Freechoice Privacy Policy in accordance with the GDPR

  1. Name and address of the controller

Traffective GmbH

St.-Martin-Str. 72

81541 Munich

Phone: +49  89921310896 70

Email [email protected]

Website: https://freechoice.club/ 

is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.

  1. Name and address of the data protection officer

The data protection officer of the controller is:

AGOR AG

Niddastraße 74

60329 Frankfurt am Main

Germany

Phone: +49 (0) 69 – 9494 32 410

Email:[email protected] 

Website: www.agor-ag.com 

3. General information on data processing

Scope of processing personal data

    We only collect and use personal data from users of our website to the extent necessary to provide a functional website, our content, and our services. 

    As a matter of principle, the collection and use of our users’ personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by law or where it is not possible to obtain prior consent for practical reasons.

    Legal basis for the processing of personal data

      The legal basis for the processing of personal data is generally derived from: 

      Art. 6 (1) (a) GDPR when obtaining the consent of the data subject.

      Art. 6 (1) (b) GDPR for processing that serves to fulfill a contract to which the data subject is a party. This also includes processing operations that are necessary for the implementation of pre-contractual measures.

      Art. 6 (1) (c) GDPR for processing that is necessary for compliance with a legal obligation. 

      Art. 6 (1) (d) GDPR for processing that is necessary to protect the vital interests of the data subject or another natural person. 

      Art. 6 (1) (f) GDPR, if processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the former interest. In order to be able to base the processing of personal data on a legitimate interest, a review is carried out in consultation with the data protection officer for each relevant process, whereby the following three conditions must be met:

      1) The controller responsible for processing the personal data or a third party has a legitimate interest in the data processing.

      2) The processing is necessary to safeguard the legitimate interest.

      3) The interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not override this interest.

      Data deletion and storage period

        The personal data of users will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

        1. Use of our website, general information 

        Description and scope of data processing

        Each time our website is accessed, our system automatically collects data and information from the user’s computer system. The following information may be collected:  

        Information about the browser type and version used, the user’s operating system, the user’s Internet service provider, the user’s IP address, date and time of access, websites from which the user’s system accesses our website, websites accessed by the user’s system via our website

        The data described is stored in our system’s log files. This data is not stored together with other personal data of the user.

        Purpose and legal basis for data processing 

        The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. 

        The data is stored in log files to ensure the functionality of the website. In addition, the data helps us to optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

        The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

        The collection of your personal data for the provision of our website and the storage of the data in log files is essential for the operation of the website. The user therefore has no right to object. 

        Duration of storage

        Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is ended. 

        If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of users will be deleted or anonymized. It will then no longer be possible to assign the data to the client accessing the website.

        1. General information on the use of cookies

        We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When you visit a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again.

        We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change. 

        TDDDG:

        The legal basis for the storage of cookies, device identifiers, and similar tracking technologies, as well as for the storage of information on the end user’s terminal equipment and access to this information, is the European ePrivacy Directive in conjunction with the Telecommunications Digital Services Data Protection Act (TDDDG). 

        Please note that the legal basis for the processing of personal data collected in this context is then derived from the GDPR (Art. 6 (1) sentence 1 GDPR). The legal basis for the processing of personal data relevant in each specific case can be found below for the respective cookie or for the respective processing itself.  

        The primary legal basis for storing information on the end user’s terminal equipment – in particular for storing cookies – is your consent, Section 25 (1) sentence 1 TDDDG. Consent is given when you visit our website – although this is of course not mandatory – and can be revoked at any time in the cookie settings.  

        According to Section 25 (2) No. 2 TDDDG, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary for the provider of a digital service to be able to provide a digital service expressly requested by the user. The cookie settings show you which cookies are classified as strictly necessary (often referred to as “technically necessary cookies”), and therefore fall under the exemption of § 25 (2) TDDDG and do not require consent. 

        GDPR:  

        When cookies are used, the following data is stored and transmitted: 

        • Login information
        • Consent data

        The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR. The purpose of using technically necessary cookies is to simplify the use of our website. 

        We would like to point out that certain functions of our website can only be offered with the use of cookies.

        We do not use user data collected by technically necessary cookies to create user profiles.

        Cookies are stored on the user’s computer and transmitted to our site by the user. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes to the settings of your Internet browser. Stored cookies can also be deleted there. Please note that you may no longer be able to use all the functions of our website if you deactivate cookies.

        The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 (1) (a) GDPR, provided that the user has given their consent.

        1. Your rights / rights of the data subject

        Under the EU General Data Protection Regulation, you as the data subject have the following rights: 

        Right to information

          You have the right to obtain information from us as the controller as to whether and which personal data concerning you is processed by us, as well as further information in accordance with the legal requirements under Art. 13, 14 GDPR.

          You can assert your right to information at:

          [email protected]

          Right to rectification

            If the personal data we process concerning you is inaccurate or incomplete, you have the right to request that we correct and/or complete it. The correction will be made without delay.

            Right to restriction 

              You have the right to restrict the processing of personal data concerning you in accordance with the statutory provisions (Article 18 GDPR).

              Right to erasure 

                If the reasons set out in Art. 17 GDPR apply, you can request that the personal data concerning you be erased without delay. 

                Please note that the right to erasure does not apply if the processing is necessary for one of the exceptions listed in Art. 17 (3).

                Right to notification of rectification or erasure

                  If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.

                  Right to data portability

                    Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

                    Right to revoke the data protection consent declaration

                      You have the right to withdraw your declaration of consent under data protection law at any time. We would like to point out that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. 

                      Right to object

                        Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR.

                        Automated decision-making in individual cases, including profiling

                          Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

                          Right to lodge a complaint with a supervisory authority

                            If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work, or the place of the alleged infringement. 

                            1. Data transfer outside the EU

                            The GDPR ensures a uniformly high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We only allow your data to be processed in a third country if the specific requirements of Art. This means that the processing of your data may then only take place on the basis of special guarantees, such as the official recognition by the EU Commission of a level of data protection equivalent to that of the EU or the observance of officially recognized special contractual obligations, the so-called “standard data protection clauses.”

                            1. EU-US Transatlantic Data Privacy Framework

                            Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain US companies as secure within the framework of the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/s/participant-search.

                            1. Data processing under the Swiss DSG

                            In principle, the use of our website is subject to the legal provisions of the GDPR. If you also visit our website from Switzerland and if the associated data processing also affects you as a Swiss citizen, the present data protection provisions apply to you in the same way as the GDPR under the Swiss Federal Act on Data Protection (“Swiss DSG” in the version of September 1, 2023).

                            The Swiss DSG does not generally provide for the specification of a legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, carried out in good faith, and proportionate in accordance with Art. 6 (1) and (2) of the Swiss DSG. Furthermore, we only collect your data for specific purposes that are recognizable to the data subject and only process it in a manner that is compatible with these purposes in accordance with Art. 6 (3) of the Swiss FADP.

                            In this context, please also note that although certain terms are worded differently under the GDPR, they have the same legal meaning as under the Swiss FADP. For example, the GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” used in this privacy policy correspond to the terms “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data” used in the Swiss FADP.

                            The rights of data subjects set out here in accordance with Art. 12 ff. GDPR can also be asserted by data subjects from Switzerland in accordance with the provisions of Art. 25 ff. Swiss DSG.  

                            1. Minors under the age of 16 

                            We would like to point out that legal guardians must supervise their children’s online activities. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect such data, and do not pass it on to third parties.

                            1. Registration

                            You have the option of registering on our homepage by providing your personal data. The data is entered into an input mask, transmitted to us, and stored. The data is not passed on to third parties. The following data is collected during the registration process:

                            • Address
                            • Email
                            • Country
                            • Name
                            • Password
                            • Billing address and date of birth, if applicable

                            The following data is also stored at the time of registration:

                            • The user’s IP address
                            • Date and time of registration

                            Registration is regularly used to fulfill a contract to which the user is a party or to carry out pre-contractual measures in the form of extended use of our website. The legal basis for the processing of data is therefore Art. 6 (1) (b) GDPR.

                            After registration, you have the option in your account area to manage your subscription, view your payment details, and check which websites currently belong to the network.

                            Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data collected during the registration process if the registration on our website is canceled or modified. 

                            This is the case for data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to comply with contractual or legal obligations.

                            Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed in this regard cannot be determined on a general basis, but must be determined on a case-by-case basis for the respective contracts and contracting parties.

                            You can cancel your registration on our website at any time. You can also have the data stored about you changed at any time. 

                            We use Stripe as our payment provider. You can view and edit your subscription directly at Stripe (https://dashboard.stripe.com/login). On the home page, you can check and manage your subscription plan via the “Customize” link. Here you can also view your previous payments and download receipts and invoices.

                            If the data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations that prevent deletion. 

                            1. Contract execution/freechoice subscription

                            The following data is processed for the purpose of contract execution and within the scope of the freechoice subscription:

                            • Email address
                            • IP address
                            • Bank details, if applicable

                            The legal basis for this is Art. 6 (1) (b) GDPR.

                            We use the payment service provider Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to process payments. The legal basis for the transfer of data to this provider is Art. 6 (1) (b) GDPR. 

                            Encrypted payment transactions on this website

                              If, after concluding a contract that involves a charge, you are obliged to provide us with your payment details (e.g., account number for direct debit authorization), this data is required for payment processing.

                              PayPal

                                When paying via PayPal, we pass on your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) for the purpose of payment processing.

                                The transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. For further information on data protection, including the credit agencies used, please refer to PayPal’s privacy policy: www.paypal.com/de/webapps/mpp/ua/privacy-full

                                You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

                                Stripe

                                  If you choose a payment method from the payment service provider Stripe, payment processing will be handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will pass on the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Art. 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.

                                  Stripe may transfer, process, and store personal data outside the EU. In doing so, Stripe undertakes to provide appropriate safeguards in accordance with Art. 46 GDPR in the form of standard contractual clauses (see https://stripe.com/privacy-center/legal#data-transfers).

                                  We have also entered into a data processing agreement with Stripe.

                                  For more information on Stripe’s data protection policy, please visit https://stripe.com/de/privacy#translation.

                                  Accounting

                                    As part of the optional invoicing service, the following categories of data are processed, provided you have opted for this option:

                                    • First and last name
                                    • Address
                                    • Payment method
                                    • Date of birth, if applicable

                                    The legal basis for this is your consent in accordance with Art. 6 (1) (a) in conjunction with Art. 7 GDPR. You can revoke your consent at any time, but in this case we will not be able to issue you an invoice.

                                    Auth0 (Auth0, Inc)

                                      We use Auth0 for registration and authentication to grant you access to specific services.


                                      Auth0 is a registration and login service provided by Auth0, Inc. To simplify the login and logout process, Auth0 may use third-party identity services and store the information on its platform.

                                      Processed personal data may include: 

                                      • Image 
                                      • Email
                                      • First
                                      • Last
                                      • Password
                                      • Usage Data / Tracking Technologies
                                      • Various types of data, as described in the service’s privacy policy
                                      • Date of birth, if applicable

                                      Processing is carried out on the basis of Art. 6 (1) (b) GDPR, as this is necessary for the performance of the contract.

                                      Further information on data processing can be found at: https://www.okta.com/legal/privacy-policy/

                                      1. Cloudflare

                                      In order to offer you secure data transmission via SSL encryption on our website and to protect our website against malicious, mass (DDoS) or other attacks that would disrupt or prevent the operation of the website, we use the services of Cloudflare, Inc. 101 Townsend St San Francisco, CA 94107.

                                      We have concluded a corresponding agreement with Cloudflare for order processing on the basis of the GDPR.

                                      As part of protecting this website, Cloudflare uses a script and possibly a cookie in your browser. This cookie is used to validate access and detect malicious access attempts. Cloudflare collects statistical data about visits to this website. The access data includes:

                                      Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

                                      We also use Cloudflare to distribute the content of this website via servers in different countries and to optimize performance. Due to the way Cloudflare’s functions are integrated, the service filters all data traffic occurring via this website, i.e., the communication occurring via this website and the user’s browser, and at the same time enables the collection of analytical data contained in this website. Cloudflare is used in this context to provide you with our site efficiently and securely.

                                      Cloudflare uses the log data for statistical evaluations for the purpose of operating, securing, and optimizing the service. Please also read Cloudflare’s privacy policy, which is available here: https://www.cloudflare.com/privacypolicy/.


                                      The legal basis for the use of Cloudflare is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which consists of the purposes described above.


                                      Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

                                      You can prevent the collection, forwarding, and processing of this data by deactivating the execution of script code in your browser, installing a script blocker in your browser (you can find one, for example, at www.noscript.net), or activating the “Do Not Track” setting in your browser.

                                      1. WP Statistics

                                      We use the WP Statistics analysis tool from Veronalabs OÜ to statistically evaluate visitor traffic and analyze the use of our website.

                                      The following personal data is processed in this process:

                                      • IP address
                                      • Referrer
                                      • Browser used
                                      • Origin of the user
                                      • Search engine used and actions taken by website visitors on the site (e.g., clicks and views)

                                      We use WP Statistics with anonymized IP. Your IP address is shortened so that it can no longer be directly assigned to you.

                                      WP Statistics is used to improve our service for you. This is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

                                      Further information on data processing can be found at: https://wp-statistics.com/privacy-policy/

                                      1. Live Ramp, Inc.

                                      If you do not have an active, paid subscription and enter your email address on our website (to register, subscribe to a newsletter, or similar), we may share personal or other data that we collect from you, such as your email address (in hashed, pseudonymized form), your IP address, or information about your browser or operating system to our partner LiveRamp, Inc. and its affiliates. LiveRamp uses this information to create an online identification code that can be used to recognize you on the devices you use. The code does not contain any of your directly identifying personal data and is not used by LiveRamp to directly re-identify you. We store the code in our cookie or use a LiveRamp cookie to do so and allow you to be used for online and cross-platform advertising. It may be shared with our advertising partners and other third-party advertising providers worldwide to enable interest-based content or targeted advertising across your entire online experience (e.g., web, email, connected devices, apps, etc.). These third parties may in turn use the code to link demographic or interest-based information you have provided when interacting with them. 

                                      You have the right to decide at any time how we use LiveRamp cookies and whether we share this data with LiveRamp for the purposes mentioned above! If you have an active, paid subscription, this feature is always disabled and no data is shared!

                                      LiveRamp’s privacy policy and the option to object can be found here: https://liveramp.de/privacy/datenschutzerklarung-fur-die-liveramp-dienste/.