Fine-Tuned AI services for developers

> Privacy Policy - 01.01.2024

> Responsible representative

Jendrik Alexander Potyka (CEO)

Digon.IO GmbH (after here provider)

Lise-Meiter-Straße 1-13, Haus 1

42119 Wuppertal

+49 157 3110 4322

info@digon.io

> Scope of application

With the following declaration, we inform you about the type, scope and purpose of the collection, processing and use of your data when you contact us by telecommunication or exchange data with us via the telemedia operated by us.

The data protection declaration applies in particular to users of the website: www.digon.io or digon.io

> I. Summary

The provider stores and processes your personal data in compliance with the relevant data protection regulations, in particular the Basic Data Protection Regulation (DSGVO), the Telecommunications and Telemedia Data Protection Act (TTDSG), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

The provider observes the principle of data minimisation. This means that data is processed to the extent necessary for the purposes of processing, as is appropriate and necessary for the provision of a functional website and with regard to the content and services offered. The processing is carried out either on the basis of prior consent or if this is permitted by legal regulations.

When you access the provider's website, the provider processes certain usage data to enable you to use its offer.

If you enter data in the provider's contact form, the provider processes this data exclusively for the purposes stated in each case.

All processed personal data will be deleted by the provider after the storage period has expired.

You have a right to information regarding your data or to correction, deletion and restriction of the processing of your data, a right to object to the processing, a right to data portability and a right of complaint to a supervisory authority.

You can find more information below.

> II. Data protection information according to Art. 13, 14 DSGVO and according to §§ 32 ff. BDSG 2018

> 1. Definitions

> a. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

> b. Inventory data

Inventory data is personal data of a user which is required for the establishment, content-related structuring or amendment of a contractual relationship between the service provider and the user concerning the use of telemedia.

> c. Usage data

Usage data are personal data of a user which are necessary to enable and bill the use of telemedia. This includes, in particular, features to identify the user, information on the beginning and end as well as the scope of the respective use and information on the telemedia used by the user.

> d. Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

> e. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

> f. Cookies

Cookies are small text files that are stored on your computer. Cookies always have a validity period, which can be limited to the end of the user session (so-called session cookies) or can also exist for a longer period (so-called permanent cookies). These permanent cookies remain on your computer and enable the provider or its partner companies (so-called third party cookies) to recognise your computer on your next visit. You can set your browser in such a way that you are informed about the setting of cookies and can decide individually whether to accept them or refuse the setting of cookies for certain cases or in general. If you do not accept cookies, the functionality of the website may be limited.

> g. Website

A website, also known as a web presence, is the presence of a private or corporate provider of telemedia on the worldwide web (World Wide Web), summarised under a specific Internet address. The web presence includes web pages or sub-pages and optionally available downloadable documents as well as other retrievable audiovisual media services.

> 2. Description and scope of the processing of your data

With this section we inform you about the purposes for which the personal data will be processed and the legal basis for the processing.

The provider publishes information about its company and its goods and services via the website.

> a. Processing operations concerning the entire website

The provider processes the data you provide to enable you to use this website.

> b. Processing in the case of sending e-mails and contacting you by telephone

You can contact the provider via the e-mail address and telephone number provided on the website. The provider processes the data you provide in order to respond to your contact request.

Data collections (inventory data):

Title
First and last name
Company name
Street (concerning contact, billing and delivery address)
Postcode (concerning contact, billing and delivery address)
City (concerning contact, billing and delivery address)
Country
Telephone (landline and mobile phone number)
E-mail
Website

In the event that you send an e-mail or contact us by telephone, the aforementioned inventory data will be processed if you provide it to the provider.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO, if you have given the provider your consent, and furthermore also the exercise of legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Legitimate interests of the provider include the implementation of advertising measures. However, the provider will only ever use this option in a specifically appropriate manner. If the purpose of contacting you is to initiate a contract, Art. 6 para. 1 lit. b DSGVO is also a legal basis for data processing.

Data provided by you will be deleted immediately after your enquiry has been dealt with, and in the event that it has not been dealt with, at the latest 3 months after the last contact, unless your data is subject to a longer storage period for a separate reason (e.g. the storage of information that serves to fulfil a contract). The enquiry is deemed to have been completed when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

You have the possibility at any time to revoke your consent to the processing of personal data or to object to the processing of data which is not based on consent. The exercise of the revocation or objection can be made in particular by e-mail to the above-mentioned e-mail address. All personal data stored by the provider in the course of your contact will be deleted in this case. Your right of revocation or objection does not apply to data that the provider requires for the performance of a contract or pre-contractual measures. However, you may have other rights.

> c. Processing of log data

When accessing the provider's website, your internet browser automatically transmits certain data to the provider's server for technical reasons. This data is stored in so-called log files. The data stored in log files is referred to below as log data.

The following log data is collected by the provider separately from other data that you may transmit to the provider and used for the purposes stated below.

Data collection (usage data):

Name of the accessed website or url
Date and time of access
Access status / Http status code
IP address (anonymised, shortened by the last 3 digits)

The provider analyses the log data for system monitoring purposes. The provider stores the information collected in this way exclusively on its server in Germany. It is not possible for the provider to identify the natural person.

The legal basis for the storage and analysis of the data are the legitimate interests of the provider according to Art. 6 para. 1 lit. f DSGVO. Legitimate interests of the provider include, among other things, coverage measurement, statistical analyses, the implementation of advertising measures as well as the evaluation of error states and system monitoring for the detection of defence against system threats.

If the data is stored in log files, the usage data is deleted after 7 days at the latest. Storage beyond this period is possible in accordance with data protection law. In this case, the IP addresses are generally deleted or alienated so that it is no longer possible to allocate the internet page retrieval to your computer.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right to object. However, you can exercise your right to object by means of automated procedures that use technical specifications, such as in the case of anonymisation of your IP address by VPN providers.

> 3. Existence of appropriate safeguards

> a. Pseudonymisation

Insofar as the provider collects usage data, it always stores this under pseudonyms (in the case of cookies, for example, via a unique session key). The provider does not merge pseudonymous data with data about the bearer of the pseudonym (such as inventory data).

> b. Use of encryption technologies

When transferring data between your computer or mobile device and the provider's server, the provider uses the TLS system (Transport Layer Security). This technology is designed to protect your data from being read by unauthorised third parties and offers a very high standard of security. You can recognise that your data is being transmitted in encrypted form by the closed display of a key or lock symbol in the lower status bar of your browser.

> 4. recipients of the personal data in the EU

As a so-called subcontracted processor, IONOS SE, Elgendorfer Str. 57, 56410 Montabaur provides the following IT service:

Hosting of the e-mail server

More detailed information can be found in the privacy policy of IONOS SE: https://www.ionos.de/terms-gtc/datenschutzerklaerung

> 5. Recipients of personal data in third countries

The Provider does not transfer personal data to recipients outside the EU.

> 6. further processing for other purposes

Unless otherwise stated above, your data will not be passed on to third parties and will not be further processed for purposes other than those stated.

> 7. Data subject rights

You have the right to information about the personal data concerning you as well as the right to correction or deletion or to restriction of processing or a right to object to processing, the right to data portability as well as the right to lodge a complaint with a supervisory authority as described below. In the cases of Sections 32 et seq. BDSG 2018, however, these claims exist only to the extent that they are provided for under the BDSG 2018.

> a. Your right to information

You have the right to request confirmation from the provider as to whether personal data relating to you is being processed. If this is the case, you have the right to be informed about this personal data and to receive the following information: the purposes of the processing; the categories of personal data processed; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations; if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; the existence of a right to rectification or erasure of the personal data concerning you or to restriction of processing by the controller or a right to object to such processing; the existence of a right of appeal to a supervisory authority; if the personal data are not collected from the data subject, any available information on the origin of the data; the existence of automated decision-making, including profiling (pursuant to Article 22(1) and (4) of the GDPR) and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

> b. Right to rectification

You have the right to request that the provider rectify any inaccurate personal data relating to you without undue delay. You have the right to request the completion of incomplete personal data - also by means of a supplementary declaration - if this is compatible with the above-mentioned purposes of the processing or if there is an objective reason for this.

> c. Right to deletion

You have the right to request the provider to delete personal data relating to you without undue delay. We are obliged to delete personal data without delay if one of the following reasons applies:

The personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject withdraws his or her consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing; the data subject objects to the processing pursuant to Article 21(1) DSGVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) DSGVO; the personal data have been processed unlawfully; erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject; the personal data have been collected in relation to information society services offered pursuant to Article 8(1) DSGVO (consent of a child in relation to information society services).

If we have made the personal data public and are obliged to erase it, we shall, taking into account the available technology and the cost of implementation, take reasonable measures, including technical measures, to inform data controllers which process the personal data that a data subject has requested that we erase all links to, or copies or replications of, that personal data.

You have a right to erasure in accordance with Art. 17 para. 3 DSGVO, however, insofar as the processing is necessary for the exercise of the right to freedom of expression and information; for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject; or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, where the right referred to in paragraph 1 is likely to make impossible or seriously prejudice the achievement of the purposes of such processing, or for the establishment, exercise or defence of legal claims.

> d. Right to restrict processing

You have the right to request us to restrict processing if one of the following conditions is met: the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data; the controller no longer needs the personal data for the purposes of the processing but the data subject needs them for the establishment, exercise or defence of legal claims, or the data subject has objected to the processing pursuant to Article 21(1) as long as it is not yet established whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data may be processed, apart from being stored, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. If you have obtained a restriction of processing, you will be informed by us before the restriction is lifted.

> e. Right to data portability

You have the right to receive the personal data concerning you that you have provided to a controller in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us or the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out using automated means.

When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transferred directly from one controller to another controller where this is technically feasible. This right shall not affect the rights and freedoms of other persons.

The exercise of the right to data portability is without prejudice to Article 17 of the GDPR (right to erasure / "right to be forgotten"). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

> f. Right to object to processing

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) (performance of a task carried out in the public interest) or (f) (safeguarding the legitimate interests of the controller or of a third party) of the GDPR; this also applies to profiling based on these provisions. We shall then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

If personal data are processed for the purposes of direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

We must expressly draw your attention to your aforementioned right to object to processing at the latest at the time of the first communication with you; this reference must be made in a comprehensible form that is separate from other information.

In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures (e.g. by pressing "do not track" functions in the phone, by changing browser settings) using technical specifications.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

If you wish to exercise your right to object, a telephone message or an e-mail to the above-mentioned e-mail address is sufficient.

> g. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes this Regulation.

The supervisory authority to which the complaint has been lodged shall inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

> 8. Revocation of consent

You have the possibility at any time to revoke your consent to the processing of personal data or to object to data processing which is not based on consent. The exercise of the revocation or objection can be made in particular by e-mail to the above-mentioned e-mail address. All personal data stored by the provider in the course of your contact will be deleted in this case. Your right of revocation or objection does not apply to data that the provider requires for the performance of a contract or pre-contractual measures. However, you may have other rights.

--- End of the data protection regulations ---