Logo
BETA

Privacy Policy - IslesOfYou GmbH

In the following, we, IslesOfYou GmbH, Adalbertstr. 26, 10179 Berlin, info@islesofyou.com, Phone: 0(049)3060690401 (hereinafter "IslesOfYou" or "we", see also section 1), inform
  • visitors to our website https://islesofyou.com/ (hereinafter "Website"), including persons who contact us and
  • persons who use the web App “IslesofYou” (hereinafter “App”)
about the processing of their personal data by us and by third parties commissioned by us or other third parties (see section 7 for recipients of data), as well as about the claims and rights to which data subjects are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR), see section 8.
Personal data in the sense of the GDPR are all data relating to a specific or identifiable person, e.g., name, address, e-mail addresses, user behavior.
If links to third-party providers are clicked on within the framework of the Website, the data protection provisions of these third parties will apply exclusively. We do not check the data protection provisions of third parties and are not responsible for further data processing.

  1. Controller

    2. The controller responsible for processing of personal data is:

    IslesOfYou GmbH,
    Adalbertstr. 26,
    10179 Berlin,
    info@islesofyou.com.

  2. Data processing when visiting the Website (Logfiles), Cookies

    1. Logfiles

      Each time the Website is visited, we collect personal data that the browser used to access the Website transmits to our server. In doing so, we collect the following access data, which is technically necessary for us to display our Website and to be able to offer our content through the Website, including the App, as well as to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (i.e., name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language, and version as well as type of browser software, notification of successful retrieval.

      We process the aforementioned data in accordance with Art. 6 para. 1 s. 1 lit. f GDPR to protect the legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests:

      • Ensuring IT security, in particular the security of the Website,
      • Assertion of legal claims and defense in legal disputes.

      In addition, we statistically evaluate the use of the Website by its visitors using the services of Google Analytics (see section 7.3).

    2. Cookies, consent management tool

      Within the framework of our Website and the App we are using cookies to analyze how the Website is being used so we can improve our services and for statistical purposes. A cookie is a small data file that is sent to the respective device when a website is visited. When that Website is visited again, the cookie allows it to recognize your browser. We also allow some of our services providers to use cookies on our Website.

      We use the following types of cookies:

      Technically necessary cookies. These cookies are necessary to make the Website easier for the visitors to navigate and provide access to its features. They also help us to make sure that the Website is working properly and fix any errors, and to personalize it to the visitors by remembering their preferences. Some functions of our Website cannot be offered without the use of cookies. These functions require the browser to be recognized again after switching pages. The legal basis for the use of technically necessary cookies is § 25 sec. 2 German Telecommunications and Telemedia Data Protection Act (TTDSG) and for the collection and processing of data collected and processed by means of such cookies is Art. 6 para. 1 s. 1 lit. f GDPR.

      Analytics cookies. We use analytics cookies to help us understand things like how long visitors stay on our Website, what pages they find most useful, and how they arrived at our Website. To do so we use the services of Heap Analytics Google Analytics (see section 7.3).

      We have integrated a consent management tool (hereinafter"CMT") on our Website. The CMT provides visitors of our Website with information on the cookies used and allows them to adjust the use of these in relation to certain service providers. Visitors can also use the CMT to grant and withdraw their consent to the setting of cookies. When they enter our Website and make settings via the CMT, a necessary cookie is placed on their device in which the settings they have made are stored. The CMT is used in accordance with § 25 sec. 1 TTDSG, Art. 6 para. 1 s. 1 lit. c GDPR to obtain and document given consent to certain data processing procedures and in accordance with Art. 6 para. 1 S. 1 lit. f GDPR, due to our legitimate interest in being able to offer a convenient way to control the processing of personal data.

      Most web browsers allow to adjust cookie preferences in their settings. Some browsers also offer a “Do Not Track” (“DNT”) signal where preferences can be set regarding tracking and cross-site tracking. However, if the ability of websites to set cookies is limited, it may impair the overall user experience, as it will no longer be personalized.

  3. Data processing when contacting us

    When contacting us (e.g. via e-mail), we process the information provided to us (e-mail address, name, telephone number, if applicable, and the content of the inquiry) in order to respond to the inquiry. The legal basis of the processing is Art. 6 para. 1 s. 1 lit. b GDPR if the subject of the inquiry is (pre-)contractual information, in accordance with Art. 6 para. 1 s. 1 lit. f GDPR if have a legitimate interest to do so or in accordance with Art. 6 para. 1 p. 1 lit. a if we have been provided with information that serves neither (pre-)contractual purposes nor our legitimate interests.

  4. Data processing when using the App

    When using the App according to our Terms of Use we process all personal data you provide to us and that is necessary for and in the scope of the performance of the App in accordance with Art. 6 para. 1 s. 1 lt. b GDPR. This includes in particular your email address, username and – as applicable – Contributions (in particular text, writings, video, audio, photographs, graphics, comments, suggestions, or personal information or other material), trademarks, service marks, trade names, logos, and personal and commercial images that may contain your personal data. We use analytics cookies to help us understand things like how long you use the App and what pages you find most useful. To do so we use the services of Google Analytics (see section 7.3).

  5. Internal processing

    We process the personal data mentioned above under sections 2 to 4 within the scope of administrative tasks as well as for the organization of our operations, and to comply with legal obligations, such as archiving. The legal bases for this are Art. 6 para. 1 s. 1 lit. b, c or f GDPR. Accordingly, the purpose and our interest in processing lies in the maintenance of our business activities, the performance of our legal duties and the provision of our contractual services.

  6. Storage duration

    We delete the data mentioned in the above sections 2 to 4 after the storage is no longer required or restrict the processing if there are statutory retention obligations. In particular, the storage duration is determined by the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to 30 years. In particular, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO), and the German Money Laundering Act (GwG). The retention and documentation periods specified there are 2 to 10 years.

  7. Transmission of personal data to third parties

    1. Auth0 (registration and login tool)

      Our registration and login tool is provided by Auth0, Inc, a company based in the USA (a hundred percent subsidiary of Okta, Inc., hereinafter “Auth0”). For this purpose, your login information is transmitted to Auth0 and managed by Auth0 in accordance with our instructions. Any transfer to a country outside the EU or the EEA takes place on the basis of data protection guarantees pursuant to Art. 45 et seq. GDPR, in particular in the form of a data transfer agreement that contains the standard data protection clauses approved by the EU Commission.

      Auth0 uses the following necessary cookie according to § 25 sec. 2 TTDSG:

      NamePurposeDuration
      didContains a randomly generated user ID. This ID allows Auth0 to recognise returning users on the Website and to merge data from previous visits.1 year
      did_compatEnsures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.1 year
      _legacy_auth0.MAIFpeVbRVYuoMvHhrkSkX3IMX0Y06fy.is.authenticatedSession
      auth0.MAIFpeVbRVYuoMvHhrkSkX3IMX0Y06fy.is.authenticatedSession
      auth0.MAIFpeVbRVYuoMvHhrkSkX3IMX0Y06fy.organization_hintSession

      More information on data privacy at Okta, Inc.:
      https://www.okta.com/de/privacy-policy/
      https://www.okta.com/sites/default/files/2021-02/OKTA-DPA-2-1-21.pdf

    2. Wasabi Hot Cloud Storage (web hoster and cloud storage)

      We work with the web hoster Wasabi provided by Wasabi Holding Company, Inc, based in the USA (hereinafter "Wasabi"), through which we are able to offer our Website and the App online and to process the data described in sections 1 to 4 securely and efficiently. In the process, all information that is generated in the course of using the Website, including the App, is transmitted to Wasabi and stored there until we delete it. The data centers used by Wasabi are located within Germany in the Equinix Frankfurt Hub. Any transfer to a country outside the EU or the EEA that may be necessary in individual cases is carried out on the basis of data protection guarantees pursuant to Art. 45 et seq. GDPR, in particular in the form of a data transfer agreement. More information on data privacy at
      https://wasabi.com/legal/privacy-policy/
      https://wasabi.com/legal/data-processing-addendum/

    3. Google Analytics

      We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter collectively "Google"). Google Analytics uses cookies as described in our Cookie Policy to enable an analysis of the use behavior with regards to the Website and/or App. In particular, the following information is processed: Browser type/version, operating system used, referrer URL (the previously visited page), IP address, time of server request. The information generated by the cookie about the use of the Website and the App will be transmitted to and stored by Google on servers in the United States. We use IP anonymization so that the respective IP address is shortened by Google within member states of the European Union or in other contracting states of the agreement on the European Economic Area (EEA) before it is transferred to a third country such as the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Any transfer to a country outside the EU or the EEA that may be necessary in individual cases takes place on the basis of data protection guarantees pursuant to Art. 45 et seq. GDPR, in particular in the form of a data transfer agreement that contains the standard data protection clauses approved by the EU Commission. On our behalf, Google will use this information to evaluate the use of the App and to provide further services to Apryl related to this and the use of the Internet. The (shortened) IP address transmitted by a browser as part of Google Analytics will not be merged with other Google data. The storage of cookies can be prevented by a corresponding setting of the browser software and/or our CMT (see section 2.2); however, it is possible that in this case not all functions of the Website and/or the App can be used to their full extent.

      Specifically, the following Google Analytics cookies are used:

      NamePurposeDuration
      _gat_gtag_UA_149714741_1Certain data is only sent to Google Analytics a maximum of once per minute. As long as it is set, certain data transfers are prevented.1 minute
      _gaContains a randomly generated user ID. This ID allows Google Analytics to recognise returning users on the Website and to merge data from previous visits.2 year
      _gidContains a randomly generated user ID. This ID allows Google Analytics to recognise returning users on the Website and to merge data from previous visits.24 hours

      The use of Google Analytics cookies is based on the express consent of the respective Website visitors/Users in accordance with § 25 sec. 1 TTDSG.

      More information on Google’s terms of use and data privacy:
      https://www.google.com/analytics/terms/de.html
      https://policies.google.com/?hl=en&gl=de

    4. Cloudflare, Inc. (content delivery network)

      We use the services of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA, hereinafter "Cloudflare") to make our Website faster and more secure. With a so-called content delivery network Cloudflare distributes the contents of websites on the basis of the processed IP addresses evenly on servers, which are in the proximity of the respective website visitor, whereby the access to the website and also its stability is increased. At the same time Cloudflare offers different security systems. For this purpose, Cloudflare processes all data, which is generated in the context of the use of our Services according to sect.2 to 4, in accordance with a data processing agreement and within the framework of our instructions. Cloudflare stores this information on servers, which can be located anywhere in the world. However, Cloudflare has committed itself to provide suitable guarantees for this, which ensure an adequate level of data protection. Cloudflare stores data only as long as it is necessary for the provision of Cloudflare services or until we request Cloudflare to delete the data.

      Cloudflare uses the following necessary cookie according to § 25 sec. 2 TTDSG:

      NamePurposeDuration
      __cf_bmThis cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.1 day

      More information on Cloudflare’s data privacy can be found at
      https://www.cloudflare.com/privacypolicy/
      https://www.cloudflare.com/gdpr/introduction/

    5. gravity & storm (digital provider)

      We are able to provide our App with the help of the German agency gravity & storm GmbH. For this purpose, gravity & storm GmbH will process your personal data as mentioned in section 2 to 4 in accordance with our instructions.

      More information on data privacy at gravity & storm GmbH at
      https://www.gravityandstorm.de/privacy

  8. Data Protection Rights

    Every data subject has:

    • The right to information according to Art. 15 GDPR,
    • the right to rectification according to Art. 16 GDPR,
    • the right to erasure according to Art. 17 GDPR,
    • the right to restriction of processing according to Art. 18 GDPR,
    • as well as the right to data portability under Art. 20 GDPR.

    Furthermore, consent can be withdrawn at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. However, we point out that in this case, our services, in particular the functionalities of the App , can no longer be fully utilized.

    The aforementioned rights can be asserted against us by sending a message to the contact details listed in section 1, in particular by e-mail to info@islesofyou.com.

    In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR) in conjunction with § 19 BDSG.

    Information about the right of objection according to Art. 21 GDPR

    Data subjects also have the right, pursuant to Art. 21 para. 1 GDPR, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6 para. 1 s. 1 lit. e GDPR (data processing in the public interest) and Article 6 para. 1 s. 1 lit. f GDPR (data processing on the basis of a overriding legitimate interests). Recipients may object to direct advertising by us at any time without stating reasons (Article 21 para. 2 GDPR).

    After the objection has been received and the relevant conditions have been met, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject in question, or the processing serves to assert, exercise or defend legal claims.

    The objection can be made form-free and no transmission costs other than those according to the prime rates are incurred. The objection is to be addressed to:

    postal: IslesOfYou GmbH, Adalbertstr. 26, 10179 Berlin,

    via e-mail: info@islesofyou.com.

Last Updated: February 2023

©IslesOfYou
AboutTermsLegalPrivacy