Project Partner: Queensland Brain Institute | Institute for Molecular Bioscience
The University of Queensland, Brisbane Qld 4072 Australia

Additional terms of use for the Cane Toad Challenge project:

Date: 21st of March 2020

1. Cane toads are toxic across all life stages. In adult cane toads the toxin is concentrated in glands either side of the head, which are known as parotoid glands. Pressure on these glands can initiate the secretion of toxin as a defensive response. Ingestion of secreted toxin and/or any tissue from cane toad eggs, tadpoles, juveniles or adults, can lead to rapid heartbeat, excessive salivation and convulsions, and can be lethal.  You agree that the University of Queensland is not liable for any accident or illness or injury or death caused to you or your pet or any third parties by cane toads when using the Service.

2. You agree to defend, hold harmless and indemnify the University of Queensland against any claims (third party or otherwise) in any way related to the use of the Service, including any costs, expenses, damages, loss, lawsuits, penalties and charges and including judgements and attorney fees for damages to property, injury or loss of life resulting or arising from the use of the application, software and provided tools. The University of Queensland is not liable for your use of the Service or for any content you upload, infringements, damage or accidents during your use of the Service.

3. You consent to your personal information being collected by SPOTTERON and transferred out of the EU (or the country you are located) to Australia. You agree to the collection, processing and use of your personal information, including the transfer of information within Australia, for processing, storage and use by the University of Queensland.

These terms of use are in effect in addition to the terms of use of the SPOTTERON Citizen Science platform for using the specified app. Please read them carefully.

The SPOTTERON Platform runs Citizen Science apps for universities, science institutions and organisations. For the imprints of individual projects please refer to the information panel in the apps or interactive maps or on the project's own websites.

Company Information:

SPOTTERON GMBH
Faßziehergasse 5 / 16
1070 Vienna, AT

VAT Number: ATU73129349
Tax Number: 03 575/4431
PIC Number: 905390338

General Contact Information:
eMail: This email address is being protected from spambots. You need JavaScript enabled to view it.
phone: +43-676-5982272

Here you can find our Terms of use and our Data Policy for review:
Terms of use | AGB (en) - Data Policy | Datenschutzbestimmungen (en)

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you which types of your personal data (hereinafter also abbreviated as "data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Last Update: 22. September 2021

Table of contents

• Preamble

• Controller

• Overview of processing operations

• Legal Bases for the Processing

• Security Precautions

• Transmission of Personal Data

• Data Processing in Third Countries

• Erasure of data

• Use of Cookies

• Business services

• Provision of online services and web hosting

• Special Notes on Applications (Apps)

• Purchase of applications via Appstores

• Registration, Login and User Account

• Community Functions

• Blogs and publication media

• Contact and Inquiry Management

• Chatbots and chat functions

• Push notifications

• Job Application Process

• Cloud Services

• Newsletter and Electronic Communications

• Sweepstakes and Contests

• Surveys and Questionnaires

• Plugins and embedded functions and content

• Changes and Updates to the Privacy Policy

• Rights of Data Subjects

• Terminology and Definitions

Controller

SPOTTERON Gmbh
Faßziehergasse 5, 1070 Vienna, AT

E-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it..

Legal Notice: https://www.spotteron.net/impressum.

Overview of processing operations

The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

Categories of Processed Data

• Inventory data (e.g. names, addresses).

• Content data (e.g. text input, photographs, videos).

• Contact data (e.g. e-mail, telephone numbers).

• Meta/communication data (e.g. device information, IP addresses).

• Usage data/Log-files (e.g. websites visited, interest in content, access times).

• Images and/ or video recordings (e.g. photographs or video recordings of a person).

• Audio recordings.

• Location data (Information on the geographical position of a device or person).

• Location history and mobility profiles (Collection of location data and position changes over a certain period of time).

• Contract data (e.g. contract object, duration, customer category).

• Job applicant details (e.g. Personal data, postal and contact addresses and the documents pertaining to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, etc., as well as other information on the person or qualifications of applicants provided with regard to a specific job or voluntarily by applicants).

Categories of Data Subjects

• Users (e.g. website visitors, users of online services).

• Students/ Participants.

• Participants in sweepstakes and competitions.

• Employees (e.g. Employees, job applicants).

• Job applicants.

• Business and contractual partners.

• Prospective customers.

• Communication partner (Recipients of e-mails, letters, etc.).

• Customers.

Purposes of Processing

• Provision of our online services, apps and usability.

• Office and organisational procedures.

• Direct marketing (e.g. by e-mail or postal).

• Conducting sweepstakes and contests.

• Feedback (e.g. collecting feedback via online form).

• Contact requests and communication.

• Profiles with user-related information (Creating user profiles).

• Security measures.

• Provision of contractual services and customer support.

• Managing and responding to inquiries.

• Job Application Process (Establishment and possible later execution as well as possible later termination of the employment relationship).

Legal Bases for the Processing

In the following, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

• Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

• Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

• Compliance with a legal obligation (Article 6 (1) (c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.

• Legitimate Interests (Article 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

• Job application process as a pre-contractual or contractual relationship (Article 9 (2)(b) GDPR) - If special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data, such as severely handicapped status or ethnic origin) are requested from applicants within the framework of the application procedure, so that the responsible person or the person concerned can carry out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law, their processing shall be carried out in accordance with Article 9 (2)(b) GDPR , in the case of the protection of vital interests of applicants or other persons on the basis of Article 9 (2)(c) GDPR or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 (2)(d) GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Article 9 (2)(a) GDPR.

National data protection regulations in Austria: In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Austria. This includes in particular the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act - DSG). In particular, the Data Protection Act contains special provisions on the right of access, rectification or cancellation, processing of special categories of personal data, processing for other purposes and transmission and automated decision making in individual cases.

Security Precautions

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects' rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

SSL encryption (https): In order to protect your data transmitted via our online services in the best possible way, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of Personal Data

In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognised level of data protection, on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission or if certifications or binding internal data protection regulations justify the processing (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Erasure of data

The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or they are not required for the purpose).

If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

In the context of our information on data processing, we may provide users with further information on the deletion and retention of data that is specific to the respective processing operation.

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after his visit within an online service. The information stored can include, for example, the language settings on a website, the login status, a form or the location where a video was viewed. The term "cookies" also includes other technologies that fulfil the same functions as cookies (e.g. if user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following types and functions of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed his browser or app.

• Permanent cookies: Permanent cookies remain stored even after closing the browser or app. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again.

• First-Party-Cookies: First-Party-Cookies are set by ourselves.

• Third party cookies: Third party cookies are mainly used by external service providers (so-called third parties) to process user information.

• Necessary (also: essential) cookies: Cookies can be necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons).

Information on legal basis: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this applies and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in a business operation of our online service and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Retention period: Unless we provide you with explicit information on the retention period of permanent cookies (e.g. within the scope of a so-called cookie opt-in), please assume that the retention period can be as long as two years.

General information on Withdrawal of consent and objection (Opt-Out): Respective of whether the processing is based on consent or legal permission, you have the option at any time to object to the processing of your data using cookie technologies or to revoke consent (collectively referred to as "opt-out"). You can initially explain your objection using the settings of your browser, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online services). In addition, you can receive further information on objections in the context of the information on the used service providers and cookies.

Cookies and similar technologies that generally do not need consent:

• User input cookies, for the duration of a session

• Authentication cookies, for the duration of a session

• User centric security cookies, used to detect authentication abuses and linked to the functionality explicitly requested by the user, for a limited persistent duration

• Multimedia content player session cookies, such as flash player cookies, for the duration of a session

• Load balancing session cookies, for the duration of session

• User interface customisation cookies, for a browser session or a few hours, unless additional information in a prominent location is provided (e.g. “uses cookies” written next to the customisation feature)

Source: https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies+and+similar+technologies

• Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. website visitors, users of online services).

• Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Provision of online service, apps and web hosting

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed within the framework of the provision of the hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online services to browsers, and all entries made within our online services or from websites.

E-mail Sending and Hosting: The web hosting services we use also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders, as well as other information relating to the sending of e-mails (e.g. the providers involved) and the contents of the respective e-mails are processed. The above data may also be processed for SPAM detection purposes. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and reception on our server.

Collection of Access Data and Log Files: We, ourselves or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers .

• Processed data types: Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. website visitors, users of online services).

• Purposes of Processing: Provision of our online services and usability.

• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Services and service providers being used:

• Applications (European Server Locations): Microsoft Cloud Services/Azure: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider Austria/EU: Microsoft Österreich GmbH, Am Euro Platz 3, 1120 Wien, AT; Service provider headquarters: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter.

• Applications: Elastic Search Data search & Data Caching: Elasticsearch B.V., Keizersgracht 281, 1016 ED Amsterdam, EU; Website: https://www.elastic.co/elasticsearch/, Privacy Statement: https://www.elastic.co/legal/privacy-statement

• Applications: Sendgrid: Automated eMail sending; Twilio Germany GmbH, Rosenheimer Str. 143C, 81671 Munich, Germany; Website: https://sendgrid.com, Privacy Statement: https://www.twilio.com/legal/privacy

• Domain hosting/Webhosting/Websites: hosteurope: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany; Website: https://www.hosteurope.de/en; Privacy Policy: https://www.hosteurope.de/en/terms-and-conditions/privacy.

Special Notes on Applications (Apps)

We process the data of the users of our application to the extent necessary to provide the users with the application and its functionalities, to monitor its security and to develop it further. Furthermore, we may contact users in compliance with the statutory provisions if communication is necessary for the purposes of administration or use of the application. In addition, we refer to the data protection information in this privacy policy with regard to the processing of user data.

Legal basis: The processing of data necessary for the provision of the functionalities of the application serves to fulfil contractual obligations. This also applies if the provision of the functions requires user authorisation (e.g. release of device functions). If the processing of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimising the application or security purposes), it is carried out on the basis of our legitimate interests. If users are expressly requested to give their consent to the processing of their data, the data covered by the consent is processed on the basis of the consent.

Commercial use: We process the data of the users of our application, registered and any test users (hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our application and to develop it further. The required details are identified as such within the scope of the conclusion of a contract for the use of the application, the conclusion of an order, an order or a comparable contract and may include the details required for the provision of services as well as contact information in order to be able to hold any consultations.

Device authorizations for access to functions and data: The use of certain functions of our application may require access to the camera and the stored recordings of the users. By default, these authorizations must be granted by the user and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user's device and software. Users can contact us if they require further explanation. We would like to point out that the refusal or revocation of the respective authorizations can affect the functionality of our application.

Accessing the camera and stored recordings: In the course of using our application, image and/or video recordings (whereby audio recordings are also included) of the users (and of other persons captured by the recordings) are processed by accessing the camera functions or stored recordings. Access to the camera functions or stored recordings requires an authorization by the user that can be withdrawn at any time. The processing of the image and/or video recordings serves only to provide the respective functionality of our application, according to its description to the users or the typical and expectable functionality of the application.

Use of the microphone functions: The use of certain functions of our application may require access to the camera and the stored recordings of the users. By default, these authorizations must be granted by the user and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user's device and software. Users can contact us if they require further explanation. We would like to point out that the refusal or revocation of the respective authorizations can affect the functionality of our application.

Processing of location data: Within the course of using our application, the location data collected by the device used or otherwise entered by the user are processed. The use of the location data requires an authorization of the users, which can be revoked at any time. The use of the location data serves only to provide the respective functionality of our application, according to its description to the users or its typical and expectable functionality.

Location history and movement profiles: Based on the location data collected in the course of using particular features of our application, a location history can be generated which shows the geographical movements of the devices used over a period of time (and can allow to draw conclusions about the movement profile of the users). The location history is only used to provide the respective functionality of our application, according to its description to the users, or its typical and expectable functionality.

• Processed data types: Inventory data (e.g. names, addresses), Meta/communication data (e.g. device information, IP addresses), Payment Data (e.g. bank details, invoices, payment history), Contract data (e.g. contract object, duration, customer category), Images and/ or video recordings (e.g. photographs or video recordings of a person), Audio recordings, Location data (Information on the geographical position of a device or person), Location history and mobility profiles (Collection of location data and position changes over a certain period of time).

• Data subjects: Users (e.g. App users, users of online services).

• Purposes of Processing: Provision of contractual services and customer support.

• Legal Basis: Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Download of applications via Appstores

The download of our apps is done via special online platforms operated by other service providers (so-called "appstores"). In this context, the data protection notices of the respective appstores apply in addition to our data protection notices. This applies in particular with regard to the methods used on the platforms for webanalytics and for interest-related marketing as well as possible costs.

• Processed data types: Inventory data (e.g. names, addresses), Payment Data (e.g. bank details, invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g. contract object, duration, customer category), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Customers.

• Purposes of Processing: Provision of contractual services and customer support.

• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and service providers being used:

• Apple App Store: App and software distribution platform; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/ios/app-store/; Privacy Policy: https://www.apple.com/privacy/privacy-policy/.

• Google Play: App and software distribution platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://play.google.com/store/apps?hl=en; Privacy Policy: https://policies.google.com/privacy.

Registration, Login and User Account

Users can create a user account. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of contractual fulfilment of obligations. The processed data includes in particular the login information (name, password and an e-mail address).

Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by e-mail or via in-app messages of information relevant to their user account, such as technical changes.

Registration with pseudonyms: Users may use pseudonyms as user names instead of real names.

Users' profiles are public: Users' profiles are publicly visible and accessible.

Deletion of data after termination: If users have terminated their user account, their data relating to the user account will be deleted, subject to any legal permission, obligation or consent of the users.

It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

• Processed data types: Inventory data (e.g. names, user names), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. app users, website visitors, users of online services).

• Purposes of Processing: Provision of contractual services and customer support, Security measures, Managing and responding to inquiries.

• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Community Functions & User Contributions

The community functions provided by us allow users to engage in conversations and other forms of interaction with each other. In addition, the applications allow our users to contribute content. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our terms of use and guidelines and the rights of other users and third parties.

User contributions are public: The posts and content created by users are publicly visible and accessible.

Setting the visibility of posts: By using their settings, users can determine the extent to which the posts and content they create are visible or accessible to the public or only to certain persons or groups.

Storage of data for security purposes: The posts and other entries of the users are processed for the purposes of the community and conversation functions and, subject to legal obligations or legal permission, are not disclosed to third parties. An obligation to disclosure may arise in particular in the case of unlawful posts for the purposes of legal prosecution. We would like to point out that, in addition to the content of the posts, their time and the IP address of the user are also stored. This is done in order to be able to take appropriate measures to protect other users and the community.

Right of deletion: The deletion of posts, content or information provided by users is permissible to the extent necessary after proper consideration if there are concrete indications that they could represent a violation of legal regulations, our provisions or the rights of third parties.

Restricted deletion of posts: Out of consideration for other users, the user's contributions to conversations can remain stored even after termination and account deletion, so that conversations, comments, advice and similar communications do not lose their meaning or become inverted.This ensures that conversations, comments, advice or similar communication between and among users do not lose their meaning or become inverted. User names will be deleted or pseudonymised if they were not already pseudonyms. Users can request the complete deletion of their posts at any time.

Protection of own data: Users decide for themselves what data they disclose about themselves within our online services. For example, when users provide personal information or participate in conversations. We ask users to protect their data and to publish personal data only with caution and only to the extent necessary. In particular, we ask users to note that they must protect their login credentials in particular and use secure passwords (preferably long and random combinations of characters).

• Processed data types: Usage data and contributions (e.g. user-generated content (UGC), websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. app users, website visitors, users of online services).

• Purposes of Processing: Provision of contractual services and customer support, Security measures.

• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Push notifications

With the consent of the users, we can send the users so-called "push notifications". These are messages that are displayed on users' screens, devices or browsers, even if our online services are not being actively used.

In order to sign up for push messages, users must confirm that their browser or device has requested to receive push messages. This approval process is documented and stored. The storage is necessary to recognize whether users have consented to receive the push messages and to be able to prove their consent. For these purposes, a pseudonymous identifier of the browser (so-called "push token") or the device ID of a terminal device is stored.

The push messages may be necessary for the fulfilment of contractual obligations (e.g. technical and organisational information relevant for the use of our online offer) and will otherwise be sent unless specifically mentioned below, on the basis of user consent. Users can change the receipt of push messages at any time using the notification settings of their respective browsers or end devices.

• Purposes of Processing: Provision of contractual services and customer support.

• Legal Basis: Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

Services and service providers being used:

• Firebase: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://firebase.google.com; Privacy Policy: https://policies.google.com/privacy.

Plugins and embedded functions and content

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or maps (hereinafter uniformly referred to as "Content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

Information on legal basis: If we ask users for their consent (e.g. in the context of a so-called "cookie banner consent"), the legal basis for processing is this consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services. We refer you to the note on the use of cookies in this privacy policy.

Integration of third-party software, scripts or frameworks: We incorporate into our online services software which we retrieve from servers of other providers (e.g. function libraries which we use for the purpose of displaying or user-friendliness of our online services). The respective providers collect the user's IP address and can process it for the purposes of transferring the software to the user's browser as well as for security purposes and for the evaluation and optimisation of their services.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos).

• Data subjects: Users (e.g. website visitors, users of online services).

• Purposes of Processing: Provision of our online services and usability, Provision of contractual services and customer support, Profiles with user-related information (Creating user profiles).

• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR), Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

Services and service providers being used:

Application-specific:

• OpenStreetMap: We integrate the maps of the service "OpenStreetMap", which are offered based on the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). OpenStreetMap uses user data exclusively for the purpose of displaying map functions and temporarily storing the selected settings. This data may include, in particular, IP addresses and location data of users, which are not collected without their consent (usually within the context of the settings of their mobile devices). Service provider: OpenStreetMap Foundation (OSMF); Website: https://www.openstreetmap.de; Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.

• MapTiler Cloud: We integrate the maps of the service "MapTiler Cloud". MapTiler Cloud uses user data exclusively for the purpose of displaying map functions and temporarily storing the selected settings. This data may include, in particular, IP addresses and location data of users, which will only be stored for a limited time. Service provider: Maptiler Cloud: Höfnerstrasse 98, 6314 Unterägeri, Switzerland; Website: https://www.maptiler.com; Privacy Policy: https://www.maptiler.com/privacy-policy/ 

• HERE Satellite Map: We can use Satellite Maps provided by HERE.com as an optional layer in integrated map applications. Service Provider: HERE Global B.V. Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands, Terms of use: https://legal.here.com/en-gb/terms/here-end-user-terms, Privacy Policy: https://legal.here.com/en-gb/privacy

• Mapbox: We integrate the maps of the service "Mapbox" as optional map choice. The data processed may include, in particular, IP addresses and location data of users, which are not collected without their consent (usually within the framework of the settings of their mobile devices); Service provider: Mapbox Inc., 740 15th Street NW, 5th Floor, District of Columbia 20005, USA; Website: https://www.mapbox.com; Privacy Policy: https://www.mapbox.com/legal/privacy

• hCaptcha: We integrate the "hCaptcha" function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically operating machines (so-called "bots"). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, touch inputs, time spent on websites, previously visited websites, interactions with hCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). Service provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, US; Website: https://www.hcaptcha.com; Privacy Policy: https://www.hcaptcha.com/privacy

• reCAPTCHA: Alternatively to “hCaptcha”, we integrate the "reCAPTCHA" function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically operating machines (so-called "bots"). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://adssettings.google.com/authenticated.

Website/media-specific:

• YouTube-Videos: Video content; ouTube videos are integrated via a special domain (recognizable by the component "youtube-nocookie") in the so-called " enhanced data protection mode", whereby no cookies on user activities are collected in order to personalise the video playback. Nevertheless, information on the user's interaction with the video (e.g. remembering the last playback point) may be stored. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy.

• Vimeo: video contents; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-Out: We point out that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) as well as opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=en) or the settings of Google for data use for marketing purposes (https://adssettings.google.com/).

• Soundcloud Music Player Widget: Soundcloud Music Player Widget; Service provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.

Contact and Inquiry Management

When contacting us (e.g. via contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

The response to the contact inquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries and maintaining user or business relationships.

• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos).

• Data subjects: Communication partner (Recipients of e-mails, letters, etc.).

• Purposes of Processing: Contact requests and communication.

• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium") in our websites. Readers' data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy policy.

Comment subscriptions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our safety, if someone leaves illegal contents (insults, forbidden political propaganda, etc.) in comments and contributions. In this case, we ourselves can be prosecuted for the comment or contribution and are therefore interested in the author's identity.

Furthermore, we reserve the right to process user data for the purpose of spam detection on the basis of our legitimate interests.

On the same legal basis, in the case of surveys, we reserve the right to store the IP addresses of users for the duration of the surveys and to use cookies in order to avoid multiple votes.

The personal information provided in the course of comments and contributions, any contact and website information as well as the content information will be stored permanently by us until the user objects.

Comment subscriptions: Follow-up comments can be subscribed to by users with their consent. Users will receive a confirmation email to verify that they are the owner of the email address entered. Users can unsubscribe from current comment subscriptions at any time. The confirmation email will contain information on the cancellation options. For the purposes of proving the users' consent, we store the time of registration along with the users' IP address and delete this information when users unsubscribe from the subscription.

You can cancel the receipt of our subscription at any time, i.e. revoke your consent. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.

Akismet Anti-Spam Checking: We use the "Akismet" service on the basis of our legitimate interests. With the help of Akismet, comments from real people are distinguished from spam comments. All comments are sent to a server in the USA, where they are analyzed and stored for four days for comparison purposes. If a comment has been classified as spam, the data will be stored beyond that time. This information includes the name entered, the e-mail address, the IP address, the comment content, the referrer, information about the browser used, the computer system and the time of the entry.

Users are welcome to use pseudonyms, or to refrain from entering their name or email address. You can completely prevent the transmission of data by not using our comment system. That is a pity, but unfortunately we do not see any alternatives that work just as effectively.

• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. website visitors, users of online services).

• Purposes of Processing: Provision of contractual services and customer support, Feedback (e.g. collecting feedback via online form), Security measures, Managing and responding to inquiries, Contact requests and communication.

• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR), Consent (Article 6 (1) (a) GDPR).

Services and service providers being used:

• Akismet Anti-Spam Checking: Akismet Anti-Spam Checking; Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy.

Sweepstakes and Contests

We process the personal data of participants in We process personal data of participants in competitions, contents, raffles, prize-draws or sweepstakes (hereinafter referred to as "competitions") only in compliance with the relevant data protection regulations and if the processing is contractually necessary for the provision, execution and handling of the competition, the participants have consented to the processing or the processing serves our legitimate interests (e.g. in the security of the competition or the protection of our interests against misuse by possible recording of IP addresses when submitting entries to the competition.

In the event that entries are published as part of the competitions (e.g. as part of a vote or presentation of the competition entries, or the winner or reporting on the competition), we would like to point out that the names of participants may also be published in this context. The participants can object to this at any time.

If the competitions take place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as "online platform"), the usage and data protection provisions of the respective online platforms also apply. In such cases, we would like to point out that we are responsible for the information provided by the participants as part of the competition and that we must be contacted with regard to the competitions.

The data of the participants will be deleted as soon as the competition has ended and the data is no longer required to inform the winners or because questions about the competition can be expected. In general, the data of the participants will be deleted at the latest 6 months after the end of the competition. Winners' data can be retained for a longer period of time, e.g. in order to answer questions about the prizes or to fulfil the prizes; in this case, the retention period depends on the type of prize and is up to three years for items or services, e.g. in order to be able to process warranty claims. Furthermore, the participants' data may be stored for longer, e.g. in the form of coverage of the competition in online and offline media.

Insofar as data was collected for other purposes as part of the competition, its processing and storage period shall be governed by the privacy information for this use (e.g. in the case of registration for a newsletter as part of a competition).

• Processed data types: Inventory data (e.g. names, addresses), Content data (e.g. text input, photographs, videos).

• Data subjects: Participants in sweepstakes and competitions.

• Purposes of Processing: Conducting sweepstakes and contests.

• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

Surveys and Questionnaires

The surveys and questionnaires ("surveys") carried out by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the survey (e.g. processing the IP address to display the survey in the user's browser or to enable a resumption of the survey with the aid of a temporary cookie (session cookie)) or participants have consented. Depending on the survey, optionally users can provide a contact option or a login via a registered user account may be necessary.

Information on legal basis: If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants' data is based on our legitimate interests in conducting an objective survey.

• Processed data types: Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Communication partner (Recipients of e-mails, letters, etc.).

• Purposes of Processing: Contact requests and communication, Direct marketing (e.g. by e-mail or postal).

• Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the context of contractual and comparable legal relationships as well as associated actions and communication with the contractual partners or pre-contractually, e.g. to answer inquiries.

We process this data in order to fulfil our contractual obligations, safeguard our rights and for the purposes of the administrative tasks associated with this data and the business-related organisation. We will only pass on the data of the contractual partners within the scope of the applicable law to third parties insofar as this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of data subjects concerned (e.g. telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about further processing,

Agency Services:

We process the data of our customers within the scope of our contractual services, which may include e.g. conceptual and strategic consulting, campaign planning, software

Education and Training Services:

We process the data of the participants of our education and training programmes (uniformly referred to as " students") in order to provide them with our educational and training services. The data processed, the type, scope and purpose of the processing and the necessity of its processing are determined by the underlying contractual and educational relationship. The processing also includes the performance evaluation and evaluation of our services and the teachers and instructors.

As part of our activities, we may also process special categories of data, in particular information on the health of persons undergoing training or further training and data revealing ethnic origin, political opinions, religious or philosophical convictions. To this end, we obtain, if necessary,

Project and Development Services:

We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as associated activities and to pay for and make available such services or works or to perform such services or works.

The required information is indicated as such within the framework of

Software and Platform Services:

We process the data of our users, registered and any test users (hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offer and to develop it further. The required

• Processed data types: Inventory data (e.g. names, addresses), Payment Data (e.g. bank details, invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g. contract object, duration, customer category).

• Data subjects: Prospective customers, Business and contractual partners, Students/ Participants.

• Purposes of Processing: Provision of contractual services and customer support, Contact requests and communication, Office and organisational procedures, Managing and responding to inquiries.

  Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Job Application Process

The application process requires applicants to provide us with the data necessary for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information contained therein.

In principle, the required information includes personal information such as name, address, a contact option and proof of the qualifications required for a particular employment. Upon request, we will be happy to provide you with additional information.

If made available, applicants can submit their applications via an online form. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of the application between the sender and the reception on our server. For the purposes of searching for applicants, submitting applications and selecting applicants, we may make use of the applicant management and recruitment software, platforms and services of third-party providers in compliance with legal requirements. Applicants are welcome to contact us about how to submit their application or send it to us by regular mail.

Processing of special categories of data: If special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data, such as severely handicapped status or ethnic origin) are requested from applicants within the framework of the application procedure, so that the responsible person or the person concerned can exercise his/her rights arising from labour law and social security and social protection law and fulfil his/her duties in this regard, their processing shall be carried out in accordance with Article 9 (1)(b) GDPR, in the case of the protection of vital interests of applicants or other persons pursuant to Article 9 (1)(c) GDPR or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 (1)(h) GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Article 9 (1)(a) GDPR.

Erasure of data: In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, to which applicants are entitled at any time. Subject to a justified revocation by the applicant, the deletion will take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our duty of proof under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Admission to a talent pool - Admission to a talent pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time in the future.

• Processed data types: Job applicant details (e.g. Personal data, postal and contact addresses and the documents pertaining to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, etc., as well as other information on the person or qualifications of applicants provided with regard to a specific job or voluntarily by applicants).

• Data subjects: Job applicants.

• Purposes of Processing: Job Application Process (Establishment and possible later execution as well as possible later termination of the employment relationship).

• Legal Basis: Job application process as a pre-contractual or contractual relationship (Article 9 (2)(b) GDPR).

Cloud Software & Services

We use Internet-accessible software services (so-called "cloud services", also referred to as "Software as a Service") provided on the servers of its providers for the following purposes: document storage and administration, calendar management, e-mail delivery, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information, as well as chats and participation in audio and video conferences.

Within this framework, personal data may be processed and stored on the provider's servers insofar as this data is part of communication processes with us or is otherwise processed by us in accordance with this privacy policy. This data may include in particular master data and contact data of data subjects, data on processes, contracts, other proceedings and their contents. Cloud service providers also process usage data and metadata that they use for security and service optimization purposes.

If we use cloud services to provide documents and content to other users or publicly accessible websites, forms, etc., providers may store cookies on users' devices for web analysis or to remember user settings (e.g. in the case of media control).

Information on legal basis - If we ask for permission to use cloud services, the legal basis for processing data is consent. Furthermore, their use can be a component of our (pre)contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient and secure administrative and collaboration processes).

• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

• Data subjects: Customers, Employees (e.g. Employees, job applicants), Prospective customers, Communication partner (Recipients of e-mails, letters, etc.).

• Purposes of Processing: Office, communication and organisational procedures.

• Legal Basis: Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and service providers being used:

• Microsoft Cloud Services: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter.

• Google Documents (Google Doc, Google Sheets, Google Slides): Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://firebase.google.com; Privacy Policy: https://policies.google.com/privacy.

Newsletter and Electronic Communications

We send newsletters, e-mails and other electronic communications (hereinafter referred to as "newsletters") only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us.

In order to subscribe to our newsletters, it is generally sufficient to enter your e-mail address. We may, however, ask you to provide a name for the purpose of contacting you personally in the newsletter or to provide further information if this is required for the purposes of the newsletter.

Double opt-in procedure: The registration to our newsletter takes place in general in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses.

The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of your data stored with the dispatch service provider are logged.

Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of an obligation to permanently observe an objection, we reserve the right to store the e-mail address solely for this purpose in a blocklist.

Information on legal bases: The sending of the newsletter is based on the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing. Insofar as we engage a service provider for sending e-mails, this is done on the basis of our legitimate interests. The registration procedure is recorded on the basis of our legitimate interests for the purpose of demonstrating that it has been conducted in accordance with the law.

Contents: Information about us, our services, promotions and offers.

Measurement of opening rates and click rates: The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file, which is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from its server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected.

This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until the profiles are deleted. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The measurement of opening rates and click rates as well as the storage of the measurement results in the profiles of the users and their further processing are based on the consent of the users.

A separate objection to the performance measurement is unfortunately not possible, in this case, the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted.

• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Meta/communication data (e.g. device information, IP addresses), Usage data (e.g. websites visited, interest in content, access times).

• Data subjects: Communication partner (Recipients of e-mails, letters, etc.).

• Purposes of Processing: Direct marketing (e.g. by e-mail or postal).

• Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

• Opt-Out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably e-mail.

Changes and Updates to the Privacy Policy

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

Rights of Data Subjects

As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

• Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on letter (e) or (f) of Article 6(1) GDPR , including profiling based on those provisions.Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.

• Right of withdrawal for consents: You have the right to revoke consents at any time.

• Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.

• Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.

• Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.

• Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.

• Complaint to the supervisory authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Terminology and Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are drawn from the law and defined mainly in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended above all for the purpose of comprehension. The terms are sorted alphabetically.

• Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

• Location data: Location data is created when a mobile device (or another device with the technical requirements for a location determination) connects to a radio cell, a WLAN or similar technical means and functions of location determination. Location data serve to indicate the geographically determinable position of the earth at which the respective device is located. Location data can be used, for example, to display map functions or other information dependent on a location.

• Location history and mobility profiles: Location history (also referred to as " mobility profile") is the collection of location data over a certain period of time. The location history allows conclusions to be drawn about the geographical movements (i.e. changes in position) of devices and/or their users.

• Personal Data: "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Processing: The term "processing" covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.

• Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any kind of automated processing of personal data that consists of using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.

Welcome to SPOTTERON!

The following terms of use and our privacy policy govern your use of the SPOTTERON platform and its software, apps, products, services and technologies, and your interaction with the partners, who administer a project you contribute to. If not stated expressly otherwise, only these terms apply. Please read these Terms of Use carefully.

Purpose:

SPOTTERON provides smartphone applications, web applications, websites and media for partners, based on the service of the SPOTTERON platform and as associated media like video, animation or data visualization or homepages for projects and initiatives. We are constantly extending and improving the platform’s set of features and possibilities to create a topic related network of project's apps, websites, tools and media, which offers innovative and unique features to users and project partners alike.

The Service:

The service includes all the features, applications (both smartphone and web applications), websites, technologies, products and software that we provide and constantly evolve to create a user-driven platform for custom projects in the fields of science, environmental protection, communities and social agendas in collaboration with partners from institutions, organizations or companies.

SPOTTERON provides the service as platform to enable these partners to run own projects on a common platform. For users like yourself, the SPOTTERON platform enables you to actively participate in such projects by providing geo-located data points (aka “spots”) or answers in questionnaires in apps or in interactive web-applications and to be part of a topic related community.

The apps and software on the SPOTTERON platform are designed for sharing observations, user interactivity, for participating in projects and to create communities in topic related environments. By nature, such applications and software allow you to submit user-generated content, for which you are fully responsible and liable for, including its compliance with the applicable laws and regulations of your country and the European Union.

You may only use the service if:

• you agree with these terms of use and the privacy policy as a binding contract,

• you are not a person prohibited to receive services under the laws of the applicable jurisdiction,

• you are at least 18 years old or if you provide a written statement of permission/declaration of consent by your parents or legal guardian when you are between 13 and 17 years old at registration,

• you have not prior violated our terms of use nor have a prior account which has been disabled for violation of the law, of this agreement or any additional agreements with the partner(s) of a project in the past.

If you are accepting these terms on behalf of a government or non-government organization, university, company or other legal entity, you represent and warrant to be authorized to do so.

Use with responsibility, use with caution

Please always take care of your surroundings and never put yourself into danger while using the service or any of the applications. Never record or contribute to observations in unsafe conditions. Always consider your safety first. You agree to indemnify and hold harmless SPOTTERON and the respective project partners in the event of damage or accidents occurring during the use of an application. The service is not intended to be used as a navigation tool or for emergencies. Please always contact the authorities directly in dangerous situations. The use the applications and of any content, locations, maps or materials on the service by you is completely at your own risk.

The Project-Partners

The projects on the platform are administered by one or more partner organizations, which are displayed in every app in the information section (“About [project name]” in the main menu) and/or in the imprint of a project website. The partner organizations have access to your contributions (“spots”), user generated content, and all publicly available information you share in the application of a project like your comments or descriptions. Every partner has agreed to use the service only in the way as defined by the SPOTTERON Partner Agreement.

Additional terms & conditions of partners

Particular projects on the SPOTTERON platform can have the necessity to agree to additional terms of use on a per-project basis. Such additional Terms of Use are displayed on the first start of an App for your informed consent. Please read them also carefully, with your approval and by using the apps of the listed projects on your own device you give your informed consent to accept these additional terms of use. By accepting the additional Terms of Use of a project, you enter a binding agreement with the partner organization(s) of the according to project to completely fulfil the partner’s terms as stated, and you confirm to comply with the additional Terms of Use of the Partner(s) and to indemnify and hold SPOTTERON harmless.

Your User Account

With our service we want to connect people with similar interests, scientists and project teams and contribute to a common dataset of a project. This dataset is used to research the respective topic, generate knowledge and jointly better understand our world.

A user account is required to use the service and platform. Registration is possible on SPOTTERON with only a minimal amount of data - all you need is an active email address. SPOTTERON allows the use of pseudonyms and fantasy names. With the registration of a new user account you create a publicly visible user profile, which you can design according to your wishes. Apart from your user name, all information is optional and voluntary. You can change or correct your user profile at any time. Other users on the platform can network with you ("following") and you can interact with other users within the app community.

By registering and agreeing to these terms of use, you give us permission to store and process your personal data. Please refer to our Privacy Policy for information on the locations of data processing and our involved processors: https://www.spotteron.net/privacy - By registering and accepting this Terms of Use, you consent to the processing by the listed processors and external services, such as online map providers, server and cloud hosting providers, integrated services and other necessary system components.

You may withdraw your permission to process your personal data on the platform and your consent to these Terms of Use at any time by deleting your SPOTTERON profile in any project app and ceasing to use our online services. You can delete your user account in any project app in the "Settings" area without delay. You can also download a copy of your stored data in a machine-readable format in this area at any time. Please note that the deletion of your SPOTTERON user account also includes the deletion of your user profile and that you will no longer be able to log in to any project app on the platform.

To contribute to projects on SPOTTERON, the following user account types are available:

Personal account

You can register a personal user account either by choosing Miss, Mister or “Not specified” at the registration. To use the service of SPOTTERON with a personal user account, you must be at least 18 years old or at least 13 years if you provide a written parent or guardian consent to This email address is being protected from spambots. You need JavaScript enabled to view it. with indication of your username in form of a signed document by the parent/guardian as PDF or Doc file before registration.

School Class

If you are a teacher/organizer of a school group, you can register a school class account. Your pupils can use a school class account login provided by you to login in any of the project’s apps on multiple devices. No personal data of single users, which can lead to clearly identify a person, is processed when doing so. To register a school class account, please provide your name and birthday as the responsible representative to This email address is being protected from spambots. You need JavaScript enabled to view it. with the username given in the email.

You agree to always monitor the contributions of the organization’s team in the app and delete or report contributions with sensitive data or cases of abuse of the service. Please also inform the participants of the school class(es) that no one should delete the account without your consent. SPOTTERON accepts no liability for contributions made by your school class or for data loss in the event of account deletion by participants.

Organization

If you are a representative of an organization, you can register a shared account for your team. The team members can use an organization account login provided by you to them to login in any of the project’s apps on multiple devices. No personal data of single users, which can lead to clearly identify a person, is processed when doing so. To register an organization account, please provide your name and birthday as the responsible representative to This email address is being protected from spambots. You need JavaScript enabled to view it. with the username given in the email.

You agree to always monitor the contributions of the organization’s team in the app and delete or report contributions with sensitive data or cases of abuse of the service. Please also inform the participants of the organization that no one should delete the account without your consent. SPOTTERON accepts no liability for contributions made by your organization or for data loss in the event of account deletion by participants.

What personal data we store:

In order to provide and operate the SPOTTERON platform, websites, software and our online offer, it is necessary to process personal data. We always take care to store as little personal data as possible, or to use personal data as optional, voluntary information as far as possible. You do not have to use real names for your user account, we support pseudonyms as user names or display names to protect your privacy also in the public view as best as possible.

We do not implement external tracking software such as analytics or external scripts from social media platforms in our applications and we do not create usage profiles about you or other users of the platform. We do not monetise your personal data or pass it on to third parties for this purpose.

User account data / profile data (required basic profile information)

This type of processed personal data is used for logging into the platform and your user account. This information includes your email address, user account type and user name. We also store your IP address and the date of registration in log files. We do not automatically pass on this data to the respective partners of the project, your data is safe with us.

To comply with the EU General Data Protection Regulation (GDPR), we store changes and requests of your personal data with your IP address in log files. Our privacy policy and procedure complies with the standards and requirements of the GDPR. We have the necessary internal measures in place to fulfil our responsibilities and obligations with a focus on the best possible privacy and user rights in the design of the platform.

Extended user account information

In order to personalise your SPOTTERON user profile, which can be found via user search and is linked to in your posts, you have access to advanced optional fields. These optional fields include your display name, your date of birth, a quote, your interests, your date of birth, your education, the tools you use, your workplace, your city, postcode and country. All these details are voluntary and are publicly displayed in your user profile and are used for personalisation purposes or to make your account easier to find in the platform's user search. By using these voluntary fields, you give your consent within the framework of these terms of use that we may store and process this information about you. You can also upload a user profile picture (aka "avatar").

For school classes and organisations, as the responsible representative, you can provide non-personal data about the size, structure and nature of the class/organisation.

While the required profile information is mandatory, all of this extended profile information is voluntary and optional. You can correct, reduce or delete this information at any time in profile edit mode.

Informed Consent to process your personal data

By creating your user account and agreeing to these Terms of Use, you give us unrestricted permission to process and store your information and personal data and to display your information publicly on the Platform's apps, services, websites and online content.

Updating your personal data:

You can change and update your personal and general data of your user account in all project apps of the platform at any time. A change is automatically applied to all project apps.

Requesting a copy of your personal data

You can request and immediately download a copy of all your data stored on the platform in all project apps on the SPOTTERON platform in the "Settings" section. The download is machine-readable and includes not only your profile data, but also all your amounts and comments in all project apps.

Deleting your personal data aka “Right to be forgotten”

You can delete your stored personal profile data at any time in all project apps on the platform by entering your password in the "Settings" area and using the button to delete. Your personal data and community interactions will then be deleted and your project contributions anonymised.

Using the service without a user account

You can always use the applications of the projects on the SPOTTERON platform without registering or logging in for browsing, displaying and reviewing of the spots and contents - however, if you want to participate actively or make contributions, you have to create your own user account or log in to be able to be part of the community.

Exceptions are projects, which by their partner’s own choice offer the option to also contribute anonymously. By using the service without an account, all your contributions and media uploads are assigned to an anonymous user account. By contributing anonymously in these projects, you agree that you have obtained all necessary rights and that you respect privacy and intellectual property laws. Please note that your IP address and date of the contribution are still recorded for documentation purposes.

Multiple projects - one login

Once you have created your own user account, you can use it in all project apps on the SPOTTERON platform as your login. With your first contribution, you agree that your username and user ID will be shared with the project’s partners for research and analysis of the collected data-set and its contributions. Some projects have additional terms of use, which are displayed at the first start of a project’s app. You have to agree/give your consent to that projects to be able to contribute to them.

Sharing of your profile data:

For certain features and services, you may allow us to share your profile data with project partners. Some projects send newsletters or information via email to participants. In the project apps of such projects, you can agree to the transfer of your profile data to the project partners (e.g. for newsletter registration or to be contacted by the project) in a separate dialogue box when you start the app. If you give your consent, we will provide your user name or display name, account type, your user-ID and e-mail address to the respective project partner.

In some projects you can log in to the project's website or web application with your SPOTTERON user account. This may be necessary, for example, for active participation in a user forum, participation in an external project application or to access non-public areas on a project website ("website login"). In the case of a login to a project website or an external application, after clicking on the login button you will be asked whether you agree to your profile data being passed on to the website or the project partners. If you consent, a user account will be created within the website or application with your profile data. You can revoke this consent to processing separately from the project apps by contacting the administrator of the respective project website or by using the account deletion functions provided for this purpose on the respective project website or in the external application.

Under no circumstances will your profile data be passed on without your consent or without any action on your part, such as logging into a project website or application. Please contact the respective project partner or website administrator of a project to correct your details, to obtain a copy of the personal data processed by the project partner or to withdraw your consent or have your personal data deleted by the partner. This does not affect your account on the SPOTTERON platform or in the apps on the platform.

Contributions

In the project apps, you can upload your contributions (aka "spots") and locate them on maps to create a data set on the topic of the project together with other users. Your contributions are always publicly viewable and are displayed in the respective project app together with your author information (user name or optionally display name) and other content you provide, such as free texts, descriptions and classifications. When you actively contribute to a project app, you acknowledge that all users and unregistered visitors to the app can view your content.

The apps allow you to restrict the visibility of your contributions with the additional options "Hide coordinates" and "Hide spot". This limits the visibility of their posts to regular users of the platform. Project leaders, admins and moderator users will still be able to see all the details and localisation and interact with their restricted post.

Please always respect applicable laws, copyright, trademark and licensing laws, the privacy, personal rights and property rights of others and spatial restrictions on locations for your contributions. You are solely liable for your contributions as author and confirm with these terms of use to indemnify and hold SPOTTERON and/or project partners harmless in all cases.

Geo-spatial restrictions

You may not share any contribution, information or media on the Platform that conflicts with the property or privacy of others or that is located in restricted areas. When you upload and/or locate a new contribution or content, you assume full and complete legal responsibility for your post. You confirm that it is legal under local laws to create and share a public post in that location, and that no third parties will be limited or harmed, or that the value of any third party property will be diminished by your contribution.

Pictures, content and other media objects

You may share media such as images, photos, audio, text such as comments and descriptions and other types of media or content as part of your posts, comments, user profile or community interactions. All such media and content (“"unique-creative works") contributed by you is licensed by you exclusively under the Creative Commons CC0 Licence. By uploading and agreeing to these Terms of Use, you confirm that you are releasing your media and original content under this licence and that you waive any claims under copyright, media rights or exploitation rights. To be able to do so, please ensure that you have all necessary rights, such as copyright, or personal rights, such as the written consent of any identifiable people in the media, to license your media or original content under Creative Commons Zero (CC0) and to share it with others.
You can find out more about the Creative Commons Zero (CC0) licence here: https://creativecommons.org/share-your-work/public-domain/cc0

You may not share on the Platform any media or content that infringes the copyright, trademark or licensing rights of any third party or any applicable laws, or that is protected under copyright, exploitation rights, personal rights, media rights. You further may not share any media or content that can be seen as hate posting, which includes sexism, racism, any other form of discrimination, explicit nudity, prohibited symbols, extremism, public shaming, invasion of privacy, or any focused advertising outside of a project topic relevant documentation. We reserve the full and unlimited right to remove content at any time and without notice if there is a violation, or suspected violation, of these terms.

If you share media objects or content that include the likeness or sound recordings of other persons, you must ensure that you have obtained prior documented consent from all relevant persons before uploading and that you are able to provide such consent at any time in the event of a complaint. ("Model Agreement")

You agree to be fully and solely legally responsible for all of your contributed media objects, content and uploads, to hold all necessary rights and consents for CC0 licensing, public display and sharing on the Platform and to indemnify and hold harmless SPOTTERON, the Project Partners or the Service in all cases. In addition to licensing under the Creative Commons Zero (CC0) licence, you grant us a transferable, royalty-free, non-exclusive, third party licensable and worldwide right to store, use, modify, distribute, modify, publicly display, translate or create derivative works based on such content for all content and media published by you in the Contributions on the Platform.

Please note that all media, content and unique-creative works in "contributions" are and remain licensed under Creative Commons Zero (CC0) even after the deletion of your user account.

Community

The SPOTTERON platform enables users like yourself to discover new things, learn, communicate and explore our world together through the interactive apps. A user community is integrated in the project apps on the platform and also in other areas of our online offer/service. You can post your own content and comments, share information, create networks and groups, participate in events and give digital hearts in recognition of content within the community with your user account. All your interactions with the community functions are always publicly visible. We therefore ask you to always be careful never to create content that could be embarrassing or shameful to you or others in the future.

Communication and networking

With the ability to follow other users in the project apps and other communication features, we support the creation of project-related communities and communication among each other. We make these features and tools available to all users and project partners to encourage the exchange of thoughts, ideas and opinions and interaction with each other. For project partners, we provide additional tools to contact you directly via messages or emails for news, updates, information exchange and for requests.

You agree to use the communication features responsibly only. We also do not allow any forms of discrimination, bullying, explicit nudity, banned symbols, extremism, public shaming, belittling, invasion of privacy or any focused advertising away from project-relevant documentation in communications and community activities on the platform.

You agree that you are solely and fully responsible for your content and contributions to the Platform's user community and that you have all necessary rights and consents for your content. Do not share your personal account or access data with others. In case of use by others, you are fully legally responsible for the contributions, content and community activities of another person and you confirm with these terms of use to hold SPOTTERON, the project partners or the service harmless in all cases. Please inform us immediately if you suspect that your user account is being or has been used by other persons.

If you have set up a group account (school class, organisation) as the responsible representative, please ensure that all participants are informed about the legal basis and your responsibility for the community activities, communication, but also about the legally correct use of media and content, as well as the licensing of these under the Creative Commons Zero (CC0) licence. Please maintain the posts and community activities of the user account you represent on an ongoing basis, use the delete function for posts in the event of misuse or suspicion of a breach of these terms of use by participants in your group account and report these to us immediately. As a representative, you are responsible for the community activities of the participants via the user account you have set up and you confirm with these terms of use that you will indemnify and hold harmless the project partners or the service in all cases.

Your Community Content

You agree that you are solely and unconditionally responsible for your content and contributions to the Platform's user community and that you have all necessary rights and consents for your content and that you do not violate any copyrights, trademark rights, licensing rights, personal rights or applicable laws. For all content and media you post on the Platform's community features, you grant us a transferable, royalty-free, non-exclusive, third party licensable, worldwide right to store, use, modify, distribute, alter, publicly display, translate or create derivative works based on such content. You assume exclusive and full liability for all Community Content created and/or uploaded by you in our online offerings and, by agreeing to these Terms of Use, you agree to indemnify and hold harmless SPOTTERON and the Platform's project partners in all cases of violation of applicable law, misuse, or claims for damages by third parties.

Violations of these Terms of Use

We respect the copyright and intellectual property rights, privacy of third parties, trademarks and licensing rights and expect them to do the same.

We and the partners of the respective project app reserve the unrestricted right to delete any content at any time due to violation of these terms of use, of licence terms or of applicable law without prior warning and without being liable to them or third parties. This also includes the unrestricted right to modify or delete any content that is not uploaded in the appropriate context of the project theme or that does not meet our quality standards.

We may delete your user account at any time for violations of these Terms of Use or our community standards if you post profanity, insults, hate speech, advertising, discrimination or other content that is not appropriate for our community or violates these Terms of Use.

Report violations

You can point out and report violations of these terms of use, against the community standards or copyright violations at any time via the eMail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us by postal mail with SPOTTERON Gmbh, Faßziehergasse 5, 1070 Vienna, AT.

We know that mainly women and non-bias genders are affected by bullying or harassment online. For gender-relevant violations or harassment in the context of the applications or our online offer, you can contact This email address is being protected from spambots. You need JavaScript enabled to view it.. This email address is only accessed and maintained by female or non-bias team members.

External services, Contractors, Storage and Encryption:

We use TLS/SSL encryption to protect the transfer of your personal data.
Your information, contributions, interactions and data are stored in the cloud servers we use for the Platform and Service. For more information about the storage locations of personal data, integrated services and external processors, please see our privacy policy: https://www.spotteron.net/privacy

Data Breaches:

We have implemented industry-standard measures to identify, assess and investigate data breaches. Our team is sensitised to the topic of data security and procedures are defined on what to do in the event of a data breach or suspicion thereof. We inform the partners of project apps about data protection, data security and data protection ethics and their importance.

International data transfers & data transfer to third parties

If it is necessary for us to process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use or implementation of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is done exclusively in accordance with the legal requirements.

Subject to express consent or a contractually or legally required transfer, we process (or let process) the data only in third countries with a recognised level of data protection, the contractual obligation through so-called Standard Contractor Clauses (SCC) or standard protection clauses of the EU Commission, or in the presence of certifications or binding internal data protection regulations. (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en). You can find out more about this in our privacy statement: https://www.spotteron.net/privacy

Information on Security & Technical/Organisational Measures

We take the privacy and security of our users and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:

• SSL/TLS encryption of all transfers of personal data in applications and websites

• Encrypted and secured access to project administration for partners with password guidelines

• Deletion concepts for project-specific and platform-specific data

• Server & cloud storage at high quality standards with established providers

• Password-protected and encrypted access incl. multi-factor authentication to data storage and systems

• Security measures according to industry standards of cloud hosters for cloud environments incl. logging access controls, encryption and firewalls

• Role concepts and technical/organisational implementation for input control

• Measures for the technical/organisational implementation of transfer control

• Measures for the technical/organisational implementation of availability control

• Strict separation of project-specific data and platform-specific data (separation requirement)

• Procedures for restoring the availability of project-specific personal data after a physical or technical incident

• Substitution arrangements for IT managers and training of staff in relation to personal data.

• Resilience testing of systems

• Internal rules to avoid external services, card services or scripts (e.g. analytics, social media platform buttons and scripts, etc.) as far as possible, both in the applications and in website projects.

Other terms

By using any of the applications based on the SPOTTERON service you agree not to interfere or misuse our service or using a method other than the tools and interfaces we provide for use.

You may not do any of the following while accessing or using the services:
1) probe, scan, or test the vulnerability of any system or network or breach or circumvent any security or authentication measures;
2) access, tamper with, or use non-public areas of the services, SPOTTERON’s or its partner’s computer systems, or the delivery systems of SPOTTERON’s providers or partners;
3) access, search or attempt to access or search the services by any means (automated or otherwise) other than through our officially published current interfaces that are provided by us (and only in the range of SPOTTERON’s terms and conditions) unless you have been specifically allowed to do so in a separate agreement with us. Crawling the service by robots for search indexing is permitted in accordance with the robots.txt file, however, scraping the services without the prior consent of SPOTTERON and its partners is expressly forbidden);
4) interfere with, do or try to disrupt the access of any user, host or network, including (without limitation) sending malicious software, flooding, mail-bombing or spamming or by scripting the creation of content.
5) forge any TCP/IP packet header or any part of the header information in any email or posting, or in any way use the Services to send altered, deceptive or false source-identifying information;

Ending These Terms

You may terminate your legal agreement with SPOTTERON GmbH to these Terms of Use at any time by deleting your user account in the "Settings" section of any Project App after entering your password and by stopping the use of the Service and our online services.

Your account may be terminated due to prolonged and continuous inactivity, or if we are unable to provide the Service, or due to a breach by yourself of these Terms of Use. We will take reasonable steps to notify you at the email address associated with your account or by public posting. In all such cases, the contract shall be deemed terminated and no obligation or liability shall arise on our part or any claim for damages on your part.

We grant ourselves the unrestricted right to terminate this Agreement to use the Service at any time and for any reason, including but not limited to, if we suspect that you are using the Service, Platform, Applications, Websites and/or our Online Offerings in violation of these Terms of Use or creating a potential legal exposure. Such termination shall not give rise to any claims for damages on your part.

GDPR and our employees

Our team is informed about the General Data Protection Regulation (GDPR) and its obligations. We continuously train our team on data protection, personal rights, copyright, trademark and licensing rights and aspects of digital privacy, in particular also on a lived data protection ethic in a modern, connected world.

Severability

If any one or more section, subsection, sentence, clause, phrase, word, provision or application of this Ordinance shall for any person or circumstance be held to be illegal, invalid, unenforceable, and/or unconstitutional, such decision shall not affect the validity of any other section, subsection, sentence, clause, phrase, word, provision or application of this Ordinance which is operable without the offending section, subsection, sentence, clause, phrase, word, provision or application shall remain effective notwithstanding such illegal, invalid, unenforceable, and/or unconstitutional section, subsection, sentence, clause, phrase, word, provision or application, and every section, subsection, sentence, clause, phrase, word, provision or application of this Ordinance are declared severable. The legislature hereby declares that it would have passed each part, and each provision, section, subsection, sentence, clause, phrase or word thereof, irrespective of the fact that any one or more section, subsection, sentence, clause, phrase, word, provision or application be declared illegal, invalid, unenforceable, and/or unconstitutional.

SPOTTERON Terms of Use | 24th September 2021
SPOTTERON Gmbh, Faßziehergasse 5, 1070 Vienna, AT; FN: 488215p | UIN: ATU73129349 | This email address is being protected from spambots. You need JavaScript enabled to view it.