Legal
P.A.W.S. is a project of https://de-otio.org
Impressum
Angaben gemäß § 5 TMG
Kontakt
Richard Myers, Clemensstrasse 25, 80803 Munich, Germany
Vertreten durch
Richard Myers
Privacy Policy
Effective Date: 2025-05
We at De Otio (“we”, “our”, or “us”) are committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This privacy policy explains how we collect, use, and protect your personal data when you visit our website, sign up for our newsletter, or interact with our services.
Controller Information
Controller: Richard Myers, Clemensstrasse 25, 80803 Munich, Germany
Email: datenschutz@de-otio.org
Data We Collect
We may collect and process the following types of personal data:
- Contact Information: Name, email address, company name (if applicable)
- Newsletter Preferences: Consent to receive marketing emails
- Usage Data: IP address, browser type, pages visited, time and date of visit, time spent on pages (via Matomo)
Purpose and Legal Basis of Processing
| Purpose | Legal Basis |
|---|---|
| Sending newsletters | Art. 6(1)(a) GDPR – Consent |
| Website analytics (Matomo) | Art. 6(1)(f) GDPR – Legitimate interests |
| Server hosting and operations | Art. 6(1)(f) GDPR – Legitimate interests |
| Spam & Abuse Protection | Art. 6(1)(f) GDPR – Legitimate interests |
| Fonts | Art. 6(1)(f) GDPR – Legitimate interests |
Newsletter Subscription and Salesforce
If you provide consent to receive our newsletter:
- Your data (name, email address) will be securely stored in Salesforce Marketing Cloud, operated by Salesforce Inc.
- We use this service to send newsletters, track engagement (opens, clicks), and manage subscriptions.
- You can revoke your consent at any time by clicking the “unsubscribe” link in our emails or contacting us directly.
Salesforce complies with the GDPR and operates under Binding Corporate Rules (BCRs) and Standard Contractual Clauses (SCCs) where applicable.
Use of Atlassian Jira Cloud for Support Services
We use Atlassian Jira Cloud, a cloud-based service provided by Atlassian Pty Ltd, Level 6, 341 George Street, Sydney, NSW 2000, Australia, to manage and deliver customer support and service desk operations.
When you contact us for support (e.g., through our website, email, or help center), the information you provide — including your name, contact details, service requests, and any other relevant content — may be stored and processed in Jira Service Management, part of the Atlassian Cloud platform.
We use Jira Cloud to:
- Log and track support tickets and requests
- Assign and prioritize tasks internally
- Communicate with users regarding issue status or resolution
- Maintain a record of support interactions for quality and operational purposes
Your data is handled in accordance with our general privacy practices as outlined in this Privacy Policy. In addition:
- Data stored in Jira Cloud may be hosted in data centers located in the United States or other regions as specified by Atlassian.
- Atlassian complies with leading security and privacy standards, including ISO/IEC 27001, SOC 2, and GDPR.
- We have entered into a Data Processing Agreement (DPA) with Atlassian to ensure appropriate safeguards are in place for your personal information.
Support data stored in Jira Cloud is retained for as long as needed to fulfill the purposes outlined above, or as required by applicable law.
Web Analytics with Matomo
We use Matomo (self-hosted) for privacy-friendly web analytics. Key privacy features include:
- Self-hosted on servers located in Germany (AWS data center)
- IP addresses are anonymized
- No cookies are used unless explicitly consented
- No data is shared with third parties
Use of Google reCAPTCHA
To protect our website from spam and abuse, we use Google reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). reCAPTCHA is used to check whether data entered on our website (e.g., in a contact form) is entered by a human or by an automated program.
This service involves the transmission of data to Google, including:
- IP address
- Referrer URL
- Information about the operating system
- Browser and length of visit
- Cookies
- Mouse and keyboard behavior
The use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Use, available at:
Legal Basis
The use of reCAPTCHA is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in protecting our site from abusive automated crawling and spam.
Data Processing Location
Data may be processed in the United States or other countries where Google or its sub-processors operate. Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection.
Use of Google Fonts (gstatic.com)
We use Google Fonts, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to ensure consistent and visually appealing typography across our website.
When you visit a page on our website that uses Google Fonts, your browser may load the required font files from Google’s servers at gstatic.com. In doing so, the following data may be transmitted to Google:
- Your IP address
- Information about your browser and device
- The URL of the page being accessed
These requests are separate from your interactions with Google services and are made without authentication. According to Google, font requests are processed separately from other Google services and do not involve setting cookies.
Legal Basis
The use of Google Fonts is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in presenting our website with consistent typography and fast loading times across different devices and browsers.
Data Processing Location
Data may be processed by Google on servers located in the United States or other countries. Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection for transfers of personal data.
More Information
For further information about data processing by Google, please see:
- Google Fonts FAQ: https://developers.google.com/fonts/faq
- Google Privacy Policy: https://policies.google.com/privacy
Hosting and Data Location
Our website is hosted on Amazon Web Services (AWS) in Germany (Frankfurt region). AWS is GDPR-compliant and provides robust security and data protection practices. All data is stored and processed within the EU.
Your Rights Under the GDPR
You have the following rights:
- Access to your data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure (“Right to be forgotten”) (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Objection to data processing (Art. 21)
- Withdrawal of consent (Art. 7(3))
To exercise your rights, contact us at: datenschutz@de-otio.org
Data Retention
We retain your data:
- For newsletter purposes: until you unsubscribe or withdraw consent.
- For analytics: anonymized data retained indefinitely.
- Server logs: retained for security purposes for up to 12 months.
Data Security
We implement industry-standard technical and organizational measures to protect your personal data, including:
- TLS encryption (HTTPS)
- Secure data storage
- Access controls and authentication
- Regular data backups
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in technology, legislation, or our services. You will be informed of significant changes by notice on our website.
Supervisory Authority
If you believe your data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority. The relevant authority for our company is: https://www.datenschutz-bayern.de/
Contact
For any questions or concerns regarding your data, contact us at: Email: datenschutz@de-otio.org