1. Controller
Frank Thielen
Henri-Dunant-Strasse 8
53757 Sankt Augustin
Germany
Email: mail@tiwis.org
2. General information on data processing
The protection of your personal data is important to me. Personal data is processed on this website only in accordance with the applicable legal provisions, in particular the General Data Protection Regulation (GDPR).
Personal data means any information relating to an identified or identifiable natural person.
3. Purpose of the platform
This website is a private project that allows registered users to save places, share places with friends, publish publicly shared places, create friendships with other users, upload images for places and interact with other users within the platform.
Using certain features requires the creation of a user account.
4. Registration and user account
The following mandatory data is collected when creating a user account:
- Email address
- Username
- Password
Additional information may be provided voluntarily.
This data is processed for the purpose of providing the user account and the offered platform functions.
Legal basis: Art. 6(1)(b) GDPR.
5. Login and password security
Users log in using username or email address and password.
Passwords are not stored in plain text. They are stored exclusively as secure cryptographic hash values according to current security standards.
It is not possible for the operator to recover the original password.
Legal basis: Art. 6(1)(b) GDPR.
6. Profile information and profile image
Users may voluntarily provide additional profile information.
If a profile image is uploaded, it is generally visible to other users even if no friendship has been confirmed yet.
Users should therefore upload only images they explicitly want to make visible to others.
Legal basis: Art. 6(1)(b) GDPR.
7. Friendships and social features
The platform allows users to send friend requests and establish friendships with other users.
The following information is processed in particular:
- sent friend requests,
- received friend requests,
- existing friendships.
This data is processed solely to provide the corresponding features.
Legal basis: Art. 6(1)(b) GDPR.
8. Storage and sharing of places
Users can store places on the platform.
Stored places can be visible only to the user, to friends, or publicly, depending on the selected settings.
If places are shared publicly, the related information can be viewed by all visitors of the website.
Users are responsible for deciding which information they publish.
Legal basis: Art. 6(1)(b) GDPR.
9. Upload of images
Users can upload images for stored places.
Images are displayed according to the visibility selected by the user.
The user is solely responsible for ensuring that uploaded images do not violate third-party rights, in particular copyrights, personality rights, trademark rights or other protective rights.
The operator reserves the right to remove unlawful content after becoming aware of it.
Legal basis: Art. 6(1)(b) GDPR.
10. Cookies
This website uses only technically necessary cookies.
These cookies are required to provide the website securely and functionally. This includes cookies for user login and authentication, maintaining user sessions, security features and storing privacy settings and consents.
Without these cookies, essential website functions cannot be provided.
Legal basis: § 25(2) no. 2 TDDDG and Art. 6(1)(f) GDPR.
The legitimate interest lies in the technically proper and secure provision of the online service.
11. Consent management (consent banner)
A consent banner is used to manage consents.
The user's choice regarding the use of Google Maps is stored so that this setting can be applied on future visits.
This storage also serves as proof of granted or denied consents.
Legal basis: Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR and § 25(2) no. 2 TDDDG.
12. Google Maps
Google Maps is used to display places and maps.
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Google Maps is loaded only after the user has explicitly consented via the consent banner.
Only after this consent is granted may personal data be transmitted to Google, in particular IP address, browser information, device information and usage data related to map display.
Data transfers to servers of the Google group in third countries, especially the USA, cannot be excluded.
Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG.
Consent can be withdrawn at any time with effect for the future via the website's privacy settings.
More information on Google's privacy practices:
https://policies.google.com/privacy
13. Server log files
When this website is accessed, information is automatically collected by the hosting provider and stored in so-called server log files.
This may include in particular:
- IP address,
- date and time of access,
- requested page,
- browser type and version,
- operating system used,
- referrer URL.
This data is used solely to ensure smooth operation and security of the website.
This data is not merged with other data sources.
Legal basis: Art. 6(1)(f) GDPR.
14. Recipients of personal data
Personal data is generally not disclosed to third parties unless this is necessary for the technical provision of the website, there is a legal obligation, or the user has expressly consented.
Recipients may include technical service providers such as hosting providers.
15. Storage period
Personal data is stored only for as long as necessary for the respective purposes or as required by statutory retention obligations.
After the purpose ceases to apply, data is deleted unless statutory retention obligations prevent deletion.
16. Deletion of user account
Users can delete their account themselves at any time.
When an account is deleted, the user's personal data and content created by the user are generally deleted unless statutory retention obligations or legitimate reasons for further storage exist.
If technical backups exist, final deletion of individual data may only occur after the respective backup cycles have expired.
17. Rights of data subjects
According to applicable law, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw granted consent with effect for the future
You can contact the controller at any time to exercise your rights.
18. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.
The competent authority is in particular the data protection authority at your habitual residence, your place of work, or the place of the alleged infringement.
19. Changes to this privacy policy
I reserve the right to adapt this privacy policy if this becomes necessary due to technical developments, changed legal requirements or new website features.
The version of the privacy policy published on the website at the time of your visit applies.