Privacy Policy

This privacy policy applies to the data processing and protection on this website.

Responsible Provider of this Website

codecandy GmbH
Hinter der Kirche 7
D-57368 Lennestadt 
Germany

Tel. +49 (0) 2721 719781
Fax +49 (0) 2721 7154841

info@codecandy.com
www.codecandy.com

Representing Managing Directors: 

Dennis Conze, Melanie Conze

Court of Registration: Amtsgericht Siegen
Registration Number: HRB 12641

Collection and retention of personal data and type and purpose of use

When you visit our website www.codecandy.com, information is automatically sent to our website server by the browser you are using on your device. This information is temporarily retained in a log file. The information listed below is automatically collected and retained until it is automatically deleted, generally after one week:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the file opened,
  • Website from which you accessed our website (referrer URL),
  • Browser used and optionally your computer’s operating system as well as the name of your access provider.

We process the data listed above for the following purposes:

  • to guarantee the establishment of a smooth connection to the website,
  • to guarantee easy use of our website,
  • to evaluate system security and stability,
  • to investigate any suspicious or unauthorized access attempts (DoS/DDoS attacks, among others) and
  • for other administrative purposes.

The legal basis for processing the data is Art. 6, para. 1, sent. 1, letter f of the GDPR. Our justified interest is consistent with the purposes listed above for which we collect the data. As a rule we do not use the data we collect to identify you. However, we reserve the right to do so in the event it becomes necessary to investigate unauthorized access to or misuse of our site.

In addition, we have implemented Cookies and Analysis Tools on our website.

Transfer of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We transfer your personal data that we have collected via this website to third parties only if:

  • you have given your express consent for such a transfer in accordance with Article 6, para. 1, sent. 1, lit. a GDPR,
  • the transfer is necessary in accordance with Article 6, para. 1, sent. 1, lit. f GDPR for the establishment, exercise or defense of claims under the law and there is no reason to assume that you have a justified overriding interest in not allowing your data to be transferred,
  • if we are legally obligated to transfer the data in accordance with Art. 6, para. 1, sent. 1, lit. c GDPR, and
  • the transfer is permitted by law and in accordance with Art. 6, para. 1, sent. 1, lit. b GDPR for the handling of contractual relationships with you.
Cookies

We use cookies on our page. Cookies are small files automatically created by your browser when you visit our site and stored on your device (laptop, tablet, smartphone, etc.). The cookie contains information, the exact content of which depends on the specific device you are using. However, that does not mean that we thereby receive direct knowledge of your identity. On the one hand, we use cookies to make our site easier for you to use. For example, we use session cookies to tell us that you have already visited individual pages of our website. These session cookies are automatically deleted after you leave our site.

To optimize the user-friendliness of our site, we also use temporary cookies that are retained on your device for a specified period of time. If you visit our site again to use our services, the site automatically knows that you have visited us before and what data and settings you have entered so you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our services (see “Analysis tools”). These cookies enable us to automatically recognize when you return to our site that you have already been with us. These cookies are automatically deleted after a defined period of time.

We process the data processed by cookies exclusively on the basis of your prior consent, Art. 6 para. 1 lit. a GDPR. In this case, we process the data collected through cookies for the above-described purposes.

You can also configure your browser so that cookies are not saved on your computer, or so that a notice always appears before a new cookie is saved. However, if you deactivate all cookies you may not be able to use all the functions of our website.

Analysis Tools

With the following tracking measures we want to ensure a demand-oriented design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. The respective data processing purposes and data categories can be found in the information texts for the corresponding tracking tools.

Google Analytics

For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; hereinafter “Google”). On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer.

Google Analytics creates pseudonymised user profiles for us. The information generated by the Google Analytics cookie about your use of this website such as

  • Browser type/version,
  • the operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser software at any time, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link(https://support.google.com/analytics/answer/6004245?hl=de) An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

Google Fonts (Google Inc.)

Google Fonts is a typeface visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages (https://www.google.it/intl/policies/privacy/).

Google reCAPTCHA (Google Ireland Limited)

Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited. The use of reCAPTCHA is subject to the Google privacy policy (https://www.google.com/policies/privacy/) and terms of use (https://www.google.com/intl/en/policies/terms/).

Social Media Plug-ins

We use social plug-ins from the social networks Facebook and Twitter on this website on the basis of art. 6 para. 1 lit. f GDPR in order to make us more known. The underlying advertising purpose corresponds to our legitimate interest, Art. 6 para. 1 lit. f GDPR. Responsibility for the data protection-compliant operation of social networks must be guaranteed by their respective providers.

These plug-ins are integrated using the so-called two-click method in order to protect users in the best possible way. This means that when a user visits our site, no personal data is initially transmitted to the providers of the plug-ins. Users can recognize the provider of the plug-in by the marking on the box above its initial letter or the respective logo (e.g. for Facebook: white “f” on blue tile or a “thumbs up” sign). We offer users the possibility to communicate directly with the provider of the plug-in via the button. Only if a user clicks on the marked field and thereby activates it, the plug-in provider receives the information that a user has accessed the corresponding website of our online offer. In addition, personal data (in particular the IP address) will then be transmitted to the provider of the respective plug-in. Some providers make the IP address anonymous immediately after it is collected. By activating the plug-in, personal data of the user may be transferred to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data particularly via cookies, we recommend that users delete all cookies before clicking on the grayed-out box via the security settings of their browser.

We have no influence on the collected data and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods with the plug-in providers. We also have no information on the erasure of the data collected by the plug-in provider.

The respective plug-in provider stores the data collected about users of our online offer as user profiles and uses these for purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation takes place in particular (also for not logged-in users) for the representation of demand-oriented advertisement and in order to inform other users of the social network about the activities of the users on our website. Users have a right to object to the creation of these user profiles, whereby a user must contact the respective plug-in provider directly in order to exercise this right. Through the plug-ins we offer users the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for our users.

The data transfer is independent of whether users have an account with the plug-in provider and are logged-in there. If users are logged-in with the plug-in provider, their data collected with us will be directly assigned to their existing accounts with the plug-in provider. If a user presses the activated button and e.g. links the page, the plug-in provider also stores this information in the relevant user account and communicates it publicly to the user’s contacts. We therefore recommend that you log out regularly after using a social network, but especially before activating the button, as this avoids any assignment to the profile with the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in providers is contained in the data protection declarations of these providers notified below. There you will also find further information on the rights of users and the setting options for the protection of privacy within these networks.

Rights of data subjects

You have the right:

  • under Art. 15 GDPR to request information concerning your personal data processed by us. In particular, you can request information on the purpose of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged period of time the data will be stored, your right to the correction, erasure, restriction of processing, your right to object, your right to lodge a complaint, the origin of your data if it was not originally collected by us, and the potential existence of automated decision-making, including profiling, and, if so, reliable information on the details of such processes; We may only refuse to disclose information to you if and to the extent that such information would reveal information which must be kept secret in accordance with a legal provision or its nature, in particular because of the overriding legitimate interests of a third party (§ 29 para. 1 sentence 2 BDSG), the responsible public authority has established to us that the disclosure of the data would endanger public security or order or otherwise adversely affect the welfare of the Federal Republic of Germany or a federal state (§ 34 para. 1 No. 1 BDSG in conjunction with § 33 para. 1 No. 2 lit. b BDSG), or the data are stored only because they may not be deleted due to legal or statutory storage regulations, or exclusively serve purposes of data backup or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by suitable technical and organizational measures (§ 34 para. 1 No. 2 BDSG);
  • under Art. 16 GDPR to demand the immediate correction of incorrect or incomplete personal data retained by us;
  • under Art. 17 GDPR to demand the erasure of your personal data retained by us, unless the processing of this data is necessary to exercise the right of freedom of expression and information that is required to comply with legal requirements for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • under Art. 18 GDPR to demand the restriction of processing of your personal data if you contest its accuracy, the processing is unlawful, the data subject opposes the erasure of the personal data and we no longer need the data, although you require it for the establishment, exercise of defense of legal claims, or you have contested its processing under Art. 21 GDPR;
  • under Art. 20 GDPR to receive your personal data that you have provided to us in a structured, standard and machine-readable format or to demand its transfer to another authorized person;
  • under Art. 7, para. 3, to withdraw your previously given consent at any time. If you do, we will no longer be able to continue any data processing that was based on this consent;
  • if your personal data is processed on the basis of justified interests in accordance with Art. 6, para. 1, sentence 1, letter f GDPR, under Art. 21 GDPR you can object to the processing of your personal data if grounds exist that are related to your particular situation or your objection is directed toward direct marketing. In the latter case you have a general right to contest processing of your personal data by us without having to describe your particular situation.

You also have a general right to lodge a complaint with the Data Protection Supervisory Authority having jurisdiction for you. The authority responsible for us is the „Landesbeauftragte für den Datenschutz Nordrhein-Westfalen“.

To exercise your right to withdraw your consent or to object to the processing of your personal information, just sent an e-mail to info@codecandy.com.

Data security

During your website visit, we use common SSL (Secure Socket Layer) encryption together with the highest encryption level that is currently supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. You can determine whether an individual page of our Internet site is transmitted in encrypted form by looking for the locked display of the lock or key symbol in the bottom status line of your browser.

We also use appropriate technical and organizational security measures to protect your data from accidental or malicious tampering, partial or total loss, destruction and unauthorized third-party access. Our security measures are continuously updated as the technology evolves.

Currentness and amendment of this data protection notice

This data protection notice is valid as of May 2018. As a result of the evolution of our website and offerings on it, or as a result of modified legal or official requirements, it may occasionally be necessary to amend this data protection notice. You can at any time consult and print out the current data protection notice on this website.