Privacy Policy

Preamble

With the following Privacy Policy, we would like to inform you about which types of your personal data (hereinafter also referred to simply as "data") we process, for what purposes, and to what extent. This Privacy Policy applies to all of our processing of personal data, both within the scope of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "Online Offering").

The terms used are not gender-specific.

Last updated: February 12, 2025

Table of Contents

• Preamble
• Controller
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Plugins and Embedded Functions or Content
• Changes and Updates

Controller

Lars Neuhaus
Am Langen Acker 10
36043 Fulda

Email Address: larslukasneuhaus@gmx.de

Imprint: https://mathemann.ddns.net/impressum.html

Play Store

The app "Tutle Game" on the Play Store is provided by Elias Müller.
Imprint: https://mhsl.eu/id.html

Overview of Processing

The following overview summarizes the types of data processed and the purposes for which they are processed, and refers to the data subjects.

Types of Data Processed

• Location data.
• Usage data.
• Meta, communication, and procedural data.
• Log data.

Categories of Data Subjects

• Users.

Purposes of Processing

• Security measures.
• Reach measurement.
• Tracking.
• Target group building.
• Marketing.
• Provision of our Online Offering and user-friendliness.
• Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or establishment may apply. If, in individual cases, more specific legal bases apply, we will inform you in this Privacy Policy.

• Consent (Art. 6(1) sentence 1 lit. a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Legitimate Interests (Art. 6(1) sentence 1 lit. f) GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer, as well as automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and the Swiss DSG: These data protection notices serve both to provide information under the Swiss Data Protection Act (DSG) and the GDPR. Consequently, due to the broader spatial applicability and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DSG "processing" of "personal data," "overriding interest," and "particularly protectable personal data," the terms of the GDPR "processing" of "personal data," "legitimate interest," and "special categories of data" are used. However, under the applicability of the Swiss DSG, the statutory meaning of these terms will continue to be determined in accordance with the Swiss DSG.

Security Measures

We implement, in accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the access, input, transmission, ensuring availability, and separation of the data concerning them. Furthermore, we have implemented procedures to ensure that data subjects' rights can be exercised, data is deleted, and we can react to data threats. We also take the protection of personal data into account when developing or selecting hardware, software, and processes, in accordance with the principle of data protection by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the users’ data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are fundamental for secure data transmission on the Internet. These technologies encrypt the information that is exchanged between the website or app and the user's browser (or between two servers), thus protecting the data from unauthorized access. TLS, as the evolved and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by HTTPS in the URL, serving as a signal to users that their data is being securely and encryptedly transmitted.

Provision of the Online Offering and Web Hosting

We process the users’ data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to deliver the contents and features of our online services to the user’s browser or device.

• Types of data processed: Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with contents and features); Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, people involved). Log data (e.g., logfiles related to logins or the retrieval of data or access times).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.). Security measures.
• Storage and Deletion: Deletion according to the information provided in the section "General Information on Data Storage and Deletion".
• Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

• Provision of the Online Offering on our own / dedicated server hardware: We use server hardware operated by us, along with the associated storage space, computing capacity, and software, to provide our online offering; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". These server log files may include the addresses and names of the accessed web pages and files, date and time of access, transferred data volumes, notifications about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks known as DDoS attacks), and, on the other hand, to ensure the stability and proper load management of the servers; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Deletion of Data: Log file information is stored for a maximum of 30 days, after which it is deleted or anonymized. Data whose further retention is required as evidence is excluded from deletion until the respective incident has been finally clarified.

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and retrieve it from them. Cookies may also be used for different purposes, for example to ensure the functionality, security, and user convenience of online offerings, as well as to create analyses of visitor flows. We use cookies in accordance with the legal regulations. Where required, we obtain the users’ consent in advance. Where consent is not required, we rely on our legitimate interests. This applies if storing and retrieving information is essential to provide explicitly requested content and features. These include, for example, storing settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We clearly inform users about the scope and which cookies are used.

Information on data protection legal bases: Whether we process personal data using cookies depends on the users’ consent. Where consent has been given, this serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained in this section and in the context of the respective services and procedures.

Storage duration: The following types of cookies are distinguished with respect to storage duration:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest when a user leaves an online offering and closes their device (e.g., browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed immediately when the user revisits a website. Similarly, the usage data collected by means of cookies may be used for reach measurement. Unless we provide users with explicit details about the type and storage duration of cookies (e.g., in the context of obtaining consent), they should assume that these are permanent and may remain stored for up to two years.

General information on revocation and objection (opt-out): Users may revoke the consents they have given at any time and also object to processing in accordance with legal requirements, for example via the privacy settings of their browser.

• Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, people involved).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Plugins and Embedded Functions or Content

We integrate into our online offering functional and content elements which are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, include graphics, videos, or city maps (hereinafter uniformly referred to as “Content”).

The integration always requires that the providers of this Content process the users’ IP address, as they cannot send the Content to their browser without the IP address. The IP address is therefore necessary to display this Content or functionality. We strive to use only such Content where the respective providers use the IP address solely for delivering the Content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other details about the use of our Online Offering, and may also be linked with such information from other sources.

Notes on legal bases: If we ask the users for their consent (e.g., for the use of a third-party provider), the legal basis for the data processing is consent. Otherwise, the users’ data is processed based on our legitimate interests (i.e., interest in providing efficient, cost-effective, and recipient-friendly services). In this context, we also refer to the information in this Privacy Policy regarding the use of cookies.

• Types of data processed: Usage data (e.g., pages viewed and length of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, people involved). Location data (information about the geographical position of a device or person).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our Online Offering and user-friendliness; reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest- or behavior-based profiling, use of cookies); target group building; marketing.
• Storage and Deletion: Deletion according to the information in the section “General Information on Data Storage and Deletion”. Storage of cookies of up to 2 years (unless otherwise indicated, cookies and similar storage methods may remain on users’ devices for up to two years).
• Legal Bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing operations, procedures, and services:

• Google Fonts (Hosted on our own server): Providing font files to enable a user-friendly presentation of our Online Offering; Service Provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).
• Google Fonts (Fetched from Google Server): Retrieving fonts (and icons) for the purpose of technically secure, maintenance-free, and efficient use of fonts and icons regarding their timeliness and loading times, their uniform display, and in compliance with possible licensing restrictions. The provider of the fonts is informed of the user’s IP address so that the fonts can be provided in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted, which is necessary to provide the fonts according to the devices and technical environment used. This data may be processed on a server of the font provider in the USA – When visiting our Online Offering, users’ browsers send their HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address each user uses to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browsers and operating system versions of the website visitors, as well as the referrer URL (i.e., the page on which the Google Font is to be displayed). IP addresses are neither logged nor stored on Google’s servers, nor are they analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to these data is restricted and strictly controlled. The requested URL identifies the font families the user wants to load. These data are logged so that Google can determine how often a particular font family is requested. For the Google Fonts Web API, the user agent is needed to customize the font that is to be generated for the respective browser type. The user agent is primarily logged for debugging purposes and is used to create aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report can be generated on the top integrations based on the number of font requests. According to its own statements, Google does not use any of the information obtained by Google Fonts to create profiles of end users or for targeted advertising; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for data transfer to third countries: Data Privacy Framework (DPF). Further Information: https://developers.google.com/fonts/faq/privacy?hl=de.
• Font Awesome (Hosted on our own server): Displaying fonts and icons; Service Provider: Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).
• Google Maps: We integrate maps from the "Google Maps" service by Google. The data processed may include, in particular, the IP addresses and location data of users; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for data transfer to third countries: Data Privacy Framework (DPF).
• YouTube Videos: Video content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for data transfer to third countries: Data Privacy Framework (DPF). Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying ads: https://myadcenter.google.com/personalizationoff.

Changes and Updates

We kindly ask you to regularly review the content of our Privacy Policy. We will adapt this Privacy Policy whenever changes in our data processing make this necessary. We will inform you as soon as these changes require your cooperation (e.g., consent) or other individual notification.

Where we include addresses and contact information of companies and organizations in this Privacy Policy, please note that these addresses may change over time. Therefore, please check the information before contacting these entities.

Created with the free Privacy Policy Generator.de by Dr. Thomas Schwenke