1. Person in ChargeResponsible for data processing on this website is Karma Implementor, c/o Daniel Seifert, Straße der Nationen 12, 09111 Chemnitz, Germany, email: firstname.lastname@example.org, phone: +49 371 233 80 316.
2. General InformationNo user data collected by repings.net is shared with third parties. Data processing and data storage are limited to the purpose of providing the services described in this document.
3. ServersThe Repings servers are located in Frankfurt, Germany.
4. IP AddressesIn order to communicate over a network a server needs to know the IP address of a client and vice versa. For instance, if your browser requests a file or other resource from a server under the domain repings.net, the IP address of your internet connection must be transmitted to this server due to the nature of the underlying TCP/IP protocol.
Application specific processing and storage of IP addresses as described below is required and is consequently for purposes of legitimate interests in accordance with Article 6(1)(f) GDPR:
4.1 Storage of IP AddressesIP addresses are part of the web server logs described here. Logging of IP addresses is neccessary for debugging and for keeping a stable and secure server operation.
4.2 IP GeolocationIn order to comply with the laws (data protection law, tax law) this website needs to determine the clients country of origin. To this end IP geolocation is performed on a country level.
For the determination of the country of a connected client his internet IP address is matched against a local database on a repings.net server. Being transformed to a location information on a country level in this way, the result cannot be used to identify a person or an internet connection.
The country information is only used to build server responses to the client and is not persisted on the server side.
4.3 In-Memory IP StorageIn several cases the client IP address will be temporarily stored in memory to harden the security of the website and to mitigate abuse.
5. Log FilesIf a file is requested from a Repings server, the following information may be stored for 7 days:
- client IP address
- Time and date of the request
- Name/path of the requested file / resource
- The HTTP statuscode (OK, NOT FOUND etc.)
- The amount of data being transfered
- The HTTP referer (the source from which you came to this website) if available and as available. The availability depends on browser settings, metadata (configuration) of the referring website and other factors.
- The user-agent string (if available) carrying information about your web browser like the name and version of your browser
- Information about your operating system like it's name and it's version (if available)
6. Security / HTTPSThe Repings website is exclusively accessible through TLS secured connections (HTTPS).
7. Data Processing when Contacting RepingsPersonal data - at least the email address - is stored once an email is sent to Repings using an email address or form provided on this website. Further personal data may be part of the content of the particular email. Data from emails is solely used for the processing of your request. Legal basis for the processing of data from emails is Article 6(1)(f) GDPR, the legitimate interest to reply to your request. The conversation data is kept for future requests. Please see section 8 regarding your rights.
An order processing agreement exists between Karma Implementor and the email service provider.
8. Your Rights
- Right of access by the data subject (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure ('Right to be forgotten', Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
9. Cookies / DOM Storage
9.1 General Information on CookiesA cookie is a small amount of data that can be stored by a website on the clients hard drive containing arbitrary information associated with the particular browser instance. A website can define the lifetime of a cookie. Some cookies are used to keep user information during a browser session. Such cookies are typically deleted after the browser has been closed. Cookies can also be used across browser sessions being available for a virtually infinite period of time or until they are manually deleted by the user. Such cookies can be used to keep user specific website settings or to identify browsers and potentially even users.
Most wellknown browsers support cookies and provide options to disable the cookie service, to clear all cookie data and to inspect the cookies set by a certain domain. Generally browsers provide the option to automatically clear all cookies on exit.
Please find instructions to cookie settings for the most popular browser under the following links:
9.2 Repings Cookies (First Party)HTTP cookies are used to store user session data. To improve security such cookies are signed transmitted over secure connections to the Repings servers.
9.3 DOM StorageSimilar to HTTP cookies DOM storage is a method used for storing data persistently in a web browser. In constrast to HTTP cookies data from DOM storage is not submitted with the HTTP request header. Compared to cookies this technology provides a considerably enhanced storage capacity.
This website uses DOM storage to store serveral user preferences on client side. Authenticated users can customize these settings here.
Every wellknown browser provides the option to clear all persistent data. Normally DOM storage is cleared together with cookies. Most browsers provide options to disable the DOM storage service and to inspect the data stored by a certain domain.
10. External LinksThis website is configured to strip the HTTP referrer information when opening external links. This applies to the use of modern browsers.
11. User DataThe principle of data minimisation applies to Repings.
11.1 Use of Telegram ServicesRepings uses the Telegram Messenger (provided by the Telegram Messenger Inc.) as the primary messaging service for sending notifications to the users. Consequently, because Telegram is providing this functionality, the authentication system bases on an associated Telegram service called Telegram Login. Telegram Login will set a cookie to identify the user and simplify subsequent login requests. This cookie expires after one year.
Users are primarily identified by their Telegram ID, an unique number but different to the users phone number. When a user first signes in the authentication process is performed via the Telegram Login Widget. A new account will be created associated with the Telegram ID. Other data provided by Telegram may be user name, first name, last name and a photo url. These details are not persisted on the Repings servers and may be only part of the session HTTP cookie to provide a more comfortable and more secure user experience.
Because the services provided by Repings require a messaging service the use of the Telegram services is for purposes of legitimate interests in accordance with Article 6(1)(f) GDPR.
11.1.1 Related Links
11.2 Email Addresses / PasswordsThe storage of email addresses and passwords is for purposes of legitimate interests in accordance with Article 6(1)(f) GDPR:
Users are encouraged to provide an email address and a password as a secondary authentication option for the case that the login via Telegram fails for some reason. Furthermore an email address is required for the communication with the support.
Password are never stored as plain text.
11.3 Paid Services
11.3.1 Billing AddressIn order to take advantage of paid services users are required to provide their billing address. The billing address is needed for invoicing and book keeping. The following data is stored at the server side:
- Company name
- VAT identification number
11.3.2 InvoicesAccording to german law invoices must be archived for 10 years and will be handed to the tax authority upon request. The billing address (see 11.3.1) as well as the date of the order is part of the invoices.
11.3.3 Payment Service ProviderRepings uses PayPal for payments. For a transaction the user is redirected to paypal. There is no need to send personal data to paypal.
11.4 Erasure / Download