Data Privacy (WebApp-PatternScan Pro)

1. An overview of data protection

General information

The following information will provide you with an easy to navigateoverview of what will happen with your personal data when you visit thiswebsite. The term “personal data” comprises all data that can be used topersonally identify you. For detailed information about the subject matter ofdata protection, please consult our Data Protection Declaration, which we haveincluded beneath this copy.

Data recording on this Web-App

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?

The data on this website is processed by the operator of the website, whosecontact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in thisPrivacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form. Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit.

What are the purposes we use your data for?

  • Security of the application
  • Authentication and management of user accounts
  • Processing of orders and payments
  • Digitization of sewing patterns

    • What rights do you have as far as your information isconcerned?

    You have the right to receive information about the source, recipients, andpurposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data arerectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. More over, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the rightto log a complaint with the competent supervising agency.

    Please do not hesitate to contact us at any time if you have questionsabout this or any other data protection related issues.

    2. General information and mandatory information

    Data protection

    The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

    Whenever you use this website, a variety of personal information will becollected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well asthe purposes we use this data for. It also explains how, and for which purposethe information is collected.

    We here with advise you that the transmission of data via the Internet(i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

    Information about the responsible party (referred to as the “controller” in the GDPR)

    The data processing controller on this website is:

    Rasmus Liebscher
    Blumenthalstraße 20
    12103 Berlin

    Telefon: +49 157 827 58542
    E-Mail: mail@patternscan-pro.com

    The controller is the natural person or legal entity thatsingle-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mailaddresses, etc.).

    Storage duration

    Unless a more specific storage period has been specified in this privacypolicy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletionor revoke your consent to data processing, your data will be deleted, unless wehave other legally permissible reasons for storing your personal data (e.g.,tax or commercial law retention periods); in the latter case, the deletion willtake place after these reasons cease to apply.

    General information on the legal basis for the data processing on this website

    If you have consented to data processing, we process your personal dataon the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categoriesof data are processed according to Art. 9 (1) DSGVO. In the case of explicitconsent to the transfer of personal data to third countries, the dataprocessing is also based on Art. 49 (1)(a) GDPR. If you have consented to thestorage of cookies or to the access to information in your end device (e.g.,via device fingerprinting), the data processing is additionally based on § 25(1) TTDSG. The consent can be revoked at any time. If your data is required forthe fulfillment of a contract or for the implementation of pre-contractualmeasures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we processit on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may becarried out on the basis of our legitimate interest according to Art. 6(1)(f)GDPR. Information on the relevant legal basis in each individual case isprovided in the following paragraphs of this privacy policy.

    Information on data transfer to the USA and other non-EU countries

    Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries.If these tools are active, your personal data may potentially be transferred tothese non-EU countries and may be processed there. We must point out that inthese countries, a data protection level that is comparable to that in the EUcannot be guaranteed. For instance, U.S. enterprises are under a mandate torelease personal data to the security agencies and you as the data subject donot have any litigation options to defend yourself in court. Hence, it cannotbe ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

    Revocation of your consent to the processing of data

    A wide range of data processing transactions are possible only subjectto your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any datacollection that occurred prior to your revocation.

    Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

    IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F)GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGALBASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATAPROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THECLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TOART. 21(1) GDPR).

    IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECTADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTEDPERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECTADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BEUSED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

    Right to log acomplaint with the competent supervisory agency

    In the event of violations of the GDPR, data subjects are entitled tolog a complaint with a supervisory agency, in particular in the member statewhere they usually maintain their domicile, place of work or at the place wherethe alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

    Right to dataportability

    You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

    Information about, rectification and eradication of data

    Within the scope of the applicable statutory provisions, you have theright to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of yourdata. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions aboutpersonal data, please do not hesitate to contact us at any time.

    Right to demand processing restrictions

    You have the right to demand the imposition of restrictions as far asthe processing of your personal data is concerned. To do so, you may contact usat any time. The right to demand restriction of processing applies in thefollowing cases:

    In the event that you should dispute the correctness of your dataarchived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that werestrict the processing of your personal data.
    If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data inlieu of demanding the eradication of this data.
    If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand therestriction of the processing of your personal data instead of its eradication.

    If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand arestriction of the processing of your personal data.

    If you have restricted the processing of your personal data, these data– with the exception of their archiving – may be processed only subject to yourconsent or to claim, exercise or defend legal entitlements or to
    protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

    SSL and/or TLS encryption

    For security reasons and to protect the transmission of confidentialcontent, such as purchase orders or inquiries you submit to us as the websiteoperator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of thebrowser switches from “http://” to “https://” and also by the appearance of thelock icon in the browser line.

    If the SSL or TLS encryption is activated, data you transmit to uscannot be read by third parties.

    Objection to advertising e-mails

    We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

    3. Data Collection on This Website

    Required Data

    The following list provides a general overview of the data we directly collect and store in our database:

    • Registration Data: Your email address and an encrypted password to ensure secure login and authentication.
      • Storage Duration: Until deleted by the user or after prolonged inactivity.
    • Payment Information: Details about your chosen payment method are collected to process orders. The processing of this data is carried out in accordance with applicable data protection regulations and in compliance with statutory retention periods. Payment method details (e.g., credit card numbers) are only processed by payment providers – we do not store full payment data.
      • Storage Duration: According to legal retention periods.
    • Images of Sewing Patterns: To digitize your sewing patterns, we store the images you provide. These are used exclusively for processing purposes and deleted in accordance with legal requirements after processing is completed.
      • Storage Duration: 7 days after upload.

    Additionally, other data you enter is collected, such as the date of account creation. All this data is necessary to provide core functions. Third-party services (see below) may collect additional required data.

    Cookies

    Our website uses so-called "cookies." Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

    In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These allow us or you to use certain services provided by the third party (e.g., cookies for processing payment services).

    Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart function or video display). Other cookies are used to analyze user behavior or display advertisements.

    Cookies required for electronic communication processes, for providing specific functions you request (e.g., shopping cart function), or for optimizing the website (e.g., cookies for audience measurement) are stored based on Art. 6 (1) lit. f GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent for the storage of cookies and similar recognition technologies has been requested, processing is based exclusively on this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG); consent can be revoked at any time.

    You can configure your browser to inform you about the setting of cookies and allow cookies only in specific cases, exclude the acceptance of cookies for certain cases or in general, and activate automatic cookie deletion when closing the browser. Disabling cookies may limit the functionality of this website.

    If cookies from third-party companies or for analytical purposes are used, we will inform you separately in this privacy policy and, if necessary, request your consent.

    Server Log Files

    The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

    • Browser type and version
    • Operating system used
    • Referrer URL
    • Hostname of the accessing computer
    • Time of the server request
    • IP address

    This data is not merged with other data sources.The data is stored for 30 days on Google Cloud and for 7 days on Bugsnag.The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, server log files must be recorded.

    4. Subcontractors

    Firebase and Google Cloud

    For the operation of our web and mobile applications, we rely on selected services from the Firebase platform provided by the American company Google Inc. In Europe, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). Here is a list of all Firebase services: https://firebase.google.com/terms/

    For the provision of PatternScan Pro, the following components are used:

    • Firebase Authentication: Secure login with storage of email, username, and encrypted password. Please note that IP addresses are also captured in this process.
    • Cloud Functions: Server-side processing for the digitization of sewing patterns (configured in EU data centers).
    • Firebase Hosting: With Firebase Hosting, we provide content for our web applications. Static files and dynamic content are hosted in secure, EU-based data centers.
    • Cloud Firestore: To store and manage our application data, we use Cloud Firestore, a flexible NoSQL database. Thanks to targeted location choices, your data – wherever technically possible – is stored in European or German data centers.
    • Firebase Storage: We use Firebase Storage for storing files and media content. Again, we emphasize that data processing is, whenever possible, carried out within the EU.

    Data Protection and Data Security

    The use of the above-mentioned Firebase services is carried out in compliance with applicable data protection regulations, particularly the General Data Protection Regulation (GDPR). By entering into a data processing agreement with Google, it is ensured that even in cases of data processing outside the EU, the European level of data protection will be upheld. The retention period and the type of processed data depend on the functional requirements of our application. If you have questions regarding the specific processing of your personal data or wish to exercise your rights, please contact us at mail@patternscan-pro.com.

    More information can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de

    The use of Google Cloud is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in providing a reliable representation of our website. If consent has been requested, the processing will only take place based on Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

    Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses.

    Details can be found here: https://cloud.google.com/terms/cloud-privacy-notice?hl=de

    Newsletter Data

    If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data is collected, except on a voluntary basis. We use third-party newsletter service providers to manage the newsletter.

    MailerLite
    This website uses the services of MailerLite for sending newsletters. The provider is MailerLite Limited, an Irish registered company at Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland.

    MailerLite is a service that can be used to organize and analyze the sending of newsletters. When you enter data for the purpose of subscribing to the newsletter (e.g., email address), it is stored on MailerLite’s servers.

    Using MailerLite, we can analyze our newsletter campaigns. If you open an email sent by MailerLite, a file (known as a web beacon) contained in the email connects to MailerLite’s servers. This allows us to determine whether the newsletter message was opened and which links were clicked. Technical information such as the time of retrieval, IP address, browser type, and operating system is also recorded. This information cannot be attributed to a specific newsletter recipient. It is solely used for statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of recipients.

    If you do not want MailerLite to perform such analysis, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter.

    The data processing is based on your consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time by unsubscribing from the newsletter. The legality of data processing that has already occurred remains unaffected by the revocation.

    The data you provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and by the newsletter service provider, after which it will be deleted from the newsletter distribution list. Data stored for other purposes remains unaffected.

    Details can be found here: https://www.mailerlite.com/legal/privacy-policy

    After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data in the blacklist is only used for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest under Art. 6 (1) lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interests.

    Further details can be found in MailerLite’s privacy policy at: https://www.mailerlite.com/legal/privacy-policy

    Stripe

    We offer the option to process payments through the payment service provider Stripe, Legal Process, 510 Townsend St., San Francisco, CA 94103 (Stripe). This aligns with our legitimate interest in providing an efficient and secure payment method (Art. 6 (1) lit. f GDPR). In this context, we provide the following data to Stripe, insofar as necessary for contract fulfillment (Art. 6 (1) lit. b GDPR):

    • Cardholder name
    • Email address
    • Customer number
    • Order number
    • Bank account information
    • Credit card details
    • Credit card expiration date
    • Credit card verification number (CVC)
    • Date and time of the transaction
    • Transaction amount
    • Provider name
    • Location

    The processing of the data specified in this section is neither legally nor contractually required. Without transmitting your personal data, we cannot process a payment through Stripe.

    Stripe acts in a dual role as both the data controller and data processor. As a data controller, Stripe uses your submitted data to fulfill regulatory obligations. This is based on Stripe’s legitimate interest (Art. 6 (1) lit. f GDPR) and serves contractual performance (Art. 6 (1) lit. b GDPR). We have no influence over this process.

    As a data processor, Stripe processes transactions within the payment networks. In the context of the data processing agreement, Stripe acts solely on our instructions and has been contractually obligated to comply with data protection regulations as per Art. 28 GDPR.

    Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

    For more information on objection and removal options with respect to Stripe, visit: https://stripe.com/privacy-center/legal

    Your data will be stored by us until the payment process is completed. This includes the time required for processing refunds, debt collection, and fraud prevention.

    Source: https://www.e-recht24.de

    Site NoticeData Privacy (Website)Data Privacy (webApp)