ValueRay Privacy Guidelines: Your Security Matters

The following overview summarizes the types of data processed, the purposes of their processing, and the data subjects concerned.

The following is an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations in your or our country of residence may apply.

Consent (Art. 6(1)(a) GDPR)

The data subject has given consent to the processing of their personal data for one or more specific purposes.

Performance of a contract (Art. 6(1)(b) GDPR)

Processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.

Legal obligation (Art. 6(1)(c) GDPR)

Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6(1)(f) GDPR)

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG). The BDSG contains specific provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and automated individual decision-making including profiling.

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to data, as well as access, input, disclosure, availability assurance and separation of data.

SSL encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to store the login status in a user account, shopping cart contents, or the content viewed or functions used within an online offering. Cookies can also be used for various purposes such as functionality, security, comfort, and visitor flow analysis.

Consent notice: We use cookies in accordance with legal requirements. We obtain prior consent from users unless this is not legally required. Consent is not necessary if storing and reading information, including cookies, is strictly necessary to provide a service explicitly requested by the user.

Legal bases: The legal basis on which we process personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis is the declared consent. Otherwise, data processed using cookies is processed on the basis of our legitimate interests.

Storage duration:

Temporary cookies (session cookies)

Deleted at the latest after the user leaves the online offering and closes their end device.

Permanent cookies

Remain stored even after the end device is closed. Storage duration may be up to two years.

Revocation and objection (opt-out): Users may revoke their consent at any time and also lodge an objection in accordance with Art. 21 GDPR. Users may also express their objection via their browser settings.

We process data of our contractual and business partners in the context of contractual and comparable legal relationships and related measures, as well as in the context of communication with contractual partners.

We process this data to fulfill our contractual obligations, to safeguard our rights, and for the purpose of related administrative tasks and business organization.

We delete data after expiry of legal warranty and comparable obligations, generally after 4 years, unless the data must be retained for legal reasons (e.g. for tax purposes, typically 10 years).

Customer account: Contractual partners may create an account within our online offering. Customer accounts are not public and cannot be indexed by search engines. We store IP addresses and access timestamps during registration. When customers terminate their account, the relevant data is deleted, subject to legal retention obligations.

Software and platform services: We process user data to provide our contractual services and, on the basis of legitimate interests, to ensure the security of our offering and to develop it further.

In the context of contractual and other legal relationships, we offer data subjects efficient and secure payment options and use payment service providers in addition to banks and credit institutions.

Data processed by payment service providers includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs, and checksums. We do not receive any account or credit card information, only confirmation or negative information regarding payment.

PayPal

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy Policy

Stripe

Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Privacy Policy

Users may create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account on the basis of contractual obligation. The data processed includes login information (username, password and email address).

We store the IP address and timestamp of each user action on the basis of our legitimate interests and those of users in protection against misuse.

Users may use pseudonyms instead of real names as usernames. It is the users' responsibility to back up their data before the end of the contract in the event of termination.

When contacting us (e.g. via contact form, email, phone or social media), the information provided by the inquiring persons is processed insofar as this is necessary to respond to the contact inquiries and any requested measures.

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content based on the potential interests of users, as well as measuring their effectiveness.

For these purposes, user profiles are created and stored in a file (so-called "cookie") or similar procedures are used. IP addresses of users are also stored, whereby we use IP masking procedures to protect users.

Google AdSense (personalized)

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy · Data Processing

Google AdSense (non-personalized)

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy · Data Processing