Privacy Policy
Privacy Policy
We take the protection of your data very seriously and want you to feel safe and comfortable when visiting our website.
feel safe and comfortable when visiting our website. In the following we explain which
personal data we collect, what we use it for and how we use it, and what rights you
you have in relation to your data.
A. Responsible body, data protection officer
The responsible party in terms of data protection laws is DripDrip GmbH, Eppendorfer
Baum 26, 20249 Hamburg, Germany, represented by its managing directors Philip Brand and Jürgen Mehrtens.
(also data protection officer).
If you have any questions or concerns regarding data protection, you can contact us at datenschutz@dripdrip.eu.
reach us.
B. Definitions
The data protection statement is based on the terms used by the European
and the legislator when adopting the General Data Protection Regulation (DSGVO).
used. Our data protection declaration is intended to be easily readable for the public as well as for
our customers and business partners to be easy to read and understand. In order to ensure this
we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy statement:
- Personal data: Personal data is any information that relates
to an identified or identifiable natural person (hereinafter "data subject").
Person"). An identifiable natural person is one who can be identified directly
or indirectly, in particular by means of an association with an identifier such as a name, a
number, to location data, to an online identifier or to one or more special
or one or more special characteristics that express the physical, physiological, genetic, mental, economic, mental
genetic, mental, economic, cultural or social identity of that natural person.
natural person can be identified.
- Data Subject: A data subject is any identified or identifiable
natural person whose personal data are processed by the controller.
Controller is processed.
2
- Processing: Processing shall mean any operation or set of operations which is performed with or without the aid of automated
or series of operations which are carried out with or without the aid of automated
personal data, such as the collection, recording, organization, filing
storage, adaptation or alteration, retrieval, consultation, use, disclosure, processing or
use, disclosure by transmission, dissemination or otherwise making available, alignment or
other form of provision, comparison or linking, the restriction, deletion or
Restriction, erasure or destruction.
- Restriction of processing: Restriction of processing is the marking of
stored personal data with the aim of limiting their future processing.
limited.
- Pseudonymization: Pseudonymization is the processing of personal data in such a way that the
data in such a way that the personal data can no longer be related to a specific
information can no longer be attributed to a specific data subject, provided that
data subject without the addition of further information, provided that this additional
stored separately and is subject to technical and organizational measures,
measures which ensure that the personal data cannot be attributed to an identified or
identifiable natural person.
- Controller or person responsible for processing: the controller or person responsible for
the processing is the natural or legal person, public authority,
body or other entity which alone or jointly with others determines the
purposes and means of the processing of personal data. If
the purposes and means of that processing are determined by Union law or Member State law, the
Member State law, the controller or the specific
criteria for his designation may be provided for by Union or Member State law.
be provided for.
- Processor: a processor is a natural or legal person,
authority, agency or other body which processes personal data on behalf of the
the controller.
- Recipient: a recipient is a natural or legal person, public authority,
institution or other body to which personal data are disclosed,
regardless of whether or not it is a third party. Authorities,
which, in the context of a specific investigative task under Union or
Member State law may receive personal data,
shall not, however, be deemed to be recipients.
3
- Third party: A third party is a natural or legal person, public authority, agency or
body other than the data subject, the controller, the processor and the persons
processor and the persons who, under the direct responsibility of the data
the controller or the processor who are authorized to process the personal data.
Data to be Processed.
- Consent: Consent shall mean any voluntary action taken by the data subject for the
case in an informed and unambiguous manner, in the form of a declaration of
in the form of a declaration or other unambiguous affirmative action by which the data subject
affirmative action by which the data subject indicates his or her agreement to the
the processing of personal data concerning him or her.
C. Data processing on this website
The sole purpose of our website is to provide information about our
offers. When you visit our website, only the data that is transmitted from your
browser to our server. This data is necessary so that you can
website is displayed and you can navigate on it. Legal basis for the
collection of the data is Art. 6 para. 1 letter f) DSGVO. In detail, the following data is collected
collected when you visit our website:
- Name and URL of the retrieved file,
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system arrives at our website (so-called referrer), and
(so-called referrer),
- the sub-websites that are accessed via an accessing system on our website, and
accessed via an accessing system,
- the date and time of an access to the internet page,
- an Internet protocol address (IP address),
- the Internet service provider of the accessing system and
- other similar data and information, which may be used to avert danger in the case of
attacks on our information technology systems.
When using these general data and information, we do not draw any conclusions about the data subject.
about the data subject. Rather, this information is required in order to
4
- deliver the contents of our website correctly,
- to evaluate the security and stability of the system and for other administrative
administrative purposes,
- ensure the long-term operability of our information technology systems and the
of the technology of our website, as well as
- law enforcement authorities in the event of a cyber attack, to provide the information necessary for
information necessary for prosecution.
This anonymously collected data and information is evaluated by us with the aim of
evaluated to increase data protection and data security in our company,
Ultimately, this ensures an optimal level of protection for the personal data we process.
data processed by us. The anonymous data of the server log files are stored separately from any personal data
personal data provided by a data subject and deleted after six months at the latest.
deleted after six months at the latest.
D. Legal or contractual regulations for the provision of the
personal data; necessity for the conclusion of the contract; obligation
of the data subject to provide the personal data; possible
consequences of non-provision
We clarify that the provision of personal data is in part required by law
prescribed by law (e.g. tax regulations) or may also result from contractual provisions (e.g.
details of the contractual partner). Sometimes, in order to conclude a contract, it may be
contract, it may be necessary for a data subject to make personal data available to us, which
which subsequently have to be processed by us. The data subject is
obligated, for example, to provide us with personal data when our
Company concludes a contract with him or her. Failure to provide the
data would mean that the contract with the data subject could not be concluded.
be concluded.
E. Rights of the data subjects
Any data subject shall have the right granted by the European Directive and Regulation Maker through the
by the General Data Protection Regulation to request confirmation from the data
controller whether personal data concerning him or her are being processed.
personal data concerning him or her are being processed. If a data subject wishes to exercise this
E. Rights of the data subjects
Any data subject shall have the right granted by the European Directive and Regulation
the General Data Protection Regulation to obtain from the controller confirmation as to whether he or she
controller whether personal data relating to him or her are being processed.
personal data concerning him or her are being processed. If a data subject wishes to exercise this
5
right of confirmation, he or she may, at any time, contact our
data protection officer or another employee of the controller.
responsible for the processing.
Any person concerned by the processing of personal data has the right, granted by the
European Directive and Regulation to obtain at any time from the controller, free of charge, the information
controller, free of charge, about the personal data stored about him or her
stored personal data and to receive a copy of this information. Furthermore,
the European Directive and Regulation has granted the data subject the right to obtain
Access to the following information:
- the purposes of processing,
- the categories of personal data processed,
- the recipients or categories of recipients to whom the personal data have been or will be
personal data have been or will be disclosed,
in particular, in the case of recipients in third countries or international organizations,
- if possible, the planned duration for which the personal data will be stored, or, if this is not possible
or, if this is not possible, the criteria for determining this duration,
- the existence of a right to rectification or erasure of the personal data concerning them
erasure of the personal data relating to them or to the restriction of processing by the
Controller or a right to object to such processing,
- the existence of a right of appeal to a supervisory authority,
- if the personal data are not collected from the data subject:
Any available information on the origin of the data.
Furthermore, the data subject shall have the right to obtain information as to whether personal
data have been transferred to a third country or to an international organization. If this is
country or to an international organization, the data subject shall also have the right to be informed about the
appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right to information, he or she may contact
data protection officer or another employee of the controller at any time.
responsible for the processing.
Any data subject concerned by the processing of personal data shall have the
European Directive and Regulation, the right to obtain the immediate rectification of
rectification of inaccurate personal data concerning him or her. Furthermore
The data subject shall also have the right, taking into account the purposes of the processing,
6
the completion of incomplete personal data - also by means of a supplementary declaration.
supplementary declaration.
If a data subject wishes to exercise this right of rectification, he or she may contact
data protection officer or another employee of the controller at any time.
responsible for the processing.
7
technology available and the costs of implementation, including technical measures to
technical means, to inform other data controllers which process the personal data
process the published personal data about the fact that
the data subject requests from those other data controllers the erasure of all links to the personal data or to the personal data processed by the data controller.
erasure of all links to this personal data or copies or replications thereof.
replications of such personal data, where the processing is not
necessary. The data protection officer or another employee will arrange the
necessary steps in individual cases.
Any person affected by the processing of personal data has the right to object to the processing as laid down by the
European Directive and Regulation (pursuant to the GDPR) the right to obtain from the
controller to restrict the processing if one of the following
conditions are met:
- The accuracy of the personal data is contested by the data subject
contested for a period enabling the controller to verify the accuracy of the personal data.
Verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the
personal data and requests instead the restriction of the
Use of the personal data.
- The controller no longer needs the personal data for the purposes of the
processing, but the data subject needs it for the assertion, exercise or defense of
assertion, exercise or defense of legal claims.
- The data subject has objected to the processing pursuant to Art. 21 para. 1
DSGVO and it is not yet clear whether the legitimate grounds of the
Controller outweigh those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the
Restriction of personal data stored by the DripDrip GmbH,
GmbH, he or she may, at any time, contact our data protection officer or another employee of the controller.
another employee of the controller. The
Data Protection Officer or another employee will arrange the restriction of the processing.
arrange. Any person affected by the processing of personal data shall have the
right granted by the European Directive and Regulation (pursuant to the GDPR) to obtain the
personal data concerning him or her, which has been provided by the data subject to a
data controller in a structured, common and machine-readable format.
machine-readable format. He or she also has the right to transmit this data to another
another data controller without hindrance from the data controller to whom the
Each data subject concerned by the processing of personal data has the right to exercise the rights granted by the
European Directive and Regulation (in accordance with the Data Protection Regulation) to demand from the
controller that the personal data concerning him or her be erased without undue
erased without undue delay, provided that one of the following reasons applies and to the extent that the
processing is not necessary:
- The personal data were collected or otherwise processed for such purposes for which they are no longer
manner for which they are no longer necessary.
- The data subject revokes his/her consent on which the processing is based pursuant to.
Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO was based on, and there is
there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Art. 21 (1) DSGVO and there is no other legal basis for the processing.
Processing and there are no overriding legitimate grounds for the
processing, or the data subject objects to the processing pursuant to Art. 21 (2) DSGVO.
Objection to the processing.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal
obligation under Union law or the law of the Member States,
to which the controller is subject.
- The personal data have been processed in relation to services offered by the
Information Society pursuant to Art. 8 (1) DSGVO.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of
personal data stored by the DripDrip GmbH,
In order to do so, he or she may at any time contact our data protection officer or another
Employee of the controller. The data protection officer
or another employee will arrange for the deletion request to be complied with immediately.
complied with immediately.
If the personal data was made public by the DripDrip GmbH and our company is
our company as the responsible party pursuant to Art. 17 Para. 1 DSGVO to delete the
DripDrip GmbH shall take the necessary steps to ensure the erasure of the personal data, taking into account the requirements of the applicable laws.
provided personal data, provided that the processing is carried out on the basis of
the consent according to. Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR
or on a contract acc. Art. 6 para. 1 lit. b) GDPR and the processing
is carried out by automated means, unless the processing is carried out for the purpose of
is necessary for a task carried out in the public interest or in the exercise of public duties.
Violence takes place, which has been delegated to the person responsible.
Furthermore, when exercising his or her right to data portability, the data subject shall:
acc. Art. 20 para. 1 GDPR the right to obtain that the personal data
are transmitted directly from one controller to another,
as far as this is technically feasible and insofar as this does not affect the rights and freedoms of others
persons may be affected.
In order to assert the right to data portability, the data subject may:
at any time to the data protection officer appointed by DripDrip GmbH or a
other employees. Any person affected by the processing of personal data
The person has received the information from the European legislator (according to the GDPR)
granted right, for reasons arising from their particular situation, at any time
against the processing of personal data concerning them, which is based on Art. 6
Para. 1 letter. (e) or f) GDPR takes place to lodge an objection. The DripDrip GmbH
no longer processes the personal data in the event of an objection, unless:
we can demonstrate compelling legitimate grounds for the processing, which
the interests, rights and freedoms of the data subject prevail or the processing,
asserting, exercising or defending legal claims.
Any person affected by the processing of personal data has the right to
The European legislator (according to the GDPR) is granted the right to
To revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may:
please contact our data protection officer or another employee at any time.
contact the controller.
F. Use of cookies
In order to make the visit to our website attractive and the use of certain
To enable functions, we use so-called cookies on various pages.
These are small text programs, which after visiting our website on your computer (in
your browser). If you visit our website again after that,
9
the browser you use sends the information stored in the cookie
our website and can give you so e. g. make navigation easier, because presets
be taken over. Cookies are not viruses and can not be used by malware
on your computer. They are just short texts that run between web server and browser
to be exchanged. The following types of cookies are used on our website:
• Transient cookies (temporary cookies)
These cookies are only stored for the period of use of your browser.
These store a so-called session ID, with which various requests
allow your browser to be assigned to the joint session. This will allow your
Your computer will be recognized when you return to the website. As soon as you see the
If the browser closes, these cookies are also automatically deleted.
• Persistent cookies (temporary cookies)
These cookies differ from the transient cookies only in that:
they are not automatically deleted when you close the browser, but
only after a preset time. However, you can use these cookies at any time via the
Delete your browser settings.
Basically, you can configure the settings of your browser so that cookies
are not accepted or stored only to a limited extent by the latter. If you are from
makes use of this option, however, it may lead to limitations in the usability
our website.
G. Notification of changes
Changes to the law or changes to our internal processes may result in an adjustment
make this Privacy Policy necessary. In the event of such a change:
we will notify you no later than six weeks before the date of entry into force. You generally have a
Right of revocation with regard to the granted consents.
It should be noted that (unless the right of withdrawal is exercised) the respective
current version of the data protection declaration which is valid.
H. Legal basis of processing
Art. 6 para. 1 lit. a) GDPR serves our company as the legal basis for
processing operations in which we obtain consent for a specific
Obtain the purpose of processing. Is the processing of personal data to fulfil
10
a contract to which the data subject is a party, such as:
for example, in the case of processing operations carried out in connection with a supply of goods or
the provision of any other service or consideration is necessary, the
Processing according to Art. 6 para. 1 lit. b) GDPR. The same shall apply to such
processing operations necessary for the implementation of pre-contractual measures;
e. g. in cases of enquiries about our products or services. Subject to our
undertakings of a legal obligation by which the processing of
personal data is required, such as to comply with tax obligations.
Obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR. In rare cases
the processing of personal data may be necessary in order to:
vital interests of the data subject or another natural person
protect. This would be the case, for example, if a visitor or customer in our
company and as a result his name, age or other
vital or necessary information to a doctor, hospital or other
Third parties would have to be passed on. Then the processing would be based on Art. 6 para. 1 letter.
d) based on GDPR. Ultimately, processing operations based on Art. 6 para. 1 (f)
GDPR. This legal basis is used for processing operations carried out by:
none of the abovementioned legal bases are recorded if the processing is carried out for
Safeguarding a legitimate interest of our company or a third party is required
provided that the interests, fundamental rights and freedoms of the data subject do not prevail.
Such processing operations are permitted to us, in particular, because they are permitted by the
European legislators were specifically mentioned in the GDPR. Thereafter, a
legitimate interest exists if the data subject is a customer of the controller
is (Recital 47 sentence 2 GDPR).
I. Legitimate interests in the processing pursued by the controller or a
Third parties are persecuted
If the processing of personal data is based on Art. 6 para. 1 lit. f) GDPR is
our legitimate interest the performance of our business activities for the benefit of the
Well done to all our employees and partners.
J. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective
statutory retention period. After the expiry of the period, the relevant data will be
11
routinely deleted, unless they are no longer required for contract performance or initiation
are necessary.
K. The responsible person or your contact person
If you have questions about the collection, processing or use of your personal data,
Information, correction, blocking or deletion of data as well as revocation of granted
For consents or objections to a specific use of data, please contact
directly to the website operator (DripDrip GmbH). Their contact details may be used by the
Imprint of this website (see also A. ).
L. Data protection for applications and in the application procedure
The controller collects and processes the personal data
by applicants for the purpose of conducting the application procedure. The processing
may also be done electronically. This is particularly the case if a
Applicants submit relevant application documents electronically,
e. g. by e-mail or via a web form on the website,
transmitted to the controller. Closes the for processing
Responsible for an employment contract with an applicant, the transmitted data will be
for the purpose of executing the employment relationship in accordance with the
stored in accordance with legal regulations. If the controller is responsible for the processing
if an employment contract is not concluded with the applicant, the application documents are
deleted after two months, unless deletion does not have any other legitimate interests
of the controller. Other legitimate interest
in this sense, for example, a burden of proof in proceedings under the
General Equal Treatment Act (AGG).
M. Further information
Your trust is important to us. That is why we would like to have an answer at any time regarding the
processing of your personal data. If you have any questions that these
Privacy Policy could not respond or if you deepened to a point
For information, please contact the operator of the website at any time. Of which:
Contact details can be found in the imprint of this website.
12
• Use of Google (Universal) Analytics for web analysis:
On this website, Google Analytics, a web analytics service of Google Inc. (“Google”)
used. Google Analytics uses so-called “cookies”, text files that are placed on your computer
be stored and which enable an analysis of your use of the website.
The information generated by the cookie about your use of this website is stored in
usually transmitted to a Google server in the USA and stored there. On this
Website is an IP anonymization activated. Therefore, your IP address will be sent by Google
within member states of the European Union or in other contracting states of the
Agreement on the European Economic Area. Only in exceptional cases
the full IP address is transmitted to a Google server in the USA and shortened there.
Google will use this information to evaluate your use of the website in order to:
to compile reports on the website activities and to provide further information on the
use of the website and services related to the use of the internet in relation to the
website operators to provide. More information:
https://support. google. com/analytics/answer/2763052?hl=de.
• Use of Google Maps:
Our website uses Google Maps to display maps and to create
Directions.
Google Maps is operated by Google Inc. , 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA operated.
By visiting the website, Google receives information that you are using the
have accessed the corresponding page of our website. This is also done independently
whether you have a user account with Google or are logged in through it. Just in case,
that you are logged in with a Google user account while using the website,
the data is assigned directly to your user account. If you do not wish this, you must
you log out before using the service.
By using Google Maps, you agree to the collection, processing and
the use of automatically collected data and the data entered by you by Google
and, if applicable, consented by third parties. The Terms of Use for Google Maps
see Google Maps Terms of Use. Detailed details can be found at
google. de: Transparency and choices as well as privacy policy. That you
You must exercise your right to object directly to Google. About your
browser settings you can deactivate the Google Maps service (deactivation of the
JavaScripts in the browser). A use is then no longer possible.
13
• Google Web Fonts:
This page uses so-called web fonts for uniform representation of fonts, which
provided by Google. When you call up a page, your browser loads the required
Web fonts in your browser cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of
Google record. By doing so, Google becomes aware that via your IP address
our website has been accessed. The use of Google Web Fonts is done in the interest of
a uniform and appealing presentation of our online offers. This sets the
legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.
If your browser does not support Web Fonts, a default font will be used by your browser.
Computers used.
More information about Google Web Fonts can be found at
https://developers. google. com/fonts/faq and in the privacy policy of Google:
https://www. google. com/policies/privacy/.
F. Contact form
If you send us enquiries via the contact form, your details will be sent from
the enquiry form including the contact details provided by you there for the purpose of
Processing of the request and stored with us in case of follow-up questions. These
We do not pass on data without your consent.
The processing of the data entered in the contact form is therefore carried out exclusively
on the basis of your consent (Art. 6 (1) (a) GDPR). You can use these
Revoke consent at any time. An informal e-mail message to us is sufficient. The
The legality of the data processing operations carried out up to the revocation remains
Revocation unaffected.
The data entered by you in the contact form will remain with us until you give us
erasure, revokes consent to storage or the purpose of the
Data storage is no longer necessary (e. g. after completion of processing of your request).
Mandatory legal provisions – in particular retention periods – remain
untouched.
The IP address transmitted by your browser as part of Google Analytics is not
merged with other data held by Google. You can choose the storage of cookies
by a corresponding setting of your browser software. In addition,
14
you can collect the data generated by the cookie and on your use of the website
collected data (including your IP address) to Google and the processing of this data
by Google by using the browser plug-in available under the following link
download and install: http://tools. google. com/dlpage/gaoptout?hl=de.
You can prevent the collection by Google Analytics by clicking on the following
Link clicks. An opt-out cookie is then set, which allows the future collection of your data
when visiting this website: deactivate Google Analytics.
Further and more detailed information on terms of use and data protection can be found
at https://www. google. de/analytics/terms/de. html or at
https://www. google. de/intl/de/policies/.
We would like to point out that on this website Google Analytics
“gat. _anonymizeIp();” has been extended to allow anonymous collection of IP addresses
(so-called IP masking).
G. Newsletter
With express consent acc. Art. 6 para. 1 sentence 1 lit. a) GDPR, your e-mail
Address used for the regular sending of our newsletter. The deregistration is:
at any time via a link at the end of the newsletter, by contacting our
Contact form or by e-mail possible.
IMPRINT
DripDrip GmbH
Eppendorfer Baum 26
20249 Hamburg
represented by: Philip Brand and Jürgen Mehrtens
Hamburg Local Court: HRB 180161
Phone: <will be added>
E-mail: hello@dripdrip. eu
Internet: http://www. dripdrip. eu
Verantwortlich