plixxer is your microblogging network that feels like the good old days.
Part of feeling comfortable is knowing how your personal data is processed by us on plixxer.
1. Name and Address of the Controller
The controller within the meaning of the GDPR, other data protection laws applicable in Member states of the European Union, and other provisions related to data protection is:
VON DONAU GmbH
Represented by the Managing Director Coskun Josh Tuna
Phone: +49 (0) 2421 69 79 052
2. Your User Account
2.1. Information You Provide
To use plixxer and our other products and services, creating a user account is necessary so we can provide you with our services. For this purpose, you must provide us with certain information. This includes a username, a password, an email address or phone number, your preferred display language, and information for one-time login via third-party providers. You can use your real name or a pseudonym as a username. To verify that you are at least 16 years old, we also require your date of birth. If you do not provide the required data, we may not be able to offer you our services. Your profile information (e.g., name/pseudonym, username, profile pictures) is always publicly accessible and can also be found via search engines.
3. General Information on Data Processing
3.1. Legal Basis for Processing Personal Data
The processing of personal data is regularly for the purpose of the usage contract concluded with you or upon your consent. An exception applies in cases where the processing of personal data is lawful based on other legal justifications. Insofar as we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing based on this consent. For processing personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This justification also applies to processing operations that are necessary for carrying out pre-contractual measures. Insofar as personal data is collected and/or processed based on legal requirements or in the public interest, Article 6(1)(c) or (e) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.
3.2. Storage Duration and Deletion
Personal data will be deleted as soon as the original purpose of the processing no longer applies and no other legal basis for further storage exists. Further storage may occur, for example, if this is provided for by laws or other regulations to which the controller is subject. In these cases, blocking or deletion of the data occurs when the storage period prescribed by the mentioned norms expires unless there is a legitimate interest in further storage of the data. In these cases, we limit the processing of the corresponding data as much as possible. You have the option to delete your account via your profile settings. Deleting your account will also result in the deletion of all your publications, subscriptions, your data, and other actions.
3.3. Transfer of Data to Third Parties
We transfer your personal data to third parties if you have given explicit consent in accordance with Article 6(1) sentence 1 lit. a GDPR, the transfer is necessary according to Article 6(1) sentence 1 lit. b GDPR for the fulfillment of our contractual obligations to you, justified according to Article 6(1) sentence 1 lit. f GDPR based on our legitimate interest, e.g., for asserting, exercising, or defending legal claims, or if there is a legal obligation for the transfer according to Article 6(1) sentence 1 lit. c GDPR. Accordingly, we may transfer data to service providers who perform functions and services on our behalf, such as payment service providers, or to partners who help us analyze the use of our services or detect fraud. The transfer of personal data is always limited to the minimum necessary to achieve the purpose.
3.4. Data Transfer to Third Countries
To achieve the respective processing purposes, the transfer of personal data to our partners and service providers (processors) both within and outside the EU may be necessary. If we transfer personal data to a third country outside the EU, this is done in compliance with the conditions specified by the GDPR. For various third countries to which personal data is transferred, an adequate level of data protection has already been recognized by an adequacy decision of the EU Commission. In cases where such an adequacy decision does not exist for a country, we have concluded contracts with our partners and service providers incorporating the EU Commission's Standard Contractual Clauses (the "EU Standard Contractual Clauses") and, where necessary, agreed on further appropriate measures to ensure an adequate level of protection for the transferred data. Additionally, we inform users when obtaining their consent for the use of non-essential cookies and consent-required data processing about the potential risks of data transfer to a third country without an adequacy decision and request their explicit consent for data transfer to a third country for the intended processing purposes.
4. Provision of plixxer
4.1. SSL/TLS Encryption
plixxer uses SSL or TLS encryption for security reasons. When encryption is activated, the data you transmit to us cannot be read by third parties.
4.2. Collection of Logfile Data
When using plixxer, a series of general usage data is collected with each call and interaction. This data and information are stored in the server's log files and can represent personal data in principle. The following may be collected:
• the browser type and version used,
• the operating system used,
• the website from which an accessing system reaches our website (so-called referrer),
• the sub-websites accessed via an accessing system on our website,
• the date and time of access to the website,
• the Internet Protocol address (IP address),
• the Internet service provider of the accessing system. The data is stored in our system's log files. This data is not stored together with other personal data of the user. The data is anonymized by truncating the IP address. The storage period is usually thirty days to ensure the efficiency of threat defense. The processing of data in log files is based on our legitimate interest in ensuring the functionality of the website and optimizing the website and ensuring the security of our information technology systems (Article 6(1)(f) GDPR).
5. Contact Form
If you transmit personal data to us via a contact form provided by us, this data is automatically stored. Such voluntarily transmitted personal data is processed exclusively for the purpose of processing your request or contact. Personal data is not transferred to third parties. The data is deleted after the purpose for which it was transmitted by you has been achieved unless there is a necessity for further storage of the data - especially for contract conclusion or contract fulfillment. The legal basis for processing the data you transmitted is Article 6(1)(a) or (b) GDPR.
6.1. Technically Required Cookies
Cookies are technically required for some elements and functions of our website and app to provide you with our pages and functions as you wish. We do not need to obtain separate consent from you for the use of these absolutely necessary cookies. For example, we use technically necessary cookies so that you can authenticate yourself as a registered and logged-in user on each of the subpages of plixxer. These cookies are session cookies with a short lifespan.
7. Single Sign-On
plixxer offers you the possibility to log in with your access data to user accounts at other service providers via an authentication procedure offered by them (Single Sign-On). After a Single Sign-On on our platform, the data about your use of our pages is also collected by the respective service provider. This data is usually merged with the data of your usage profile already stored by the service provider. We offer you the possibility to authenticate via Single Sign-On procedures of the following service providers.
7.1. X Single Sign-On
7.2. Discord Single Sign-On
7.3. Google Single Sign-On
7.4. Apple Single Sign-On
8. Rights of Data Subjects
If we process personal data from you, you are a data subject within the meaning of the GDPR, and you have the following rights against the controller. You can assert these rights against us as the controller, e.g., by email at firstname.lastname@example.org.
8.1. Right of Access
You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed. If this is the case, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing. 8.2. Right to Rectification You have the right to rectification and/or completion by the controller if the processed personal data concerning you is incorrect or incomplete. 8.3. Right to Erasure You can request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:
• The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
• You withdraw your consent on which the processing is based according to Article 6(1)(a) GDPR, and there is no other legal ground for the processing;
• You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
• The personal data concerning you has been unlawfully processed;
• The erasure of personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. 8.4. Right to Restriction of Processing You have the right to obtain restriction of processing of your personal data under the following conditions:
• You contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
• The controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims;
• You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
8.5. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. 8.6. Right to Object You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. If you object to the processing of your personal data for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. 8.7. Right to Withdraw Consent under Data Protection Law You have the right to withdraw your consent to the processing of your personal data at any time. You can send your withdrawal, for example, to us by email at email@example.com. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 8.8. Right to Lodge a Complaint with a Supervisory Authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The address of the supervisory authority responsible for the controller is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44 40102 Düsseldorf