Privacy Policy
The responsible party in terms of data protection laws, particularly the EU General Data Protection Regulation (GDPR), is:
Björn Rebentisch
Your data subject rights
Under the provided contact details of our data protection officer, you can exercise the following rights at any time:
- Information about your stored data and its processing (Art. 15 GDPR),
- Correction of incorrect personal data (Art. 16 GDPR),
- Deletion of your stored data (Art. 17 GDPR),
- Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Objection to the processing of your data by us (Art. 21 GDPR), and
- Data portability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with future effect.
You can contact a supervisory authority at any time with a complaint, for example, the competent supervisory authority of the federal state of your residence or the authority responsible for us as the responsible entity.
A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
Collection of general information when visiting our website
Nature and purpose of processing:
When you access our website, i.e., if you do not register or otherwise provide information, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, and similar details.
They are processed, in particular, for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring the smooth use of our website,
- Evaluation of system security and stability, as well as
- Optimization of our website.
We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us, if necessary, anonymously, to optimize our website and the technology behind it.
Legal basis and legitimate interest:
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.
Recipients:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Storage period:
The data will be deleted as soon as it is no longer required for the purpose of collection. This is generally the case for data that serves the provision of the website when the respective session is ended.
In the case of data storage in log files, this is the case after a maximum of 14 days. Further storage is possible. In this case, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.
Provision required or necessary:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website are not guaranteed. In addition, individual services and features may not be available or restricted. For this reason, an objection is excluded.
Cookies
Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.
You can delete individual cookies or the entire cookie inventory. In addition, you will receive information and instructions on how these cookies can be deleted or their storage can be blocked in advance. Depending on the provider of your browser, you can find the necessary information under the following links:
- Opera: http://www.opera.com/de/help
Storage duration and used cookies:
If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites: accessToken (session)
Technically necessary cookies
Nature and purpose of processing:
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for the browser to be recognized again after a page change.
Legal basis and legitimate interest:
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a user-friendly design of our website.
Recipient:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Provision required or necessary:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website are not guaranteed. In addition, individual services and features may not be available or restricted.
Objection:
Read the information about your right to object under Art. 21 GDPR below.
Registration on our website
Nature and purpose of processing:
For the registration on our website, we require some personal data that is transmitted to us via an input form.
At the time of registration, the following data is additionally collected:
None
Your registration is necessary for providing certain content and services on our website.
Legal basis:
The processing of the data entered during registration is based on the user's consent (Art. 6 para. 1 lit. a GDPR).
Recipient:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Storage duration:
Data in this context is processed only as long as the corresponding consent is available.
Provision required or necessary:
The provision of your personal data is voluntary, solely based on your consent. Without providing your personal data, we cannot grant you access to our offered content.
Subscription and Paid Services
When subscribing or using a paid service, we use the data you provide in this context, including contact details, for contract execution and fulfillment, including any necessary pre-contractual measures (Art. 6(1)(b) GDPR).
Furthermore, we process the personal data you provide when concluding the contract to fulfill legal obligations, such as tax duties (Art. 6(1)(c) GDPR in conjunction with § 147 AO; retention period: 10 years). This also includes storing the IP address of the device from which you subscribed, for VAT compliance reasons.
For subscription management, we use the service provider Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Stripe processes your personal data on our behalf in this context. As part of the data processing, the last part of IP addresses is automatically anonymized, so Stripe cannot uniquely associate the IP address based solely on the transmitted IP. We have signed a Data Processing Agreement (DPA) with Stripe that meets legal requirements.
Payment Options and Methods
If you use a paid service or purchase something via our website, we offer the following payment methods from third-party providers, who are each responsible for data processing in accordance with Art. 4(7) GDPR:
Stripe (Credit Card / Bank Account)
If you choose a payment method provided by Stripe, the payment process is carried out via Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. We transmit the information provided during the order process, along with details about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number), to Stripe. Your data is transferred solely for the purpose of payment processing with Stripe Payments Europe Ltd. More information about Stripe's privacy policy can be found at: https://stripe.com/de/legal/ssa.
SSL encryption
Legal basis:
To protect the security of your data during transmission, we use encryption methods (e.g., SSL) via HTTPS that correspond to the current state of the art.
Information about your right to object pursuant to Art. 21 GDPR
Case-specific right to object:
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(f) GDPR (processing based on a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
Recipient of an objection:
Change of our privacy policy
We reserve the right to adapt this privacy policy to always comply with current legal requirements or to implement changes to our services in the privacy policy, for example, with the introduction of new services. The new privacy policy will apply to your subsequent visits.
Questions to the data protection officer
If you have any questions about data protection, please write us an email or contact the person responsible for data protection in our organization directly:
Herald Cookie Statement
Your consent applies to the following domains: www.tabletop-herald.com
Your current state:
Necessary cookies: Always active
Website usage and analysis (Google Analytics): tracking.inactive
This privacy policy was created with the help of activeMind AG, the experts for external data protection officers (Version #2020-09-30).