Privacy policy

Table of contents

Responsible person

Stefan Watzinger
Bahnhofstr. 1-5
63110 Rodgau

E-mail address:

Imprint: https://allsky-rodgau.de/impressum/

Overview of processing

The following overview summarises the types of personal data we process, the purposes of processing, and the categories of data subjects concerned.

Types of data processed

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Metadata, communication and procedural data.
  • Log data.

Categories of data subjects

  • Communication partners.
  • Users.

Purposes of the processing

  • Communication.
  • Security measures.
  • Reach measurement.
  • Organizational and administrative procedures.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online services and improvement of user-friendliness.
  • Information technology infrastructure.

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases under the GDPR on which we rely when processing personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country or in our country of residence or registered office. Where more specific legal bases apply in individual cases, we will inform you of these in this privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. The data protection laws of the individual federal states may also apply.

Note on the applicability of the GDPR and Swiss FADP: This privacy notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, the terminology of the GDPR is used due to its broader geographical application and comprehensibility. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “sensitive personal data” used in the Swiss FADP, the terms “processing” of “personal data”, “legitimate interest” and “special categories of data” used in the GDPR are applied. However, within the scope of application of the Swiss FADP, the legal meaning of these terms remains determined by the Swiss FADP.

Security measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability and separation of data. In addition, we have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to data incidents. We also take data protection into account when developing or selecting hardware, software and processes in line with the principles of data protection by design and by default.

Shortening the IP address: If IP addresses are processed by us or by service providers and technologies we use, and the processing of the full IP address is not required, the IP address is shortened (also known as “IP masking”). The last digits or the last part of the IP address after a dot are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent, or make significantly more difficult, the identification of an individual based on their IP address.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services against unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the foundation of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet high security standards. If a website is secured by an SSL/TLS certificate, this is indicated by “HTTPS” in the URL. This signals to users that their data is being transmitted securely and in encrypted form.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if processing takes place in the context of the use of services provided by third parties or by disclosing or transferring data to other persons, bodies or companies, this will only occur in accordance with the legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data will only be transferred if an adequate level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or where the transfer is necessary for the performance of a contract or required by law (Art. 49 para. 1 GDPR). In addition, we will inform you of the specific legal basis for transfers to third countries with regard to the individual providers from such third countries, whereby adequacy decisions take precedence. Information on transfers to third countries and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain companies in the USA as adequate in its adequacy decision of 10 July 2023. The list of certified companies and further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/. In this privacy notice, we will inform you which service providers we use are certified under the Data Privacy Framework.

General information on data storage and deletion

We delete personal data that we process in accordance with statutory provisions as soon as the underlying consent is withdrawn or there is no other legal basis for processing. This applies, in particular, where the original purpose of processing no longer applies or where the data is no longer required. Exceptions exist where legal obligations or overriding interests require longer storage or archiving of the data.

In particular, data that must be stored for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy notice contains additional information on retention and deletion periods that apply specifically to certain processing operations.

If there is more than one piece of information on the retention period or deletion period of data, the longest period is decisive.

If a period does not expressly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period is the date on which the termination or other end of the legal relationship takes effect.

We only continue to process data that is no longer stored for the originally intended purpose, but is retained due to legal requirements or other reasons, for the purposes that justify its continued storage.

Further information on processing operations, procedures and services:

  • Retention and deletion of data: The following general time limits apply to retention and archiving under German law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet as well as the work instructions and other organizational documents required for their understanding, accounting vouchers and invoices (§ 147 para. 3 in conjunction with para. 1 no. 1, 4 and 4a AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 and 4, para. 4 HGB).
    • 6 years – Other business documents: commercial or business letters received, copies of commercial or business letters sent, other documents insofar as they are of significance for taxation, e.g. hourly wage slips, internal accounting documents, calculation documents, price markings, as well as payroll and salary accounting documents, insofar as they are not already accounting records, and cash register strips (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 no. 2 and 3, para. 4 HGB).
    • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, and to process related inquiries, based on past business experience and standard industry practice, will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of the data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular those set out in Art. 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
  • Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, to obtain access to this data and further information, as well as a copy of the data, in accordance with legal requirements.
  • Right to rectification: You have the right to request the completion of incomplete data concerning you or the rectification of inaccurate data concerning you in accordance with legal requirements.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request the immediate erasure of data concerning you, or, alternatively, to request restriction of processing in accordance with legal requirements.
  • Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with legal requirements, or to request that it be transmitted to another controller.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Provision of the online offer and web hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or end device.

  • Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved); log data (e.g. log files relating to logins or the retrieval of data or access times).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices, such as computers and servers); security measures.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, for example to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks), and to ensure the stability and performance of the servers; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
  • ALL-INKL: Services in the area of the provision of information technology infrastructure and associated services (e.g. storage space and/or computing capacity);
    • Service provider: ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany;
    • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
    • Website: https://all-inkl.com/
    • Privacy policy: https://all-inkl.com/datenschutzinformationen/
    • Data processing agreement: Provided by the service provider.

Use of cookies

The term “cookies” refers to functions that store information on users’ end devices and read information from them. Cookies can be used for various purposes, for example to ensure the functionality, security and convenience of online services and to analyze visitor flows.

  • pll_language (1 year): This cookie is set by the Polylang plugin for WordPress-powered websites. The cookie stores the language code of the last visited page. The cookie is technically necessary, as a consistent language version of the website cannot be provided without it. The legal basis for using this cookie is Art. 6(1)(f) GDPR in conjunction with Sec. 25(2)(2) TTDSG. Our legitimate interest lies in ensuring a user-friendly and functional presentation of our online services.

  • Retention period: The cookie is typically stored for 1 year.

  • Disclosure to third parties: No data is shared with third parties.

  • Consent: As this cookie serves exclusively functional purposes, no user consent is required.

General information on revocation and objection (opt-out): Users can withdraw any consent they have given at any time and may also object to processing in accordance with legal requirements, including by using the privacy settings of their browser.

  • Processed data types: Metadata, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing operations, procedures and services:

  • Processing of cookie data on the basis of consent: We use a consent management solution through which user consent is obtained for the use of cookies or for the procedures and providers listed in the consent management interface. This procedure is used to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users’ end devices. As part of this procedure, user consent is obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers listed in the consent management interface. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid repeated queries and to provide proof of consent in accordance with legal requirements. Storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies, so that consent can be assigned to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information on the browser, system and end device used.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers’ data is processed only to the extent necessary for the operation of the publication medium, for its presentation, for communication between authors and readers, or for security purposes. In addition, we refer to the information on the processing of visitors to our publication medium in this privacy notice.

  • Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as information relating to them, such as authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and request management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, we process the details of the inquiring persons insofar as this is necessary to respond to the contact request and to carry out any requested measures.

  • Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as information relating to them, such as authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing operations, procedures and services:

  • Contact form: When you contact us via our contact form, by email or via other communication channels, we process the personal data transmitted to us to respond to and handle the respective request. This generally includes details such as name, contact details and any other information provided to us that is required for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web analysis, monitoring and optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate visitor flows to our online offering and may include information on the behaviour, interests or demographic characteristics of visitors, such as age or gender, as pseudonymous values. With the help of reach measurement, we can, for example, identify at which times our online offering or its functions or content are most frequently used or invite users to reuse it. It also enables us to understand which areas require optimization.

In addition to web analysis, we may use test procedures, for example to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles (i.e. data aggregated for a usage process) may be created for these purposes, and information may be stored in a browser or on an end device and subsequently read out. The information collected includes, in particular, the websites visited and the elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.

In addition, users’ IP addresses are stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. As a rule, no clear user data (such as email addresses or names) is stored in the context of web analysis, A/B testing and optimization, but pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedure.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. our interest in efficient, economical and user-oriented services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); provision of our online services and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”. Cookies may be stored on users’ devices for up to 2 years, unless shorter periods are specified.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

  • Koko Analytics: This website uses the analysis tool Koko Analytics to statistically evaluate visitor access. The provider is ibericode BV, Oosthavendijk 9, 4475AA Wilhelminadorp, The Netherlands (https://ibericode.com/). Koko Analytics is a privacy-friendly (GDPR-compliant) open-source (GPLv3) analytics plugin for WordPress that does not collect personal data and does not transfer any data to external servers. We have disabled the cookies that Koko Analytics can use to better recognize returning visitors. Koko Analytics determines the number of visitors and page views, displays a list of the most frequently visited posts and records which referring websites visitors came from. The tool helps to make this website more user-friendly without tracking personal data.

Changes and updates

We ask you to review the content of our privacy policy regularly. We will amend this privacy policy as soon as changes in our data processing activities make this necessary. We will inform you if such changes require an action on your part (e.g. consent) or other individual notification.

If we provide addresses and contact details of companies and organizations in this privacy policy, please note that these details may change over time. We therefore recommend that you verify the information before contacting such entities.