Privacy Policy (German version)

This is the privacy policy and data protection declaration of CSTstudios UG (limited liability), An der Papenburg 76, 44866 Bochum. It applies to all mobile applications and websites offered by CSTstudios UG (limited liability). This agreement was written in German. If there is a legal or linguistic contradiction between a translation and the German version, the German version is deemed to be authoritative. The service provider in accordance with Section 13 of the Telemedia Act (TMG) and the person responsible in accordance with Article 4 No. 7 of the General Data Protection Regulation (EU Regulation 2016/679, "GDPR") is CSTstudios UG, An der Papenburg 76, 44866 Bochum.
Data protection officer:
Stefan Kunter, CSTstudios UG (limited liability), An der Papenburg 76, 44866 Bochum, info@cststudios.de
Thomas Hilfert, CSTstudios UG (limited liability), An der Papenburg 76, 44866 Bochum, info@cststudios.de

Data protection declaration:

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR, TKG 2003) and this data protection declaration.

Use of our website and app is generally possible without providing personal data. As far as personal data (e.g. name, telephone number or e-mail addresses) is collected, this is always done, as far as possible, on a voluntary basis. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission over the Internet (e.g. when communicating via email) can have security gaps.

Contactform

If you contact us using the form on the website or by email, the data you provide will be stored by us for up to six months to process your request and in case of follow-up questions. We do not pass on this data. Stored data is: your name, your email address and the message text that you voluntarily sent to us. Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

Feedbackform

If you use our feedback form on the website, the data you provide will be stored by us for up to six months to process the request and in case of follow-up questions. We do not pass on this data. Stored data is: your name, your e-mail address and the message text and, if applicable, answered questions on the form that you voluntarily sent to us. Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration. In this context, the data will not be passed on to third parties. The data is used exclusively for processing to improve our services.

Cookies

Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm.
We use cookies to make our offering user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognize your browser the next time you visit.
If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases.
If cookies are deactivated, the functionality of our website may be restricted. The following data is stored and transmitted in the cookies: (1) Login information
When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, a reference is also made to this data protection declaration.

Server-Log-Files

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's Internet service provider
(4) Two bytes of the IP address of the user's calling system
(5) Date and time of access
(6) Websites from which the user's system accesses our website
(7) Websites that are accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Data protection declaration for the use of Facebook plugins (Like button)

Plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/ .

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to assign your visit to our pages to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at http://de-de.facebook.com/policy.php.

If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account.

Data protection declaration for the use of Twitter

Functions of the Twitter service are integrated on our sites. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. This data is also transmitted to Twitter. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information can be found in Twitter's privacy policy at http://twitter.com/privacy.

Your data protection settings On Twitter you can change the account settings at http://twitter.com/account/settings.

Additionally when using our mobile app HaveWish

Push notifications

We use FireBase (Google Cloud Services) to automatically deliver push notifications. If you no longer want notifications, you can deactivate or restrict them at any time in your operating system or in the app. You can find the privacy policy of Google Cloud Services at: https://cloud.google.com/terms View /cloud-privacy-notice.

Your rights

Right to information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us. If such processing occurs, you can request information from the person responsible about the following information:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

Right to rectification

You have the right to request correction and/or completion from the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing in accordance with Article 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons. If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

Right to deletion

a) Obligation to delete
You may request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing.
(3) You object to the processing in accordance with Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 Paragraph 2 of the GDPR.
(4) The personal data concerning you were processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 Para. 1 GDPR, he will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to ensure that the person responsible for data processing to inform those processing the personal data that you, as the data subject, have requested them to delete all links to that personal data or copies or replications of that personal data.

c) Exceptions
There is no right to deletion if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller was;
(3) for reasons of public interest in the area of ​​public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;
(4) for archiving purposes in the public interest or for statistical purposes in accordance with Article 89 Para. 1 GDPR, insofar as the law mentioned under section a) is likely to make the achievement of the objectives of this processing impossible or seriously impaired, or
(5) to assert, exercise or defend legal claims.

Right to information

If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless: this turns out to be impossible or involves disproportionate effort. You have the right to be informed about these recipients by the person responsible.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided
(1) the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and br /> (2) the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes. In connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications.

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or fulfillment of a contract between you and the person responsible,
(2) is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or
(3) takes place with your express consent.

However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letters a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests . With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express one's own point of view and heard to challenge the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR. The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

You can reach us using the following contact details: CSTstudios UG (haftungsbeschränkt), An der Papenburg 76, 44866 Bochum, info@cststudios.de

Limitation of liability

The contents of this website are created with utmost care. However, the provider assumes no liability for the accuracy, completeness and topicality of the content provided. The use of the contents of the website is at the user's own risk. Contributions marked by name reflect the opinion of the respective author and not always the opinion of the provider. The mere use of the provider's website does not create any contractual relationship between the user and the provider. External links This website contains links to third party websites (“external links”). These websites are the responsibility of the respective operators. When the external links were first linked, the provider checked the external content to see whether there were any legal violations. At the time, no legal violations were apparent. The provider has no influence on the current and future design or content of the linked pages. Setting external links does not mean that the provider adopts the content behind the reference or link as its own. It is unreasonable for the provider to constantly monitor external links without concrete evidence of legal violations. However, if we become aware of legal violations, such external links will be deleted immediately. Copyright and ancillary copyrights The content published on this website is subject to German copyright and ancillary copyright law. Any use not permitted by German copyright and ancillary copyright law requires the prior written consent of the provider or respective rights holder. This applies in particular to the reproduction, editing, translation, storage, processing or reproduction of content in databases or other electronic media and systems. Contents and rights of third parties are marked as such. The unauthorized reproduction or distribution of individual content or entire pages is not permitted and is punishable by law. Only the production of copies and downloads for personal, private and non-commercial use is permitted. The display of this website in external frames is only permitted with written permission. Special Terms of Use If special conditions for individual uses of this website deviate from the aforementioned paragraphs, this will be expressly pointed out at the appropriate point. In this case, the special terms of use apply in each individual case.

Copyright

The content and works on these pages created by the site operators are subject to German copyright law. Reproduction, processing, distribution and any kind of exploitation outside the limits of copyright law require the written consent of the respective author or creator. Downloads and copies of this page are only permitted for private, non-commercial use. If the content on this site was not created by the operator, the copyrights of third parties are respected. In particular contents of third parties are marked as such. Should you nevertheless become aware of a copyright infringement, we ask that you notify us accordingly. If we become aware of any legal violations, we will immediately remove such content.

Rights and obligations

By using or accessing the above services, you agree to the following terms and conditions.

The privacy of our users is very important to us. You can find out more under Security.

You confirm that you own the rights to photos, videos and texts or, if they are owned by third parties, have obtained permission to publish and use them in accordance with our guidelines on our services.
For content you use in the above-mentioned services (photos, videos, texts), which are protected by the intellectual property of third parties, you expressly grant us a non-exclusive, transferable, sublicensable, royalty-free, worldwide license to use any content.
This license ends when you delete the content you posted or your account, unless that content has been used or shared by other users within our Services.
If you have not made any special restrictions on the visibility of your content, your content will be visible to third parties anonymously, as far as possible when using our services.
We are always grateful for suggestions, criticism and suggestions for improvement, but decline any obligation to compensate you for them, even if we make improvements or changes to our services as a result.

Security

We try to make the use of our services as safe as possible at all times.
We use appropriate technical and organizational measures to ensure data security, in particular to protect your personal data from dangers during data transfers and against third parties gaining knowledge of it. These are each adapted to the current state of the art. To do this, you agree to the following conditions:

• You will not post unauthorized commercial content.
• You will not query, collect or attempt to obtain information from our Services using automated techniques.
• You will not use our services to distribute illegal, violent, misleading, malicious or discriminatory content.
• You will not take any action that limits, overburdens or disrupts our Services in any way.
• You will not support or encourage any third party efforts that violate any guidelines set forth in this document.
• You will not share your access information to our services at any time or allow anyone to access your account.

When you register with our services, you do not have to provide any personal information such as your name or address. We only use your telephone number, email address or your Facebook login to identify you on our services.
Depending on the registration type, your telephone number, email address or FaceBook ID will be transmitted encrypted when you use our services. Your telephone number, if used, will be encrypted again after registration in our databases (using Salt) saved.

Duration of storage of personal data:

We will store your personal data until you delete your account with us. Contact us at info@cststudios.de

Data usage of the HaveWish app at a glance

Necessary data
• Depending on the registration type: telephone number or email address or FaceBook ID to assign your contacts, wishes, groups and lists
  (You voluntarily disclose this data in order to be able to use HaveWish)
• IP address, browser version, etc. (see Server log files)

You enter this data voluntarily in order to use our services. If you don't want this, don't complete the registration. If you no longer want this, uninstall the HaveWish app from your mobile device and let us know that you want your data to be deleted. You can do this in the app in the side menu under “Help & Info” or by email to info@cststudios.de.

Data after registration, use of the app (always voluntary disclosure of the data on your part)
• A name of your choice (this does not have to be your real name)
• Your date of birth (this is how your friends will be informed about your upcoming birthday)
• A password so that you can also use HaveWish in the browser.
• Profile photo, this can be any picture.
• Contact details from your phone book: We do not store any phone numbers from your phone book.
• Email addresses of your contacts: You can manually add contacts via email. The email address and name you entered will be stored on our server and in the app in your contact list.
• Facebook Contacts: We cannot view your Facebook friends list. Facebook only sends us the FaceBook ID, name, profile photo and email address of your friends who also use the HaveWish app so that they appear in your contact list.
• Wishes: If you save wishes, they will be assigned to your account and stored in the app and on our servers. After deletion, the wishes will be deleted from your account in the app and on our servers. As soon as you save requests, people who have your contact details and also use the app will be informed about this via push message if necessary and will see them in the app under “News”. and your wish in your contact list.
• Lists and groups: You can create lists and groups, these are stored on the device and our servers. As soon as you delete them, they will also be irretrievably removed from our servers.
• Chat messages: All messages that you write about a request within the chat are public and will also be sent to your contact's contacts. (Used to vote on the gift for a group gift)
• Support message to us: The data you provide will be stored for up to 6 months after transmission to us in order to answer and answer questions.

Separate explanation for telephone numbers, email addresses, FacebookID, chat messages and photos

You can enter your telephone number, email address or Facebook account with HaveWish.
Your phone number is never stored in plain text on our servers. Your phone number will be encrypted when you register.

This then looks like this:

For example, 0172/1234567 becomes OcCgN7wugWWnV5uihMAEhu1ei2PoE0gU2pMkOVo15O6MC

We cannot recover your phone number from this encrypted string. When accessing your phone book, we apply the same principle, so that the phone numbers of your contacts are never stored with us in a readable manner.
You also grant access to your contacts voluntarily. In addition, by uploading your contacts you declare that you are authorized to transmit them to us. This is done encrypted. The uploaded phone numbers are not stored on our server. The phone numbers of your contacts are encrypted immediately after uploading and compared with existing HaveWish users using the encrypted hash value. Then, if one of your contacts also uses HaveWish, the user will be saved in your contact list with the name you uploaded from your phone book, but without the phone number in plain text or the hash value. If you do not want this, no contacts from your phone book will be processed and therefore no contacts from your phone book will be displayed.

Linking your email or FaceBook account with HaveWish is also done on a voluntary basis. This means we cannot access your emails or log into your Facebook account.

FaceBook link:

When you use Facebook, you grant us access to your Facebook user number, your email address and your profile picture. (This is also voluntary) If you would like to have your Facebook contacts displayed in the HaveWish app, you can allow this in the app under “Contacts” or “Account”. Facebook will then only send HaveWish the name, Facebook number and profile picture of your contacts who also use the HaveWish app and have linked them via Facebook. (Not your entire friends list)

Chat messages
The messages in the chat are visible to everyone who has your friend in the contact list and who is allowed to see the request. The contact who saved the request cannot view the chat. The chat functionality at HaveWish is a type of public chat.

Photos:
You can choose a profile photo in the HaveWish app. This does not necessarily have to be a photo in which you can be recognized. This photo is used to appear under Contacts and in the details of your contact entry in your friends' app.

We reserve the right to delete photos that you post together with a request immediately after they become known in the event of violations of third-party rights.
You also agree that we may display photos of your wishes on the HaveWish website or elsewhere in the app together with the desired name, price and description.

Protection and rights of third parties

We can and will remove any content you post to HaveWish without notice if it violates the rights of third parties or if we believe it violates our policies.

Mobile devices

Our services are provided to you free of charge, but please note that costs, e.g. from your mobile phone provider, may arise during use.

If you download or use our app, you agree that updates to it can be downloaded.

You will not use any source code from us or create it in a modified form.

After changes are made to our terms and conditions, you automatically agree to them by continuing to use our services.

If you do not agree to these guidelines or do not agree completely, you must have your account deleted with us.

Disputes

You will have any claim you have against us resolved or declared under German law exclusively before a competent court in the district of our registered office.

If a third party makes a claim against us for damages, losses and expenses (including attorneys' fees and legal costs) for your actions in connection with our services, you will hold us harmless for these.

We are not responsible for the content provided by our users.

If one or more of these agreements are partially or completely invalid, regulations according to German law will take their place. The German version of this data protection agreement is legally binding.