types:
Type 1: session cookie
Will be deleted when leaving the page/ closing the browser.
Type 2: permanent cookie
Are set by the page and deleted after a defined period (see below).

Type

Name

Description

Expiry date

1

PIWIK_SESSID

Matomo Session ID for tracking the session

After the end of the session (closing the page/ browser)

1

__RequestVerificationToken

Session token for secure login

After the end of the session (closing the page/ browser)

2

_pk_id.3.f2fd

Matomo cookie for tracking recurring users

After approx. 1 year

2

_pk_ses.3.f2fd

Matomo cookie for tracking the session

After 30 mins

2

piwik_ignore

Matomo cookie opt out

Max Age (approx. 2 years)

2

TourSeen

Token cookie to hide tour

After approx. 1 year

2

cookieconsent_status

cookie opt out

Max Age (approx. 2 years)

2

VhLgn

cookie to keep user logged in

After 14 days

2. How to deactivate cookies?

When you visit our website, you can agree to the use of cookies for analysis purposes via a shown banner and you are referred to this privacy policy.
If you do not want us to collect and analyze information about your visit, you have to options to prevent future data collection:
Browser setting: Do-Not Track
Matomo: Opt-out
Cookies are stored on your computer and transmitted to our site. As a user you therefore have full control over the use of cookies. You can prevent the storage of cookies on your device by selecting "do not accept cookies" in your browser settings. On your device, you can delete previously set cookies at any time. For information how to delete cookies on your device, please refer to the instructions of your browser or device manufacturer.


V Security

We take corporate privacy very seriously. Our employees and the contract processors (service companies) commissioned by us are contractually bound by our duty to maintain secrecy and to comply with the IT / security regulations and applicable data protection regulations.
We, as well as our contractors, protect your personal information and ensure that your personal information is in a legally required, controlled and secure environment that prevents unauthorized access, loss or disclosure.
Technical and organizational measures have been taken in our company to protect your data against damage, destruction, falsification, manipulation and unauthorized access.
To avoid unnecessary amounts of data, we collect, process and use your personal data only insofar as this is required within the framework of our service offer.
The data is collected by Generation Digitale GmbH & Co. KG as well as by the processor commissioned by it.


VI. Website Analysis / Usage Analysis


1. Data protection provisions about the application and use of Matomo

Our website uses the web analysis service Matomo. Matomo uses so-called "cookies", text files that are stored on your computer and allow us to analyze your website usage. Specifically, we save the date and time of the page view and the page from which you accessed our page only after your consent and anonymized. We do not store any other personal data.
The information generated by the cookie is stored on our server. The IP address is anonymized immediately after processing and prior to its storage.
You can prevent the storage of cookies by a corresponding setting of your browser software.
By clicking on the following link (POP_UP_Matomo opt-in) you consent to the collection and processing of this data by us with our local Matomo installation. An opt-in cookie is stored locally by your browser on your computer. If the cookies are deleted in this browser, you must create this cookie again.

MATOMO OPT IN/OUT


Further information and the applicable data protection provisions of Matomo may be retrieved under https://matomo.org/privacy/.


2. Data protection provisions about the application and use of Social Networks

On this website, the controller has integrated components of the enterprise Facebook, Twitter, Intagram, Pinterest, Google+ and Windows live for the purpose of single sign on, to share the page and to follow it’s social media channels. As users may register via e-mail-address the use of this application is absolutely voluntary.

Facebook
On this website, the controller has integrated components of the enterprise Facebook for the purpos of single sign on, to share the page and to follow it’s Facebook presence.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made and registering the account via e-mail-address.
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

Google+
On this website, the controller has integrated Google+ as a component for single sign on.
The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
During the use of vhisper.to, Google is made aware of what specific sub-page of our website was visited by the data subject. More detailed information about Google+ is available under https://developers.google.com/+/.
If the data subject is logged in at the same time to Google+, Google recognizes with each call-up to our website by the data subject and for the entire duration of his or her stay on our Internet site, which specific sub-pages of our Internet page were visited by the data subject. This information is collected through the Google+ button and Google matches this with the respective Google+ account associated with the data subject. Google is also able to link the visit to this website with other personal data stored on Google. Google further records this personal information with the purpose of improving or optimizing the various Google services.
If the data subject does not wish to transmit personal data to Google, he or she may prevent such transmission by logging out of his Google+ account before calling up our website and registering the account via e-mail-address instead of single-sign-on.
Further information and the data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/. More references from Google about the Google+ service may be obtained under https://developers.google.com/+/web/buttons-policy.

Windows Live
On this website, the controller has integrated Windows Live as a component for single sign on.
The operating company of Windows Live is Microsoft Corp., One Microsoft Way, Redmond, QA 98052-6399, United States.
During the use of vhisper.to, Windows Live is made aware of what specific sub-page of our website was visited by the data subject. More detailed information about Windows live is available under https://msdn.microsoft.com/en-us.
If the data subject is logged in at the same time to Windows Live, Windows recognizes with each call-up to our website by the data subject and for the entire duration of his or her stay on our Internet site, which specific sub-pages of our Internet page were visited by the data subject. This information is collected and Windows matches this with the respective Live account associated with the data subject. Windows is also able to link the visit to this website with other personal data stored on Windows. Windows further records this personal information with the purpose of improving or optimizing the various Windows services.
If the data subject does not wish to transmit personal data to Windows, he or she may prevent such transmission by logging out of his Windows Live account before calling up our website and registering the account via e-mail-address instead.
Further information and the data protection provisions of Windows may be retrieved under /. https://privacy.microsoft.com/de-de/privacystatement


VII. Right to information, correction, blocking, deletion, completion, restriction and data portability


Without giving any reasons, you will receive free information as to whether personal data relating to you will be processed. In accordance with Art. 15 GDPR, §§ 34 BDSG n. F., you have the right to information about these personal data as well as further information about the processing of your data stored by us.

Within the scope of your legal claims in accordance with Art. 16, Art. 17 GDPR, §35 BDSG, you may have your data banned, corrected or deleted. A deletion of your personal data takes place if statutory storage requirements do not oppose this and if you make a claim for cancellation in writing.

Furthermore, you have the right to complete incomplete data and to demand in the legally regulated cases according to Art. 18 GDPR the limitation of the processing, if the correctness of the personal data is not given.

In accordance with Art. 20 GDPR, you also have a right of data transferability insofar as we have referred to in this declaration as the basis for data processing Article 6 (1) a or b GDPR or Art. 9 (2) a GDPR. In exercising the right to data portability, you have the right to request that the personal data may be transmitted directly from the responsible party to another responsible party, in so far as technically feasible.

VIII. Right of withdrawal

You may revoke the consent given to us for collecting and using the data without giving reasons at any time with future effect, without affecting the legality of the processing on the basis of consent until the revocation. After the cancellation, Generation Digitale GmbH & Co.KG. processes your personal data only insofar as the processing is required due to another legal basis or legal obligation. You can send your cancellation to the contact address given in the legal notice.

IX. Questions and effectivity

This privacy policy is valid from the date of publication on the website of Generation Digitale GmbH & Co. KG until revoked.
For the use of our offer the confirmation and acknowledgment of the data protection agreement is absolutely necessary.
Please note that data protection regulations and data protection practices may constantly change and the contents of this privacy policy must be adapted. If this is the case, we will inform you about changes in a transparent way.
It is also advisable to inform yourself about changes in the legal provisions and practice of our company.