Logo-Schwarz (1)

Privacy Policy

Privacy Policy

The protection of your personal data is important to us. With this privacy policy, we want to explain to you in more detail which personal data we collect in the context of your use of Explory and for what purpose the data is used.

Controller and Contact Information

The controller for the processing of your personal data is:

Explory GmbH

Kolonnenstraße 8

10827 Berlin

If you have any questions or suggestions about data protection, you can also contact us by email at hello@explory.org.

You can reach our data protection officer at: privacy@explory.org

Subject of Data Protection

The subject of data protection is personal data (hereinafter also simply referred to as „data“), i.e., all information relating to an identified or identifiable natural person.

Automated Data Collection

When you access our website, your device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • URL of the accessed page
  • Network connection latency
  • Date and time of server request
  • IP address

We store this data for the following purposes:

  • Ensuring the security of our IT systems, e.g., to prevent specific attacks on our systems and detect attack patterns;
  • Ensuring the proper operation of our IT systems, e.g., to fix errors that we can only resolve by storing the IP address.
  • Enabling law enforcement, hazard prevention, or legal prosecution in the event of specific indications of criminal offenses.

Your IP address is stored only for a period of 90 days.

In this case, the processing is based on our overriding legitimate interests mentioned above (Art. 6(1)(f) GDPR).

Registration Data

To use all the features of Explory, you must register. For this, you need to provide the following mandatory information:

  • Email address
  • Username
  • Password

Alternatively, you can register with your Google or Apple account. In this case, we receive the following personal data from Google or Apple to create a user account for you:

  • Name
  • Email address
  • An authentication token

Your registration data is needed to set up, activate, and manage a user account for you and to enable you to use all the features of our website. In this case, you enter into a (free) user agreement with us, based on which we collect this data (Art. 6(1)(b) GDPR).

To conclude the contract, you must provide us with this data. However, you are not legally or contractually obliged to enter into the contract and thus to provide the data.

When you log in to Explory, we store your IP address to detect and prevent possible attacks and mass abusive registrations on Explory (e.g., so-called brute-force attacks) by temporarily blocking access from this IP address if necessary. The processing is carried out to ensure the security of processing according to Art. 32 GDPR and based on our legitimate interest in protecting our service from misuse (Art. 6(1)(f) GDPR). The storage is for a maximum of 90 days. Afterward, the IP is anonymized.

Inquiries

Support Inquiries via Our Support Center (Zendesk)

If you contact us via our support center, we process

to receive and handle your inquiry.

To process your inquiries via our support center, we use the customer service platform Zendesk, a service of Zendesk Inc., 989 Market Street, San Francisco, CA 94103 („Zendesk“), which we use as a data processor (cf. Art. 4 No. 8, 28 GDPR).

The processing of your personal data occurs in the USA. There is an adequacy decision by the EU Commission according to Art. 45(1) GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. Zendesk Inc. is a company certified under the Data Privacy Framework. The processing of your data takes place in the USA. For the USA, there is no adequacy decision by the EU Commission. Therefore, we have concluded the standard data protection clauses approved by the EU Commission according to Art. 46(2)(c) GDPR with Zendesk.

Inquiries via Our Contact Details

If you send us inquiries by email or other means (e.g., by post), your information will be processed to handle the inquiry. This includes

and, depending on the contact method you choose and the contact details you provide:

Purpose and Legal Basis of Processing

The legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR) in quick communication to facilitate the exchange you seek and to handle your inquiry appropriately. For inquiries related to an existing or future contractual relationship with us, the processing is for initiating and executing the respective contractual relationship, Art. 6(1)(b) GDPR. Additionally, we have a legitimate interest in efficiently managing our customer relationships, Art. 6(1)(f) GDPR.

Retention Period

We store inquiries related to contracts or of potential legal relevance during the general statute of limitations, i.e., three years from the end of the year in which we received your inquiries. All other inquiries are stored for 24 months. After that, your inquiries are deleted unless we are legally obliged to retain them longer.

Storage occurs based on our legitimate interest in proper documentation of our business operations and securing our legal positions (Art. 6(1)(f) GDPR). For contract-related inquiries, storage is for initiating and executing the respective contractual relationship (Art. 6(1)(b) GDPR) and, if applicable, for fulfilling legal obligations (Art. 6(1)(c) GDPR).

Security Vulnerability Reward Program

If you discover a vulnerability on our website and services and report it to us, we process the contact details and other information you provide to receive and handle your report and to ask you any follow-up questions. If your report is covered by our bounty reward program and you qualify for a reward, we need additional information from you to pay out the corresponding reward.

Please note that we may forward reports that concern vulnerabilities at service providers or third-party vendors to them if necessary.

The legal basis for processing your personal data is Art. 6(1)(f) GDPR. We have a legitimate interest in receiving and handling your report to ensure the security and functionality of our website and services.

We store reports of potential legal relevance during the general statute of limitations, i.e., three years from the end of the year in which we received your report. All other reports are stored for 24 months. After that, your report is deleted unless we are legally obliged to retain it longer.

Storage occurs based on our legitimate interest in proper documentation of our business operations and securing our legal positions (Art. 6(1)(f) GDPR) and, if applicable, for fulfilling legal obligations (Art. 6(1)(c) GDPR).

Newsletter

When you register with us, we will inform you about news related to our services on the Explory platform approximately once a month.

The collection and processing of your personal data occur in this case due to our legitimate interest in promoting similar services to your user account at Explory (Art. 6(1)(f) GDPR, § 7(3) UWG).

You can object to this at any time – even during registration – by unchecking the corresponding checkbox or clicking on the unsubscribe link in the respective emails.

ReCAPTCHA

We use reCAPTCHA, a service from Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland („Google“), which is integrated into our website. It calculates a probability value to determine whether the access is by a human or a spam bot. Google decides whether to display additional so-called CAPTCHAs to you – small tasks that are easy for humans to solve but difficult for machines. These CAPTCHAs help us prevent the automatic creation of user accounts and thus spam, fraud, and other misuse in our community.

When you access our registration and login form, reCAPTCHA collects device and, if applicable, personal data from you to recognize whether you are a human user or a spam bot. This data includes information about your browsing behavior, log data, browser information, and your IP address. reCAPTCHA also uses cookies.

The processing of your personal data occurs in the USA. There is an adequacy decision by the EU Commission according to Art. 45(1) GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. Google Cloud EMEA Limited is a company certified under the Data Privacy Framework.

You can find more information in Google’s privacy policy Google Privacy Policy.

We use reCAPTCHA based on our legitimate interest in protecting ourselves from spam, fraud, and other misuse through automated account creation (Art. 6(1)(f) GDPR).

Cookies and Similar Technologies

We store so-called „cookies“ and use cookie-like technologies to offer certain functions of our website and optimize its use. „Cookies“ are small files stored on your device via your internet browser. Similar technologies can include pixels, scripts, local storage, or other comparable technologies for storing information (collectively referred to as „cookies“).

Strictly Necessary Cookies

Cookies that are strictly necessary for the operation and functionality of the website and the associated services are used by us without your consent according to § 25(2) No. 2 TTDSG. These include cookies that ensure the website is technically accessible and usable. These cookies also ensure essential and basic functionalities of our website and the associated services. Specifically, we use strictly necessary cookies for the following functions:

Depending on the function of these cookies, they are stored only for the duration of your visit (session cookies) or for a longer period, e.g., until you actively log out. Cookies to store your chosen settings and cookie preferences are stored until the end of the browser session.

If personal data is processed from these cookies, the processing occurs to ensure that

Analytics Cookies

We use cookies for analyzing and evaluating your usage behavior based on your consent according to § 25(1) TTDSG (Art. 6(1)(a) GDPR).

These cookies measure online traffic and analyze user behavior. They collect information about how you interact with our website, which pages you visit, and which features you use. Your usage behavior can be tracked based on a user ID. This helps us better understand and optimize the use of our website.

If personal data is processed from these cookies, this processing is also based on your consent.

If we use cookies based on your consent or the associated processing of your personal data is based on your consent, you can withdraw your consent at any time via the „Privacy Settings“ link. Alternatively, you can change your settings at any time. You can find the link in the footer of the website. The legality of the processing carried out based on your consent until the withdrawal is not affected by the withdrawal.

These cookies remain on your device for up to two years unless you withdraw your consent before this period expires.

Below we want to explain the services we use within the framework of analytics cookies in more detail.

Services within the Framework of Analytics Cookies

Below we describe the services we use for analytics cookies in more detail.

Google Analytics

With your consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).

Google Analytics collects pseudonymous data about your use of our website, including your shortened IP address, and uses cookies. Please note that Google transfers the information generated by the cookies about your use of the website (including your shortened IP address) to servers in the USA and shares this data within the corporate group and with other third parties. This may also involve transferring personal data to the USA and third countries that do not have an adequacy decision from the EU Commission. For data transfers to the USA, there is an adequacy decision by the EU Commission according to Art. 45(1) GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. Additionally, Google will use the standard contractual clauses approved by the EU Commission according to Art. 46(2)(c) GDPR.

Google uses this information to evaluate your use of the website for us, to compile reports on website activity, and to provide other services related to website and internet usage. Google may also link this data with other data about you, such as your search history, personal account, usage data from other devices, and other data stored by Google about you. Google may also transfer this information to third parties where required by law (e.g., government authorities) or where third parties process the data on Google’s behalf.

Your data is retained by Google Analytics for 14 months. After this period, the data is deleted, and only aggregated statistics are kept.

For more information on how Google uses your data, see Google’s Privacy Policy.

The use of Google Analytics is based on your consent (Art. 6(1)(a) GDPR).

You can withdraw your consent at any time by adjusting your cookie settings here or by clicking on „Privacy Settings“ at the bottom of the page. The legality of the processing carried out based on your consent until the withdrawal is not affected by the withdrawal.

Google Firebase

We use Google Firebase, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). We use Google as a data processor (cf. Art. 4 No. 8, 28 GDPR).

Google Firebase provides us with various services to offer the functionalities of our website. Specifically, we use the following services within Google Firebase:

Crash Reporting

Google collects statistical and technical data about potential crashes of the website for us. These data are intended not to contain personal data. If personal data is nonetheless included, we collect it based on our legitimate interest in the error-free operation of our website and the ability to fix errors (Art. 6(1)(f) GDPR).

Performance Monitoring

Google stores non-personal statistics about the performance of our website, i.e., the speed and possible delays in execution. These data are intended not to contain personal data. If personal data is nonetheless included, we collect it based on our legitimate interest in the error-free and demand-oriented operation of our website and the ability to detect and fix errors (Art. 6(1)(f) GDPR).

A/B Testing

We use the A/B testing features of Google Firebase to test innovations in the development of our website. Non-personal statistical data are collected in this context. However, to address your device and deliver test content, technical data about your device must be processed. The use is based on our legitimate interest in the demand-oriented design of our website (Art. 6(1)(f) GDPR).

Adjust

We use Adjust, a service provided by Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany („Adjust“). We use Adjust as a data processor.

Adjust helps us measure and evaluate the marketing performance of our advertising campaigns. Adjust collects whether you were referred to us by an advertising partner and, if so, by which one. This allows us to see which advertising campaigns are working well and which are not, so we can improve our advertising accordingly. Your data is not used for retargeting or other advertising purposes.

The use is based on our legitimate interest in promoting our product across various channels and fulfilling contracts with our advertising partners, Art. 6(1)(f) GDPR.

Social Plugins

If you wish, you can share content from our website on social networks via so-called social plugins. We have implemented a two-click solution: if you want to share content via such a plugin, you must first click on an icon of the respective social network. This click will then activate the plugin of the respective social network for future use.

Only then are various data transmitted to the respective social network. These may include:

The processing of your above-mentioned personal data for integrating social plugins is solely based on your consent according to Art. 6(1)(a) GDPR.

You can withdraw your consent by clicking on „Privacy Settings“ at the bottom of the page. The legality of the processing carried out based on your consent until the withdrawal is not affected by the withdrawal.

If you are logged into the respective social network during your visit to our site, it is possible that the provider will assign the visit to your account. If you use the plugin functions (e.g., clicking the „Like“ button, leaving a comment), this information is also transmitted directly from your browser to the respective social network and possibly stored there. The purpose and scope of data collection and further processing and use of data by the networks can be found in the data protection notices of the respective social networks.

Location Determination

When you open our app or website, we determine your approximate location using your IP address to display maps and routes near you. This processing is carried out according to Art. 6(1)(f) GDPR based on our legitimate interest in providing our users with a relevant product and optimizing the app usage for our users.

The processing of your IP address takes place exclusively on servers in the EU.

Your location is not stored on your device but is deleted immediately after the session ends.

Embedded Third-Party Content

We have embedded content from third-party providers on our website. This content is loaded from the servers of the respective providers, so your device transmits certain technically necessary data to the third-party provider. In particular, it is possible that these providers may take note of the IP address assigned to you. If personal data is processed in this context, it is done by the respective third-party providers in their own responsibility. You can find more information about how these third-party providers process your personal data in the data protection notices of the respective third-party providers to which we refer below. The embedding by us is based on our legitimate interest in providing our users with the corresponding content and functionalities and in economically operating our website, and the fact that your legitimate interests do not outweigh, Art. 6(1)(f) GDPR. Specifically, we embed the following third-party content:

Google Maps

To activate Google Street View in our maps, we embed Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, or for other users by Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA („Google“). There is an adequacy decision by the EU Commission according to Art. 45(1) GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. Google LLC is a company certified under the Data Privacy Framework.

You can find Google’s privacy policy here.

YouTube

We use YouTube videos. YouTube is a service provided by Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA, for users in the EU by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). There is an adequacy decision by the EU Commission according to Art. 45(1) GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. Google LLC is a company certified under the Data Privacy Framework.

You can find Google’s privacy policy here.

Vimeo

We embed videos from Vimeo. Vimeo is a service provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. There is an adequacy decision by the EU Commission according to Art. 45(1) GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the USA. Vimeo Inc. is a company certified under the Data Privacy Framework.

You can find Vimeo’s privacy policy here.

Hosting

Web host

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. We use the following hoster:

united-domains AG

Gautinger Street 10

82319 Starnberg

GERMANY

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

Google Cloud Platform

The Explory app uses the Google Cloud Platform, which is provided by the American company Google Inc. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services in Europe. Google also processes your data in the USA. Google is a participant in the EU-US Data Privacy Framework, which regulates the secure transfer of personal data from EU citizens to the USA. You can find further information on this at EU Commission.

Google uses standard contractual clauses in accordance with Art. 46 (2) and (3) GDPR. These clauses, provided by the EU Commission, guarantee that your data also complies with European data protection standards when it is transferred and stored in third countries, such as the USA. By combining the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection. The details of these clauses and the corresponding implementing decision of the EU Commission can be found here.

In addition, Google offers a contract for order processing in accordance with Art. 28 GDPR, which forms the basis of our customer relationship with Google. This contract also refers to the EU standard contractual clauses. You can find Google’s order processing conditions here.

Further information about which data is processed through the use of Google Cloud can be found in the Google Privacy Policy.

Our Social Media Presence

General Information

We operate pages or profiles on various social media platforms. In this context, the following described processing of personal data occurs.

When you interact with us through our social media pages or posts, we collect and process the data you provide, including your username and any profile picture, for example, when you like or share a post, comment, or otherwise provide content. These data processing activities are regularly based on our legitimate interest in providing the corresponding functions on our social media pages (Art. 6(1)(f) GDPR) and, if applicable, on your consent to the operator of the respective network (Art. 6(1)(a) GDPR) or your contractual relationship with the operator (Art. 6(1)(b) GDPR). Please also note that this content is published according to your account settings on our respective social media pages and can be accessed worldwide by anyone.

Further data processing by us may occur to receive and handle inquiries or messages through our social media pages (Art. 6(1)(b) GDPR).

Uploaded content can be stored for an unlimited period. If you want us to remove content uploaded by you on our social media page, please send us an email with your request to the contact details mentioned in section 1.

Additionally, the respective operators of social media platforms process personal data from you independently for their own data protection responsibilities when you visit our social media pages and/or interact with them or our posts. This is especially true if you are registered or logged into the respective social media network. Even if you are not registered with a social media network, the operators collect certain personal data when you visit the page, such as unique identifiers associated with your browser or device. Please note that this data may be merged across different platforms and services operated by the same provider. You can find more information in the data protection notices of the respective operators, to which we refer below.

Providing Your Data

You are not legally or contractually obliged to provide your personal data. Furthermore, the provision of your personal data is not required to conclude a contract unless explicitly mentioned in the above sections.

However, the provision of your personal data is necessary to provide you with the functions on our website. Specifically, the provision of your data is required to

Where the provision of your data is necessary, we will indicate this by marking the respective fields as mandatory. Providing further data is voluntary. If necessary data is not provided, we may not be able to provide the corresponding functions of our website, and we may not be able to receive and handle your inquiries or reports.

In other cases, failing to provide data may mean that we cannot provide the corresponding functions or handle your inquiries and reports to the usual extent.

Disclosure of Your Data

Your data will only be disclosed beyond what is described in this privacy policy as follows:

If it is necessary to investigate illegal use of our website and services or for legal prosecution, personal data may be disclosed to external advisors (e.g., lawyers), law enforcement authorities, and, if applicable, to affected third parties. This will only happen if there are specific indications of unlawful or abusive behavior. Disclosure may also occur if it is necessary to assert, exercise, or defend claims. We are also legally obliged to provide information to certain public authorities upon request. These include law enforcement authorities, authorities that prosecute administrative offenses, and tax authorities.

Furthermore, your personal data may be disclosed if we face other third-party claims that may include a request for information about your data.

This disclosure is based on our legitimate interest in combating misuse, prosecuting criminal offenses, and asserting, exercising, or defending claims, Art. 6(1)(f) GDPR, or based on a legal obligation, Art. 6(1)(c) GDPR.

We rely on contracted third-party companies and external service providers, so-called data processors (cf. Art. 4 No. 8, 28 GDPR), to provide our services. In such cases, personal data is transferred to these data processors to enable further processing. These data processors process personal data on our behalf and are strictly bound by our instructions.

In addition to the data processors already mentioned in this privacy policy, we use the following categories of data processors:

In the context of administrative processes and the organization of our operations, financial accounting, and compliance with legal obligations, such as archiving, we disclose or transfer your data to the tax authorities, advisors, such as tax advisors or auditors, and other fee offices and payment service providers.

The disclosure of this data is based on our legitimate interest in maintaining our business operations, fulfilling our tasks, asserting, exercising, or defending claims, Art. 6(1)(f) GDPR, or based on a legal obligation, Art. 6(1)(c) GDPR.

As part of the further development of our business, the structure of our company may change due to legal form changes, the formation, acquisition, or sale of subsidiaries, parts of companies, or components. In such transactions, user information may be shared with the part of the company to be transferred. In any transfer of personal data to third parties to the extent described above, we ensure that it is done in accordance with this privacy policy and applicable data protection laws.

The transfer of personal data is justified by our legitimate interest in adapting our corporate structure to economic and legal conditions, Art. 6(1)(f) GDPR.

Data Transfer to Third Countries

We also process data in countries outside the European Economic Area („EEA“), so-called third countries, or transfer data to recipients in these third countries.

If the transfer of your personal data to recipients outside the European Economic Area goes beyond the cases described in this privacy policy, we transfer your data to third countries for which an adequacy decision by the EU Commission according to Art. 45(1) GDPR exists.

Where such an adequacy decision does not exist, we use the standard contractual clauses approved by the EU Commission according to Art. 46(2)(c) GDPR to structure the contractual relationships with recipients in third countries. You can request a copy of these standard contractual clauses and information on the additional measures we have taken to ensure an adequate level of data protection by contacting the addresses provided in section 1.

Automated Individual Decisions or Profiling Measures

We do not use automated processing to make decisions or profiling.

Deletion of Your Data

Unless otherwise stated, we delete or anonymize your personal data as soon as it is no longer needed for the purposes for which we collected or used it according to the preceding sections. Generally, we store your personal data for the duration of the usage or contractual relationship on the website plus a period of 30 days during which we retain backup copies after deletion.

If you delete your user account, your profile will be completely and permanently deleted. However, we will retain backup copies of your data for 30 days before they are permanently deleted unless the data is required longer for legal reasons or for criminal prosecution or to secure, assert, or enforce legal claims.

We also retain your data further,

If data must be retained for legal reasons, processing is restricted. The data is then no longer available for other uses.

Your Rights as a Data Subject

With regard to the processing of your personal data, you have the rights described below. To exercise your rights, you can submit a request by mail or email to the addresses mentioned in section 1.

Right to Information

You have the right to request information from us at any time about the personal data we process concerning you to the extent and under the conditions of Art. 15 GDPR and § 34 BDSG.

Right to Rectification of Incorrect Data

You have the right to request the immediate correction of personal data concerning you if it is incorrect.

Right to Erasure

You have the right to request the deletion of personal data concerning you under the conditions described in Art. 17 GDPR and § 35 BDSG. These conditions include, in particular, the right to deletion if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, in cases of unlawful processing, the existence of an objection, or the existence of a deletion obligation under Union law or the law of the member state to which we are subject. For the retention period, see the section „Deletion of Your Data“ in this privacy policy.

Right to Restriction of Processing

You have the right to request the restriction of processing according to Art. 18 GDPR.

Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format according to Art. 20 GDPR or to have it transmitted to another controller.

Right to Object

You have the right to object at any time to the processing of personal data concerning you, which is carried out, among other things, based on Art. 6(1)(e) or (f) GDPR, for reasons arising from your particular situation according to Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If we process your personal data for direct marketing purposes, including profiling, you have the right to object to this processing. After your objection, we will stop processing your data for these purposes.

Unless otherwise stated in this privacy policy, please contact the addresses provided in section 1 to exercise your right.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority of your choice.

Data Processing When Exercising Your Rights

Finally, we point out that we process the personal data you provide when exercising your rights according to Art. 7(3)(1) GDPR and Art. 15 to 22 GDPR to implement these rights and to provide proof of this and, if necessary, to defend legal positions. The processing of your data to fulfill your rights as a data subject is based on Art. 6(1)(c) GDPR in conjunction with Art. 15 to 22 GDPR and § 34(2) BDSG. If we process personal data for legal defense purposes, this is also based on our legitimate interest, Art. 6(1)(f) GDPR.

For completeness, we point out that your personal data related to your request to exercise your rights is stored to fulfill the legal documentation obligations under the GDPR, in particular to prove the timely response to your request for the regular limitation period of three years, starting from the end of the year in which your request was finally processed by us.

The legal basis for storage is Art. 6(1)(f) GDPR. It is our legitimate interest to provide and document the above proof.

These personal data are blocked and are not processed for other purposes unless processing is necessary to assert, exercise, or defend legal claims. This is also our legitimate interest, Art. 6(1)(f) GDPR.

You are not contractually or legally obliged to provide your personal data. However, we may refuse to fulfill your request to exercise your rights according to Art. 12(2)(2) GDPR if you do not provide the data required for your clear identification, possibly after a request.

Changes to This Privacy Policy

The current version of this privacy policy is always available at https://www.explory.world/privacy/.

Status: 2024-05-21

Nach oben scrollen