Privacy Policy of Mein-MMO

Explanation regarding the protection of individuals against the misuse of personal data on Mein-MMO.de.

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter briefly referred to as “data”) within our online offer and the associated websites, features, and content, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Webedia GmbH
Cuvrystraße 3-4
10997 Berlin
Germany

Commercial register number: HR B 114531
Managing Director: Marc-Andreas Albert
Email: [email protected]

Data Protection Officer

Patrick M. Knittel
Email: [email protected]

Type of processed data

• Inventory data (e.g., names, addresses, age for youth protection)
• Contact data (e.g., email, phone numbers)
• Content data (e.g., text inputs, photographs, videos)
• Contract data (e.g., subject matter of the contract, duration, customer category)
• Payment data (e.g., bank details, payment history).
• Usage data (e.g., visited websites, interest in content, access times)
• Meta/communication data (e.g., device information, IP addresses)

Processing of special categories of data (Art. 9 para. 1 GDPR)

• No special categories of data are generally processed unless they are provided by users for the processing, e.g., entered in online forms.

Categories of individuals affected by processing

• Customers / Interested parties / Suppliers.
• Visitors and users of the online offer.

Hereinafter, we will collectively refer to the affected individuals as “users”.

Purpose of processing

• Availability of the online offer, its content, and features.
• Provision of contractual services, customer service, and support.
• Response to contact inquiries and communication with users.
• Marketing, advertising, and market research.
• Security measures.

As of: 02/04/2025

1. Applicable legal bases

1. In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6 para. 1 lit. a and Article 7 GDPR, the legal basis for processing to fulfill our services and perform contractual measures, as well as to respond to inquiries is Article 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Article 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6 para. 1 lit. f GDPR. In the event that vital interests of the affected person or another natural person require the processing of personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis.

2. Changes and updates to the privacy policy

1. We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as the changes in the data processing we perform make this necessary.

3. Security measures

1. We implement appropriate technical and organizational measures to ensure an adequate level of protection, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; the measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, entry, transfer, ensuring availability, and separation of data. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data, and response to data breaches. Moreover, we consider data protection already when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 GDPR).
2. Among the security measures is, in particular, the encrypted transmission of data between your browser and our server.

4. Cooperation with processors and third parties

1. If we disclose data to other persons and companies (processors or third parties) in the context of our processing, transfer data to them, or grant them access to the data, this only occurs based on a statutory allowance (e.g., if the transfer of data to third parties, such as payment service providers, is required for the fulfillment of a contract under Article 6 para. 1 lit. b GDPR), you have given your consent, a legal obligation provides for this, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).
2. If we commission third parties to process data based on a so-called “data processing agreement”, this is done on the basis of Article 28 GDPR.

5. Transfers to third countries

1. If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this occurs as part of the use of services from third parties or disclosure or transfer of data to third parties, this only occurs if it is necessary for the fulfillment of our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual allowances, we only process or permit the data in a third country if the special conditions of Articles 44 et seq. GDPR are fulfilled. That is, the processing occurs, for example, observing officially recognized special contractual obligations (so-called “Standard Contractual Clauses”).

6. Rights of affected individuals

1. You have the right to request confirmation whether your data is being processed, and if this is the case, to request information about this data as well as further information and a copy of the data in accordance with Article 15 GDPR.
2. You have the right pursuant to Article 16 GDPR to request the completion of your data concerning you or the correction of inaccurate data concerning you.
3. You have the right in accordance with Article 17 GDPR to request that the data concerning you be deleted immediately, or alternatively, in accordance with Article 18 GDPR, to request the restriction of processing of the data.
4. You have the right to request that the data concerning you, which you have provided to us, be received in accordance with Article 20 GDPR and to demand its transfer to other controllers.
5. Furthermore, you have the right under Article 77 GDPR to file a complaint with the competent supervisory authority.

7. Right of withdrawal

1. You have the right to withdraw your consents granted in accordance with Article 7 para. 3 GDPR with effect for the future.

8. Right to object

1. You may object to the future processing of the data concerning you at any time in accordance with Article 21 GDPR. The objection may particularly be against the processing for purposes of direct marketing.

9. Cookies and right to object to direct marketing – general introduction to the topic of cookies

1. We use temporary and permanent functional cookies, i.e., small files that are stored on the users’ devices (explanation of the term and function, see the last section of this privacy policy, see 19ff). Some cookies serve security purposes or are necessary for the operation of our online offer (e.g., for displaying the website) or to save the user’s decision when confirming the cookie banner.
2. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, which users are informed about throughout the privacy policy.
3. You can adjust the settings at any time here.

10. Deletion of data

1. The data processed by us will be deleted or restricted in processing in accordance with Articles 17 and 18 GDPR. Unless otherwise expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and there are no statutory retention obligations to the contrary. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
2. According to legal requirements, the retention period is particularly 6 years in accordance with Section 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, booking vouchers, etc.) as well as 10 years in accordance with Section 147 para. 1 AO (books, records, management reports, booking vouchers, commercial and business letters, tax-relevant documents, etc.).

11. Provision of contractual services (including in the case of logins for free community areas and/or paid orders for subscriptions or other products and services)

1. We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services utilized, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 para. 1 lit b. GDPR. The entries in online forms marked as mandatory are necessary for concluding the contract.
2. A user can optionally create a free user account. This gives them access to additional features such as creating comments, reader reviews, etc. This user account is not public, but its profile page is. The latter can also be indexed by search engines. The user has the option to delete this user account. In this process, all content created by this user account will be deleted. We also have the option to delete the user account along with its contents.
3. During registration and repeated logins as well as when using our online services, we store the IP address and the time of each user action. This storage is based on our legitimate interests, as well as the user’s protection against misuse and otherwise unauthorized use. Disclosure of this data to third parties does not generally occur unless it is necessary to pursue our claims or there is a statutory obligation under Article 6 para. 1 lit. c GDPR.
4. In the course of your order with us, we collect, process, and use the personal data we need to process your order. This includes in particular your delivery and billing address as well as your payment details, i.e., bank or credit card details. In addition, we may occasionally check your creditworthiness. Your data will be stored with us and used exclusively for processing your order. To process the order, we may also pass your data to companies tasked with payment processing and delivery of the goods. These companies may only use your data for the purpose of fulfilling the contract between you and us. Any further use, in particular for advertising purposes, does not take place. The payment services of third parties are subject to the terms and conditions and privacy notices of the respective third-party providers (e.g., PayPal or Sofortüberweisung), which are available on the respective websites.
5. We process usage data (e.g., the websites visited within our online offer, interest in our products) and content data (e.g., inputs in the contact form or user profile) for advertising purposes in a user profile, to display product hints to users based on their previously utilized services.
6. We process aggregated and pseudonymized usage data (e.g., regarding visited content) in order to offer rankings, view counters, comment counts, etc.
7. Deletion occurs after expiration of statutory warranty and comparable obligations, the necessity of storing the data is checked every three years; in the case of statutory archiving obligations, deletion occurs after their expiration (end of commercial (6 years) and tax (10 years) retention obligation); entries in the customer account remain until it is deleted.
8. If you enter your email address on our website (to register, subscribe to a newsletter, or similar), we may share personal data or other information we collect from you, such as your email address (in hashed, pseudonymized form), your IP address, or information about your browser or operating system with our partner LiveRamp, Inc. and its corporate affiliates. The privacy policy of LiveRamp and the option to object can be found here: “LiveRamp Privacy Policy”. LiveRamp uses this information to create an online identification code that allows you to be recognized on the devices you use. The code does not contain any directly identifying personal information about you and is not used by LiveRamp to re-identify you directly. We place the code in our cookie or use a LiveRamp cookie and allow it to be used for online and cross-platform advertising. It can be shared with our advertising partners and other advertising third parties worldwide to enable interest-based content or targeted advertising in your entire online experience (e.g., web, email, connected devices, apps, etc.). These third parties may use the code to link demographic or interest-based information you provided during interactions with them. You have the right to decide regarding our use of LiveRamp cookies and our sharing of this data with LiveRamp for the above purposes.
   

12. Contact and contact management

1. When you contact us (via contact form, phone, or email), the details of the user will be processed to address the contact request and its implementation in accordance with Article 6 para. 1 lit. b) GDPR. We reserve the right to contact the user in their preferred way.
2. Personal data for contract processing of individual sales and subscriptions will be stored in our Customer Relationship Management System (“CRM System”) and similar supporting systems.
   
   
   1. We use the CRM system CCB by DSB based on our legitimate interests (efficient and rapid processing of user inquiries, subscription management, subscription billing, processing of individual magazine orders), which is operated on our behalf by the provider Zenit Pressevertrieb GmbH, Julius-Hölder-Str. 47, 70597 Stuttgart).
   2. Contact forms and support requests: You have the option to contact us through the online forms provided on our website. The personal data transmitted in this context (e.g., name, address, bank details, email address) will be used exclusively in connection with the processing of your contact and stored at Zendesk, Inc., 989 Market St, San Francisco, CA 94103. Zendesk stores your data according to the standard contractual clauses of the European Commission and the privacy policy of Zendesk https://www.zendesk.de/company/agreements-and-terms/privacy-notice/ on servers in the European Economic Area (EEA)
3. We delete inquiries as soon as they are no longer necessary. We review the necessity every two years; inquiries from customers who have a customer account are stored permanently and refer to the deletion records for the customer account. In the case of statutory retention obligations, deletion occurs after their expiration (end of commercial (6 years) and tax (10 years) retention obligation).

13. Comments and Contributions

1. When users leave comments or other contributions in the forum, register, or newly register, their IP addresses are stored based on our legitimate interests in accordance with Article 6 para. 1 lit. f. GDPR for 365 days.
2. This happens for our security in case someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be held liable for the comment or contribution, and therefore we are interested in the identity of the author.

14. Retrieval of profile pictures from Gravatar

1. We utilize the Gravatar service, operated by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA within our online offer and specifically in the blog.
2. Gravatar is a service where users can register and store profile pictures and their email addresses. When users leave contributions or comments using the respective email address on other online presences (mainly in blogs), their profile pictures can be displayed next to the contributions or comments. To do this, the email address provided by the users is transmitted to Gravatar encrypted, for verification if a profile is stored for it. This is the only purpose of the transmission of the email address and it is not used for other purposes but is deleted afterwards.
3. The use of Gravatar takes place on the basis of our legitimate interests in accordance with Article 6 para. 1 lit. f) GDPR, as it allows us to provide authors of contributions and comments the opportunity to personalize their contributions with a profile picture.
4. By displaying the images, Gravatar learns the IP address of the users, as this is necessary for a communication between a browser and an online service. Further information on the collection and use of data by Gravatar can be found in the privacy notices of Automattic: https://automattic.com/privacy/.
5. If users do not want a user picture associated with their email address to appear in comments, they should use an email address that is not registered with Gravatar for commenting. We also point out that it is also possible to use an anonymous or even no email address if users do not wish for their email address to be sent to Gravatar. Users can completely prevent data transmission by not using our commenting system.

15. Provision of the online offer and web hosting

1. Collection of access data and log files: We collect, based on our legitimate interests in accordance with Article 6 para. 1 lit. f. GDPR, data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved website, file, date and time of retrieval, transmitted data amount, notification of successful retrieval, browser type along with version, the operating system of the user, referrer URL (the previously visited page), IP address and the requesting provider.
2. Deletion of data: Logfile information is stored for security reasons (e.g., to clarify misuse or fraud) for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes is exempt from deletion until the respective incident has been completely clarified.
3. Email dispatch and hosting: The web hosting services we utilize also include the sending, receiving, and storage of emails via Sendgrid, Sendgrid Inc., 1801 California Street, Suite 500 Denver, Colorado 80202, USA. For these purposes, the addresses of recipients as well as senders, as well as other information regarding email sending (e.g., the involved providers) and the contents of the respective emails are processed. The above-mentioned data may also be processed for spam detection purposes. Please note that emails are generally not sent encrypted over the internet. In principle, emails are encrypted during transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the emails between the sender and the reception on our server; Legal bases: Legitimate interests (Article 6 para. 1 sentence 1 lit. f) GDPR). You can view the privacy policy of the shipping service provider here: https://sendgrid.com/policies/tos/
4. Cloudflare: Content-Delivery-Network (CDN) – service that allows content of an online offer, in particular large media files, such as graphics or program scripts to be delivered more quickly and securely using regionally distributed and Internet-connected servers; service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; legal bases: legitimate interests (Article 6 para. 1 sentence 1 lit. f) GDPR); website: https://www.cloudflare.com; privacy policy: https://www.cloudflare.com/privacypolicy/; data processing agreement: https://www.cloudflare.com/cloudflare-customer-dpa; basis of third country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.cloudflare.com/cloudflare-customer-scc).
5. Cloudflare Turnstile: CAPTCHA service used to verify whether the data entered within our online offer (e.g., on a login page or a contact form) has been entered by a human or an automated program. To this end, the service analyzes the behavior of users of our online offer based on various features. This analysis begins automatically as soon as a user utilizes our online offer. For the analysis, various information is evaluated (IP address, duration of the visitor’s stay on the website or app or mouse movements of the user, as well as technical information about the user’s device and browser); service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; legal basis: legitimate interests (Article 6 para. 1 sentence 1 lit. f) GDPR); website: https://www.cloudflare.com/lp/turnstile/; privacy policy: https://www.cloudflare.com/privacypolicy/; data processing agreement: https://www.cloudflare.com/cloudflare-customer-dpa; basis of third country transfers: EU-US Data Privacy Framework (DPF).

16. Online presences in social media

1. We maintain online presences within social networks and platforms to communicate with customers, interested parties and users active there and to inform them about our services.
2. We would like to point out that user data may also be processed outside the territory of the European Union. This may pose risks for users because, for example, the enforcement of users’ rights may be made more difficult.
   Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles may be created from user behavior and resulting interests. The user profiles can then be used to display advertisements within and outside the platforms that presumably correspond to the users’ interests. For these purposes, cookies are typically stored on users’ computers that store user behavior and interests. Furthermore, user profiles may also store data independently of the devices used by users (especially if users are members of the respective platforms and are logged in to them).
3. The processing of personal data of users takes place on the basis of our legitimate interests in effective information of users and communication with users pursuant to Article 6 para. 1 lit. f. GDPR. In the event that users are asked by the respective providers for consent to data processing (i.e., their consent is expressed, for example by checking a checkbox or confirming a button), the legal basis for processing is Article 6 para. 1 lit. a, Article 7 GDPR.
   For a detailed presentation of the specific processes and opt-out options, we refer to the respective information linked below from the providers.
4. Also in the case of inquiries for information and the assertion of user rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of users and can directly take appropriate measures and provide information. However, if you still need assistance, you can contact us.
   
   1. Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads.
   2. Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated
   3. Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.
   4. Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/ Opt-Out: https://about.pinterest.com/de/privacy-policy.