Privacy Policy

1. General Information

1.1 Responsible Entity

The entity responsible for data processing on this website is:

Tonnot UG (haftungsbeschränkt)

Blasewitzer Str. 41
01307 Dresden
Germany (Deutschland)

Amtsgericht Dresden, HRB 46684

Managing Directors (Geschäftsführer):
Ruben Bauer and Sebastian Künzel

The responsible entity decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact information).

1.2. Withdrawal of Consent

Some data processing operations are only possible with your explicit consent. You may revoke your consent at any time by informal email. This does not affect the legality of data processing carried out before the withdrawal.

1.3. Right to Lodge a Complaint

If you believe there has been a breach of data protection law, you have the right to lodge a complaint with the competent supervisory authority. This is usually the Data Protection Officer of the federal state in which our company is located.

Sächsische Datenschutz- und Transparenzbeauftragte
Maternistraße 17
01067 Dresden

Telefon: +49 351 85471-101
Telefax: +49 351 85471-109
E-Mail: post@sdtb.sachsen.de

1.4. Right to Data Portability

You have the right to receive data that we process based on your consent or a contract in a machine-readable format, and to request transfer to another controller, where technically feasible.

1.5. Right to Access, Correction, Blocking, Deletion

You have the right to access your stored personal data, its origin, recipients, and purpose of data processing, and the right to correct, block, or delete it, within legal limits. Contact us anytime via the contact details in the site notice. For automated access to your data, click here.

2. SSL/TLS Encryption

For security and to protect confidential content, our website uses SSL/TLS encryption. Encrypted connections are recognizable by "https://" in the browser’s address bar and the padlock symbol.

3. Server Log Files

The website provider automatically collects and stores information your browser transmits in server log files:

This data is not combined with other sources. Data processing is based on Art. 6(1)(b, f) GDPR (contract fulfillment or pre-contractual measures, legitimate interest in security).

4. Registration

To use certain features, you can register on our site. Required fields must be completed; otherwise, registration will be denied. We will notify you of significant changes via email to your provided address.

Data processing during registration is based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time via informal email. The legality of processing prior to withdrawal remains unaffected.

We store your data as long as your account is active. It will be deleted upon account cancellation, unless legal retention periods apply.

5. Contact Form

Data submitted via the contact form, including contact details, is stored for processing your inquiry and follow-up questions. This data is not shared without your consent.

Processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent anytime via informal email. The legality of processing prior to withdrawal remains unaffected.

We retain data submitted via the contact form until you request deletion, revoke your consent, or the data is no longer needed. Legal retention requirements remain unaffected.

You can find the contact form here.

6. Retention of Posts and Comments

Posts and comments, including associated data (e.g. IP addresses), are stored on the site until deleted for legal or other reasons.

Storage is based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time. Prior data processing remains lawful.

7. Cookies

Our website uses cookies to make the service more user-friendly, efficient, and secure.

So far, we only use technically necessary cookies to offer our functionalities (e.g., session cookies). They are stored based on Art. 6(1)(f) GDPR—our legitimate interest in providing functional services.

You can configure your browser to control cookie behavior. Disabling cookies may limit website functionality.

8. Use of Our Mobile App and Browser Extension

When using our mobile application or browser extension, app store providers (Apple App Store, Google Play Store, Firefox Add-ons Store) may collect their own data under their respective privacy policies. We have no influence over this processing. For details, please refer to:

9. Embeddings

9.1 Nature and Scope of Processing

We embed third-party content (inside and outside the EEA) to improve user experience. This involves sending requests to third-party servers. Depending on your interaction, data may be sent to oEmbed providers listed at oembed.com.

Your browser sends a standard request, including your IP address and browser data. Embeddings may also request additional data (e.g. third-party cookies) and enable profiling by providers.

9.2 Purpose and Legal Basis

Embeddings are only activated with your explicit consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. You provide consent via your profile settings and may withdraw it at any time. Prior data processing remains lawful.

Depending on the provider, data may be transferred to non-EU countries, especially the USA. Where no adequacy decision exists, we use Standard Contractual Clauses per EU Commission Implementing Decision 2021/914. View them here.

Additionally, consent is obtained under Art. 49(1)(a) GDPR. We note that transfers to third countries may involve unknown risks (e.g. access by government agencies).

10. Data Processing by External Service Providers

To operate our services, we use external service providers who process personal data on our behalf (processors under Art. 28 GDPR).

Email delivery: We use Mailtrap (Railsware Products Studio LLC) to deliver transactional emails. Data processing agreements and Standard Contractual Clauses are in place to ensure GDPR compliance.

Source: adapted from privacy policy generator by Mein-Datenschutzbeauftragter.de