Privacy Policy

The protection of your data is very important to us! Therefore we follow the legal regulations for data protection (GDPR) and do everything possible to protect your data. The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states of the European Union (EU) and other data protection regulations is the:

RAIDBOXES

Hafenstraße 32

48153 Münster

The external data protection officer of the company is:

Nils Volmer

meibers.datenschutz GmbH

Haus Sentmaring 9

48151 Münster

Phone: +49251 2031970

Mail: privacy@raidboxes.io

I. Introduction

The protection of your data is very important to us! That's why we follow the legal regulations on data protection and do everything we can to protect your data.

If you want to check your cookie settings, click here.

This data protection declaration is intended to provide you as a customer or interested party with a detailed overview of how and to what extent your data is collected, stored, processed, passed on and transmitted by us when you visit our sites or use our services. In addition, you should get an overview of which data protection measures we have in place and which options are available to you when you visit our site and use our services.

In order to be able to ensure the protection of your data in the future, in particular in accordance with new legal requirements and technical developments, it is inevitable that this privacy policy will be adapted from time to time. We therefore recommend that you read our information and notes on data processing at regular intervals.

When creating the privacy policy, we have tried to keep as much distance as possible from legal phrases in order to ensure that even non-lawyers understand everything. If references to the legal text appear in some places, this is solely due to completeness. If sections are not understandable, please let us know so that we can revise the relevant part.

However, it has proven to be very difficult to write a data protection statement that is transparent, understandable and complete on the one hand site and on the other hand site does not overwhelm the reader due to its length. We have therefore decided to first provide you with a general overview, which you can then expand on in the rest of the privacy policy. Please take a moment to read through this privacy policy at your leisure. If you have any further questions about data protection, you can contact our data protection officer at any time.

1. what data are we talking about?

If we talk about data processing, we always mean your personal data. In the art. 4 no. 1, these GDPR are defined as information relating to an identified or identifiable person. This means all data that is directly or indirectly related to you, e.g. first name, last name, addresses, e-mail addresses, user behaviour, etc. Information collected in connection with online sites or services that we do not own or control is not covered by this privacy statement. Websites or services of other RAIDBOXES customers are also excluded.

2 Why do we process personal data?

On the one hand, because we can't get around it: In order to conclude a contract with us, it is absolutely necessary to know your master data. On the other hand, we want to provide you as a customer with the best possible user experience and are therefore always striving to optimize our services. We process personal data only in compliance with legal regulations. This means that the data will only be processed if we have legal permission to do so. In particular, if the data processing is necessary for the provision of our contractual services or for the use or online services or is required by law. In addition, we process data if we have obtained consent or if we have a legitimate interest in the processing (e.g. interest in the analysis, optimisation, economic operation, security of our online services, in particular with regard to range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of the services of third-party providers. In the second section "In depth: Cookies and other technologies", we give you a comprehensive overview of the use of these.

3 When and to what extent do we process personal data?

In the following you will find an overview of all processes in which your personal data is processed. You can find a more detailed description here.

3.1 For the provision of contractual services/registration

We process inventory data and contract data in order to be able to fulfil our contractual obligations and services. (Article 6 lit. 1 b GDPR)

3.2 Contacting

If contact is made by e-mail, the information will be processed to the extent necessary to answer your questions. Contacting us via our live chat is done via the services of Intercom. You can find more information on this under the point "For further information: Cookies and other technologies".

3.3 Visiting our website

When you use our website, services or messaging features, we or our authorized service providers may use cookies or similar technologies. The information collected in this way helps us to better adapt our services to the needs of our customers, to make them better and faster and, above all, to make them even more secure. They also serve advertising purposes. You can find more information about this here.

4. legal basis for the processing of personal data

Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the Basic Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is party, Article 6 lit. 1 b GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Par. 1 lit. c GDPR serves as the legal basis. In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6 lit. 1 f GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 lit. 1 f GDPR serves as the legal basis for the processing.

5. data deletion and storage period

The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law. According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

6. can minors use our services?

In short, no. Our website and services may not be used by persons who are under the age of majority. We do not knowingly collect any information from minors or anyone else who is not legally able to use our services. If we become aware that we have collected personal information from minors, we will delete it immediately; unless we are required by law to retain the information. Please contact us if you suspect that we have inadvertently or mistakenly collected information from a minor.

7. how do we protect your personal data?

We implement physical, technical and administrative security measures to adequately protect your personal information from loss, misuse, unauthorized access, disclosure and alteration. These security measures include firewalls, data encryption, permission controls for accessing data, and we are very conscientious in selecting our server locations. We are committed to securing our systems and services.

However, you are responsible for maintaining the security and confidentiality of your passwords and account profile/registration information. In addition, it is your responsibility to ensure that the personal information we hold about you is accurate and up to date. We are not responsible for protecting personal information that we share with third parties based on an account link that you authorize.

8. where is your data stored?

8.1 Frankfurt

An older part of the servers underlying the hosting service are located in the data centers of Interxion in Frankfurt. The space in the data center was leased from Digital Ocean LLC, New York. Digital Ocean operates a cloud platform for virtual servers there, which is used by us as a platform for hosting. An order processing contract has been concluded with Digital Ocean. Digital Ocean has concluded the so-called standard data protection clauses of the EU Commission with us to guarantee the security of your data and is also certified under the regulations of the EU-US Privacy Shield Agreement. This data center is potentially only relevant for customers whose sites was created before 01/01/2019. All websites created or to be created after this date will be hosted exclusively on the data centers mentioned in 8.2 and 8.3.

8.2 Falkenstein / Nuremberg

Another part, the servers underlying the hosting service and also the servers for our own infrastructure and data processing (dashboard, monitoring, configuration management, backups, etc.) are located in the data centers of the company Hetzner, Hetzner Online GmbH, in Falkenstein and Nuremberg. Hetzner offers dedicated servers for rent at these locations, which are used by us as a platform for hosting. We also use these for our own infrastructure and the automatic backups of the websites hosted by us. An order data processing contract has been concluded with Hetzner. In addition, Hetzner is also subject to the requirements of the German Data Protection Ordinance. Hetzner Online GmbH is certified with the ISO certificate 27001 certificate. You can find more information about the server location here.

8.3 Düsseldorf and Taucha

In addition to the data centers described in 8.1 and 8.2, two data centers of dogado GmbH are also used to provide the web servers. One of the data centers, the data center in Düsseldorf, is operated by dogado itself. The second data center is located in Taucha, Germany, and is operated by the company envia TEL GmbH on behalf of dogado GmbH.

Both data center operators and data centers are certified according to ISO 27001, among others; a contract processing agreement has been concluded with dogado. In addition, both dogado and envia TEL GmbH are also subject to the requirements of the General Data Protection Regulation.

8.4 Amsterdam

From our early days, few websites are still located in the Equinix Amsterdam Data Centers. Among other things, the server location is ISO 27001 certified. You can find more information about the data center here. The data center space is leased from Digital Ocean LLC, New York.

8.5 Backups

Our backups are stored in the data centers of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States, in short: AWS. We have chosen Frankfurt as the server location. To guarantee the security of your data, we have concludedan AV with AWS as well as the so-called standard data protection clauses of the EU Commission. AWS participates in the EU-US Privacy Shield program. The server location is among others certified according to ISO 27001 certified. You can find more information about data protection here.

8.6 SMTP relay (e-mail dispatch)

To send transactional emails, we work with the service provider Mailgun (Mailgun Technologies, Inc., 548 Market St. #43099, San Francisco, CA 94104). The following data is stored in the process:

- E-mail address "from

- E-mail address "to

- Content of the e-mail

- Domain of the BOX, which sends the mail

Mailgun has concludedtheso-called standarddata protection clauses of the EU Commission and an AV withus to guarantee the security of your data . The purpose of the processing is the fulfilment of contractual obligations. The legal basis for this is Art. 6 Para. 1 lit. b GDPR . The data is stored at Mailgun for 15 days. The mails themselves are stored for 7 days at BOX .

9. when do we share your information?

First of all, we would like to assure you that we do not sell, lend or rent out your personal data. Data will only be passed on if, for example, this is indispensable for the fulfilment of our contractual obligations, if we have a legitimate interest or if we have your consent. Each contractual partner of ours is conscientiously and carefully selected and we oblige them to protect all data in accordance with the legal regulations. For this reason, we also conclude a commissioned data processing agreement with the processor in accordance with Art. 28 GDPR.

10. left

Our website may contain links to websites of other providers for whose content we, RAIDBOXES Gmbh, are not responsible and to which this data protection declaration does not extend.

11. your rights

As soon as your personal data is processed, you are a data subject within the meaning of GDPR and you have the following rights vis-à-vis the controller (i.e. us):

  • Right of access,
  • Right of rectification or erasure,
  • Right to restrict processing,
  • Right to object to processing,
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data. You can find more information here.

II. in more detail: cookies, tracking and other technologies

The following section is intended to give you a better understanding of the various technologies we use and how they are used. When you use our website, services or messaging features, we or our authorized service providers may use cookies or similar technologies. The information collected through these technologies helps us to better tailor our services to the needs of our customers, to make them better and faster, and most importantly, to make them more secure. They also serve advertising purposes.

1. provision of the website and creation of log files

1.1 Description and scope of data processing

As soon as you call up our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • Information about the type of browser and the version used
  • The operating system of the user
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system accesses our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

1.2 Legal basis

The legal basis for the temporary storage of data and log files is Article 6 lit. 1 b GDPR.

1.3 Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR .

1.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

1.5 Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.  

2. cookies

2.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. They allow us to link your actions during that particular browser session. Other cookies ( so-called permanent cookies) remain stored on your terminal device until you delete them. Cookies cannot run programs or deliver viruses to your computer.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in these technically necessary cookies:

  • Language settings
  • Log-in information

We also use cookies on our website that enable an analysis of the user's surfing behaviour. These are used to monitor anonymised user behaviour on the website, for example to record the number of visits per site . The data collected is used exclusively to optimise the performance and design of this website. In most cases, these cookies are third-party cookies (e.g. Google Analytics). However, the data is collected in anonymous form and used exclusively by us. If you as a user call up a website, a cookie may be stored on your operating system. In this way, the following data can be transmitted:

  • Use of website functions (Intercom, OneSignal)
  • Usage behaviour (Google Analytics)
  • Assignment of the source of the web page calls (own cookie)
  • Assignment to an affiliate / advertising partner (own cookie)
  • Frequency of page views (Google Analytics)
  • Search terms entered (Google Analytics)

When you access our website, you will be informed about the use of cookies for analysis purposes and your consent to the processing of personal data used in this context will be obtained. In this context, there is also a reference to this privacy policy. You will find more information about cookies in the next sections.

2.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 paragraph 1 letter a GDPR.

2.3 Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. We require cookies for the following applications:

  • Adoption of language settings
  • Remember search terms

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

2.4 Duration of storage, possibility of objection and elimination

Cookies are stored on your computer and are transmitted from it to our site . Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. If you wish to object to the cookies that we set RAIDBOXES GmbH, simply write to us or change your privacy settings here.

3. registration  

3.1 Description and scope of data processing

On our website, we offer you the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process:

  • First name
  • Last name
  • E-mail address

If you enter into a paid contract with us, we will process your personal data in order to fulfil the rights and obligations associated with that contract.

Recipients of the personal data may be third parties (shipping or transport service providers, banks, tax advisors, lawyers, authorities, etc.), insofar as this is necessary for the processing and handling of the contract and the associated rights and obligations.

We use external services to process payments. We transmit your personal data to these services insofar as this is necessary for the processing of payments. Further information on the services used, the scope of data processing and the technologies and processes involved in the use of the respective services can be found below.

PAYONE

Provider: PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany.

Website: https://www.payone.com/

More information and privacy policy: https://www.payone.com/datenschutz/, https://www.payone.com/GDPR / and https://www.payone.com/GDPR -haendler/“.

3.2 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR, if the user has given his consent. If the purpose of the registration is the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of data is Article 6 lit. 1 b GDPR.

3.3 Purpose of the data processing

A registration of the user is necessary for the fulfilment of a contract with the user or for the execution of pre-contractual measures.

3.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations. Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and the storage of data for tax purposes. The storage periods to be complied with cannot be determined in general terms, but must be determined on a case-by-case basis for the contracts concluded and the contracting parties.

3.5 Possibility of objection and removal

As a user you have the possibility to cancel the registration at any time. You can change or delete the stored data yourself at any time via the user RAIDBOXES interface. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible if there are no contractual or legal obligations that prevent deletion.

4. SEPA direct debit mandate

4.1 Description and scope of data processing

As part of our ordering process, we offer you the option of granting us a SEPA direct debit mandate and thus giving us the option of collecting payments from your account. Data is entered in an input mask provided by our service provider GoCardless and transmitted directly to the service provider. The following data is collected as part of the SEPA direct debit mandate:

  • Identification information
  • Contact information (such as name, postal address and e-mail)
  • Bank details
  • Transaction information (merchant name, description of the transaction, payment amount)
  • IP address and operating system of the calling device
  • Network information and device detection
  • Usage behaviour (to protect against fraudulent behaviour)

The data is collected directly by GoCardless. GoCardless is responsible for the processing of personal data. Further information about GoCardless, the scope of data processing and the technologies and procedures used for the service can be found below:

Provider: GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

Website: https://gocardless.com/

Further information and data protection: https://gocardless.com/de-de/rechtliches/ https://gocardless.com/legal/privacy/

Guarantee: Adequacy Decision of the European Commission pursuant to Art. 45 (1) DS-GVO

4.2 Legal basis for the processing

The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given his/her consent. If the SEPA Direct Debit Mandate serves to fulfil a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR .

4.3 Purpose of the processing

The granting of the SEPA direct debit mandate is necessary for the fulfilment of a contract with the user or for the performance of pre-contractual measures.

4.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the SEPA direct debit mandate for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations. Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed cannot be determined in general terms, but must be determined for each individual contract and contracting party.

4.5 Possibility of objection and removal

As a user, you have the option to terminate the contract with RAIDBOXES at any time. You can change or delete the stored data yourself at any time via the RAIDBOXES user interface. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

5. use of an e-mail box

We offer you the possibility to add paid email boxes within your contract. In order to offer you this service, we work together with mailbox.org (Heinlein Support GmbH, Schwedter Straße 8/9A, 10119 Berlin) within a reseller contract. The privacy policy of mailbox.org can be found here: https://mailbox.org/de/datenschutzerklaerung.

5.1 Scope of data processing

When you create an e-mail box, the following data is requested and stored: first name, last name, RAIDBOXES customer number, e-mail addresses belonging to the box and the corresponding domain names.

5.2 Purpose of data processing, legal basis

The input of data is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. In this respect, Article 6 lit. 1 b GDPR serves as a legal basis.

5.3 Duration of storage

When your mailbox contract with RAIDBOXES mailbox.org ends, your link to mailbox.org will be deleted, provided that it was the last mailbox contract. This also includes the links to the domains you have deposited with mailbox.org. DNS settings remain unaffected after termination. 60 days after deleting the mailbox, mailbox.org will delete all data.

6. newsletter, e-mail marketing and product information

We offer you the possibility to be informed about all news around WordPress and our products by us. For example, we offer you our free newsletter. We would like to explain here how, when and where we store data:

6.1 Active Campaign LLC

On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. To subscribe to the newsletter, it is sufficient to enter your e-mail address. In addition, the following data is collected during registration:

  • Your email address
  • IP address of the calling computer
  • Date and time of registration
  • geographical data (longitude and latitude)

For the processing of data, your consent is obtained during the registration process. This will be logged by us. The registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.

To send our newsletter, we use the Active Campaign service of ActiveCampaign, LLC. To guarantee the security of your data, Active Campaign has concluded the so-called standard data protection clauses of the EU Commission with us and signed a so-called Data Processing Addendum with us.

6.2 Intercom

We use the Intercom services of Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA to send you messages by e-mail to inform you about our product and also about any faults. In these purposes also lies our legitimate interest in the data processing according to Art. 6 para. 1 lit. f GDPR . Since Intercom has its headquarters and servers in the USA, personal data is transferred to the USA when you use our support chat. To guarantee the security of your data, Intercom has concluded the so-called standard data protection clauses of the EU Commission with us and signed a so-called Data Processing Addendum with us.

6.3 Email marketing to existing customers

If you purchase services on our website and enter your e-mail address, this may subsequently be used by us to send product information. In such a case, only direct advertising for our own similar products or services will be sent via e-mail.

No data will be passed on to third parties in connection with data processing.

6.4 Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a GDPR . The legal basis for sending direct marketing e-mails as a result of the sale of goods or services is Section 7 (3) UWG. The use of the service providers Active Campaign and Intercom is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR .

6.5 Purpose of the data processing

The purpose of collecting the user's email address is to deliver the newsletter or direct mail. Our interest is to provide a user-friendly and secure mailing system that serves our business interests and meets the expectations of users.

6.6 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Your e-mail address will therefore be stored as long as the subscription to the newsletter is active. Your email address for direct marketing measures will be stored as long as you are one of our existing customers.

6.7 Possibility of objection and removal

You can cancel the receipt of our newsletter or our direct marketing measures at any time. You will find a link to cancel at the end of each newsletter. After cancellation, your data will be deleted except for the e-mail address. The e-mail address is stored in a blacklist and is only used to ensure that we do not send any further e-mails to your e-mail address.

7. contact forms, contact e-mail, live chat

7.1 Description and scope of data processing

Our website contains forms that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The following data is also stored at the time the message is sent:

  • E-mail address of the user
  • The IP address of the user
  • Date and time of registration

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. Likewise, you can contact us via the live chat function. Here we use the services of Intercom. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

7.2 Legal basis of the data processing

The legal basis for the processing of data with the consent of the user is Art. 6 para. 1 letter a GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f GDPR . If the e-mail contact aims at the conclusion of a contract, an additional legal basis for the processing is Article 6 1 lit.  b GDPR.

The use of the service provider Intercom is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR .

7.3 Intercom

For the provision of our live support chat as well as for the sending of support emails, we rely on the "Intercom" service of the company Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA. Since Intercom has its headquarters and servers in the USA, personal data is transferred to the USA when you use our support chat. To guarantee the security of your data, Intercom has concluded the so-called standard data protection clauses of the EU Commission with us and signed a so-called Data Processing Addendum with us. In the case of Intercom, the purpose of the data processing is to provide customer support and this is also our legitimate interest in the data processing according to Art. 6 Para. 1 lit. f GDPR . Further information can be found here.

7.4 Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

7.5 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

7.6 Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The following is a description of how to revoke consent and object to storage. All personal data stored in the course of contacting us will be deleted in this case.

8. RAIDBOXES® Magazine "wp unboxed" comment function

Under https://raidboxes.*/blog/ you can find our magazine "wp unboxed". In this magazine we want to WordPress inform you about topics all around.

8.1 Scope of data processing/ purpose of processing

Our magazine "wp unboxed" contains a commentary function, with which you can comment on articles from us. To use this comment function, you need to enter your e-mail address and your name. All other details, such as your website, are optional. The entry of an e-mail address is necessary so that if your comment is objectionable, it can be forwarded to you and you also have the opportunity to comment. If you give your surname and/or first name when your comment is published, it will be published. Your e-mail address and all other voluntary information as well as the time of the comment will be WordPress saved, not passed on to unauthorized third parties and only processed for the purpose of the comment function. We reserve the right to delete comments with insulting, threatening or racist content.

8.2 Legal basis of the processing

If your personal data is communicated to us through the comment function, the disclosure of this data is always on an expressly voluntary basis. The legal basis for the processing is Article 6 1 lit. a GDPR.

8.3 Duration of storage/ revocation and removal

The data will be stored until you revoke the processing. You have the possibility to revoke your consent to the processing of your data at any time. All personal data stored by you in the course of the comment function will be deleted immediately upon revocation. This means that all of your comments on our magazine will also be deleted.

9. google analytics

9.1 Scope of data processing

We use Google Analytics on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:

  • Two bytes of the IP address of the calling system of the user
  • The accessed web page
  • The website from which the user has reached the accessed website (referrer)
  • The subpages that are called from the called web page
  • The time spent on the website
  • The frequency of the call of the web page

Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. 

We only use Google Analytics with the available IP masking procedures, i.e. with pseudonymisation of the IP address by shortening. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data. Generally, no clear data of the users (e.g. e-mail addresses or names) are stored within the scope of our website analysis, but pseudonyms. Neither Google nor we know the actual identity of the users, but only the information stored in their profiles created by Google Analytics.

Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer from Google as well as the processing of this data by Google by clicking on the link below. following linkPlugin and installing it. For more information on the use of data by Google, settings and opt-out options, please visit the Google website "Data usage by Google when you use websites or apps of our partners“, „Data use for advertising purposes“, „Manage the information Google uses to serve you ads.“. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and internet usage. In doing so, pseudonymous user profiles of the users can be created from the processed data.

9.2 Legal basis of data processing

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR - whereby this consent can be withdrawn at any time. Furthermore, we use Google Analytics on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR ).

9.3 Purpose of the data processing

We use Google Analytics to display the ads placed within Google's advertising services and those of its partners only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called "Remarketing Audiences" or "Google Analytics Audiences"). With the help of Remarketing Audiences, we also want to ensure that our ads correspond to the potential interest of the users and do not have a harassing effect.

9.4 Duration of storage

Sessions and campaigns end after a specified amount of time. By default, sessions end after 30 minutes of no activity and campaigns end after six months. The time limit for campaigns can be a maximum of two years. For more information on terms of use and privacy, please visit https://www.google.com/analytics/terms/de.html. Or visit https://policies.google.com/.

9.5 Revocation and removal options

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by using downloading and installing this browser add-on and installing it.

Opt-out cookies prevent future collection of your data when you visit this website. In order to prevent Universal Analytics from collecting data across different devices, you must opt-out on all the systems you use.

10. google marketing and remarketing services

10.1 Scope of data processing

We use the marketing and remarketing services (Google Marketing Services for short) of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products in which he or she has expressed interest on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies).

The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server in the USA and shortened there. The IP address will not be merged with user data within other Google offerings. The aforementioned information may also be combined by Google with such information from other sources. If the user subsequently visits other websites, he or she may be shown ads tailored to his or her interests. The user's data is processed pseudonymously as part of Google's marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA. The Google marketing services we use include the online advertising programme "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of AdWords customers.

The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a site tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. We may integrate third-party advertisements based on the Google marketing service "DoubleClick". DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet. We may include third-party advertisements based on Google's "AdSense" marketing service. AdSense uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet. We may also use the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to the input fields, design, etc.) as part of so-called "A/B testing". For these testing purposes, cookies are placed on the users' devices. Furthermore, we may use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website. For more information about Google's use of data for marketing purposes, please visit the overview pageGoogle's privacy policy is available here available here.

10.2 Legal basis of data processing

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR - whereby this consent can be withdrawn at any time. We further use the Google re-marketing services on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer) within the meaning of Art. 6 para. 1 lit. f. GDPR .

10.3 Purpose of the processing

Google's marketing services give us the ability to target advertisements for us and on our website to present users with only ads that potentially match their interests.

10.4 Duration of storage

According to Google, the log data collected by Google is anonymized by deleting part of the IP address and cookie information after 9 or 18 months. You can find more information here.

10.5 Possibility of revocation and removal

If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google. opt-out options provided by Google provided by Google.

11. Bing marketing and remarketing services

11.1 Scope of data processing

We use the Microsoft Marketing and Remarketing Services (Microsoft Advertising for short) of Microsoft Online, Inc., 6100 Neil Road, Reno, NV 89511 USA (Microsoft for short). Microsoft Advertising allows us to display advertisements for our website in, among other places, Bing search results and the Microsoft Search Network in such a way that they best match the potential interests of the user. For example, a user may be shown ads for products that he or she has previously viewed on one of our websites - this is known as "remarketing". For these purposes, when our website and other websites on which Microsoft Advertising Services are active are accessed, a code is executed directly by Microsoft and so-called marketing tags or remarketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains belonging to the Microsoft search network including bing.com, aol.com and yahoo.com and the so-called consortium search partners of Microsoft and Yahoo, which include MSN. This file records which websites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we only use the Microsoft Advertising Services using the available IP masking procedure, i.e. with the aid of a pseudonymisation of the IP addresses through shortening. This data can be merged by Microsoft with other data of the user. This is particularly the case if the user was logged into his or her Microsoft account at the time of visiting the site.

According to Microsoft, if the user is not logged in, no data is merged. Microsoft may also combine the above information with information from other sources. If the user subsequently visits other websites, he or she can be shown ads tailored to his or her interests. The user's data is processed pseudonymously within the framework of Microsoft Marketing Services. This means that Microsoft does not store and process the name or e-mail address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. I.e. from Microsoft's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Microsoft to process the data without this pseudonymisation. The information Microsoft Advertising collects about users is transmitted to Microsoft and stored on Microsoft servers in the region where the user data is generated. For a user from Germany, this means that the data will most likely be stored in a German data centre. It cannot be ruled out that this data will also be transferred to servers in the USA or to servers in other parts of the world where Microsoft operates data centres. The Microsoft Advertising Services we use include, among others, the functions "Target Group Targeting" and "Universal Event Tracking (UET)".

In the case of search advertising on the Microsoft Search Network, each user receives a different "conversion cookie". Cookies cannot therefore be tracked through Microsoft Advertising's websites. The information collected through the cookie is used to generate conversion statistics for Microsoft Advertising campaigns where conversion tracking is active. The Microsoft Advertising client learns the total number of users who clicked on its ad and were redirected to a site tagged with a conversion tracking tag. In addition, it can be recorded whether a user has carried out a specific action on the site with a conversion tracking tag, e.g. a purchase. However, we do not receive any information that can be used to identify users personally. For more information about Microsoft Advertising's use of data for marketing purposes, please see the Microsoft overview page. The Microsoft Privacy Policy is available available here.

11.2 Legal basis of data processing

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR - whereby this consent can be withdrawn at any time. We also use Microsoft Advertising on the basis of our legitimate interests for the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR .

11.3 Purpose of the processing

Microsoft Advertising gives us the ability to target ads in the search results of the Bing search network more accurately, allowing users to see only ads that potentially match their interests.

11.4 Duration of storage

According to its own information, the log data collected by Microsoft Advertising is anonymized by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively. You can find more information here.

11.5 Possibility of revocation and removal

If you wish to opt out of interest-based advertising by Microsoft Advertising, you may use the settings and opt-out options provided by Microsoft. 

If you have a Microsoft account, you can use your Microsoft profile settings to define exactly how Microsoft should handle your data, whether cookies should be set and whether you agree to data aggregation for advertising purposes or not. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Even without a Microsoft account, you can, of course, object to the processing of your personal data and the use of cookies for range measurement and advertising purposes. You can use the deactivation page of the Netzwerkwerbeinitiateive (NAI) for this purpose. You can also do this via the US-American site of the so-called Digital Advertising Aliance (DAA) or the European website of the NAI European website.

12. Facebook Social Plugins

We use the social Plugin "Shariff Wrapper". You can find more information here.

12.1 Scope of data processing

We use social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Plugins may display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook Social Plugins can be viewed here . The Plugins are only activated when you click on the corresponding button. If they are greyed out, the Plugins are inactive. You have the option to activate the Plugins once or permanently. When a user calls up a function of this online offer that contains such a Plugin , his or her device establishes a direct connection with Facebook's servers. The content of the Plugins is transmitted by Facebook directly to the user's device and integrated by the latter into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this Plugins and therefore inform users according to our level of knowledge. By integrating the Plugins , Facebook receives the information that a user has called up the corresponding site of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. When users interact with Plugins , for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his or her IP address. According to Facebook, only an anonymised IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in the Privacy policy of Facebook see.

We are jointly responsible with Facebook Ireland Ltd. for the collection or receipt in the course of a transmission (but not the further processing) of "event data" that Facebook collects via its interfaces, the so-called Facebook Pixel (see also 12. Facebook, Custom Audiences and Facebook Marketing Services) and comparable services that are executed on our online offer. This also applies to such data that Facebook receives for the following purposes: a) display of content advertising information that corresponds to the presumed interests of users; b) delivery of commercial and transactional messages, i.e. e.g. addressing NUtzers via Facebook Messenger; c) improvement of ad delivery and personalization of features and content. We have entered into a special agreement with Facebook for this purpose, the so-called "Responsible Party Addendum" (https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfil the rights of data subjects. As a user, you can, for example, address requests for information or deletion of your data directly to Facebook. With respect to metrics, analytics, reports and similar documents that Facebook provides to us and that are aggregated, i.e. do not receive information about individual users and are anonymous to us, then this processing is not carried out under shared responsibility, but on the basis of a commissioned processing agreement (called "data processing terms and conditions" at Facebook and found here: https://www.facebook.com/legal/terms/dataprocessing) and on the basis of Facebook's "Data Security Terms and Conditions" (https://www.facebook.com/legal/terms/data_security_terms). When it comes to processing data in the USA, Facebook's standard contractual clauses serve as a basis ("Facebook EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). Your rights as a user (e.g. your right to information, deletion or objection) are not restricted by the agreements with Facebook.

12.2 Legal basis for data processing

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR - whereby this consent can be withdrawn at any time. We further use the Facebook Social Plugins on the basis of our legitimate interests for the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR .

12.3 Purpose of data processing

The Facebook Social plugins shows us the interests of visitors to display them more specifically on our website, in order to present users only with posts that potentially correspond to their interests.

12.4 Duration of storage

According to own information Facebook stores the date and time of your visit, the specific Internet address on which the social Plugin is located, and other technical data such as the IP address, browser type and operating system for a period of 90 days in order to further optimise Facebook's services. After 90 days, the data is anonymized so that it can no longer be associated with you.

12.5 Possibility of revocation and removal

If a user is a Facebook member and does not want Facebook to collect data about him/her via this online offer and link it to his/her membership data stored with Facebook, he/she must log out of Facebook and delete his/her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are available within the Facebook profile settings or via the US-American site or the EUsite . The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

13. Facebook, Custom Audiences and Facebook Marketing Services

13.1 Scope of data processing

Within our online offer, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used. With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). The Facebook pixel is directly integrated by Facebook when you call up our website and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online offering will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes, this data is encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of creating a comparison with the data encrypted in the same way by Facebook. The processing of the data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads, in the Facebook's data usage policy. Specific information and details about the Facebook Pixel and how it works can be found in the Help section of Facebook. We are jointly responsible with Facebook Ireland Ltd. for the collection or receipt in the context of a transmission (but not the further processing) of "event data", which Facebook collects via its interfaces, the so-called Facebook Pixel (see also 11. Facebook Social Plugins) and comparable services, which are executed on our online offer. This also applies to such data that Facebook receives for the following purposes: a) display of content advertising information that corresponds to the presumed interests of users; b) delivery of commercial and transactional messages, i.e. e.g. addressing users via Facebook Messenger; c) improvement of ad delivery and personalisation of functions and content. We have entered into a special agreement with Facebook for this purpose, the so-called "Responsible Party Addendum" (https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfil the rights of data subjects. As a user, you can, for example, address requests for information or deletion of your data directly to Facebook. With respect to metrics, analytics, reports and similar documents that Facebook provides to us and that are aggregated, i.e. do not receive information about individual users and are anonymous to us, then this processing is not carried out under shared responsibility, but on the basis of a commissioned processing agreement (called "data processing terms and conditions" at Facebook and found here: https://www.facebook.com/legal/terms/dataprocessing) and on the basis of Facebook's "Data Security Terms and Conditions" (https://www.facebook.com/legal/terms/data_security_terms). When it comes to processing data in the USA, Facebook's standard contractual clauses serve as a basis ("Facebook EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). Your rights as a user (e.g. your right to information, deletion or objection) are not restricted by the agreements with Facebook.

13.2 Legal basis of the data processing

Insofar as we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR - whereby this consent can be withdrawn at any time. We further use the Facebook Pixel and the Facebook marketing services on the basis of our legitimate interests for the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. f. GDPR .

13.3 Purpose of data processing

We use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

13.4 Duration of storage

According to own information Facebook stores the date and time of your visit, the specific Internet address on which the social Plugin is located, and other technical data such as the IP address, browser type and operating system for a period of 90 days in order to further optimise Facebook's services. After 90 days, the data is anonymized so that it can no longer be associated with you.

13.5 Revocation and removal options

You can opt-out of the Facebook Pixel's collection and use of your data to display Facebook ads. To control the types of ads you see within Facebook, you can visit the Facebook website at site and read the instructions on the Usage-Based Advertising Settings settings. The settings are platform agnostic, meaning that they are applied across all devices, including desktop computers and mobile devices. You can also opt-out of cookies that are used for reach measurement and advertising purposes by visiting the opt-out page of the Network Advertising Initiative and additionally the US website or the European website object.

14 Twitter Conversion Tracking, Re-Marketing and Twitter Marketing Services

14.1 Scope of data processing

Within our online offer, we use the so-called Twitter conversion tracking (via the so-called Twitter website tag) and the marketing services of the social network Twitter, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 49103, USA, or if you are a resident of the EU, by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland ("Twitter"). With the help of Twitter Conversion Tracking, Twitter is able to measure the success of our Twitter advertisements ("Twitter Ads") and to determine the visitors to our online offering as the target group for the display of ads. Twitter conversion tracking is integrated directly by Twitter when you call up our website and can save a so-called cookie, i.e. a small file, on your device. If you then log in to Twitter or visit Twitter while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Twitter so that a connection to the respective user profile is possible and can be used by Twitter and the companies associated with Twitter for their own market research and advertising purposes. If we should transmit data to Twitter for matching purposes, this data is encrypted locally and only then sent to Twitter via a secure https connection. This is done solely with the aim of creating a comparison with the data encrypted in the same way by Twitter. The processing of the data by Twitter takes place within the framework of Twitter's Data Usage Policy. Accordingly, the general notes on the display of Twitter ads from the Data Usage Policy of Twitter. Specific information and details about Twitter Conversion Tracking and how it works can be found in the Help section of Twitter. We have concluded an order processing agreement with Twitter for data processing. The processing of data in the USA is covered accordingly by Twitter's standard contractual clauses. These agreements do not restrict your rights as a user, e.g. to information, deletion or objection.

14.2 Legal basis of the data processing

Insofar as we ask users for their consent to the use of the third-party providers, the legal basis for the processing of data is consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR - whereby this consent can be withdrawn at any time. We further use the Twitter website tag and the Twitter marketing services on the basis of our legitimate interests for the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) lit. f. GDPR .

14.3 Purpose of the data processing

We use Twitter Conversion Tracking and Twitter Marketing Services to display the advertisements we place on Twitter only to those Twitter users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Twitter (so-called "tailored target groups"). With the help of the Twitter Website Tag, we also want to ensure that our Twitter Ads correspond to the potential interests of the users and are not harassing. With the help of the Twitter website tag, we can also track the effectiveness of the Twitter ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Twitter ad and what actions they took there (so-called "conversion").

14.4 Duration of storage

According to own information Twitter stores the date and time of your visit, the specific Internet address you visited on our site and other technical data such as the IP address, browser type or operating system for a period of 30 days. Twitter uses this data to optimize its own service. After 30 days, the data is anonymized so that it can no longer be associated with you.

14.5 Revocation and removal options

You can object to the collection by the Twitter website tag and the use of your data for the display of Twitter advertisements. To set which types of advertisements are displayed to you within Twitter, you can visit the site set up by Twitter and read the instructions there on the settings for usage-based advertising there. The settings are platform-independent, meaning they are applied to all devices, such as desktop computers or mobile devices. You can also opt-out of cookies that are used for reach measurement and advertising purposes by visiting the opt-out page of the Network Advertising Initiative (NAI) opt-out page. You can also do this via the US-American site of the so-called Digital Advertising Aliance (DAA) or the European website of the NAI European website.

15. online presence in social media

We operate websites within social networks and platforms in order to be able to contact customers, interested parties and users active there and to inform them about our services. The use of Facebook, Instagram and Twitter is subject to your own responsibility. This applies in particular to the commenting, sharing, rating, etc. functions. The information that we publish within our online presences in social media can also be accessed via our own website.

15.1 Scope of the processing

When you visit our Facebook / Instagram / Twitter / XING or Linkedin-site , among other things, your IP address and information stored as cookies are collected. The resulting usage behavior of you as well as your interests can then be used to create a user profile in order to then create visible advertisements for you within and outside of the respective platform. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

It cannot be ruled out that the data collected from you may also be processed outside the European Union. Among other things, this may make it more difficult to enforce your rights.13.2 Legal basis of the processing / purpose of the processing

The processing of the personal data of the users is based on our legitimate interests in effective information of the users and communication with the users pursuant to Art. 6 para. 1 lit. f. GDPR . If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR .

15.2 Request for information

If you would like to receive information about your stored data within the online services or assert your user rights there, we recommend asserting these directly with the respective provider. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you need help, you can of course contact us.

15.3 Revocation and removal options

For further and detailed information and the possibilities of objection (opt-out), we refer you to the details of the respective platform. In addition to further information, you will find the corresponding links below:

15.4.1 Facebook, -sites , -groups

When you visit our Facebook-site , the IP address assigned to your terminal device is transmitted to Facebook. Whether and how Facebook uses the data from your visit to Facebook-sites for its own purposes, to what extent activities on Facebook-site are assigned to you, how long Facebook stores this data and whether data from your visit to Facebook-site is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us. We would also like to draw your attention to the fact that Facebook stores information beyond the end devices of its users; it may therefore be possible for Facebook to assign IP addresses to individual users. If you are currently logged in to Facebook, a cookie with your Facebook ID is stored on your terminal device. This enables Facebook to track that you have visited our site and how you have used it. Facebook buttons integrated into our website enable Facebook to record your visits and assign them to your Facebook profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you must log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your terminal devices and close and restart your browser. This will delete Facebook information that can directly identify you. This means that you can make limited use of our Facebooksite without revealing your Facebook identification. However, if you wish to access interactive functions of site (like, comment, share, news, etc.), a Facebook login screen will appear. After logging in, you will once again be recognisable to Facebook as a specific user. For information on how to manage or delete information about you, please visit Facebook Support atsite : https://de-de.facebook.com/about/privacy and here: https://www.facebook.com/settings?tab=ads. For more information about how Facebook uses your information to provide statistical information about your use of Facebook'ssite , please also visit: http://de-de.facebook.com/help/pages/insights. Facebook is certified under the Privacy Shield.

15.4.2 Instagram

Instagram functions are integrated within our website. On Instagram, you will also find an online presence via RAIDBOXES. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our sites to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our sites with your user account. We would like to point out that we, as the provider of sites , have no knowledge of the content of the transmitted data or its use by Instagram. Privacy policy and opt-out: http://instagram.com/about/legal/privacy/.

15.4.3 Twitter

Functions of the Twitter service can be integrated within our website. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the web pages you visit are linked to your Twitter account and thereby made known to other users and transmitted to Twitter. We would like to point out that we, as the provider of sites , have no knowledge of the content of the transmitted data or its use by Twitter. The same applies to our online presence on Twitter. Privacy policy of Twitter. You can change your privacy settings on Twitter in the account settings change.

Opt-Out: https://twitter.com/personalization. Twitter is certified under the Privacy Shield.

16. intercom

16.1 Scope of data processing

We use the service Intercom of the company of Intercom Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA for sending messages by e-mail and for live chats but also for customer management. We transmit the following personal data in the process:

  • Your email address
  • Your first and last name
  • Your phone number
  • Contract master data
  • Contact details of the technical contact

Since Intercom has its headquarters and servers in the USA, personal data is transferred to the USA when you use our support chat. To guarantee the security of your data, Intercom has concluded the so-called standard data protection clauses of the EU Commission with us and signed a so-called Data Processing Addendum with us.

In addition, Intercom holds an EU-US and Swiss-US Privacy Shield certificate. For more information about Intercom's privacy policy, please click here.

Intercom also uses cookies. The information generated by the cookie about your last visited subpage of this online platform will be transmitted to and stored by Intercom on servers in the United States. On our behalf, Intercom will use the above information to provide related services to the website operator. The IP address transmitted by your browser within the scope of Intercom will not be merged with other data.

16.2 Legal basis of the data processing

Data processing is carried out on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR).

16.3 Purpose of the data processing

We use the service of Intercom to be able to react as quickly as possible to customer requests in LIVE Chat, but also to manage our customer contact. These purposes also include our legitimate interest in data processing in accordance with Art. 6 Par. 1 lit. f GDPR.

16.4 Duration of storage

The data of interested parties who have contacted us via live chat will be completely deleted after 9 months at the latest. Any interested party who contacts us after this period will be treated as a new interested party.

16.5 Possibility of revocation and removal

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website (eg live chat).

17 Feedback Forum: Uservoice

17.1 Scope of the processing

The Ideas Forum on our Dashboard allows you to rate our product, make suggestions for improvements, and suggest new features. We use the Uservoice software, which is provided and operated by Uservoice Inc. 121 2nd St, Fl 4, San Francisco, CA 94105, USA ("Uservoice"). To submit feedback, you will be asked to provide your email address. Other information, such as your name, is optional, so you partially decide what personal information you want to submit to Uservoice through the feedback feature. By providing feedback via Uservoice, you consent to the use and processing by Uservoice of the data collected via the software and provided by you.

According to Uservoice DPA are saved:

  • Name (first and last name)
  • E-mail address
  • IP address
  • (Invoice) address (if indicated)
  • Company name (if indicated)
  • Role in said company (if any; referred to as affiliation) (if indicated).

However, an idea will only be published after it has been checked and approved by us. To guarantee the security of your data, Uservoice has concluded the so-called standard data protection clauses of the EU Commission with us and signed a so-called Data Processing Addendum with us.

17.2 Legal basis

We use this service on the basis of our legitimate interests. I.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 para. 1 lit. f. GDPR .

17.3 Purpose of the processing

By using Uservoice, we want to give our customers and users the opportunity to actively participate in our product development by sharing your ideas for product optimization and development with us and other participants. We use this information to develop new product features and to make our company as a whole more target group-oriented.

17.4 Revocation and removal options

Uservoice offers the possibility to download your data directly via Uservoice and, if desired, to delete it directly. The associated process runs as follows:

Go to https://raidboxes.uservoice.com/. After you have entered your e-mail address and password under "Login", which you also used to submit your feedback request, you can click on "Settings" at the top right under your name. A sidebar will appear on the right side of the screen with the settings options. If you now scroll all the way down, you will find the two options for deleting the account and the data, as well as for exporting the data records.

18. roll bar

18.1 Scope of data processing

We use on our website and dashboard the error analysis service of Rollbar Inc. (Rollbar, 51 Federal Street, San Francisco, CA 94107, USA). In the event of an error, your IP address, the user agent and the site accessed are only transmitted to Rollbar. Rollbar, Inc. is certified according to the EU/Swiss-US Privacy Shield. For more privacy-related information from Rollbar, please visit https://rollbar.com/privacy. In addition, we have concluded a "Data Processing Agreement" with Rollbar and agreed to the so-called standard data protection clauses of the EU Commission.

18.2 Legal basis of the processing

We use the service based on our legitimate interests according to Art. 6 para. 1 lit. f DS-GVO.

18.3 Purpose of the processing

The rollbar tracking tool helps us to optimize the technical stabilityof our services by monitoring system stability and identifying code errors from our log files. Rollbar serves these purposes alone and does not evaluate data for advertising purposes.

18.4 Duration of storage

Personal data such as IP address will be anonymized either after 30 days or after a problem has been solved.

19. application process at RAIDBOXES®.

When you apply for a job at RAIDBOXES, we store and process a whole range of personal data. This includes, of course, your contact details and the data from your CV, but also internal notes that are created during the application process.

19.1 Description and scope of data processing

If you apply for one of our advertised positions, you can do so via a fully encrypted, secure online form. All the information you enter in the application form will be stored in an applicant table in our cloud. This cloud is only RAIDBOXES accessible to employees.

The applicant information will be used exclusively for processing your application and for the decision on the establishment of an employment relationship. Initially, only the personnel managers have access to your data when RAIDBOXES you apply, but in the course of the application process, the respective department heads can also access this data.

Insofar as an employment relationship between you and RAIDBOXES GmbH is established, we may, in accordance with § 26 para. 1 BDSG (new) we can process the personal data already received from you for the purposes of the employment relationship. However, this further processing only takes place if it is necessary for the employment relationship.

Please note that unencrypted e-mails cannot be transmitted with full access protection. If you would like to apply for a position advertised by us, please use the respective forms provided. Of course, even for applications by e-mail, your data will only be used for the application process.

19.2 Purpose of the processing and legal basis

The data processing in the case of an application to RAIDBOXES us serves to establish an employment relationship. The legal basis in this case is § 26 Para. 1 in conjunction with para. 8 sentence 2 BDSG (new).  

Furthermore, it may be necessary to process personal data within the scope of an application in the event of defence against legal claims asserted against us in this application procedure. The legal basis for this case is Article 6 lit. 1 f GDPR. In this case, our legitimate interest results from the defence of legal claims arising from the application procedure, if necessary.  

19.3 Duration of storage

Your personal data will be deleted after 6 months at the latest after the application process has been completed. 

19.4 Your rights

You can also object to the processing of your personal data in the application process. As a data subject within the meaning of GDPR , you also have the right to object to the processing of your personal data:

  • Information,
  • Correction or deletion,
  • Restriction of processing,
  • Objection to processing,
  • Data portability

20. two-factor authentication with Twilio

20.1 Description and scope of data processing

In our Dashboard, we offer you the ability to secure your account using optional two-factor authentication. For this feature, we use Authy, a service provided by Twilio Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105. If you enable this feature, your dashboard can only be opened after additionally entering an automatically generated password.

Twilio is based in the USA. If you activate this function, personal data will therefore also be transferred to the USA. Twilio has concluded the so-called standard data protection clauses of the EU Commission with us to guarantee the security of your data. Twilio has also imposed binding internal data protection regulations on itself with so-called Binding Corporate Rules pursuant to Art. 47 DS-GVO. Twilio has also submitted to the EU-US Privacy Shield. The current certificate can be viewed at https://www.privacyshield.gov/list.

20.2 Legal basis

The legal basis for the processing is Art. 6 (1) lit. b DS-GVO.

20.3 Purpose of the data processing

Twilio processes your data on our behalf to secure your account from unauthorized access through secure two-factor authentication.

20.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

20.5 Possibility of objection and removal

You can object to the processing by deactivating the two-factor authentication. Please note, however, that you will no longer be able to use the additional security features.

21 ActiveCampaign

On this website, we use ActiveCampaign for our online marketing activities. ActiveCampaign is a software company from the USA with a branch in Ireland. Contact: ActiveCampaign, Block D, Iveagh Court Harcourt Road, Dublin 2, Ireland. Phone: +1 (800) 357-0402.

We trust in the reliability and the IT and data security of ActiveCampaign. For To guarantee the security of your data, Active Campaign has concluded the so-called standard data protection clauses of the EU Commission with us and signed a so-called Data Processing Addendum with us.More information about the privacy policy of ActiveCampaign. More information from ActiveCampaign regarding the EU data protection regulations.

21.1 Scope of data processing

By using the service, so-called "web beacons" are used and cookies are also set, which are stored on your computer and thus enable an analysis of your use of our website by us.

The following information is collected:

  • IP address
  • the geographical location
  • Browser type
  • Internet provider
  • Duration of the visit
  • the URLs you call up on our site

If you have registered for our newsletter, your email address, your newsletter "opt-in", the time of the opt-in and, optionally, your name will also be stored here. As soon as you have registered with us, the following data will also be stored:

  • Name, first name
  • Address
  • Phone number
  • Contract data
  • stated expectations

21.2 Legal basis of the processing

The data processing is based on our legitimate interests (Art. 6 para. 1 lit. f DS-GVO). Our legitimate interest in the use of this service is the optimization of our marketing measures. This legitimate interest is also the purpose of the processing.

21.3 Purpose of the data processing

We use ActiveCampaign for the targeting and dispatch of our newsletter as well as for the optimisation of our marketing measures. In particular, we can use ActiveCampaign to ensure that the advertisements we place are only displayed to users who are also interested in our offer or who are potentially interested in our offer. With the help of ActiveCampaign, we can also measure the effectiveness of our advertisements.

21.4 Duration of storage

According to its own information, ActiveCampaign deletes your data after 12 months at the latest. If you have subscribed to our newsletter and cancel your free subscription to the newsletter, your data will be deleted immediately after the cancellation of the newsletter subscription.

21.5 Possibility of objection and removal

The above data is only collected after explicit consent to the use of our marketing cookies (cookie consent). Even after consenting to the storage of your data, you can object to tracking by ActiveCampaign at any time. To do so, you can delete the ActiveCampaign cookie from your browser and generally refuse the acceptance of cookies by your browser. Please refer to the instructions of your browser manufacturer to find out how this works in detail.

If you also wish a complete deletion of the data stored in ActiveCampaign, write an email directly to datenschutz@raidboxes.io.

22. integration of services and contents of third parties

Within our online offer, we set the following priorities on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offerings of third party providers in order to incorporate their content and services, such as videos or fonts (hereinafter collectively referred to as "Content"). This always assumes that the third party providers of this content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required for the display of this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on sites this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other information on the use of our online offer, as well as being able to be linked to such information from other sources. The following presentation offers an overview of third party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, the possibility of objection (so-called opt-out):

  • External fonts from Google, Inc., https://www.google.com/fonts ("Google Fonts"). The integration of Google Fonts is done by a server call at Google (usually in the USA). Privacy Policy, Opt-Out.
  • Maps of the service "Google Maps" of the third party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy, Opt-Out.
  • Functions of the Google+ service are integrated within our online offer. These functions are offered by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged in to your Google+ account, you can link the content of our sites to your Google+ profile by clicking on the Google+ button. This allows Google to associate your visit to our sites with your user account. We would like to point out that we, as the provider of sites , have no knowledge of the content of the transmitted data or its use by Google+. Privacy policy, Opt-Out.
  • Our online offer uses functions of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our sites pages that contains functions from LinkedIn , a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click on the "Recommend-Button" of LinkedIn and are logged into your account at LinkedIn , it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of sites , have no knowledge of the content of the transmitted data or its use by LinkedIn . Privacy policy, Opt-Out.
  • We use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our sites pages is accessed, which contains Xing functions, a connection to Xing servers is established. As far as we are aware, no personal data is stored. In particular, no IP addresses are stored or usage behaviour evaluated. Privacy policy, Opt-Out.
  • External code of the JavaScript framework "jQuery", provided by the third-party vendor jQuery Foundation.
  • This site uses for the uniform representation of fonts so-called Web Fonts, which are offered by Fonticons, Inc. When you call up our site , your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. The fonts used are hosted directly by us, so that the browser you use does not have to establish a connection to a third-party provider. The use of web fonts is in the interest of a uniform and appealing presentation of our online offer. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR . If your browser does not support web fonts, a standard font from your computer will be used. You can find more information about Font Awesome at https://fontawesome.com/help and in the privacy policy of Fonticons, Inc: https://fontawesome.com/privacy.
  • We use the service of Wootric, Inc. to measure customer satisfaction via a Net Promoter Score. Wootric is a software platform based in the USA. The privacy policy of Wootric can be viewed here

III Your rights

1. right to information

You can request confirmation at any time as to whether personal data concerning you is being processed by us. This information is of course free of charge, unless it is requested more often than average. In order to be able to give you this information, it is necessary to carry out a further verification. Therefore, as soon as you submit the request, a randomly generated verification code will be sent to the e-mail address you have registered with us, which you must confirm.

2. right of rectification

If the personal data stored by us is incorrect or incomplete, you can submit a request for correction at any time. The correction must be made by us without delay.

3. right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

  1. If you dispute the accuracy of the personal data relating to you for a period of time that allows us to verify the accuracy of the personal data;
  2. The processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data;
  3. We no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims, or
  4. If you have lodged an objection to the processing pursuant to Article 21 1 GDPR and it is not yet clear whether the legitimate reasons given by us outweigh your reasons.

If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us, RAIDBOXES GmbH, before the restriction is lifted.

4. right to erasure

Provided that there is no justified interest to the contrary, you can assert your right to deletion at any time.

5. revocation of consent

Any data processing that takes place on the basis of your consent may be discontinued as soon as you revoke your consent. The revocation can be made at any time and with effect for the future. As we are obliged by our accountability to store the consent given, the revocation must be made in writing, whereby a revocation by e-mail is sufficient.