Privacy Policy

Name and address of the data controller: Bastian Wilhelms (hereinafter: "ritualdissent") Palmenstrasse 27 40217 Dusseldorf Tel.: 0211-580077101 help AT ritualdissent DOT com www.ritualdissent.com Address of the Data Protection Officer: Bastian Wilhelms - Data Protection Officer - Palmenstrasse 27 40217 Dusseldorf privacy AT ritualdissent DOT com A. General information on data processing I. Scope of processing of personal data This privacy policy applies to the website ritualdissent.com. ritualdissent processes personal data only to the extent necessary to provide a functional website and to deliver its content and services. Personal data of users is processed regularly only where this is required to fulfil contractual or legal obligations, or with the user's consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of data is permitted by law. II. Legal basis for the processing of personal data Where ritualdissent obtains the consent of the data subject for processing personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing required to carry out pre-contractual measures. Where processing of personal data is necessary to fulfil a legal obligation to which ritualdissent is subject, Art. 6(1)(c) GDPR serves as the legal basis. In cases where the vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis. Where processing is necessary to protect a legitimate interest of ritualdissent or a third party, and the interests, fundamental rights and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis. III. Data deletion and retention periods Personal data of the data subject is deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue beyond this point where required by European or national legislation through EU regulations, laws or other provisions to which ritualdissent is subject. Data is also blocked or deleted when a storage period prescribed by the above standards expires, unless there is a necessity to continue storing the data for the purpose of concluding or performing a contract. IV. Processing of data in third countries Any processing in a third country (i.e. a state outside the European Economic Area (EEA) and the European Union (EU)) takes place only in accordance with the requirements of the GDPR. We only have personal data processed in third countries where an adequate level of data protection exists - either confirmed by an adequacy decision of the EU Commission, or secured through appropriate safeguards such as the EU Commission's standard contractual clauses, certifications, or binding corporate rules. Processing of personal data in third countries only takes place where the explicit consent of the data subject has been given, or where processing is required by law or contract. B. Log files I. Description and scope of data processing Each time the ritualdissent website is accessed, the systems automatically collect data and information from the accessing computer. The following data is collected: Information about browser type and version, operating system of the user, internet service provider of the user, IP address of the user, date and time of access, websites from which the user's system accessed the ritualdissent website, websites accessed by the user's system via the ritualdissent website. This data is also stored in log files. It is not stored together with other personal data of the user. II. Legal basis for processing The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. III. Purpose of data processing The temporary storage of the user's IP address by the system is necessary to enable delivery of the website to the user's device. For this purpose, the IP address must be retained for the duration of the session. Log file storage ensures the functionality of the website. The data also helps us to optimise the website and to safeguard the security of our IT systems. No evaluation of the data for marketing purposes takes place in this context. These purposes also constitute the legitimate interest of ritualdissent in processing data under Art. 6(1)(f) GDPR. IV. Retention period Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data collected to provide the website, this occurs when the respective session ends. In the case of data stored in log files, this occurs after a maximum of fourteen days. V. Right to object and remedies The collection of data for the provision of the website and the storage of data in log files is strictly necessary for the operation of the website. Consequently, the user has no right to object. C. Use of cookies I. Description and scope of data processing Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is visited again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified after a page change. The following data is stored in and transmitted by cookies: Language settings, shopping cart contents, login information, browser type, operating system, referrer URL (previously visited page), time of server request, IP address. We do not use cookies on our website that enable analysis of user browsing behaviour. II. Legal basis for data processing The legal basis for the processing of personal data using technically necessary cookies is Art. 6(1)(f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes, where the user's consent has been obtained, is Art. 6(1)(a) GDPR. III. Retention period, right to object and remedies Cookies are stored on the user's device and transmitted to ritualdissent. We obtain your consent before storing cookies. You may withdraw your consent at any time with effect for the future. You can manage your consent to cookie storage directly via the Consent Management Platform, accessible at any time via the "Cookie Settings" link in the footer. You may also prevent the storage of cookies by adjusting your browser settings; however, please note that in this case you may not be able to use all features of this website to their full extent. E. Newsletter I. Description and scope of data processing If you purchase goods or services on the ritualdissent website and provide your email address, that address may subsequently be used by ritualdissent to send a newsletter. In such cases, the newsletter will only contain direct marketing for our own similar goods or services. We collect the open rate and delivery rate of the newsletter. Newsletters contain a so-called "web beacon" - a pixel-sized file retrieved from our service provider's server when the newsletter is opened. This retrieval collects technical information such as browser and system information, your IP address and the time of retrieval. This information is used to improve services technically, and to analyse target groups and their reading behaviour based on retrieval locations (determinable via IP address) or access times. Statistical analysis also includes determining whether newsletters are opened, when they are opened, and which links are clicked. Although this information can technically be attributed to individual newsletter recipients, neither we nor our service providers intend to monitor individual users. These evaluations serve to help us understand the reading habits of our users and to tailor our content or send different content according to user interests. II. Legal basis for data processing The legal basis for sending the newsletter following the sale of goods or services is Section 7(3) of the German Act Against Unfair Competition (UWG). The legal basis for collecting open and delivery rates is Art. 6(1)(f) GDPR. III. Purpose of data processing Collection of the user's email address and name is used to deliver the newsletter with a personalised salutation. Open and delivery rates are collected to identify technical issues and to improve our content offerings. These purposes also constitute the legitimate interest of ritualdissent under Art. 6(1)(f) GDPR. IV. Retention period Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the newsletter subscription is active. V. Right to object and remedies The newsletter subscription may be cancelled by the user at any time. A corresponding link is provided in every newsletter. G. Contact form I. Description and scope of data processing The ritualdissent website provides contact forms that can be used for electronic communication. If a user makes use of this option, the data entered in the input form is transmitted to and stored by ritualdissent. This data includes: email address, customer number, and where applicable telephone number. II. Legal basis for storage Where the user has given consent, the legal basis for processing data is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted via email is Art. 6(1)(f) GDPR. Where email contact is aimed at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. III. Purpose of data processing Processing of personal data from the input form serves ritualdissent solely for the purpose of handling the contact request. Where contact is made by email, this also constitutes the necessary legitimate interest in processing the data. Other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of ritualdissent's IT systems. IV. Retention period Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. For personal data from the contact form and data transmitted by email, this occurs when the respective conversation with the user has ended - i.e. when the matter has been conclusively resolved. V. Right to object and remedies The user has the right at any time to withdraw consent to the processing of personal data. In such a case, the conversation cannot be continued. R. Disclosure of information We disclose data only in the following cases: I. Payment methods Where necessary to process your contract, ritualdissent will disclose the collected and stored personal data to our service providers under contractual arrangements. These service providers are naturally required to comply with applicable data protection regulations. For the various available payment methods, we work with external companies: Payment via PayPal: PayPal Deutschland GmbH, Am Marktplatz 1, 14532 Europaparc Dreilinden. III. Legal or regulatory obligation We disclose personal data of customers only when legally required to do so, or when disclosure is necessary to enforce our terms and conditions or other agreements, or to protect our rights and those of our customers and third parties. This includes data exchange with companies specialising in the prevention and minimisation of fraud and credit card abuse. However, no data is disclosed for commercial use by these companies, but exclusively for the purposes described above. S. Social networks ritualdissent is present on the following social networks: I. Facebook Facebook is a social network operated by Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland). ritualdissent operates a page ("Fan Page") on Facebook. If you use the ritualdissent Fan Page on Facebook as a logged-in Facebook user, Facebook provides us access via a technical interface to your so-called "public information" on Facebook and information you make publicly accessible or release for the respective application. "Public" in the context of Facebook means that anyone, even outside Facebook, can see this data. This includes your name, profile and cover picture, gender, networks, "likes", username (Facebook URL) and user ID (Facebook ID). Facebook decides, in accordance with Facebook's data protection guidelines, which data is always publicly accessible and which you can make individually accessible through your privacy settings. II. Twitter ritualdissent operates a Twitter account. Twitter is a microblogging service operated by the American company Twitter, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107). X. Rights of data subjects Where personal data of a user is processed, that user is a data subject within the meaning of the GDPR. As a data subject, the following rights apply to you in relation to ritualdissent - unless stated otherwise in the individual processing sections above: I. Right of access You may request confirmation as to whether personal data concerning you is being processed by ritualdissent. Where such processing exists, you may request information from the controller about the following: 1. the purposes for which the personal data is processed; 2. the categories of personal data being processed; 3. the recipients or categories of recipients to whom your personal data has been or will be disclosed; 4. the planned retention period of your personal data, or, where specific details are not possible, the criteria used to determine the retention period; 5. the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the controller, or a right to object to such processing; 6. the existence of a right to lodge a complaint with a supervisory authority; 7. all available information about the source of the data where personal data is not collected from the data subject; 8. the existence of automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject. You have the right to request information as to whether your personal data is transferred to a third country or an international organisation. In this context, you may request information about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer. II. Right to rectification You have the right to rectification and/or completion from the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay. III. Right to erasure 1. Obligation to erase You may request that the controller erase your personal data without delay, and the controller is obliged to erase it without delay where one of the following grounds applies: a) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed. b) You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing. c) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object pursuant to Art. 21(2) GDPR. d) The personal data concerning you has been unlawfully processed. e) Erasure of your personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject. f) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) GDPR. 2. Notification to third parties Where the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller shall take reasonable steps - including technical measures - taking into account available technology and the cost of implementation, to inform controllers processing the personal data that you as the data subject have requested erasure of all links to, copies of, or replications of that personal data. 3. Exceptions The right to erasure does not apply where processing is necessary: a) to exercise the right to freedom of expression and information; b) to fulfil a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller; c) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR; d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or e) to establish, exercise or defend legal claims. IV. Right to notification Where you have exercised the right to rectification, erasure or restriction of processing from the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom your personal data was disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients. V. Right to data portability You have the right to receive your personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data was provided, provided that: the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. VI. Right to object You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. You have the option, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by automated means using technical specifications. VII. Right to withdraw consent You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. You can manage your consent to cookie storage directly via the Consent Management Platform, accessible at any time via the "Cookie Settings" link in the footer. VIII. Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint was lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.