including Article 13 - EU-GDPR - Duty to provide information when collecting personal data from data subject
Following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Legal basis for this privacy policy is based on Federal Data Protection Act and EU General Data Protection Regulation. For detailed information on data protection, please refer to our privacy policy listed below this text.
Data processing on this website is carried out by website operator. You can find their contact details here or in "Notice about responsible party" section of this privacy statement.
You have right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have right to request restriction of processing of your personal data under certain circumstances. Furthermore, you have right to lodge a complaint with competent supervisory authority.
You can contact us at any time about this and other questions on subject of data protection.
Operators of these pages take protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We point out that data transmission on Internet (for example, when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
In accordance with Art. 13 GDPR, we would like to inform you herewith.
123.chat GmbH
Alt-Mariendorf 56c
12107 Berlin
Commercial register: HRB 147102 B
Register court: Amtsgericht Berlin
VAT.-ID: DE 286868836
Representative: Patrick Bütow
Phone: +49 (0) 30 21 91 80 08
E-Mail: mail@123.chat
Controller is natural or legal person who alone or jointly with others determines the purposes and means of processing of personal data (e.g. names, e-mail addresses or similar).
In following, we would like to give you an excerpt of data processing in which personal data are processed.
Calling up website 123.chat
A part of data is collected automatically or after your consent when you visit website by our IT systems. Data is used to provide our online offer and user-friendliness.
▶ What is collected?
This is primarily technical data (e.g. Internet browser used, operating system or time of page view).
▶ Legal basis
Art. 6 para. 1 lit. b and f in conjunction with Art. 32 GDPR
Secure operation of website and operation of services of 123.chat
▶ Example:
A concrete example here would be denial of service attacks or abuse attempts. After 14 days, this data will be automatically deleted.
By active action by you
A) Registration
Your data is also collected through registration process. In this process, you as a customer are informed of your rights by notice of current data protection information. For provision of contractual services, for billing these services, for customer communication and for our organizational procedures, we provide a registration of a customer account.
▶ What is collected?
Only data required for performance of services, for billing and for office and organizational procedures, such as name, email address and a password, are collected. Consent to privacy policy is also documented.
▶ Legal basis
Art 6 para 1 lit. a b c and f GDPR
Through the registration process, you can consent to processing of your personal data in accordance with Art 6 para 1 lit a. Should there be a contract between you and us, legal basis for data processing is Art 6 para 1 lit b. In order to process your e-mail address in event of a purchase via our website, we are also required by law in German Civil Code (BGB) to send an electronic order confirmation. Thus, Art. 6 para. 1 lit. c GDPR is applicable. Furthermore, Art. 6 (1) lit. f in conjunction with Art. 32 GDPR is to be applied as a legal basis, for example when using first-party cookies / legitimate interest to ensure security of processing.
▶ Example:
After logging into your individual registration area, a first-party cookie ('PHP_SESSION') is also used to determine your authentication for using 123.chat's services. Otherwise, you would have to log in again for each action on our website. Currently, this cookie is stored for seven days. Thus, this data is used to ensure error-free provision of website as well as to guarantee secure operation of website and services of 123.chat in accordance with Art. 32 GDPR.
B) Contact form / email processing
Further, through pre-contractual communication, e.g. through contact form or use of e-mail services, personal data may be transmitted for contact requests and communication.
▶ What is collected?
Your email address, your name
▶ Legal basis
Art 6 para 1 lit. a and b and f GDPR
Communication with you is based on your action to have informed us of your email address in registration process or to actively contact us via website. Here it is not excluded that pre-contractual topics are exchanged and thus Art 6 para 1 lit. b is applicable. Our legitimate interest with our customers electronic communication to offer our services and benefits is also affected.
▶ Example: you click on our email address in web browser and have a question for us. In process, your e-mail address, metadata and content of message are transmitted to us.
C) Website language
When you change website language, your selection is stored on your computer in form of a text file (cookie).
▶ What is collected?
A text file (first-party cookie 'language') is created that stores your selected setting. Currently, language setting is stored for 1 year.
▶ Legal basis
Art. 6 para. 1 lit. b and f GDPR
Pre-contractual explanations of our services as well as our legitimate interest in an individual language design of offer.
▶ Example: you use our language icon on website and switch the language to "English".
Third-party cookies that are used for reach analysis - i.e. Google™ Analytics, for example - are not used on 123.chat - as they are not necessary for operation and services.
We only transmit personal data to third parties if this is necessary within framework of contract processing, for example to credit institution commissioned with payment processing. Within organization of 123.chat, your data will be transmitted for administrative purposes based on our legitimate corporate and business interests or fulfillment of our contract-related obligations or by consent of data subjects or by legal permission.
A further transmission of data does not take place or only if you have expressly consented to transmission. A transfer of your data to third parties without explicit consent, for example for advertising purposes, will not take place.
Basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits processing of data for performance of a contract or pre-contractual measures.
Unless a more specific storage period has been mentioned within this privacy policy, your personal data will remain with us until purpose for processing data no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons cease to apply.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. Lawfulness of data processing carried out until revocation remains unaffected by revocation.
Right of objection to data collection in special cases and to direct marketing (Art. 21 GDPR)
YOU HAVE THE RIGHT, FOR REASONS ARISING OUT OF YOUR PARTICULAR SITUATION, TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU, WHICH IS PROVIDED FOR BY ART. 6 ABS. 1 LIT. E OR F GDPR; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. IF THE PERSONAL DATA CONCERNING YOU ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING.
Information, deletion and rectification
You have, within the framework of the applicable legal provisions at any time the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if necessary, a right to correct or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to any other administrative or judicial remedy.
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, in compliance with the law, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Currently we use TLS version 1.2/1.3.
We collect, process and use personal data only to the extent necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
We incorporate third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contract and data protection provisions of the respective providers apply. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents can be revoked at any time for the future.
The data processed by the payment services include the payment data mentioned above. The information is necessary to carry out the transactions. However, the entered customer data is only processed by the payment service providers and stored by them. Furthermore, we cannot exclude that data of the payment service provider is transmitted to credit agencies. This transmission is intended, for example, to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy notices of the respective payment service providers.
Following payment services / payment service providers we use within the framework of this website:
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as "Stripe").
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.
You can read details about this in Stripe's privacy policy at the following link: https://stripe.com/de/privacy.
If, after the conclusion of a fee-based contract, there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization), this data is required for the processing of payments.
The payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock icon in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
Asset Processing Agreement (AVV)
For business use of the https://123.chat application, please sign the Contract Processing Agreement (AVV / PDF Download) and send it by e-mail to support@123.chat or by fax to: +49 (0)30 / 21 91 80 22. Subsequently, you will receive back a version countersigned by us.
Jitsi Meeti / Web RTC
For the transmission of video and audio signals during the video conference, the open source software Jitsi Meet is used. Based on WebRTC, data or media streams are transmitted encrypted via Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). However, WebRTC does not yet offer the option of end-to-end encryption for video conferences with several people. This means: On the transport path or in the network, the video conference is encrypted, but on the video conference server hosting Jitsi Meet, the entire data traffic is decrypted and can thus be viewed by the operator. We, 123.chat GmbH, as operator of the offer https://123.chat, do not store or log any information about you or the content of the video conference. We therefore act here in accordance with Art. 5 GDPR (data minimization).
Text-based chat in the video conference (log files)
Personal data may be stored in the log files of Jitsi Meet, which acts as a video bridge. In this case, this could concern your IP address obtained from your provider. We use the loggin standard "Warning". This has the consequence that your IP address is not stored. We thus act here in accordance with Art. 5 GDPR (data minimization).
Own STUN / TURN server
The STUN protocol detects clients that are located, for example, behind a router or firewall and have a NAT address. Using the STUN server, NAT clients can learn their public IP address and are then able to establish a direct communication link between (two) participants. Our Jitsi instance uses a STUN / TURN server operated by us. Through this organizational and technical measure, we act in accordance with Art. 5 GDPR ("Integrity and Confidentiality").
We use social media ("social media") for customer communication and for the presentation of information. In this context, it is possible that personal data will be processed outside the area of the European Union. More detailed information on the forms of processing and the options to object (opt-out) can be found on the privacy statements and information provided by the operators of the respective networks.
Service Provider Facebook
Address: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Main Company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
Website: https://www.facebook.com
Privacy policy: https://www.facebook.com/about/privacy
Opt-out: https://www.facebook.com/settings?tab=ads
Service Provider LinkedIn
Address: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website: https://www.linkedin.com
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Service provider Xing
Address: XING AG, Dammtorstraße 29-32, 20354 Hamburg
Website: https://www.xing.de
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Option to object via contact form: https://www.xing.com/app/help?op=start;tab=contact
Service provider Youtube
Address: Google , Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://www.youtube.com/?gl=DE
Privacy Policy: https://policies.google.com/privacy?hl=de
Opt-out by email: support-deutschland@google.com
Service provider Shopify
Address: Shopify International Limited Attn: Data Protection Officer c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
Website: https://www.shopify.de
Privacy Policy: https://www.shopify.de/legal/datenschutz
Opt-out by email: privacy@shopify.com
Service provider Shopware
Address: shopware AG, Ebbinghoff 10, 48624 Schöppingen
Website: https://www.shopware.com/de
Privacy policy: https://www.shopware.com/de/datenschutz/
Option to object by e-mail: info@shopware.com
