Privacy Policy

Privacy Policy

We operate our websites according to the principles outlined below:

We are committed to complying with legal data protection regulations and always strive to follow the principles of data avoidance and data minimization.

1. Name and Address of the Controller and Data Protection Officer

a) Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the European Union, as well as other data protection regulations, is:

RED 5 GmbH
Lyoner Strasse 19
60528 Frankfurt
Germany
Phone: +49 151 65 131369
Email: hello@red5-agency.de
Website: https://www.red5-agency.de

b) Data Protection Officer

You can contact the Data Protection Officer of the controller at:
SiDIT GmbH, www.sidit.de, Email: info@sidit.de

2. Definitions

We have designed our privacy policy according to the principles of clarity and transparency. Should any terms remain unclear regarding their use, you can find the relevant definitions here.

3. Legal Basis for Data Processing

a) Processing of Personal Data under the GDPR

We process your personal data, such as your first and last name, email address, and IP address, only if there is a legal basis for doing so. The following provisions, in particular, are relevant under the General Data Protection Regulation (GDPR):

  • Article 6 (1) sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Article 6 (1) sentence 1 lit. b GDPR: Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Article 6 (1) sentence 1 lit. c GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Article 6 (1) sentence 1 lit. d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person.
  • Article 6 (1) sentence 1 lit. e GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Article 6 (1) sentence 1 lit. f GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly if the data subject is a child.

We will always inform you of the specific legal basis for processing your personal data at the relevant point in this privacy policy.

b) Consent of Guardians under Article 8 (1) sentence 2 GDPR

A legal guardian must provide consent for all data processing on this website where the consent of a minor, who has not yet reached the age of 16, is required.

c) Processing of Information under § 25 (1) TDDG

We also process information in accordance with § 25 (1) TDDG by storing or accessing information already stored on your terminal device. This includes personal and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers.

These data are processed primarily on the basis of your consent under § 25 (1) TDDG.

An exception to the requirement for consent applies in accordance with § 25 (2) No. 1 and No. 2 TDDG when access to information or storage is strictly necessary to transmit a message over a public telecommunications network or to provide a telemedia service that you expressly requested. You can withdraw your consent at any time.

Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. Disclosure of Personal Data

The transfer of personal data to third parties is considered processing within the meaning of Section 3. However, we want to inform you separately about the topic of disclosure to third parties. The protection of your personal data is very important to us. Therefore, we are particularly cautious when it comes to sharing your data with third parties.

Personal data will only be shared with third parties if there is a legal basis for processing. For example, we may share personal data with individuals or companies who act as data processors on our behalf in accordance with Article 28 GDPR. A data processor is anyone who processes personal data on our behalf, typically under a directive and supervisory relationship with us.

In line with the requirements of the GDPR, we enter into a contract with each of our data processors to oblige them to comply with data protection regulations, ensuring comprehensive protection of your data.

5. Storage Duration and Deletion

Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or processed, provided that its continued processing is not required to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.

6. SSL or TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the website operator. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and the lock icon in your browser line.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

7. Cookies

On our website, we use cookies. Cookies are small data packages created by your browser and stored on your device when you visit our website. These cookies store information associated with the specific device you are using.

Cookies can be categorized into two types: technically necessary cookies and “other” cookies. Technically necessary cookies are essential to provide the information society service you explicitly request.

a) Technically Necessary Cookies

To enhance your user experience, we use technically necessary cookies. These may include session cookies (e.g., for language and font preferences or shopping carts), consent cookies, cookies ensuring server stability and security, etc. The legal basis for the use of these cookies arises from Article 6 (1) sentence 1 lit. f) GDPR, which covers our legitimate interest in the proper functioning of the website and ensuring optimized service delivery.

b) Other Cookies

Other cookies are used for statistical, analytical, marketing, or retargeting purposes.

We only use these cookies based on your consent in accordance with Article 6 (1) sentence 1 lit. a) GDPR.

You can revoke your consent for the use of cookies at any time. Please note that the lawfulness of processing based on consent prior to its withdrawal remains unaffected.

You may adjust your cookie settings on our website, disable cookies in your browser settings (though this may limit the functionality of the online offer), or opt out of specific services.

We will inform you at the relevant points in this privacy policy about the legal basis for the processing of these data.

8. Cookie Banner / Consent Management

To collect consent for the cookies we use, we utilize a cookie banner provided by Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany. This service itself sets a consent cookie to check and process the approval status. This consent cookie is technically necessary and is therefore used based on our legitimate interest in accordance with Article 6 (1) sentence 1 lit. f GDPR, § 25 (1) TDDG.

9. Collection and Storage of Personal Data, and the Type and Purpose of Use

a) External Hosting

Our website is hosted by united-domains GmbH, Gautinger Straße 10, 82319 Starnberg, Germany. As such, all personal data collected on our website is stored on our host’s servers, unless an external service provider is involved. This may include IP addresses, email addresses, communication data, or similar information. The specific personal data involved will be disclosed in the description of each feature or service. If an external service provider is used, this will also be clearly indicated in the service description.

Our host processes your data solely based on our instructions and only to the extent necessary to fulfill the services provided on the website. There is no independent processing of the data by the host. We have entered into a data processing agreement with our host in accordance with GDPR requirements.

b) Visiting the Website

When you visit our website, the browser used on your device automatically sends information to the server hosting our website. This information is temporarily stored in a log file. The following data is collected without your intervention and is stored until automated deletion:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the accessed file
  • Website from which the access occurs (referrer URL)
  • Browser used and, where applicable, the operating system of your device and the name of your access provider

These data are processed by us for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring a comfortable user experience on our website
  • Evaluating system security and stability
  • Error analysis
  • Other administrative purposes

Data that can directly identify you, such as your IP address, will be deleted or anonymized no later than seven days after collection unless a longer storage period is required for legal reasons. The legal basis for data processing is Article 6 (1) sentence 1 lit. f GDPR, based on our legitimate interest in the purposes listed above. Under no circumstances do we use the collected data to identify you personally.

c) Contact Form

We provide a contact form on our website that allows you to contact us at any time. To use the contact form, you must provide your name (for a personal greeting) and a valid email address so that we know who the inquiry is from and can process it accordingly.

When you send us inquiries via the contact form, the information you provide, including the contact details you enter (such as your name, email address, and your IP address), will be processed in accordance with Art. 6 (1) sentence 1 lit. b and f GDPR. This processing is done either to carry out pre-contractual measures at your request or to safeguard our legitimate interests in conducting business activities.

Inquiries and any related data will be deleted no later than three months after receipt, unless they are needed for an ongoing contractual relationship.

10. Rights of the Data Subject

You have the following rights regarding the processing of your personal data:

a) Right to Access

In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. This includes:

  • The purposes of the processing
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom your personal data has been or will be disclosed
  • The planned duration of storage or, if this is not possible, the criteria used to determine the storage duration
  • The existence of the right to request rectification, erasure, restriction of processing, or to object to processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • Information about the source of your data, if it was not collected from you directly
  • The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and intended consequences of such processing

b) Right to Rectification

According to Art. 16 GDPR, you have the right to request the immediate correction of inaccurate or incomplete personal data that we have stored.

c) Right to Erasure

You have the right to request that your personal data be erased without undue delay in accordance with Art. 17 GDPR, provided that one of the following reasons applies:

  • The personal data is no longer necessary for the purposes for which it was collected or processed.
  • You withdraw your consent on which the processing was based, and there is no other legal ground for processing.
  • You object to the processing, and there are no overriding legitimate grounds for processing.
  • The personal data has been unlawfully processed.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data was collected in relation to the offer of information society services as referred to in Art. 8 (1) GDPR.

d) Right to Restriction of Processing

Under Art. 18 GDPR, you have the right to request the restriction of processing of your personal data under certain conditions. This right may be exercised if:

  • You contest the accuracy of the data (for a period enabling us to verify its accuracy).
  • The processing is unlawful, and you request the restriction of its use rather than erasure.
  • We no longer need the data for the purposes of processing, but you need it to establish, exercise, or defend legal claims.
  • You object to the processing pending verification of whether our legitimate grounds override yours.

e) Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing under Art. 16, 17, or 18 GDPR, we are obliged to notify all recipients to whom your personal data has been disclosed unless this proves impossible or involves disproportionate effort. You can request information about these recipients.

f) Right to Data Portability

According to Art. 20 GDPR, you have the right to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit this data to another controller, provided the processing is based on consent or a contract and is carried out by automated means.

g) Right to Withdraw Consent

According to Art. 7 (3) GDPR, you have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

h) Right to Lodge a Complaint

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i) Right to Object

According to Art. 21 GDPR, you have the right to object to the processing of your personal data at any time, provided the processing is based on Art. 6 (1) sentence 1 lit. e or f GDPR. This right applies if there are reasons relating to your particular situation, or if your objection is directed at direct marketing. In the latter case, you have an absolute right to object, and we will stop processing your data for marketing purposes.

If you wish to exercise your right to object or withdraw consent, an email to hello@red5-agency.de will suffice.

j) Automated Individual Decision-Making, Including Profiling

You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you, unless the decision:

  • Is necessary for entering into or performing a contract between you and us.
  • Is authorized by Union or Member State law to which we are subject, and these laws contain suitable measures to safeguard your rights and freedoms as well as your legitimate interests.
  • Is based on your explicit consent.

In the cases referred to in i) and iii), we will implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention, to express your point of view, and to contest the decision.

11. Changes to the Privacy Policy

If we change our privacy policy, this will be indicated on our website.

Last updated: October 18, 2024