privacy policy

[last update: 23. August 2024]

We respect your privacy and are committed to protecting it through our compliance with this privacy policy ("Policy"). This Policy describes the types of information we may collect from you or that you may provide ("Personal Information") on the www.genais-social.club website ("Website") and any of their related products and services (collectively, "Services"), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.

This Policy is a legally binding agreement between you ("User", "you" or "your") and Plan Konsult (doing business as "Plan Konsult", "we", "us" or "our"). Plan Konsult is the controller, see impressum for more information on us . If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms "User", "you" or "your" shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access and use the Services. By accessing and using the Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Definitions

The data protection declaration of Plan Konsult is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Therefore, in the beginning, we will define certain important terminologies, to make our privacy policy legible and understandable.

In this data protection declaration, we use, among others, the following terms:

• Personal data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
• Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
• Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
• Anonymization: Anonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
• Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal Data we collect

Every time you visit our website, your IP address and other pieces of information are saved in anonymized form. If you register an account with us, your contact information will be stored. In particular, we save the following data from you.

Registration Data

You can access and use the Services without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the features offered on the Services, you may be asked to provide certain Personal Information (for example, your name and e-mail address).

We receive and store any information you knowingly provide to us when you create an account, or fill any forms on the Services. When required, this information may include the following:

• Account details (such as user name, unique user ID, password, etc)
• Contact information (such as email address, phone number, etc)

You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the features on the Services. Users who are uncertain about what information is mandatory are welcome to contact us.

The legal basis for this data processing is Art. 6 (1) lit. a or Art. 6 (1) lit. b GDPR (see https://gdpr-info.eu/art-6-gdpr/ ).

Usage Data and Server Log Files

Whenever you visit our websites, we automatically store log data. This includes your IP address, type and version of the browser you use, and the time, date, and website from which you come to our site. Your IP address is saved in an anonymized manner. You can then no longer be identified.

The legal basis for this data process is Art. 6 (1) lit. f GDPR (see https://gdpr-info.eu/art-6-gdpr/).

Additionally we may store usage data. Such data contains the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more.

Website Analysis and Tracking Data

On our website, we use the open-source web analysis tool Matomo on our self-hosted system. Matomo can use cookies. These are text files that are saved on your computer and which allow us to analyze how you use our website. The tool generates information about how you use the website, and our server saves this information. You can activate/deactive the session cookie within our cookie policy & settings.

We do not send the data that gets generated by the matomo tracker about how you use our website to third parties. It is stored exclusively on our self-hosted systems.

By default we collect and analyse usage data with matomo. We can do so, since we host matomo on our own servers and we anonymize any personal data as defined in ISO standard (ISO 29100:2011), making them not . Nevertheless, if you do not want us to collect such usage data, you can disable it with the following button:

In case you have activated the do-not-track request header header via your browser , we respect the decision and disable each tracking immediately.

Use and processing of collected information

We act in the capacity of a data controller when we ask you to submit your Personal Information that is necessary to ensure your access and use of the Services. In such instances, we are a data controller because we determine the purposes and means of the processing of Personal Information.

In order to make the Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Any of the information we collect from you may be used for the following purposes:

• Create and manage user accounts
• Respond to inquiries and offer support
• Request user feedback
• Improve user experience
• Enforce terms and conditions and policies
• Protect from abuse and malicious users
• Respond to legal requests and prevent harm
• Run and operate and improve the Services

Processing your Personal Information depends on how you interact with the Services and if one of the following applies:

1. you have given your consent for one or more specific purposes
2. provision of information is necessary for the performance of this Policy with you and/or for any pre-contractual obligations thereof
3. processing is necessary for compliance with a legal obligation to which you are subject
4. processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
5. processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

Privacy of children

We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through the Services. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through the Services, please contact us to request that we delete that child’s Personal Information from our Services.

We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Services without their permission. We also ask that all parents and legal guardians overseeing the care of children take the necessary precautions to ensure that their children are instructed to never give out Personal Information when online without their permission.

Managing information

All about the lifecycle of your personal information.

Deletion of information

Deletion of personal information is highly related to your rights as a data subject. It is also related to data retention. Please go through those sub pages of this site, to get aware about this topic.

Disclosure of information

External service providers may have access to your data while they assist us in providing our services. In some cases, third parties such as government authorities may receive your data.

One reason for disclosure is the utilization of social media features, where you can login via a service provider. A list of such providers is given here. During a single-sign-on process, we will send your freely provided e-mail address to the recipient.

Retention of information

We will retain and use your Personal Information for the period necessary to comply with our legal obligations, as long as your user account remains active, to enforce our Policy, resolve disputes, and unless a longer retention period is required or permitted by law.

We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Without explicitly contacting us for deletion of your personal data, we will do so within 24 months of account inactivity (no login), or once the statutory retention period expires.

Data we collected as usage data will be automatically deleted not later than 180 days (6 months) after collection.

Cookies

Our Services use "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

We may use cookies to collect, store, and track information for security and personalization, and for statistical purposes. For further information on the cookies we collect and their purpose, see our cookie policy & settings . Please note that you have the ability to accept or decline cookies.

Third Party Services

Notice the following regarding our utilization of third-party services and providers.

Payment Processors

See details about third party payment processors.

Paypal

We utilize PayPal for processing payments on our website. When you choose to make a purchase through PayPal, your personal and financial information is handled securely by PayPal, and we do not directly collect or store any payment details such as credit card numbers or bank account information. However, we may receive information related to your purchase, such as your name, email address, and the items purchased, in order to fulfill your order and provide customer support.

Please note that when you use PayPal for payments, you are subject to PayPal's Privacy Policy and Terms of Service, which govern the collection, use, and disclosure of your information by PayPal. We recommend reviewing PayPal's policies to understand how your data is handled by them.

It's important to be aware that PayPal's services utilize third-party cookies as part of their functionality. These cookies are controlled by PayPal and are subject to PayPal's own cookie policy. By using PayPal for payments on our website, you consent to the use of cookies as described in PayPal's policies. See our cookie policy & settings for more information.

We are committed to ensuring the protection and privacy of your personal information in accordance with the General Data Protection Regulation (GDPR). If you have any questions or concerns regarding the handling of your data in relation to PayPal payments, please don't hesitate to contact us.

Check this link to find out about paypal privacy policy.

Infrastructure Providers

Our information technology infrastructure is hosted by third-party providers. More details about the hosting and our measures to fullfil all legal obligations can be found here.

Saas- and API-providers

Our website utilizes APIs (Application Programming Interfaces) provided by third-party service providers to enhance the functionality and user experience. These third-party APIs are integrated into our platform to deliver specific services, such as data retrieval, interactive features, and content display.

• No Personal Data Transmission by Us: When using these third-party APIs, we do not transmit any personal information to these third-party service providers. The integration is designed to provide services without requiring the sharing of personal data from our side.
• User Responsibility for Personal Data: While we do not send any personal data to third-party services, certain functionalities provided by these APIs may allow or enable users to voluntarily enter or transmit their own data. Users should be aware that (a) our terms of service restrict the sharing of personal information with third-party service providers through these APIs. Users should avoid entering or transmitting any personal data, such as names, email addresses, contact details, or other identifying information, when interacting with these services. (b) Users are encouraged to review the privacy policies of these third-party service providers to understand how any data entered might be processed or stored.
• Compliance with Our Terms of Service: Users are required to comply with our terms of service, which explicitly prohibit the sharing of personal information with third-party APIs integrated into our platform. Failure to comply may result in the restriction of access to certain features or services provided through our website.
• Limitation of Liability: We are not responsible for any data voluntarily submitted by users to third-party service providers through their APIs. Users acknowledge that (a) Any data that users submit directly to a third-party service provider through these APIs is subject to the privacy policy and terms of that third party, not our own. (b) Users should exercise caution and discretion when interacting with third-party APIs and avoid sharing any personal information unless they fully understand the third party’s data processing practices.
• Updates to Third-Party API Usage: We reserve the right to update thelist of third-party APIs used on our website and their respective terms of use. Any significant changes will be reflected in an updated version of this privacy policy.

List of Third-Party Service Providers

In the following you find a list of third-party service providers and vendors, which help us in enabling our service. Further information, especially about our measures to fullfil all legal obligations regarding data processing can be found here.

• Hetzner Online GmbH: Hosting infrastructure and Domain Services. Find their contact and specifically their privacy-policy.
• Paypal: Payment processor. See also separate chapter for payment processors. Contact and privacy-policy.
• Github Inc: Code versioning and development and deployment handling. Contact and their privacy-policy.
• Microsoft Corporation: Hosting infrastructure, E-Mails and Communication, Api-Service for generative ai model requests. Contact and privacy-policy.
• Hugging Face: Generative AI models and tokenizers. Contact and privacy-policy.
• Google Cloud: Infrastructure Services and Single Sign On like described here. Contact and privacy-policy.
• OpenAI: Api-Service for generative ai model requests. Contact and privacy-policy.
• groq: Api-Service for generative ai model requests. Contact and privacy-policy.
• nebiusai: Api-Service for generative ai model requests. Contact and privacy-policy.
• anthropic: Api-Service for generative ai model requests. Contact and privacy-policy.
• fortawesome: Improving side visualization and design by enabling icons and fonts. Contact and privacy-policy.
• cloudflare turnstile: Anti Spam tool, preventing bots and spammers from using and compromising the service. Contact and privacy-policy.

Social media features

Notice the following regarding social meda features.

Login / Single-Sign-On

Single Sign-On" or "Single Sign-On Authentication or Logon" are procedures that allow users to log in to our online services using a user account with a provider of Single Sign-On services (e.g. a social network). The prerequisite for Single Sign-On Authentication is that users are registered with the respective Single Sign-On provider and enter the required access data in the online form provided for this purpose, or are already logged in with the Single Sign-On provider and confirm the Single Sign-On login via the button.

Authentication takes place directly with the respective single sign-on provider. Within the scope of such authentication, we receive a user ID with the information that the user is logged in with the respective single sign-on provider under this user ID and an ID that cannot be used for other purposes (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected as part of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user's choice, there can be different data, usually the e-mail address and the user name. The password entered by the single sign-on provider as part of the single sign-on procedure is neither visible to us nor is it stored by us.

Users are requested to note that their data stored with us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actual. If, for example, the e-mail addresses of users change, users must change these manually in their user account with us.

We can use single sign-on authentication, provided that it has been agreed with users in the context of pre-fulfillment or fulfilment of the contract, in the context of consent processing and otherwise use it on the basis of our legitimate interests and the interests of users in an effective and secure authentication system.

Should users decide to no longer want to use the link of their user account with the Single Sign-On provider for the Single Sign-On procedure, they must remove this link within their user account with the Single Sign-On provider. If users wish to delete their data from us, they must cancel their registration with us.

Processed data from single sign-on provider:

• User-Name
• E-Mail Address
• Avatar (Profile-Picture)
• Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status);

For more information please check the respective privacy policies of the utilized single sign-on providers:

• facebook
• google

Links to other resources

The Services contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Services and to read the privacy statements of each and every resource that may collect Personal Information.

Data Security

In the following our measures regarding a secured data processing, especially related to Art. 32 GDPR .

Server Hosting

The server infrastructure used by our Services is based exclusively in germany. The servers are hosted by a third-party service provider, which we have a data processing agreement with, according to Art. 28 (3) GDPR .

Information security

In terms of Art. 32 GDPR , we are running our Servers for our Service in a safe environment. We do encrypt all data with our own managed encryption keys and we encrypt all traffic flowing between our servers and between the data subject and our servers. The stored encrypted data is safeguarded from incidents by maintaining redundant copies. We keep our systems up-to-date frequently and do regular evaluations of our environment and especially our measures related to security.

Data breach

According to Art. 34 GDPR , in the event we become aware that the security of Services has been compromised for Data Subjets; Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the User as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Services and send you an email.

Your rights as Data Subject

In any case, Plan Consult will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights

Plan Consult undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:

• Request access to Your Personal Data. The right to access, update or delete the information We have on You. This also enables You to receive a copy of the Personal Data We hold about You.
• Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
• Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
• Restriction of processing. You have the right to restrict the processing of your personal data where you have a particular reason for wanting the restriction.
• Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
• Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
• Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

Changes and amendments

We reserve the right to modify this Policy or its terms related to the Services at any time at our discretion. When we do, we will revise the updated date at the top of this page and may post a notification within the Services. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Information in a manner materially different than what was stated at the time your Personal Information was collected.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Services and submitting your information you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Services.

Contacting us

If you have any questions, concerns, or complaints regarding this Policy, the information we hold about you, or if you wish to exercise your rights, we encourage you to contact us using the details below:

https://www.genais-social.club/contact
contact@genais-social.club

We will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by applicable data protection laws.