schnaq

Privacy

We are always compliant to GDPR.

Information according to § 5 German Telemedia Act (TMG)

schnaq GmbH
Speditionstraße 15a
40221 Düsseldorf
Germany

+49 156 78354553
info@schnaq.com

Commercial Register (Handelsregister): HRB 95753
Register court: Local Court (Amtsgericht) of Düsseldorf

VAT ID No.: DE349912851

Represented by the management:
Dr Alexander Schneider, Dr Christian Meter, and Michael Birkhoff

Legally binding is the German version of this page.

General information on data processing

As a matter of principle, we only process personal data insofar as this is necessary to provide a functional website and our content. Personal data is regularly processed only with the consent of the user.

Insofar as consent is required for processing operations of personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. If the processing is necessary to protect a legitimate interest on our part or on the part of a third party and your interests, fundamental rights and freedoms do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

Personal data will be deleted as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Data will also be deleted if a storage period prescribed by the aforementioned standards expires.

Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects connection data and information (browser type / version used, operating system, IP address, date and time of access, websites from which our website was accessed, websites accessed via our website) from the computer system of the accessing computer. This is quite normal behaviour of most browsers. The data is only kept in the server’s memory for the duration of the use of schnaq. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address must remain stored for the duration of the session. The browser type and the version used are required in order to display the website optimally on different browsers. The data is used to optimise the website and to ensure the security of our information technology systems. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

The data is automatically deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Every day, sometimes several times, the working memory with all connection data is deleted. Any storage beyond this does not take place.

The collection of data for the provision of the website is absolutely necessary for the operation of the website. Consequently, there is no possibility to object.

Cookies

We use so-called cookies on our homepage. Cookies are data packages that your browser stores in your terminal device at our instigation. A distinction is made between two types of cookies: temporary, so-called session cookies, and persistent cookies.

Session cookies are automatically deleted when you close the browser. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The use of session cookies is necessary so that we can provide you with the website. The legal basis for the processing of your personal data using session cookies is Art. 6 para. 1 lit. f GDPR.

Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. These cookies remain on your end device for a predefined time and are usually used to recognize you when you visit our homepage again. The use of persistent cookies on our homepage is based on the legal basis of Art. 6 para. 1 lit. f GDPR.

You can set your internet browser so that our cookies cannot be stored on your end device or so that cookies that have already been stored are deleted. If you do not accept cookies, this may lead to restrictions in the function of the Internet pages.

Specifically, we have these types of cookies:

  • CSRF token (session cookie), which, e.g., secures the contact form against unobserved content submission. This is a random arrangement of characters, which is used only for sending the form. This cookie is deleted after you leave our website. This protection mechanism complies with common security standards and can, for example here be researched further.
  • Login cookie (persistent cookie, auth.schnaq.com), which recognizes you as the user you logged in with. After 14 days your cookie expires and is deleted. If you delete this cookie, you will have to log in again the next time you visit the site. You can find our authentication server here: https://auth.schnaq.com
  • schnaq-analytics (persistent cookie, schnaq.com) is set if you agree to the extended analysis of your anonymized user behavior. All data is processed in a GDPR-compliant manner and without identifying you as a person. It helps us to identify and fix problems on schnaq more quickly.

All cookies we use generate random strings that are used to match corresponding strings on our server.

Personal data

Use of schnaq without user accounts

If you use schnaq without registering, you are so called “Anonymous User”. Here, in addition to the data necessary for server operation, only your contribution and an optional self-selected name will be saved. When saving the contribution, this string is then loosely saved with the contribution. An allocation to an identity does not take place thereby. If someone with the same name participates in any schnaq, the contributions appear to the outside as if they came from the same person.

By sending your contribution you agree to the storage. Since we can later no longer trace who made the contribution, you have no right to delete this contribution, because there is no proof of authorship.

Use of schnaq as registered user

When you register, your mail address and your first and last name are stored. These are necessary for the operation of schnaq, the collection is thus made according to Art. 6 para. 1 lit. f GDPR. Registration is optional for the normal operation of schnaq. With the mail address, automatic notifications of new contributions are enabled. With the names, your contributions are displayed together on the interface of schnaq. Further affiliations, for example to the hubs or other schnaqs, are also visually displayed with it.

This data is stored on our own servers and is not passed on to third parties.

There are options to expand your own user profile. This includes, for example, uploading your own optional profile picture. This profile picture is then displayed as your avatar and is presented whenever your user account appears, for example, when people look at your posts.

Text contributions

The text contributions must originate from you and may not violate any copyrights. The text contributions will not be passed on to third parties. Internally, your contributions can be used for further scientific evaluations and the training of our own neural networks. You will never lose your authorship of these contributions. This is used, for example, to automatically calculate machine-generated summaries or statistics. These summaries and statistics are intended for the evaluation of your schnaq and will not be passed on to any third party.

Web analysis by Matomo (formerly PIWIK)

Description and scope of data processing

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the use of our internet presence. For example, we are interested in which pages are accessed how often and whether smartphones, tablets or computers with large screens are used. If individual pages of our website are accessed, the following data is stored:

  1. Two bytes of the IP address of the calling system
  2. The accessed web page
  3. The website through which our website was accessed (referrer)
  4. The subpages that are called from the called web page
  5. The time spent on the website
  6. The frequency of access to the website

Matomo is set so that the IP addresses are not stored in full, but two bytes of the IP address are masked (example: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

Matomo is used exclusively for schnaq services and on our own schnaq servers. Personal data of the users is only stored there. Personal data is and will never get passed on to third parties.

Your anonymized data will be stored for 180 days and then automatically deleted from our servers.

Purpose of data processing

The processing of anonymized user data enables us to analyze the use of our website. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our services and their user-friendliness. By anonymizing the IP address, the interest of the user in the protection of his personal data is sufficiently taken into account.

The evaluation is exclusively anonymized, pseudonymized and aggregated so that no conclusion can be drawn about individual persons.

The use of Matomo on our homepage is based on the legal basis of Art. 6 para. 1 lit. f GDPR.

Newsletters and Infomails with CleverReach

We use CleverReach to send newsletters and info mails. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service with which the newsletter dispatch can be organised and analysed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach’s servers in Germany or Ireland.

Our newsletters sent with CleverReach enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter.

Furthermore, we also send info mails to your deposited address, provided you have created an account with us and agreed to this during registration.

The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the members’ area) remain unaffected by this.

Conclusion of a commissioned data processing contract (AV contract)

We have concluded an order data processing contract with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.

Further information on CleverReach’s data protection and reporting functions can be found behind the following buttons:

Form Submissions

On some pages, like the contact page, we use forms, that send the data you input to the schnaq administration team via email.

The data in question consists of: Your name, email address, optional phone number and message.

The resulting email is stored in the schnaq email inbox as long as it is needed to respond to your request. After that, the email is removed from the schnaq mail servers.

We use the contents of your message, the email address, your name and the optional phone number to process your request and contact you with an answer.

Rights of the Data Subjects

If personal data is processed by you, you are a data subject in the sense of the GDPR and you are entitled to the rights described below. Please address your request, preferably by e-mail, to the above-mentioned data controller.

Information: You have the right to receive from us at any time free information and confirmation of the personal data stored about you and a copy of this information.

Correction: You have the right to rectification and/or completion if the personal data processed concerning you is inaccurate or incomplete.

Restriction of processing: You have the right to request the restriction of processing if one of the following conditions is met:

  • You dispute the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data.
  • The processing is unlawful, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
  • We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
  • You have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether our legitimate grounds outweigh yours.

Deletion: You have the right to have the personal data concerning you erased without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

  • The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
  • You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data have been processed unlawfully.
  • The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
  • The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Data portability: You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided. In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from us to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

Opposition: You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) lit. f GDPR. We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

Revocation of consent: You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, if you consider that the processing of personal data concerning you infringes the GDPR. The data protection supervisory authority responsible for the operator of this site is:

The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40102 Düsseldorf, Tel.: +49211/38424-0, e-mail: poststelle{at}ldi.nrw.de

Hosting our Services

The schnaq website is hosted on servers of Hetzner Online GmbH in Germany. For further information, please refer to the websites of Hetzner Online GmbH.

Conclusion of a commissioned data processing contract (AV contract)

We have concluded an AV contract with Hetzner Online GmbH, which protects our customers and obliges Hetzner not to pass on the collected data to third parties.