PRIVACY POLICY



1 SUBJECT OF THIS INFORMATION

1.1 With the following information we, ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, would like to inform the users of our websites accessible at https://all-inkl.com as well as those generally interested in our services as a web hosting company and all those who contact us for business purposes about the processing of their personal data by us.

The following information is addressed to the "data subjects" under data protection law, hereinafter also referred to as "users" or "customers", or as "you" or "your". The relevant legal basis for our processing of the personal data of "data subjects" affected by our business activities is the General Data Protection Regulation (GDPR).

1.2 For area-specific collection and processing of personal data that is not included in this data protection information, we will provide separate information in the appropriate or necessary place.

1.3 For data processing operations of other companies referred to via links from our websites, the information on data protection provided there applies. These companies are responsible for the data processing there.

1.4 This general data protection information does not require the consent of the data subjects and is subject to regular review with regard to any need for amendment.

2 RESPONSIBILITY

2.1 Our main business activity is web hosting, in which we provide web hosting packages for use by customers. Our web hosting consists of all the administrative and technical services required to enable our customers to provide content and information on the Internet and to have Internet domains managed by us for this purpose. These services include the registration and administration of an own domain, the provision of storage space (web space) on which the content of the information to be stored is located, the provision of e-mail storage space for e-mail mailboxes and e-mail addresses for an Internet domain, the provision of database servers, the operation of the necessary DNS servers (name servers), user support (customer support), the constant monitoring of our servers (monitoring), a daily full backup (data backup) of all systems as well as the permanent protection and updating of the server software used by us as web hoster.

2.2 ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany, is responsible for data processing with regard to the aforementioned business activities and for the use of this website.

2.3 Our data protection officer can be contacted at ALL-INKL.COM - Neue Medien Münnich, with the addition "The Data Protection Officer", Hauptstraße 68, 02742 Friedersdorf.

3 GENERAL PURPOSES OF PROCESSING AND LEGAL BASES, CATEGORIES OF DATA

3.1 For the purposes of our business activities as a web hosting company, we regularly process the personal data required for this on the legal basis of Art. 6 para. 1 b GDPR (pre-contractual measures, fulfilment of a contract). Further details on the types and categories of data collected and the purposes of data processing can also be found in the relevant contractual documents and our General Terms and Conditions published on the website.

3.2 Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (c) GDPR serves as the legal basis. Numerous legal regulations oblige us as a provider of a telemedia service and as a web hosting provider to block access to (possibly personal) information in certain situations or to delete such information and to process data in connection with this.

3.3 In individual cases, we process personal data on the legal basis of Art. 6 para. 1 a GDPR (consent). We would obtain such consent, which is voluntary, from you in individual cases and inform you of the purposes. If you give us your consent, you have the right to withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing based on consent before its withdrawal. The revocation of consent can be made informally with the subject "Revocation" and should be addressed to: ALL-INKL.COM - Neue Medien Münnich - Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf. As far as technically possible, we will give the data subject the opportunity to declare the cancellation as easily as the consent was given.

3.4 In individual cases, we process personal data on the legal basis of Art. 6 para. 1 f GDPR if we can rely on our legitimate interests or those of a third party and we are convinced that the interests, rights and freedoms of the data subject do not outweigh these. We will also inform you separately in individual cases and state our legitimate interests or those of the third party.

3.5 On the legal basis of Art. 6 para. 1 f GDPR, we reserve the right in particular to process the personal data of persons who have attempted to obtain our services in breach of the law or in breach of contract or who are no longer eligible to conclude a contract with us for reasons of business policy or after termination of a contract. We store these data subjects in blocking lists with blocking data that we deem appropriate.

3.6 Which personal data (data types) are processed in detail and how they are used depends largely on the services or business transactions utilised or agreed. The categories of data to be processed are or may be

Inventory data: all personal data required for the establishment, content or amendment of a contractual relationship between us and our customers, also insofar as the initiation of a contract or the prevention of further contract conclusions or communication in a legal relationship is concerned (e.g. name, address, date of birth).

Authentication data: all personal data collected to prove the identity of a person or their authorisation for certain actions or powers, such as those contained in identification documents.

Communication data (contact data): all personal data that a person provides to us so that we can communicate with them within or outside of a contractual relationship (e.g. a legal relationship), i.e. maintain contact.

Content data: all personal data that make up the content of the communication (e.g. text entries, photographs, videos, content of documents or files), whether in the context of contract initiation, contract conclusion, contract execution or termination of the contract, including communication on data subject rights within or outside of a contractual relationship (e.g. a legal relationship).

Financial identification data: all personal data relating to account information (IBAN/BIC), in particular in the context of direct debit authorisations or SEPA direct debit mandates issued to us.

Payment data: all personal data from and relating to payments for our services, e.g. invoices, invoice overviews.

Usage data: all personal data of a user of our services, the processing of which is necessary to enable and invoice the use of our digital services (e.g: Log files about the actions of users of our web hosting services, in particular about the histories on our websites, the use of certain content, the individual access times, the accesses provided and electronic administration interfaces as well as the contact or order histories. Usage data also includes user login data).

Blocking data: this is all personal data of persons who should (no longer) have temporary or permanent access to our services (blacklist).

Connection data: this may include personal device information, IP addresses, URL referrers.

Location data: this is all personal data relating to the location of a person using our digital services, e.g. GPS data, IP geolocalisation or access points.

Diagnostic data: this is personal data that provides us with technically necessary information based on user behaviour (e.g. crash logs, website/app performance data, other technical data for analysing faults and errors).

4 GENERAL RECIPIENTS OF OUR DATA PROCESSING

4.1 Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, if the transfer is permissible on the basis of a weighing of interests within the meaning of Art. 6 para. 1 f GDPR (legitimate interest), if we are legally obliged to process data by way of maintaining contact with third parties or if you have given your consent in this respect.

4.2 For our web hosting business activities, we use a service provider internally for administrative and technical purposes, in particular for contract management, support services and data centre services, which has access to the necessary personal data with its own staff. This service provider is Neue Medien Münnich GmbH, Hauptstraße 68, 02742 Friedersdorf. We have a data protection contract with this service provider for the processing of personal data on our behalf.

4.3 Recipients of the personal data collected by us outside our company and the aforementioned processor may be, for example: organisations that register domains or assist with registration, organisations that issue certificates for secure data traffic or assist with this, domain trustees (so-called "escrow services"), payment service providers, data destruction services, tax consultancy and legal advice services, organisations that are involved in law enforcement activities or the prosecution of administrative offences as part of their duties. "escrow services"), payment service providers, data destruction services, tax consultancy and legal advice services, bodies that request information from us in the context of criminal prosecution activities or for the prosecution of administrative offences within the scope of their legal powers, order blocking orders or deletion orders (e.g. police, public prosecutor's office, data protection authorities).The data may be transferred to third parties such as the police, public prosecutors, the Federal Network Agency, the Federal Criminal Police Office, courts), or rights holders who are authorised by law to obtain information about certain personal data (e.g. in the event of copyright infringements on customer websites).

5 BASIC STORAGE PERIOD

5.1 We process your personal data for as long as this is necessary for the respective purpose of the business activity, i.e. the respective procedure in the respective business process, or for as long as we have been granted consent. The duration for which the personal data is stored cannot always be determined immediately after receipt. It depends on how the process is ultimately categorised. Where statutory retention obligations exist - e.g. under commercial law or tax law - the personal data in question is stored for the duration of the retention obligation. After the retention period has expired, we will check whether there is any further need for processing. If it is no longer necessary, the personal data will be deleted.

5.2 The relevant tax and commercial law retention and documentation obligations provide for a retention period of six or ten years for the commercial documents specified in Sections 238 and 257 of the German Commercial Code. Corresponding provisions are contained in § Section 147 of the German Fiscal Code (Abgabenordnung) for the preservation of the documents referred to herein.

5.3 As a matter of principle, we review personal data (data types, processing purposes) at the end of each calendar year with regard to the need for further processing.

5.4 The expiry of the retention period does not automatically result in a deletion obligation, as there may still be a legitimate interest in archiving, e.g. in order to be able to provide information in the event of legal disputes. This also applies to cases of preservation of evidence within the framework of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

5.5 In the event that we keep personal data in a blacklist in accordance with section 3.4 in order to achieve the purposes pursued with it, it may be permissible in individual cases for us to keep the personal data in the blacklist for as long as a contract must or should be prevented by us. This may lead to an initially unforeseeable storage period.

6 ORIGIN OF THE PERSONAL DATA

We collect personal data that we receive when the website is used directly from the data subjects (users). This also applies in principle to those affected by our other business activities. If we receive personal data from third parties in the course of our business activities, we provide separate information about the source of this data (possibly from a publicly accessible source) and the categories of data we process.

7 PLACE OF DATA PROCESSING, THIRD COUNTRY TRANSFERS

7.1 Your personal data is processed by us at our company headquarters or in a data centre in Germany.

7.2 If we transfer or intend to transfer personal data to a third country (a country outside the European Union or the European Economic Area) or an international organisation, we will inform you separately in accordance with Art. 13 para. 1 f GDPR or Art. 14 para. 1 f GDPR.

7.3 In the event that we broker the purchase of a top-level domain at the customer's request and do not use the brokerage services of a service provider in Germany or the European Union for this purpose, we transmit the customer's personal data directly to a registry in the USA to broker the domain contract on the legal basis of Art. 49 para. 1 lit. b or c GDPR (fulfilment of a contract), if only this registry assigns and administers this domain.

7.4 Data will only be transferred to a third country if an adequacy decision has been issued by the European Commission or if we have suitable guarantees, including binding internal data protection regulations. We will then refer to the suitable or appropriate safeguards and indicate how to obtain a copy of them or where they are available.

7.5 General information on the transmission bases:

  • If we base a data transfer on an exception in accordance with Art. 49 GDPR, you will find the details at the relevant point.
  • If we base a data transfer on an adequacy decision within the meaning of Art. 45 GDPR, you will find an overview of the adequacy decisions here.
  • If we base a data transfer on so-called standard data protection clauses of the EU Commission within the meaning of Art. 46 para. 2 lit. c) GDPR, you will find the mplementing Decision (EU 2021/914) of the EU Commission, which contains the contractual clauses.
  • If we base a data transfer on binding corporate rules (BCR) within the meaning of Art. 46 (2) (b) GDPR, you will find an overview of the published BCR here.

8 OBLIGATION TO PROVIDE

Unless otherwise explained in the information on the procedures in our business processes, you are not obliged to provide personal data. If we base the processing on Art. 6 para. 1 sentence 1 letter b GDPR, your personal data is required for the fulfilment or conclusion of a contract, including the initiation of a contract. If you do not provide the personal data, the fulfilment or conclusion of the contract is not possible. If you do not provide the data in the cases of Art. 6 para. 1 sentence 1 lit. a, f GDPR, it is not possible to use the procedures affected by this or our offers.

9 AUTOMATED DECISIONS

9.1 We do not use automated decision-making or profiling measures in any process.

9.2 In the event that we need to prevent interested parties from using our services for internal company reasons, in particular in the event of misuse of our services, or for other reasons of our business policy, in particular to prevent interested parties from being able to book web hosting tariffs without our consent, this is not done exclusively by means of automated decision-making. The final decision to establish contact and any personal data required for this is always made by the person responsible for this in the company.

10 TECHNICAL DATA PROTECTION

10.1 Communication with our websites is encrypted using a digital certificate in accordance with the SSL standard, ensuring that data is sent securely to or from the https website all‑inkl.com.

10.2 The e-mail addresses provided under our domain "all-inkl.com" or "ai.com" or which we use as a means of communication generally only protect the data contained therein during transport and are not end-to-end encrypted. The same applies to the fax numbers provided by us. We provide a PGP e-mail address for the transmission of sensitive information. Our communication contacts always have the option of sending confidential correspondence by post.

10.3 We also use suitable technical and organisational security measures to protect the personal data of the data subject that we have collected against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

10.4 We have implemented numerous technical and organisational measures to ensure the protection of personal data and information. Nevertheless, Internet-based data transmissions between us and our customers, in particular e-mail or fax traffic that is not end-to-end encrypted, may have security gaps. No one can guarantee absolute protection of information. For this reason, our customers and users are free to transmit personal data to us by alternative means, for example by post.

10.5 For the provision of our services as a web hosting company, we have our own data centre in Germany, which is operated by our processor.

11 WEBSITE-LINKS GENERAL

11.1 Our web pages contain references to our own pages (internal links). By clicking on internal links, you do not leave our area of responsibility. However, when you click on an external link, you transfer to the area of responsibility of a third party (service provider) who is independently responsible for content and data processing. External links are labelled by us in such a way that you can recognise when you leave our area of responsibility.

11.2 If you follow an external link, these websites have their own data protection guidelines and are sometimes operated on servers in a third country that is unsafe under data protection law. As a result, foreign third parties, authorities or secret services may receive connection data and you may have no legal protection against this. Please also check these data protection guidelines before you voluntarily pass on any further personal data to these websites when using the site. As a rule, you transmit your IP address to the third-party provider when accessing internal links.

11.3 We have checked the content of external links when they were first created to ensure that they do not contain any obviously illegal content or information. Furthermore, we do not adopt information or third-party content as our own simply by using external links.

12 OUR RIGHTS AS A DATA SUBJECT

You have the right to information about the personal data concerning you (Art. 15 GDPR), to rectification (Art. 16 GDPR), to erasure (Art. 17 GDPR) and to restriction of processing (Art. 18 GDPR) in accordance with more detailed statutory provisions. You have the right to object to processing in the cases set out in Art. 21 GDPR and the right to data portability in the cases set out in Art. 20 GDPR. You have the right to lodge a complaint with a supervisory authority (Art. 57 para. 1 f GDPR).

13 YOUR SPECIAL RIGHT OF OBJECTION

13.1 Insofar as we process personal data on the legal basis of Art. 6 para. 1 f GDPR (legitimate interests), you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation. This is done by lodging your objection with us. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. We would therefore need to know your reasons. You can send your objection informally to the address under point 2. You can find further information about our company, details of the authorised representatives and other contact options in the legal notice on our website.

13.2 As far as possible, we will expressly inform you of the aforementioned right of objection at the latest at the time of the first communication with you and will provide this information in a comprehensible form that is separate from other information.

14 LOGFILES WHEN ACCESSING/USING OUR WEBSITES

14.1 Purpose of data processing: Each time our website is accessed, our web server automatically collects data and information from the user's accessing device. The following data is collected:

  • the IP address of the requesting end device,
  • Date and time of access to our website,
  • Specifies the time difference between the requesting host and the web server,
  • Content of the request or specification of the retrieved file that was transmitted to the user
  • the access status (successful transmission, error, etc.),
  • the amount of data transferred in bytes,
  • the website from which the user accessed the website,
  • the browser used by the user, the operating system, the interface, the language of the browser and the version of the browser software.

14.2 To protect against attacks and to ensure proper operation, all access to our website with the full IP address is temporarily and access-protected on a security system (firewall) and automatically analysed for possible risks.

14.3 We will only attempt to find out which person is behind an IP address in the event of illegal attacks or misuse of our services. Otherwise, this information remains hidden from us and we do not attempt to obtain the data of the owner of an IP address.

14.4 The data and information are stored on our web server and in the log files of the web server. This data is not stored together with other personal data of the user. Temporary storage of the IP address is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website and the security of our information technology systems. The data is not analysed for marketing purposes in this context.

14.5 Obligation to provide: The provision of the aforementioned information is based on an automatic mechanism that the user cannot select or deselect.

14.6 Legal basis: The legal basis for the temporary storage of data and information is Art. 6 para. 1 f GDPR (legitimate interest).

14.7 Recipients/categories of recipients/third country: see above. Section 4.

14.8 Storage period: If the data is collected to provide the website, the data is deleted when the user's session has ended and the browser is closed. If the data is stored in log files, the log files are deleted after seven days at the latest. Storage beyond this is possible in individual cases, e.g. in the event of an attack on our information technology systems.

15 CONTACT BY TELEPHONE

15.1 Purpose of data processing: It is possible to contact us by telephone using the telephone numbers provided on our website. The content of the communication may be noted/stored by us for business purposes. The same applies to any telephone number transmitted.

15.2 Obligation to provide: You do not have to provide us with this data because you do not need to contact us by telephone.

15.3 Legal basis: The legal basis for the temporary storage of data and information is Art. 6 para. 1 f GDPR (legitimate interest). If a business relationship is initiated or already exists via the contact form, the legal basis is Art. 6 para. 1 b GDPR (pre-contractual measures, fulfilment of a contract).

Recipients/categories of recipients/third country: see above. Section 4.

15.5 Storage period: The personal data from a telephone call will be deleted when the purpose of the telephone call has been fulfilled. In a pre-contractual/contractual context, the end of the contractual contact determines the start of the deletion of the communication data and communication content, possibly in connection with tax and commercial law retention obligations.

16 CONTACT FORM WEBSITE

16.1 Purpose of data processing: There is a contact form on our website that can be used for electronic contact and the topic specified by the user of the form. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored, provided that information is entered there. This data may be

  • Status (customer/non-customer/not specified)
  • Company
  • Salutation (Mr, Mrs, not specified)
  • First name, surname
  • E-mail address (mandatory field)
  • Subject of the enquiry
  • Message (free text for contact request with content information)
  • The IP address of the user
  • Date and time of contact

Feedback information can be provided in a feedback form without the aforementioned information, which is possible entirely without individualisation or personal reference.

16.2 Obligation to provide: You do not have to provide us with this data, as you do not need to contact us via the contact form.

16.3 Legal basis: The legal basis for the temporary storage of data and information is Art. 6 para. 1 f GDPR (legitimate interest). If a business relationship is initiated or already exists via the contact form, the legal basis is Art. 6 para. 1 b GDPR (pre-contractual measures, fulfilment of a contract).

16.4 Recipients/categories of recipients/third country: see above. Section 4.

16.5 Storage period: The personal data from the input screen of the contact form will be deleted when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. In a pre-contractual/contractual context, the end of the contractual contact determines the start of the deletion of the communication data and communication content, possibly in conjunction with tax and commercial law retention obligations. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The above sentences apply accordingly to feedback information.

17 E-MAIL COMMUNICATION

17.1 Purpose of data processing: if the user uses e-mail addresses with our company domain to contact us electronically, the e-mail address and time provided by the user will be transmitted to us and the content of the communication, including any attachments/attachments, will be stored.

17.2 Obligation to provide: You do not have to provide us with this data, as you do not need to contact us by e-mail.

17.3 Legal basis: The legal basis for the storage of data is Art. 6 para. 1 f GDPR (legitimate interest). If a business relationship is initiated or already exists via email, the legal basis is Art. 6 para. 1 b GDPR (pre-contractual measures, fulfilment of a contract).

17.4 Recipients/categories of recipients/third country: see above. Section 4.

17.5 Storage period: The personal data from the email correspondence will be deleted when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. In a pre-contractual/contractual context, the end of the contractual contact determines the start of the deletion of the communication data and communication content, possibly in connection with tax and commercial law retention obligations.

18 OTHER COMMUNICATION

The above clause applies accordingly to communication with us by fax, by post or by means of other electronic communication services.

19 COOKIES WHEN USING OUR WEBSITE

19.1 When our websites are accessed, we utilise the user's end device (PC, laptop, smartphone, tablet, etc.) to the extent that we store text information in a cookie. This cookie of type Http and with the name PHPSESSID retains the user's status for all page requests. As a so-called "technically necessary" or "essential" cookie, it does not require the user's consent in accordance with the legal basis of Section 25 (2) No. 2 TTDSG. The cookie is deleted as soon as the user closes the session. This is done by closing the browser. Although the cookie contains an identifier, it does not identify the user personally.

19.2 If we wish to use cookies (or similar technologies) and require the consent of the data subject in accordance with the provisions of Section 25 TTDSG or the provisions of the GDPR, a consent banner will appear when our website is accessed. By means of this banner, the user can make a choice: either give consent (agree) or refuse consent. Details on the cookies then used can be found in the "Information" banner button.

19.3 Cookies are small text files that our web server sends to the end device of the user of our websites and that are usually stored on the hard drive of the user's end device. They are not programmes that can penetrate the user's system and cause damage. Cookies do not cause any damage to the user's end device and do not contain any viruses, Trojans or other malware. However, information is stored in a cookie that is related to the specific end device used. Cookies contain combinations of letters and numbers, e.g. to recognise the user and their settings when they reconnect to the cookie-setting website, to enable them to remain logged in to a customer account or to statistically analyse specific user behaviour. If the cookie is deleted, for example because the user has deleted it or because it has deleted itself, then it is not possible to recognise the user or trace their usage behaviour, nor is it possible to "read" the cookie.

19.4 Access to a cookie or similar technology is generally only possible from the Internet address from which the cookie is set. This means that we have no access to the cookies of third-party providers. They also have no access to our (own) cookies. Third parties have no access to our cookies or those of the providers used. Access by third parties can only be gained through technical attacks, which we cannot control and for which we are not responsible.

19.5 The browser used by the user to access our websites allows the management of cookies and website data by way of self-data protection via the "Data protection" or "Data protection & security" setting or within the scope of the otherwise named security settings. The user can thus authorise the setting of cookies and the tracking of their user activities (tracking). In most cases, web browsers automatically accept cookies by default. It is therefore up to the user to decide whether and how to set this behaviour of their browser for their own purposes. If cookies and website data are not accepted by browser settings, tracking is prevented. This may result in the websites accessed not working at all or not working properly or at all.

19.6 Users can also delete all or some of the cookies set in the security settings of their browser at any time, for example at the end of their Internet session. When a session is restarted, no cookies or only those that have not been deleted will remain on the user's device. This means that the user's end device cannot be "recognised" when a website is called up again.

20 WEB ANALYSIS/MEASUREMENT SERVICES

We are dependent on knowing how our websites are functioning and how well they are accepted and occasionally, but not constantly, use third-party measurement services. If we use Google Analytics 4, a web analysis service of Google Inc., USA, for our websites, this is recognisable to users by the fact that we expressly obtain the user's consent to activate this service and that this is done via a consent banner (see section 21). If we use the Matomo analysis tool for our websites, it is not necessary to obtain user consent from a technical or data protection perspective. We provide separate information on both analysis tools/measurement services below.

20.1 Google Analytics 4

20.1.1 Purpose of data processing: We use Google Analytics 4, a web analysis service of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google") for our websites to analyse and statistically evaluate the use of our website (web analysis). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Web analysis is the collection, collation and evaluation of information on how users use our websites. We use web analysis to optimise our website, in particular for cost-benefit analysis. This enables us to customise the design of our website.

Google Analytics 4 collects the following information in the setting selected by us:

  • Your approximate location (region)
  • Date and time of your visit
  • Your IP address (in abbreviated form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your internet provider
  • the referrer URL (via which website/advertising medium you came to our website)

Google Analytics 4 in the setting selected by us records the following usage behaviour, Called "events":

  • Page views
  • First visit to the website
  • Start of the session
  • Websites visited
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Viewed / clicked adverts

Although your IP address is stored, it is anonymised by default.

20.1.2 Obligation to provide: You are not obliged to provide us with information about your use of our websites. We ask for your consent. This is voluntary and can be revoked at any time. You can use our consent banner to give and withdraw your consent.

20.1.3 Legal basis: You are not obliged to provide us with information about your use of our websites. We ask for your consent via our consent banner. This is voluntary and can be revoked at any time. You can use our consent banner to give and withdraw your consent.

20.1.4 Recipients/categories of recipients/third country: The information collected via Google Analytics 4 is transferred to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, probably also to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and probably also to Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA as soon as we use Google Analytics 4.

The information about your use of this website is generally transmitted to a Google server in the USA and stored there. We obtain the analysis results from there as "reports" for our purposes. Personal user data transmitted to Google is not anonymised. Authorities in the US states may have access to this personal data. Google may use this personal data for any of its own purposes (e.g. profiling and cross-platform tracking).

We never transfer personal data such as name, address or contact details to Google.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is, according to the information provided by Google in the context of our order of Google Analytics 4 from there "Contract Data Processing Terms for Google Advertising Products" our processor according to Art. 28 GDPR).

With Google Analytics 4, IP address truncation is activated by default. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

Google LLC is certified according to the EU-US Privacy Framework, the transfer of Google Analytics data to the USA is therefore permitted.

Further information on the terms of use of Google Analytics 4 and data protection at Google can be found at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de. You can find the order processing conditions at: https://business.safety.google/adsprocessorterms/

Self-data protection: You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of our and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by not giving your consent to the setting of the cookie or by downloading and installing the browser add-on to deactivate Google Analytics; the link is: https://tools.google.com/dlpage/gaoptout?hl=de

20.1.5 Storage duration: Our cookie table, which can be viewed via the consent banner under "Information", provides information on the storage duration of Google Analytics 4 cookies.

The analysis reports that we receive from the web analysis by Google Analytics 4 in order to optimise our websites are deleted by us after two months.

20.2 Matomo

20.2.1 Purpose of data processing: We use the Matomo measurement service for our websites. The EU representative of the Matomo open source project as the controller or processor not based in the EU (Art. 27 GDPR) is: ePrivacy Holding mbH, Große Bleichen 21, 20354 Hamburg. The measurement services are carried out exclusively on our own servers. We analyse anonymous user information for statistical purposes. This anonymous user information is

  • the URL from which our homepage or one of its subpages is accessed (e.g. a search engine or a link from another website)
  • the URLs accessed on our websites
  • the time spent on our respective websites
  • the search terms entered
  • Information transmitted by the user's access device (operating system, screen resolution, browser, browser language setting)

We have set Matomo so that the IP addresses are not processed in full, but two octets of the IP address are masked (e.g.: 192.168.xxx.xxx). This is done using the "AnonymiseIP" plugin. In this way, it is no longer possible to identify a user's access device, so that the user remains anonymous. "Matomo" uses this part of the user's IP address and various technical information that the user's access device transmits (operating system, browser name, browser plugins, browser language settings) to create an ID number that can be used to assign the software activities on our websites to a website visitor. However, the identity of the user cannot be determined or traced from this ID. The assignment to an ID number is done via Java Script elements.

20.2.2 Obligation to provide: Users do not provide us with any personal data for web analysis.

20.2.3 Legal basis: Due to the lack of processing of personal data for web analysis, no legal basis is required for the use of Matomo in the anonymous function used here.

20.2.4 Recipient/third country: S.O. Section 4 Insofar as we use the Matomo measurement service for our websites, this is done exclusively on our own servers (on-premise self-hosting). No further data is transferred to third parties.

20.2.5 Storage period: No personal data is stored.

21 CONSENT AND REVOCATION MANAGEMENT

21.1 Purpose: Insofar as we use a consent banner with regard to cookies requiring consent, we are obliged by law to document the choice made by the user (consent, non-consent, revocation). For this purpose, we use a technically necessary cookie for which we do not require consent in accordance with the TTDSG and DS-GVO. The user's selection decision is saved by means of a cookie.

21.2 Obligation to provide: The users of our websites, insofar as their use is analysed by Google Analytics 4, are obliged to either give us their consent (agreement) or to inform us that they do not agree. Without a choice, users cannot use our websites that are analysed by Google Analytics 4.

21.3 Legal basis: for our data processing in the context of consent, revocation and objection management is Art. 6 Para. 1 S. 1 lit. f GDPR (legitimate interest) and Art. 6 Para. 1 S. 1 lit. c GDPR in conjunction with Art. 5 Para. 2 GDPR (legal obligation). Art. 5 para. 2 GDPR (legal obligation) and § 25 para. 2 no. 2 TTDSG. We have a legitimate interest in the documentation of consent or revocation or objection to data processing as well as a legal obligation to do so.

21.4 Recipient/third country. See above, point 4.

21.5 Storage period: Because we are obliged by law to respect the consent of users or non-consent or to respect a revocation of consent given, we are obliged to store the consent and also a revocation due to our documentation obligation under Art. 6 para. 1 sentence 1 lit. c and 5 para. 2 GDPR. We store the consent data and the revocation data for a period of three years, starting at the end of a calendar year. Our cookie table, which can be viewed via the consent banner under "Information", provides information about the duration of the storage of the cookie itself.

22 CUSTOMER ACCOUNT/USER ACCOUNT

22.1 Purpose of data processing: We require the necessary personal data of those persons who conclude a web hosting contract with us, including in a temporary test phase, and who wish to utilise our services as a customer or user. The processing of the personal data required for this is carried out for the provision of our web hosting services, including the brokerage of domains as part of the execution of our contracts with our customers or for the implementation of pre-contractual measures that take place at their request. This includes pre-contractual and post-contractual communication. The purposes of data processing are primarily based on the specific contractual product (e.g. web hosting tariff, server tariff) and also include user support through administrative and technical support by means of telephone calls or other communication. Customers receive an individualised user account for the MembersArea and KAS areas and can log in there with or without 2-factor authentication. This gives them access to and access to the services booked in the respective contract. The contract is generally concluded online via our website www.all-inkl.com. The user of our website has the option, as a consumer or as an entrepreneur, to register on the aforementioned website by providing personal data for the contractual product selected by them. The personal data to be provided to us and transmitted to us via buttons can be found in the respective input mask used for the order. The personal data entered by the future customer is collected and processed exclusively for internal use for our own purposes and, in the case of brokerage services, also for external purposes.

22.1.1 When a contract is concluded and a customer account is created, at least the following data is collected and processed: Access data (user name, password), contact data (such as name, address, e-mail address, telephone number), bank data (in particular for the SEPA direct debit mandate), IP address, order data for products and services, content data.

22.1.2 In order to register a domain for customers or to have us manage, configure, maintain or delete a customer's domain, information on the registration of domain names must be made available and accessible to the public via a "WHOIS" search in accordance with the rules of ICANN or certain registries (registration data). The WHOIS database is a publicly accessible database that lists the registration information for domain names for a specific domain name, the name servers to which the domain name points, and the creation and expiry date of the domain name. Any personal data provided by the user or customer for the registration of domain names is stored by us as inventory data and made available to the public via the WHOIS search. We may also store the domain registration data with a third-party provider in order to fulfil ICANN requirements.

22.1.3 Inventory and contact data as well as any other available data can be used to authenticate, restore or use customer access, as well as to block future access for service utilisation.

22.1.4 To register, configure, maintain and delete SSL certificates for our customers, we process their inventory data. When procuring and/or maintaining SSL certificates, we only act as an intermediary on behalf of the customer in the relationship between the customer and the respective certificate issuer. We have no influence on the issuance of certificates.

22.1.5 We process inventory data, communication content data and traffic data on behalf of the customer for the creation, configuration and deletion of e-mail mailboxes that the customer organises under their own responsibility and, where applicable, makes these mailboxes available to third parties under their own responsibility.

22.1.6 In customer support, we collect and process data in order to help the customer and resolve problems. We use this data (including your messages) to investigate, respond to and resolve complaints and problems (e.g. errors). For this purpose, we may save a support log and file it with the customer number.

22.1.7 We offer the SEPA direct debit procedure as a payment option. When paying by direct debit, your name, the invoice amount, the intended use and your account details are transmitted to our payment service provider or our house bank in order to process the payment. The legal basis for processing is Art. 6 para. 1 lit. b GDPR. When paying for our services by SEPA direct debit, the account holder issues a SEPA direct debit mandate for us to approve the payment transaction (authorisation). The following data is stored and processed: Name and address of the account holder, invoice amount and purpose, creditor identification number (CI), mandate reference, name of the payer, payer's bank, IBAN, one-off or recurring payment.

22.2 Obligation to provide data: You must provide us with data for a customer or user account if you wish to conclude a contract with us for the use of our services.

22.3 Legal basis: The legal basis for the storage of data in a customer or user account is Art. 6 para. 1 b GDPR (contract, pre-contractual measure).

22.4 Recipients/categories of recipients/third country: All data of the users of our websites and our customers is processed by our processor in accordance with section 4.2, who processes the personal data exclusively for internal use that is attributable to us.

22.5 Storage period: As soon as the user or customer data processed in the customer or user account is no longer required for the fulfilment of the contract, it will be deleted. Even after the end of the contract, it may be necessary to store personal data of customers or users in order to fulfil contractual or legal obligations. Further storage may take place in individual cases if this is required by law, in particular if statutory tax or commercial retention periods are to be observed.

22.6 Order processing for our customers

22.6.1 Depending on the service that a customer utilises from us as part of a web hosting package and in accordance with the activities carried out and for which the customer is responsible, the customer itself is externally the data controller for data processing under data protection law if it determines the purposes and means of processing the personal data of third parties through its activities by processing the personal data of third parties itself. This applies in particular in the event that the customer publishes a website with content on the storage space provided by us or sets up and administers e-mail accounts for himself or third parties. The customer who operates and controls these websites or e-mail accounts is then directly subject to the data protection obligations of the GDPR. It is the "data controller" for the personal data and information processed in connection with these activities and is solely, fully and unconditionally responsible and liable for compliance with all laws and regulations that apply to the collection and processing of this personal data and information. It is at the Customer's discretion whether it processes personal data at all, what types/categories of data these are, who the data recipients are, on what legal basis data are processed and how long they are stored. In this case, the Customer is solely, fully and completely responsible for the security, integrity and authorised use of personal data and information concerning visitors and users of its websites or services based thereon, as well as for obtaining consents, authorisations and providing fair processing notices necessary for the collection and processing of such personal data and information. In this case, the customer is also obliged to check whether our technical and organisational measures are sufficient for the customer's purposes, otherwise the customer may not be permitted to use our services in this respect. As a web hosting provider, we have no direct relationship with the individual visitors and users of the websites or users and owners of the e-mail accounts whose personal data our customer processes.

22.6.2 In the constellation of Section 22.6.1, we ourselves only act as a processor bound by instructions for the customer as our client authorised to issue instructions. This constellation obliges us and the customer to conclude an agreement on order (data) processing in accordance with Art. 28 GDPR. Under the heading "Important to know" on our website, we provide information on this topic and also on how the order (data) processing contract is concluded in accordance with pre-formulated contractual terms in an electronic format. We have drawn up this contract for order (data) processing in accordance with the requirements of the standard contractual clauses pursuant to Implementing Decision (EU) 2021/915 of the European Commission of 4 June 2021 and specify these clauses.

22.6.3 The customer may be exempt from the obligation to conclude an order processing contract with us if he is a natural person and collects and processes personal data for the performance of exclusively personal or family activities via our services.

22.6.4 If our customer has not concluded an order processing agreement with us due to old web hosting contracts, but is obliged to do so, he must conclude an order processing agreement with us at a later date and can conclude this agreement with us electronically in the MembersArea.

22.6.5 The customer may object to an order (data) processing contract if, for example, in individual cases it concerns the use of our services where the customer does not allow us to process any personal data outside our obligation to process the customer's data for contractual or pre-contractual purposes or if the customer does not consider itself obliged to conclude an order (data) processing contract with us for other reasons. If the customer wishes to object to the order (data) processing contract, we ask for appropriate feedback, which must contain a justification. We will examine the justification and decide whether, with the customer's justification, a lawful situation is guaranteed even without an order (data) processing contract and whether the web hosting contract with the customer can be maintained.

23 JOB APPLICATIONS

23.1 Purpose: In order to process an application received by us for an advertised position or to process a speculative application, we collect and process the personal data required for this purpose and the personal data provided to us in the application documents.

23.2 Obligation to provide: We cannot carry out an application process without the provision of meaningful personal application information.

23.3 Legal basis: The legal basis for our data processing in the context of the application process is Art. 6 para. 1 S. 1 lit. b GDPR (contract, contract initiation). As a rule, master data, contact data, content data, contract data, possibly connection data and usage data and possibly special categories of personal data within the meaning of Art. 9 para. 1 GDPR (depending on the specific job advertisement) are processed. Only information relating to the specific application that is contained in the application and that we are authorised to process in the context of applications is stored.

23.4 Recipient/third country. As a rule, we forward applications received by us directly to our processor in accordance with section 4.2, who processes this data under its own responsibility and provides the applicant with separate data protection information about this.

23.5 Storage period: Rejected applicant data will be deleted after 6 months. If the applicant is hired, the application documents will be transferred to the personnel file.

24 TCO MANAGEMENT FOR TERRORIST CONTENT

24.1 Purpose of data processing: In connection with unlawful terrorist content on customers' websites, NMM stores related content (which may have already been removed from the websites) and the associated data for the purposes of criminal, civil or administrative administrative or judicial proceedings, in particular for the prevention, detection, investigation and prosecution of terrorist offences, for the necessary period of time. This occurs in particular if information would be lost due to the (legally required) removal of the content in question. Data associated with the content may include, for example, subscriber data, in particular data relating to the identity of the content provider (of the websites), as well as access data, including the date and time of use and the login to and logout from the service, together with the IP address that the Internet access provider assigns to the content provider.

24.2 Obligation to provide: There is no obligation on the data subject to provide personal data in relation to the publication of terrorist content online to NMM.

24.3 Legal basis: Art. 6 para. 1 c GDPR (fulfilment of a legal obligation) in conjunction with Art. Art. 6 Regulation (EU) 2021/784 of 29 April 2021.

24.4 Recipients/categories of recipients: Authorities, including courts, which are involved in specific proceedings, e.g. for terrorist content, or to which terrorist online content must be reported.

24.5 Storage period: Personal data relating to terrorist online content in accordance with Art. 6 Regulation (EU) 2021/784 of 29 April 2021 will be stored for a period of six months after its removal or blocking. By order of the competent authority or the competent court, the terrorist content will only be stored for a further specified period if and as long as this is necessary for ongoing official or judicial review proceedings pursuant to Art. 6 (1) (a) Regulation (EU) 2021/784.

25 ADMINISTRATIVE ORDERS AND REQUESTS FOR INFORMATION ON UNLAWFUL CONTENT

25.1 Purpose of data processing: Upon receipt of an official order to take action against (generally) illegal content in accordance with Art. 9 Regulation (EU) 2022/2065 (Digital Services Act) of 19 October 2022 or an official order to provide information about users in accordance with Art. 10 Regulation (EU) 2022/2065 (Digital Services Act) of 19 October 2022 or on the basis of other national civil and criminal law provisions, NMM also collects and processes associated personal data about users, which the authority transmits to NMM. In the context of requests for information, this is data that NMM has already collected for the purpose of providing the services and which is subject to NMM's power of disposal. NMM informs the user concerned about the order received and its execution, unless this conflicts with statutory confidentiality obligations. In the aforementioned procedure, NMM also processes the contact details of the reporting persons (contact persons) in the authorities.

25.2 Obligation to provide: There is no obligation on the data subject to provide personal data in relation to the publication of unlawful content.

25.3 Legal basis: Art. 6 para. 1 c GDPR (fulfilment of a legal obligation) in conjunction with Art. Art. 9 and 10 Regulation (EU) 2022/2065 (Digital Services Act) of 19 October 2022 or correspondingly other national civil and criminal law provisions.

25.4 Recipients/categories of recipients/third country: Via the processor according to no. 4, NMM transmits information to the competent authorities in accordance with Art. 10 Regulation (EU) 2022/2065 (Digital Services Act) of 19 October 2022. This applies accordingly with regard to authorities on other national civil and criminal law provisions. NMM may transfer personal data to law enforcement or judicial authorities if NMM is obliged to report criminal offences in accordance with Art. 18 of Regulation (EU) 2022/2065 (Digital Services Act) of 19 October 2022.

25.5 Storage duration: The duration of the storage of personal data in the procedure according to section

26 COMPLAINT MANAGEMENT FOR ILLEGAL CONTENT

26.1 Purpose of data processing: NMM collects the following information from persons or organisations who wish to report illegal content on NMM services, preferably using the electronic reporting form provided: Surname, first name, address and e-mail contact address of the reporting person as well as, if applicable, authentication data to verify the identity of the reporting person and content data for the report. The declaration of the reporting person that they are convinced in good faith that the information and details contained in the report are correct and complete is also collected and stored.

26.2 Obligation to provide: Without the collection of data in accordance with Section 26.1, NMM will generally not process complaints from users or organisations about possible illegal content in the services of NMM.

26.3 Legal basis: Art. 6 para. 1 c GDPR (fulfilment of a legal obligation) in conjunction with Art. Art. 16 Regulation (EU) 2022/2065 (Digital Services Act) of 19 October 2022.

26.4 Recipients/categories of recipients/third country: Via the processor pursuant to para. 4, NMM transmits the data processed in the reporting and redress procedure to the person on whose behalf NMM has stored the allegedly unlawful information and, if necessary, to the competent authorities in the legal dispute procedure. If necessary, NMM will transmit personal data to law enforcement or judicial authorities, insofar as NMM is subject to an obligation to report criminal offences pursuant to Art. 18 of Regulation (EU) 2022/2065 (Digital Services Act) of 19 October 2022.

26.5 Storage duration: The duration of the storage of personal data in the procedure according to section