Politique de confidentialité
The protection of your personal data is of particular importance to us. With the following data protection declaration, we try to explain our data protection regulations to you in an understandable way and, above all, to inform you about your rights as a data subject.
I. Controller pursuant to Art. 4 No. 7 GDPR
For the processing of personal data within the meaning of the European General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws and provisions, the
2Spicy Entertainment GmbH
Borsigstraße 15,
65205 Wiesbaden,
Germany
Phone: +49 0619 0808 9370
E-Mail: [email protected]
II. Definitions
The definitions in Art. 4 of the GDPR are used as a basis for the following terms: “data processing”, “processing”, “processing of data”.
III. Data processing in general
1. Scope of data processing
Personal data is processed only to enable the provision of a functional website, the presentation of content and the provision of our services. As a rule, data processing only takes place after the user's consent has been obtained. No consent is obtained if this is not possible for factual reasons and/or the processing of the data is permitted by legal regulations and is therefore lawful without the prior consent of the user concerned or if the data processing is justified by our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
2. Relevant legal bases for the processing of personal data
Unless otherwise stated, the following are the relevant legal bases for the processing of personal data:
Consent, Art. 6 para. 1 sentence 1 lit. a GDPR,
if we have obtained the consent of the affected user, Art. 6 para. sentence 1 lit. a GDPR is the legal basis for the processing of his personal data,
Performance of a contract and steps prior to entering into a contract, Art. 6 (1) 1 lit. b GDPR,
if the personal data of the data subject need to be processed for steps prior to entering into a contract with the data subject or for the performance of a contract with the data subject, Art. 6 (1) 1 lit. b GDPR is the legal basis for the data processing,
fulfilment of legal obligations, Art. 6 para. 1 sentence 1 lit. c DSGVO,
if the processing of the data is necessary to fulfil legal obligations to which we are subject, Art. 6 lit. c DSGVO is the legal basis,
legitimate interest, Art. 6 para. 1 sentence 1 lit. f DSGVO,
processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis for data processing.
Disclosure of personal data to third parties
In order to offer our services and to constantly improve them, personal data is also transmitted to other companies and, if necessary, disclosed to them. These include companies commissioned with IT tasks, which are responsible, for example, for hosting the website, or payment institutions that handle the payment process. We also use other services and products from other companies, for example to ensure that no fraudulent registrations occur. In any case, we comply with the legal requirements and conclude data processing agreements with the relevant companies in accordance with Art. 28 GDPR. Insofar as joint responsibility exists, we will ensure that the third-party company complies with the requirements of data protection law by means of so-called joint controller agreements in accordance with Art. 26 GDPR.
Data processing in third countries
When using the companies mentioned under 5.1., personal data may be transferred to and processed in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)). In such a case, this will only be done in accordance with the legal requirements.
We only allow personal data to be processed in third countries with a recognized level of data protection. These are only third countries that belong to US processors certified under the “Privacy Shield” or that process data on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
5. Data erasure and storage duration
Personal data will be deleted as soon as the purpose of storage no longer applies. Beyond that, data may be stored if we are legally obliged to do so. Data will also be deleted or blocked if a legal storage period applies. This does not apply if the storage of the data is necessary for the conclusion and/or fulfillment of a contract with the data subject.
IV. Special features of this website
1. SSL / TLS encryption
Our site uses SSL encryption for security reasons, especially when transmitting confidential content, such as orders or requests that you send to us as the site operator. You can recognize SSL encryption by the fact that “https://” appears at the beginning of the address line of your browser and a lock symbol also appears in the browser line. With SSL encryption, third parties cannot read the data transmission.
2. Server log files
Our website is hosted by Amazon LCC.
When you visit our website, our system automatically collects information from the computer system of the calling computer. The following data is collected:
We only store anonymized IP addresses of visitors to the website.
At the web server level, this is done by storing an IP address 123.123.123.XXX in the log file by default instead of the actual IP address of the visitor, e.g. 123.123.123.123, where XXX is a random value between 1 and 254. It is no longer possible to establish a personal reference.
The system needs to store the IP address temporarily to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
Backups are kept in encrypted form for 14 days.
The legal basis for this temporary storage of data and log files is Art. 6 (1) (f) GDPR.
3. Cookies
Cookies must be used to display and use our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. As soon as a user accesses our site, a cookie may be stored on that user's operating system. This cookie contains an individual character string that enables the unique identification of the user's browser when the website is accessed again.
We do not currently use cookies on our website.
4. Contact options
You can contact us using the email address and telephone number provided in the imprint.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 lit. f DSGVO. If the e-mail is aimed at concluding a contract with us, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b DSGVO.
The processing of the data that you provide to us by contacting us via email is used solely to record your request and to contact you.
The data that is transmitted to us via the input mask of the contact form, as well as by contacting us by email, will be deleted after the purpose of its processing has been achieved. This is the case when the conversation between the data subject and us has finally ended. The conversation has ended when it is clear from the circumstances that the facts have been finally clarified.
In the event of contact by e-mail, the user concerned can object to the storage of his personal data at any time. In such a case, however, we will not be able to conduct a conversation with the user concerned.
The revocation can be made in writing, e.g. by email, but also verbally or by telephone.
All personal data stored in the course of establishing contact will be irrevocably deleted in this case.
5. services, service providers and plugins used
Google Fonts: We integrate the fonts (referred to as “Google Fonts” in this privacy policy) of the provider Google, whereby the data of the users are used solely for the purpose of displaying the fonts in the user's browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform display and taking into account possible license restrictions for their integration.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, website: https://fonts.google.com/
Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
V. Your rights
1. Right of access
You have the right to know whether personal data concerning you is being processed. If this is the case, you have the right to request information about the personal data and the origin and recipients of the data.
2. Right to rectification
You have the right to request that we, as the data controller, rectify and/or complete the personal data processed by us that concerns you if it is incorrect or incomplete. We must carry out the correction without undue delay upon request.
3. Right to erasure (“right to be forgotten”)
You have the right to request that we delete the personal data concerning you without undue delay and we are obliged to delete this data without undue delay if one of the following reasons applies:
If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary
4. Right to restriction of processing
You have the right to request that we, as the data controller, restrict the processing of your personal data if one of the following conditions applies:– You have disputed the accuracy of your personal data. For the period during which it is possible for us to verify the accuracy of the personal data concerned, the processing of your personal data will be restricted.– The processing of the personal data is unlawful and you as the data subject oppose the erasure of the personal data and request the restriction of its use instead. – We, as the controller of the personal data, no longer need the personal data for the purposes of the processing, but you, as the data subject, require it for the establishment, exercise or defense of legal claims. – You, as the data subject, have objected to processing pursuant to Article 21(1) of the GDPR. The processing of personal data will be restricted until it is determined whether the legitimate grounds of the controller override those of the data subject.
5. Right to information
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f); this also applies to profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) with your explicit consent.
However, these decisions must not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and appropriate measures to safeguard the rights and freedoms and your legitimate interests have been taken.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
I. Controller pursuant to Art. 4 No. 7 GDPR
For the processing of personal data within the meaning of the European General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws and provisions, the
2Spicy Entertainment GmbH
Borsigstraße 15,
65205 Wiesbaden,
Germany
Phone: +49 0619 0808 9370
E-Mail: [email protected]
II. Definitions
The definitions in Art. 4 of the GDPR are used as a basis for the following terms: “data processing”, “processing”, “processing of data”.
III. Data processing in general
1. Scope of data processing
Personal data is processed only to enable the provision of a functional website, the presentation of content and the provision of our services. As a rule, data processing only takes place after the user's consent has been obtained. No consent is obtained if this is not possible for factual reasons and/or the processing of the data is permitted by legal regulations and is therefore lawful without the prior consent of the user concerned or if the data processing is justified by our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
2. Relevant legal bases for the processing of personal data
Unless otherwise stated, the following are the relevant legal bases for the processing of personal data:
Consent, Art. 6 para. 1 sentence 1 lit. a GDPR,
if we have obtained the consent of the affected user, Art. 6 para. sentence 1 lit. a GDPR is the legal basis for the processing of his personal data,
Performance of a contract and steps prior to entering into a contract, Art. 6 (1) 1 lit. b GDPR,
if the personal data of the data subject need to be processed for steps prior to entering into a contract with the data subject or for the performance of a contract with the data subject, Art. 6 (1) 1 lit. b GDPR is the legal basis for the data processing,
fulfilment of legal obligations, Art. 6 para. 1 sentence 1 lit. c DSGVO,
if the processing of the data is necessary to fulfil legal obligations to which we are subject, Art. 6 lit. c DSGVO is the legal basis,
legitimate interest, Art. 6 para. 1 sentence 1 lit. f DSGVO,
processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis for data processing.
Disclosure of personal data to third parties
In order to offer our services and to constantly improve them, personal data is also transmitted to other companies and, if necessary, disclosed to them. These include companies commissioned with IT tasks, which are responsible, for example, for hosting the website, or payment institutions that handle the payment process. We also use other services and products from other companies, for example to ensure that no fraudulent registrations occur. In any case, we comply with the legal requirements and conclude data processing agreements with the relevant companies in accordance with Art. 28 GDPR. Insofar as joint responsibility exists, we will ensure that the third-party company complies with the requirements of data protection law by means of so-called joint controller agreements in accordance with Art. 26 GDPR.
Data processing in third countries
When using the companies mentioned under 5.1., personal data may be transferred to and processed in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)). In such a case, this will only be done in accordance with the legal requirements.
We only allow personal data to be processed in third countries with a recognized level of data protection. These are only third countries that belong to US processors certified under the “Privacy Shield” or that process data on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
5. Data erasure and storage duration
Personal data will be deleted as soon as the purpose of storage no longer applies. Beyond that, data may be stored if we are legally obliged to do so. Data will also be deleted or blocked if a legal storage period applies. This does not apply if the storage of the data is necessary for the conclusion and/or fulfillment of a contract with the data subject.
IV. Special features of this website
1. SSL / TLS encryption
Our site uses SSL encryption for security reasons, especially when transmitting confidential content, such as orders or requests that you send to us as the site operator. You can recognize SSL encryption by the fact that “https://” appears at the beginning of the address line of your browser and a lock symbol also appears in the browser line. With SSL encryption, third parties cannot read the data transmission.
2. Server log files
Our website is hosted by Amazon LCC.
When you visit our website, our system automatically collects information from the computer system of the calling computer. The following data is collected:
We only store anonymized IP addresses of visitors to the website.
At the web server level, this is done by storing an IP address 123.123.123.XXX in the log file by default instead of the actual IP address of the visitor, e.g. 123.123.123.123, where XXX is a random value between 1 and 254. It is no longer possible to establish a personal reference.
The system needs to store the IP address temporarily to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
Backups are kept in encrypted form for 14 days.
The legal basis for this temporary storage of data and log files is Art. 6 (1) (f) GDPR.
3. Cookies
Cookies must be used to display and use our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. As soon as a user accesses our site, a cookie may be stored on that user's operating system. This cookie contains an individual character string that enables the unique identification of the user's browser when the website is accessed again.
We do not currently use cookies on our website.
4. Contact options
You can contact us using the email address and telephone number provided in the imprint.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 lit. f DSGVO. If the e-mail is aimed at concluding a contract with us, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b DSGVO.
The processing of the data that you provide to us by contacting us via email is used solely to record your request and to contact you.
The data that is transmitted to us via the input mask of the contact form, as well as by contacting us by email, will be deleted after the purpose of its processing has been achieved. This is the case when the conversation between the data subject and us has finally ended. The conversation has ended when it is clear from the circumstances that the facts have been finally clarified.
In the event of contact by e-mail, the user concerned can object to the storage of his personal data at any time. In such a case, however, we will not be able to conduct a conversation with the user concerned.
The revocation can be made in writing, e.g. by email, but also verbally or by telephone.
All personal data stored in the course of establishing contact will be irrevocably deleted in this case.
5. services, service providers and plugins used
Google Fonts: We integrate the fonts (referred to as “Google Fonts” in this privacy policy) of the provider Google, whereby the data of the users are used solely for the purpose of displaying the fonts in the user's browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform display and taking into account possible license restrictions for their integration.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, website: https://fonts.google.com/
Privacy Policy: https://policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
V. Your rights
1. Right of access
You have the right to know whether personal data concerning you is being processed. If this is the case, you have the right to request information about the personal data and the origin and recipients of the data.
2. Right to rectification
You have the right to request that we, as the data controller, rectify and/or complete the personal data processed by us that concerns you if it is incorrect or incomplete. We must carry out the correction without undue delay upon request.
3. Right to erasure (“right to be forgotten”)
You have the right to request that we delete the personal data concerning you without undue delay and we are obliged to delete this data without undue delay if one of the following reasons applies:
If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) of the GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary
4. Right to restriction of processing
You have the right to request that we, as the data controller, restrict the processing of your personal data if one of the following conditions applies:– You have disputed the accuracy of your personal data. For the period during which it is possible for us to verify the accuracy of the personal data concerned, the processing of your personal data will be restricted.– The processing of the personal data is unlawful and you as the data subject oppose the erasure of the personal data and request the restriction of its use instead. – We, as the controller of the personal data, no longer need the personal data for the purposes of the processing, but you, as the data subject, require it for the establishment, exercise or defense of legal claims. – You, as the data subject, have objected to processing pursuant to Article 21(1) of the GDPR. The processing of personal data will be restricted until it is determined whether the legitimate grounds of the controller override those of the data subject.
5. Right to information
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f); this also applies to profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) with your explicit consent.
However, these decisions must not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and appropriate measures to safeguard the rights and freedoms and your legitimate interests have been taken.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.