plixxer is your microblogging network that feels like the good old days.
Part of feeling comfortable is knowing how your personal data is processed by us on plixxer.
plixxer's privacy policy is based on the terminology of Article 4 of the GDPR. plixxer and our other services are not intended for children; use of plixxer by persons under 16 years of age is therefore prohibited. The terms used are not gender-specific.
1. Name and Address of the Controller
The controller within the meaning of the GDPR, other data protection laws applicable in Member states of the European Union, and other provisions related to data protection is:
VON DONAU GmbH
Philippstraße 27
D-52349
Düren/Germany
Represented by the Managing Director Coskun Josh Tuna
Phone: +49 (0) 2421 69 79 052
Email: [email protected]
2. Your User Account
2.1. Information You Provide
To use plixxer and our other products and services, creating a user account is necessary so we can provide you with our services. For this purpose, you must provide us with certain information. This includes a username, a password, an email address or phone number, your preferred display language, and information for one-time login via third-party providers. You can use your real name or a pseudonym as a username. To verify that you are at least 16 years old, we also require your date of birth. If you do not provide the required data, we may not be able to offer you our services. Your profile information (e.g., name/pseudonym, username, profile pictures) is always publicly accessible and can also be found via search engines.
3. General Information on Data Processing
3.1. Legal Basis for Processing Personal Data
The processing of personal data is regularly for the purpose of the usage contract concluded with you or upon your consent. An exception applies in cases where the processing of personal data is lawful based on other legal justifications. Insofar as we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing based on this consent. For processing personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This justification also applies to processing operations that are necessary for carrying out pre-contractual measures. Insofar as personal data is collected and/or processed based on legal requirements or in the public interest, Article 6(1)(c) or (e) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.
3.2. Storage Duration and Deletion
Personal data will be deleted as soon as the original purpose of the processing no longer applies and no other legal basis for further storage exists. Further storage may occur, for example, if this is provided for by laws or other regulations to which the controller is subject. In these cases, blocking or deletion of the data occurs when the storage period prescribed by the mentioned norms expires unless there is a legitimate interest in further storage of the data. In these cases, we limit the processing of the corresponding data as much as possible. You have the option to delete your account via your profile settings. Deleting your account will also result in the deletion of all your publications, subscriptions, your data, and other actions.
3.3. Transfer of Data to Third Parties
We transfer your personal data to third parties if you have given explicit consent in accordance with Article 6(1) sentence 1 lit. a GDPR, the transfer is necessary according to Article 6(1) sentence 1 lit. b GDPR for the fulfillment of our contractual obligations to you, justified according to Article 6(1) sentence 1 lit. f GDPR based on our legitimate interest, e.g., for asserting, exercising, or defending legal claims, or if there is a legal obligation for the transfer according to Article 6(1) sentence 1 lit. c GDPR. Accordingly, we may transfer data to service providers who perform functions and services on our behalf, such as payment service providers, or to partners who help us analyze the use of our services or detect fraud. The transfer of personal data is always limited to the minimum necessary to achieve the purpose.
3.4. Data Transfer to Third Countries
To achieve the respective processing purposes, the transfer of personal data to our partners and service providers (processors) both within and outside the EU may be necessary. If we transfer personal data to a third country outside the EU, this is done in compliance with the conditions specified by the GDPR. For various third countries to which personal data is transferred, an adequate level of data protection has already been recognized by an adequacy decision of the EU Commission. In cases where such an adequacy decision does not exist for a country, we have concluded contracts with our partners and service providers incorporating the EU Commission's Standard Contractual Clauses (the "EU Standard Contractual Clauses") and, where necessary, agreed on further appropriate measures to ensure an adequate level of protection for the transferred data. Additionally, we inform users when obtaining their consent for the use of non-essential cookies and consent-required data processing about the potential risks of data transfer to a third country without an adequacy decision and request their explicit consent for data transfer to a third country for the intended processing purposes.
4. Provision of plixxer
4.1. SSL/TLS Encryption
plixxer uses SSL or TLS encryption for security reasons. When encryption is activated, the data you transmit to us cannot be read by third parties.
4.2. Collection of Logfile Data
When using plixxer, a series of general usage data is collected with each call and interaction. This data and information are stored in the server's log files and can represent personal data in principle. The following may be collected:
• the browser type and version used,
• the operating system used,
• the website from which an accessing system reaches our website (so-called referrer),
• the sub-websites accessed via an accessing system on our website,
• the date and time of access to the website,
• the Internet Protocol address (IP address),
• the Internet service provider of the accessing system. The data is stored in our system's log files. This data is not stored together with other personal data of the user. The data is anonymized by truncating the IP address. The storage period is usually thirty days to ensure the efficiency of threat defense. The processing of data in log files is based on our legitimate interest in ensuring the functionality of the website and optimizing the website and ensuring the security of our information technology systems (Article 6(1)(f) GDPR).
5. Contact Form
If you transmit personal data to us via a contact form provided by us, this data is automatically stored. Such voluntarily transmitted personal data is processed exclusively for the purpose of processing your request or contact. Personal data is not transferred to third parties. The data is deleted after the purpose for which it was transmitted by you has been achieved unless there is a necessity for further storage of the data - especially for contract conclusion or contract fulfillment. The legal basis for processing the data you transmitted is Article 6(1)(a) or (b) GDPR.
6. Cookies
Cookies are small text files that store information on the user's end device, which can subsequently be read out again, also across pages and websites. A cookie contains a characteristic string that allows the unique identification of the end device or browser used when accessing websites and the transfer of further information. In no case are unique user-related data such as name or address stored. The information captured by a cookie cannot be read by third parties. The collected data is not used to personally identify you as a user without your separate consent. As a user, you have full control over the use of cookies. By changing the settings in your internet browser under the keyword 'privacy,' you can prevent or restrict the transmission of cookies or the information stored in them. You can delete cookies that have already been stored at any time. This can also be done automatically; for example, you can set your browser to delete cookies every time you close the browser. If you deactivate or remove cookies, this may result in some parts of our pages not being displayed correctly and services not functioning properly. Our system is configured to use only cookies that are absolutely necessary without your consent.
6.1. Technically Required Cookies
Cookies are technically required for some elements and functions of our website and app to provide you with our pages and functions as you wish. We do not need to obtain separate consent from you for the use of these absolutely necessary cookies. For example, we use technically necessary cookies so that you can authenticate yourself as a registered and logged-in user on each of the subpages of plixxer. These cookies are session cookies with a short lifespan.
7. Single Sign-On
plixxer offers you the possibility to log in with your access data to user accounts at other service providers via an authentication procedure offered by them (Single Sign-On). After a Single Sign-On on our platform, the data about your use of our pages is also collected by the respective service provider. This data is usually merged with the data of your usage profile already stored by the service provider. We offer you the possibility to authenticate via Single Sign-On procedures of the following service providers.
7.1. X Single Sign-On
The provider of the Twitter Single Sign-On authentication service is X Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.A. However, for the European region, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the processing of personal data in accordance with the GDPR. X or Twitter also processes data from you in the USA. Due to the existing legal situation in the USA, US authorities can request insight into personal data from providers in the USA. Accordingly, a data protection level in the USA below the corresponding EU standard is to be assumed. This may result in risks for the legality and security of data processing (e.g., due to a lack of guarantees for enforceable data subject rights). To provide appropriate guarantees for compliance with the conditions for data transfer and the other provisions of the GDPR set out in Chapter V of the GDPR, Twitter uses the standard data protection clauses issued by the EU Commission under Article 46(2)(c) GDPR, whose application has been agreed with us as binding. These clauses are based on an implementing decision of the EU Commission. More about the application of the standard contractual clauses by Twitter can be found in Twitter's Data Protection Addendum at https://gdpr.twitter.com/en/controller-to-controller-transfers.html. The standard contractual clauses can be found, among other places, here: https://germany.representation.ec.europa.eu/index_de. Twitter has also taken further appropriate measures to ensure a level of protection comparable to that of the GDPR. At X / Twitter, you can revoke your consent to the use of Single Sign-On logins via the opt-out function at https://twitter.com/settings/account/personalization. More about the data processed by the use of Twitter can be found in Twitter's privacy policy at https://twitter.com/de/privacy.
7.2. Discord Single Sign-On
The provider of the Discord Single Sign-On authentication service is Discord Netherlands BV, Schiphol Boulevard 195, (1118 BG) Schiphol, Netherlands. The parent company of Discord Netherlands BV is Discord Inc., 444 De Haro Street Suite 200, San Francisco, CA 94107, USA. Discord also processes data from you in the USA. The European Commission adopted an adequacy decision for an EU-U.S. Data Privacy Framework on July 10, 2023. The transfer to a U.S. data importer is therefore legally permissible under data protection law if it is certified according to the requirements of the Framework. Discord LLC is licensed under the EU-U.S. Data Privacy Framework (see https://www.dataprivacyframework.gov/list); the transfer of personal data to Google in the USA is therefore permissible without further ado. Details on data processing can be found in Discord's privacy policy at https://discord.com/privacy.
7.3. Google Single Sign-On
The provider of the Meta Single Sign-On authentication service is Meta Platforms Inc. For the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible. Google also processes data from you in the USA. The European Commission adopted an adequacy decision for an EU-U.S. Data Privacy Framework on July 10, 2023. The transfer to a U.S. data importer is therefore legally permissible under data protection law if it is certified according to the requirements of the Framework. Google LLC is licensed under the EU-U.S. Data Privacy Framework (see https://www.dataprivacyframework.gov/list); the transfer of personal data to Google in the USA is therefore permissible without further ado. At Google, you can revoke your consent to the use of Single Sign-On logins via the opt-out function at https://adssettings.google.com/authenticated. More about the data processed by the use of Google Single Sign-On can be found in Google's Privacy Policy at https://policies.google.com/privacy?hl=de.
7.4. Apple Single Sign-On
The provider of the Apple Single Sign-On authentication service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple also processes data from you in the USA. Due to the existing legal situation in the USA, US authorities can request insight into personal data from providers in the USA. Accordingly, a data protection level in the USA below the corresponding EU standard is to be assumed. This may result in risks for the legality and security of data processing (e.g., due to a lack of guarantees for enforceable data subject rights). To provide appropriate guarantees for compliance with the conditions for data transfer and the other provisions of the GDPR set out in Chapter V of the GDPR, Apple uses the standard data protection clauses issued by the EU Commission under Article 46(2)(c) GDPR, whose application has been agreed with us as binding. These clauses are based on an implementing decision of the EU Commission. The standard contractual clauses can be found, among other places, here: https://germany.representation.ec.europa.eu/index_de. Apple has also taken further appropriate measures to ensure a level of protection comparable to that of the GDPR. The privacy policy and more information on the processing of personal data by Apple can be found at https://www.apple.com/de/legal/privacy/de-ww/
8. Rights of Data Subjects
If we process personal data from you, you are a data subject within the meaning of the GDPR, and you have the following rights against the controller. You can assert these rights against us as the controller, e.g., by email at [email protected].
8.1. Right of Access
You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed. If this is the case, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing. 8.2. Right to Rectification You have the right to rectification and/or completion by the controller if the processed personal data concerning you is incorrect or incomplete. 8.3. Right to Erasure You can request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:
• The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
• You withdraw your consent on which the processing is based according to Article 6(1)(a) GDPR, and there is no other legal ground for the processing;
• You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
• The personal data concerning you has been unlawfully processed;
• The erasure of personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. 8.4. Right to Restriction of Processing You have the right to obtain restriction of processing of your personal data under the following conditions:
• You contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
• The controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims;
• You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
8.5. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. 8.6. Right to Object You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. If you object to the processing of your personal data for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. 8.7. Right to Withdraw Consent under Data Protection Law You have the right to withdraw your consent to the processing of your personal data at any time. You can send your withdrawal, for example, to us by email at [email protected]. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 8.8. Right to Lodge a Complaint with a Supervisory Authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The address of the supervisory authority responsible for the controller is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44 40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
Email: [email protected]
February 2024