Privacy Policy
Preamble
Please note that this is only an AI translation. The original privacy policy is in German, as the site is provided in Germany and the German version is binding. No responsibility can be taken for the correct translation into English, this is only intended as a convenience offer.
With this privacy policy, we aim to inform you about which types of personal data (hereinafter referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, whether as part of providing our services or especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").
The terms used are not gender-specific.
Effective Date: November 20, 2024
Controller
Evgeny Rygin
Am Haushof 5
40670 Meerbusch,
Germany
Email: mail.progressgalaxy@gmail.com
Imprint: https://www.progress-galaxy.com/imprint
Overview of Processing Activities
The following overview summarizes the types of data processed, the purposes of their processing, and the categories of individuals affected.
Types of Processed Data
-
Inventory data
-
Contact data
-
Content data
-
Usage data
-
Meta, communication, and procedural data
-
Log data
Categories of Affected Individuals
-
Communication partners
-
Users
Purposes of Processing
-
Communication
-
Security measures
-
Audience measurement
-
Organizational and administrative procedures
-
Feedback collection
-
User-based profiles
-
Provision of our online offering and user-friendliness
-
IT infrastructure
-
Public relations
Legal Bases for Processing
Relevant legal bases under the GDPR: Below is an overview of the GDPR legal bases upon which we process personal data. Please note that, in addition to the GDPR, national data protection regulations in your or our country of residence may also apply. If more specific legal bases apply in individual cases, we will inform you in this privacy policy.
-
Consent (Art. 6 (1)(a) GDPR): The individual has given consent to the processing of their personal data for specific purposes.
-
Contract performance and pre-contractual inquiries (Art. 6 (1)(b) GDPR): Processing is necessary for the performance of a contract to which the individual is a party, or to take steps at the request of the individual prior to entering into a contract.
-
Legitimate interests (Art. 6 (1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided these interests are not overridden by the individual's fundamental rights and freedoms.
National Data Protection Regulations in Germany:
In addition to GDPR, national data protection regulations apply in Germany, such as the Federal Data Protection Act (BDSG). These include provisions on access rights, deletion rights, objection rights, processing of special categories of personal data, processing for other purposes, and data transfers. State-level data protection laws may also apply.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of individuals, to ensure a level of protection appropriate to the risk.
The measures include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to the data itself, input, transfer, ensuring availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data breaches. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and procedures, in line with the principles of data protection by design and by default.
Securing Online Connections with TLS/SSL Encryption Technology (HTTPS):
To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt information transferred between the website or app and the user's browser (or between two servers), thereby safeguarding the data from unauthorized access. TLS, being the advanced and more secure version of SSL, ensures that all data transfers meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the presence of "HTTPS" in the URL, serving as an indicator for users that their data is being transmitted securely and encrypted.
Transfer of Personal Data
As part of our processing of personal data, it may occur that this data is transferred to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
International Data Transfers
Data Processing in Third Countries:
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if processing occurs as part of using services of third parties or disclosing/transferring data to other individuals, entities, or companies, this is done only in accordance with legal requirements.
If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers occur only if the level of data protection is otherwise guaranteed, particularly through standard contractual clauses (Art. 46 (2)(c) GDPR), explicit consent, or in cases of contractual or legally required transfers (Art. 49 (1) GDPR).
Additionally, we inform you about the legal bases for international transfers in relation to individual providers from third countries. Adequacy decisions are primarily applied. Information on international transfers and existing adequacy decisions can be found on the EU Commission's website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.
Note on the Data Privacy Framework (DPF):
Under the "Data Privacy Framework" (DPF), the European Commission has also recognized the level of data protection for certain companies in the USA as secure, based on the adequacy decision of July 10, 2023. The list of certified companies, as well as further information about the DPF, can be found on the U.S. Department of Commerce website: https://www.dataprivacyframework.gov/.
We inform you within this privacy policy about which of the service providers we use are certified under the Data Privacy Framework.
General Information on Data Retention and Deletion
We process and store personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Once the purpose for processing no longer applies, or if the individual withdraws their consent, the data will be deleted, unless further retention is required by law or justified by legitimate interests.
Exceptions to this rule include cases where legal obligations or special interests require longer retention or archiving of the data, such as for the fulfillment of legal, accounting, or tax-related obligations, or for defending legal claims.
Specifically:
-
Data subject to legal retention obligations under commercial or tax law (e.g., invoices, business records) will be retained for the respective retention periods.
-
Data necessary to protect legal claims or rights or to resolve disputes may be retained for a period based on the statute of limitations or industry norms.
When multiple retention periods apply, the longest period takes precedence. If a retention period is not explicitly tied to a specific event, it generally begins at the end of the calendar year in which the event occurred. For ongoing contractual relationships, the event triggering the retention period is the effective date of termination or other conclusion of the legal relationship.
Data retained for purposes beyond the original processing purpose will be processed exclusively for the reasons that justify its retention.
Additional Notes on Retention and Deletion
-
10 years: Retention period for books, records, annual financial statements, inventories, management reports, opening balances, as well as working instructions and other organizational documents required for their understanding, booking records, and invoices (§ 147 (3) in conjunction with § 147 (1)(1, 4, 4a) AO, § 14b (1) UStG, § 257 (1)(1, 4), (4) HGB).
-
6 years: Other business documents, including received and sent commercial or business letters, and other documents relevant for taxation (§ 147 (3) in conjunction with § 147 (1)(2, 3, 5) AO, § 257 (1)(2, 3), (4) HGB).
-
3 years: Data relevant for considering potential warranty claims or compensation requests based on regular statutory limitation periods (§§ 195, 199 BGB).
Rights of Data Subjects
Under the GDPR, you have the following rights as a data subject:
-
Right to Object: You have the right to object, on grounds relating to your particular situation, to the processing of your personal data under Art. 6 (1)(e) or (f) GDPR. This includes profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to such direct marketing.
-
Right to Withdraw Consent: You have the right to withdraw your consent to data processing at any time.
-
Right of Access: You have the right to request confirmation as to whether your data is being processed, access to your data, and additional information as specified by legal regulations.
-
Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data concerning you.
-
Right to Erasure and Restriction of Processing: You have the right to request the immediate deletion of your data, or alternatively, to restrict its processing in accordance with legal requirements.
-
Right to Data Portability: You have the right to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format, or to request its transfer to another controller.
-
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data violates GDPR regulations.
Provision of the Online Offering and Web Hosting
We process users' data to provide our online services. This includes processing the IP address of the users, which is necessary for transmitting the contents and features of our online services to the users' browser or device.
-
Types of Processed Data:
-
Usage data (e.g., pages visited, time spent, click paths, usage intensity and frequency, types of devices used, operating systems, interactions with content and features).
-
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, individuals involved).
-
Log data (e.g., login attempts, access to data, or access times).
-
Content data (e.g., text or images, messages and posts, and related information such as authorship or timestamps).
-
-
Affected Individuals: Users (e.g., website visitors, online service users).
-
Purposes of Processing:
-
Provision of our online offering and user-friendliness.
-
IT infrastructure (operation and provision of IT systems and technical equipment, such as computers and servers).
-
Security measures.
-
-
Storage and Deletion: Data is deleted according to the section "General Information on Data Retention and Deletion."
-
Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
Additional Notes on Processing Procedures, Methods, and Services:
-
Provision of Online Offering on Leased Storage Space:
For the provision of our online offering, we use storage space, computing capacity, and software provided by a corresponding server provider (also referred to as a "web host").-
Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
-
-
Collection of Access Data and Log Files:
Access to our online offering is logged in the form of "server log files." These logs may include the address and name of the requested web pages and files, date and time of access, data volume transferred, messages about successful retrieval, browser type and version, the operating system of the user, the referrer URL (previously visited page), and the requesting provider, including IP addresses.Purposes: These server log files may be used for security purposes (e.g., to avoid overloading the server, especially in the case of malicious attacks, such as DDoS attacks) and for ensuring the stability of the servers.
-
Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
-
Data Deletion: Log files are stored for a maximum of 30 days and are then deleted or anonymized. Data retained for evidence purposes is excluded from deletion until the respective incident is fully resolved.
-
Use of Cookies
The term “cookies” refers to functions that store information on users' end devices and read it from them. Cookies can also be used for various purposes, for example to ensure the functionality, security and convenience of online services and to analyze visitor flows. We use cookies in accordance with the statutory provisions. If necessary, we obtain the user's consent in advance. If consent is not required, we rely on our legitimate interests. This applies if the storage and reading of information is essential in order to be able to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope and which cookies are used.
Information on the legal basis under data protection law: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.
Storage duration: With regard to the storage duration, a distinction is made between the following types of cookies
-
Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
-
Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage duration can be up to two years.
General information on revocation and objection (opt-out): Users can revoke the consents they have given at any time and also declare an objection to processing in accordance with the legal requirements, including by means of the privacy settings of their browser.
-
Processed data types: Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
-
Data subjects: Users (e.g. website visitors, users of online services).
-
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further information on processing processes, procedures and services:
Processing of cookie data on the basis of consent: We use a consent management solution in which user consent is obtained for the use of cookies or for the procedures and providers mentioned in the consent management solution. This procedure is used to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users' end devices. As part of this procedure, user consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information on the browser, the system and the end device used; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Blogs and Publishing Media
We use blogs or similar platforms for online communication and publication (hereinafter referred to as "publishing media"). The data of readers is processed only to the extent necessary for the operation of the publishing medium, the interaction between authors and readers, or for security purposes.
Additionally, we refer to the information on visitor data processing contained in this privacy policy.
-
Types of Processed Data:
-
Basic data (e.g., full name, address, contact information, customer number, etc.).
-
Contact data (e.g., postal and email addresses or phone numbers).
-
Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation time).
-
Usage data (e.g., page visits, time spent, click paths, usage intensity and frequency, types of devices and operating systems, interactions with content and features).
-
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons).
-
-
Affected Individuals: Users (e.g., website visitors, users of online services).
-
Purposes of Processing:
-
Feedback (e.g., collecting feedback via online forms).
-
Provision of our online offering and user-friendliness.
-
Security measures.
-
Organizational and administrative procedures.
-
-
Storage and Deletion: Data is deleted according to the section "General Information on Data Retention and Deletion."
-
Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
Additional Notes on Processing Procedures, Methods, and Services
-
Comments and Posts:
When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This storage is for our security in case illegal content is left in comments or posts (e.g., insults, prohibited political propaganda). In such cases, we may be legally responsible and are therefore interested in the identity of the author.Additionally, based on our legitimate interests, we may process user data for spam detection.
On the same legal basis, we may store the IP addresses of users participating in surveys to prevent multiple votes and to ensure fairness during the survey period.
The data provided in comments or posts, including personal information, contact details, or website links, will be stored indefinitely unless the user objects.
-
Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
-
Contact and Inquiry Management
When contacting us (e.g., via post, contact form, email, phone, or social media) and within the scope of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.
-
Types of Processed Data:
-
Basic data (e.g., full name, address, contact details, customer number, etc.).
-
Contact data (e.g., postal and email addresses or phone numbers).
-
Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation time).
-
Usage data (e.g., pages visited, time spent, click paths, usage intensity and frequency, types of devices and operating systems, interactions with content and features).
-
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons).
-
-
Affected Individuals: Communication partners.
-
Purposes of Processing:
-
Communication.
-
Organizational and administrative procedures.
-
Feedback (e.g., collecting feedback via online forms).
-
Provision of our online offering and user-friendliness.
-
-
Storage and Deletion: Data is deleted according to the section "General Information on Data Retention and Deletion."
-
Legal Bases:
-
Legitimate interests (Art. 6 (1)(f) GDPR).
-
Contract performance and pre-contractual inquiries (Art. 6 (1)(b) GDPR).
-
Additional Notes on Processing Procedures, Methods, and Services
-
Contact Form:
When contacting us via our contact form, email, or other communication methods, we process the personal data provided to us to respond to and handle the respective inquiry. This generally includes details such as name, contact information, and any other information necessary to appropriately address the matter. We use this data solely for the stated purpose of communication and responding to the inquiry.-
Legal Bases:
-
Contract performance and pre-contractual inquiries (Art. 6 (1)(b) GDPR).
-
Legitimate interests (Art. 6 (1)(f) GDPR).
-
-
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as "reach measurement") is used to evaluate visitor flows to our online offering and may involve analyzing behavior, interests, or demographic information about visitors, such as age or gender, based on pseudonymous data.
With the help of reach measurement, we can determine, for example, when our online offering or its functions and content are most frequently used or invite reuse. It also enables us to identify which areas need optimization.
Additionally, we may use test procedures (e.g., A/B testing) to compare and optimize different versions of our online offering or its components.
Unless otherwise specified below, pseudonymous profiles may be created for these purposes. Information may also be stored in a user's browser or device and subsequently retrieved. Data collected typically includes visited web pages, used elements, technical details (e.g., browser, operating system), and usage times.
If users consent to share their location data, location-based processing may also occur. Furthermore, IP addresses are stored, but we use IP masking (i.e., pseudonymization by shortening the IP address) to protect users.
Legal Bases:
If we request users' consent for using third-party services, the legal basis for data processing is consent. Otherwise, the data is processed based on our legitimate interests (e.g., efficient, cost-effective, and user-friendly services).
Types of Processed Data:
-
-
Usage data (e.g., pages visited, time spent, click paths, usage frequency and intensity, types of devices and operating systems, interactions with content and features).
-
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons).
-
-
Affected Individuals: Users (e.g., website visitors, users of online services).
-
Purposes of Processing:
-
Reach measurement (e.g., access statistics, identification of returning visitors).
-
Profiles with user-related information (e.g., creating user profiles).
-
Provision of our online offering and user-friendliness.
-
-
Storage and Deletion: Data is deleted in accordance with the section "General Information on Data Retention and Deletion." Cookies may remain on users' devices for up to 2 years, unless otherwise specified.
-
Security Measures: IP masking (pseudonymization of IP addresses).
-
Legal Bases:
-
Consent (Art. 6 (1)(a) GDPR).
-
Legitimate interests (Art. 6 (1)(f) GDPR).
-
Additional Notes on Processing Procedures, Methods, and Services
-
Google Analytics:
We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number contains no personal data such as names or email addresses. Instead, it is used to assign analysis information to a device, enabling us to identify which content users interact with and how often they return.-
Collected Data: Information about time of usage, duration, sources of users (e.g., referrals to the online offering), technical details of their devices, and pseudonymous location data (e.g., city or country).
-
Pseudonymization: Google Analytics uses IP masking to ensure that EU users’ IP addresses are anonymized by default. Full IP addresses are not stored or logged.
-
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
-
Legal Basis: Consent (Art. 6 (1)(a) GDPR).
-
Privacy Policy: https://policies.google.com/privacy.
-
Opt-Out Options: Users can opt out using the Google Analytics opt-out add-on: https://tools.google.com/dlpage/gaoptout.
-
Social Media Presences
We maintain online presences on social networks to communicate with active users and provide information about our services.
Special Notes on Data Processing in Social Networks:
Data processed on social networks is typically also used for market research and advertising. User profiles can be created based on their behavior and interests, which are often used to deliver personalized advertisements within and outside the platform. Cookies or similar technologies are frequently stored on users' devices for these purposes.
Please note: Users’ data may be processed outside the European Union. This could present risks, such as difficulties in enforcing users' rights.
For further details, including your rights and opt-out options, please refer to the privacy policies of the respective social media platforms.
Additional Information:
If users submit requests for information or exercise their rights (e.g., access, deletion), we recommend addressing these directly to the platform providers, as they have direct access to the data and can implement appropriate actions.
-
Types of Processed Data:
-
Contact data (e.g., email addresses, phone numbers).
-
Content data (e.g., posts, images, authorship).
-
Usage data (e.g., time spent, interactions with content).
-
Meta, communication, and procedural data (e.g., IP addresses).
-
-
Affected Individuals: Users of social networks.
-
Purposes of Processing:
-
Communication.
-
Feedback collection (e.g., via comments or forms).
-
Public relations.
-
-
Storage and Deletion: Data is deleted in accordance with the section "General Information on Data Retention and Deletion."
-
Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
Plugins and Embedded Features and Content
We integrate functional and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as "third-party providers"). These elements may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").
Purpose of Data Processing:
The integration of these elements requires third-party providers to process the IP addresses of users, as they cannot send the content to their browsers without this information. The IP address is therefore necessary for displaying this content or functionality. We endeavor to use only content whose respective providers process the IP address solely to deliver the content.
Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. These "pixel tags" allow information, such as visitor traffic, to be evaluated on the pages of this website. The pseudonymous information may also be stored in cookies on the users' devices and may include technical details about the browser and operating system, referring websites, time of visit, and other details about the use of our online offering, as well as being linked with such information from other sources.
Legal Bases:
If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (e.g., efficient, cost-effective, and user-friendly services).
-
Types of Processed Data:
-
Usage data (e.g., pages visited, time spent, click paths).
-
Meta, communication, and procedural data (e.g., IP addresses, timestamps).
-
Basic data (e.g., name, address, contact information).
-
Contact data (e.g., email addresses, phone numbers).
-
Content data (e.g., text or image messages and posts).
-
-
Affected Individuals: Users (e.g., website visitors, users of online services).
-
Purposes of Processing:
-
Provision of our online offering and user-friendliness.
-
-
Storage and Deletion: Cookies and similar storage methods may remain on users' devices for up to 2 years, unless otherwise specified.
-
Legal Bases:
-
Consent (Art. 6 (1)(a) GDPR).
-
Legitimate interests (Art. 6 (1)(f) GDPR).
-
Additional Notes on Processing Procedures, Methods, and Services
-
YouTube Videos:
We integrate videos from YouTube into our online offering.-
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
-
Legal Basis: Consent (Art. 6 (1)(a) GDPR).
-
Privacy Policy: https://policies.google.com/privacy.
-
Opt-Out Options: Users can manage their settings for ad personalization via Google Ad Center.
-
Created with free data protection generator by Dr. Thomas Schwenke