At Uberspace.de, we not only take privacy, but also the data minimization very seriously.

Data protection

The topic of data protection is comprehensively regulated by the EU General Data Protection Regulation (GDPR). To help you understand which data we collect from you, how we process it, what we do to protect your data, and whom to contact if you have any questions, we’ve put together all the relevant information on this page.

Person responsible and scope

The person responsible according to the GDPR is:

Jonas Pasche
Kaiserstr. 15
55116 Mainz
Telefon: +49 6131 3272841
E-Mail: hallo@uberspace.de
Website: https://uberspace.de/

This privacy policy applies to our website uberspace.de as well as to our subpages blog.uberspace.de, wiki.uberspace.de, manual.uberspace.de, lab.uberspace.de and sticker.uberspace.de.

We operate the services lab.uberspace.de and manual.uberspace.de outside of our own infrastructure at netlify to be able to keep you informed even if our own infrastructure is harmed in some way. Please note the data protection statement of netlify as well as their commitment to the GDPR.

We operate the service is.uberspace.online outside of our own infrastructure at Hetzner to be able to keep you informed even if our own infrastructure is harmed in some way. Please note the data protection statement of Hetzner.

Content published under subdomains of the form <user>.<host>.uberspace.de or <user>.uber.space is published by our users under their own responsibility and thus not covered by this privacy policy.

Data protection officer

Our external data protection officer is:

Herr Rechtsanwalt Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln
Tel.: +49 221 222183-0
E-Mail: mail@kinast.eu
Website: http://www.kinast.eu/externer-datenschutzbeauftragter/

Principles of data processing

Personal data is any information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, phone number, date of birth, e-mail address, IP address, or user behavior. Information that we can not relate to your person (or only with disproportionate effort), e.g. by anonymizing the information, are not personal information. The processing of personal data (eg. collecting, querying, using, storing or transmitting) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and no legally required retention requirements have to be maintained.

If we process your personal data for the purpose of providing certain offers, we will subsequently inform you of the specific transactions, the scope and purpose of the data processing, the legal basis for the processing and the respective retention period.

Use of our websites

When using our websites, we may create web server logs that contain the date and time, the retrieved URL path, the referrer (if applicable) and the browser used; However, we anonymise your IP address using IP masking, so that we do not collect any personal data.

Use of our hosting service

When registering you choose yourself a suitable username (pseudonym). We use your e-mail address exclusively for the immediate purpose of the contract (password recovery, charging reminder, receipt of payment, abuse notifications, contract amendments, notifications due to legal regulations).

If you have previously registered domains through us (which we no longer offer), your personal data will be processed either by InterNetX GmbH, Johanna-Dachs-Str. 55, 93055 Regensburg or by http.net Internet GmbH, Franzstr. 51, 52064 Aachen. We have carefully selected all the domain registrars that we use to provide domain registrations, also based on their privacy policies, and have signed a data processing agreement with all vendors. Our data protection officer has checked both the data processing agreements as well as the technical and organizational measures before the conclusion of the contracts. According to our instructions, your data will only be used for the technical processing of your domain registration.

Payments

Our hosting service is paid through a prepaid account that you can charge by bank transfer or cash by post.

When charging prepaid account via bank transfer, we will know your name and bank details through our bank. However, we process this information completely separate from our account database, to which we only provide the date, the username extracted from the purpose, the amount and the country code derived from the IBAN code, but neither your name nor your bank account.

In the case of bank transfers that we can not match with a hosting account (eg if the purpose does not mention a username or a wrong one), we will also submit the last four digits of your IBAN and your name, abbreviated to two letters for each part of the name, to allow you to assign them manually.

Alternatively, you have the option of charging your prepaid account with cash by mail. In this case, we will not receive any personal data beyond the country code of the postmark.

The country code alone does not represent personal data, since the country itself can not be traced back to a specific person. However, we need to store the country in our systems to determine the applicable VAT rate for proper invoicing.

In the process of creating a receipt you can personalize them with your billing address. The specification of a billing address is not required by our side. Please note that we have to keep invoices according to the legally prescribed period (10 years according to § 14b Value Added Tax Act). If you provide a billing address, it is subject to the retention obligation.

Disclosure of data

Regarding our hosting service, we do not share personal information with third parties. Exceptions to this rule are:

  • You have expressed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR
  • The transfer is permitted by law and according to Art. 6 para. 1 p. 1 lit. b GDPR required to fulfill the contractual relationship with you
  • There is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR
  • Sharing personal information is required according to Art. 6 para. 1 sentence 1 lit. f GDPR for the protection of legitimate corporate interests, as well as for the assertion, exercise or defense of legal claims required, and there is no reason to assume that you have a predominant legitimate interest in the non-disclosure of your data

External data processing

The data you upload to your Uberspace will only be processed by us.

However, if you consult our support team, we make use of external companies that will process your data for us:

  • If you leave us a message on our telephone number, then sipgate GmbH, Gladbacher Straße 74, 40219 Düsseldorf will automatically transcribe it and send the transcript as well as the voice recording to us by e-mail.

We have carefully selected all companies backing our support efforts, also based on their privacy policies, and have signed a data processing agreement with all vendors. Our data protection officer has checked both the data processing agreements as well as the technical and organizational measures before the conclusion of the contracts. According to our instructions, your data will only be used for the technical processing of your support requests.

Use of cookies

We do not use any cookies on the public parts of our websites.

When you register or log in, we set a cookie that carries a session ID. This is technically mandatory to maintain your login status, and therefore requires no separate consent. The cookie is not stored persistently, but is automatically deleted when the browser window is closed.

Tracking and analysis tools

We do not use any external tracking and analysis tools.

On some of our websites we use Umami, an open source software for statistical analysis of accesses by visitors. In this process, the data is processed and stored exclusively by ourselves. Umami does not collect personally identifiable information and anonymizes all data collected. Users cannot be identified and are never tracked across websites.

Social network plugins

We do not use any plugins of social networks.

You may occasionally find links to other websites on our website. By activating these links you will be redirected to the website of another operator, which you can recognize by the changed URL in the browser. We have no control over their content and therefore do not have any responsibility for how those other websites handle your personal information. We have not checked if the operators of those websites comply with the GDPR. Please inform yourself about it. (Hopefully that’s obvious, because that’s how the Internet works, but our lawyers thought we should write it down.)

Data subject rights

As a person affected by the processing of personal data you have the following rights under GDPR, and we are obliged to point this out to you:

  • Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if it has not been collected from us, about its transfer to third countries or to international organisations as well as about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
  • Pursuant to Art. 16 GDPR you may request the correction of incorrect personal data or the completion of your personal data stored by us.
  • Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless such processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
  • Pursuant to Art. 18 GDPR you can demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer require the data and you refuse its deletion because you need it to assert, exercise or defend legal claims. You may also exercise the right under Art. 18 GDPR if you have objected to the processing. (Art. 21 GDPR)
  • Pursuant to Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, common and machine-readable format or you can request it be transferred to a third party.
  • Pursuant to Art. 7 (3) GDPR, you can withdraw your consent given to us at any time. As a result, we may no longer process personal data based on this consent in the future.
  • Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority for your usual place of residence, your workplace or our company headquarters.

Right to object

When processing your personal data based on legitimate interests according to Art. 6 (1) f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds that arise from your particular situation. Alternatively, if the objection is directed against direct marketing, you have a general right of objection, which is followed by us without you having to state a particular reason.

Data security and security measures

We are committed to protecting your privacy and keeping your personal information confidential. In order to avoid manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security precautions, which are regularly checked and adapted to technological progress. This includes, among other things, the use of recognized encryption procedures. However, we would like to point out that, due to the nature of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be followed by other persons or institutions outside our area of responsibility. In particular, unencrypted data can be read by third parties - e.g. if sent via e-mail. We have no technical influence on this. It is your responsibility to protect the data provided by you against misuse, e. g. by utilizing encryption technology.