Privacy Policy

Status: 27.09.2021

General information

We are very pleased about your interest in our company. We take data protection seriously – the protection of your privacy, when processing personal data, is important to us.

LuckyShot GmbH collects and uses your personal data exclusively in accordance with the provisions of the data protection laws of the Federal Republic of Germany. In the following we inform you about the type, scope and purpose of the collection and use of personal data.

As an association or other organization, a written order processing agreement (AVV) must be concluded for the use of our software campai as well as chapster. You can download this directly here.

Identity and contact details of the data controller

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) and other data protection regulations is:

LuckyShot GmbH
Schönhauser Allee 163
10435 Berlin
Germany

info(at)luckyshot.io
http://luckyshot.io/

CEO: Alexander Adam
Amtsgericht Berlin-Charlottenburg HRB 192374 B

Contact details of the data protection officer

You can reach our data protection officer as follows:

Herbert Bischof
00423-2303060
herbert(at)luckyshot.io

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you visit this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that U.S. authorities (e.g. intelligence agencies) may process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.

Scope of processing personal data

LuckyShot GmbH only process the personal data of our users to the extent necessary in order to provide a functioning website with our content and services. The processing of personal data regularly only takes place with the consent of the user. Exceptions include cases where prior consent technically cannot be obtained and where the processing of the data is permitted by law.

Legal basis for data processing

Art. 6 (1) (a) GDPR serves as the legal basis to obtain the consent of the data subject for the processing of their data. As for the processing of personal data required for the performance of a contract of which the data subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual activities. When it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing of data is necessary to safeguard the legitimate interests of our company or that of a third party, and the fundamental rights and freedoms of the data subject do not outweigh the interest of the former, Art. 6 (1) (f) GDPR will serve as the legal basis for the processing of data.

Data removal and storage duration

The personal data of the data subject will be erased or restricted as soon as the purpose of its storage has been accomplished. Additional storage may occur if it was provided for by the European or national legislator within the EU regulations, law, or other relevant regulations to which the data controller is subject. Restriction or erasure of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.

Rights of the data subject

Right to confirmation
You have the right to request confirmation from us as to whether personal data in question is being processed.

Right to information
You have the right at any time to receive free information about the personal data stored about you and a copy of this information. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:

  • The purpose for which the personal data is processed;
  • The categories of personal data being processed;
  • The recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  • The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  • The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller or a right to object to such processing;
  • The existence of a right of appeal to a supervisory authority;
  • All available information on the source of the data if the personal data is not collected from the data subject;
  • The existence of automated decision-making including profiling under Art. 22 GDPR and, in certain cases, meaningful information about the data processing system involved, and the scope and intended result of such processing on the data subject.

You have the right to request information on whether your personal data will be transmitted to a third country or an international organisation. In this context, you can then request for the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

Right to correction
You have the right to request the immediate correction of any inaccurate personal data. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, also by means of a supplementary declaration.

Right to erasure
You may request that we delete the personal data concerning you without undue delay, and we are obliged to delete such data without undue delay if one of the following reasons applies:

  • Personal data concerning you is no longer necessary for the purposes for which they were collected or processed.
  • You revoke your consent, to which the processing is allowed pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR and there is no other legal basis for processing the data
  • According to Art. 21 (1) GDPR you object to the processing of the data given that the processing of the data is justified by a legitimate interest, or you object pursuant to Art. 21 (2) GDPR.
  • Your personal data has been processed unlawfully.
  • The act of deleting your personal data will invoke a legal obligation under the Union law or the law of the Member States to which the data controller is subject.
  • Your personal data was collected in relation to information business services offered pursuant to Art. 8 (1) GDPR.

If the data controller has made your personal data public and has to delete the data pursuant to Art. 17 (1) GDPR, they shall take appropriate measures, including technical means, to inform data processors who process the personal data, that a request has been made to delete all links to such personal data or copies or replications of the personal data, taking into account available technology and implementation costs to execute the process.

The right to deletion does not exist if the processing is necessary

  • to exercise the right to freedom of speech and information;
  • to fulfill a legal obligation required by the law of the Union or of the Member States to which the representative is subject, or to perform a task of public interest or in the exercise of public authority delegated to the representative;
  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
  • for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  • to enforce, exercise or defend legal claims.

Right to information
If you have the right of rectification, erasure or restriction of processing over the data controller, they are obliged to notify all recipients to whom your personal data have been disclosed of the correction or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You reserve the right to be informed about the recipients of your data by the data controller.

Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:

  • if you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims, or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Your right to restrict processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.

Right to data portability
You have the right to receive your personal data given to the data controller in a structured, standard and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the data controller who was initially given the data, given that the processing is based on a consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and the processing is done by automated means.
In exercising this right, you also have the right to maintain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons shall not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the data controller.

Right to object
Subjective to your situation, you have, at any time, the right to object against the processing of your personal data pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The LuckyShot GmbH shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

If the LuckyShot GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data processed for such marketing.

This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to the LuckyShot GmbH to the processing for direct marketing purposes, the LuckyShot GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by the LuckyShot GmbH for statistical purposes pursuant to Art. 89 (1) of GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

In order to exercise the right to object, the data subject may directly contact the LuckyShot GmbH. The data subject is also free to exercise his/her right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

Right to revoke the data protection consent declaration
You have the right to withdraw your consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Automated decision on a case-by-case basis, including profiling
You have the right not to subject to a decision based solely on automated processing including profiling that will have legal effect or affect you in a similar manner. This does not apply if the decision

  • is required for the conclusion or execution of a contract between you and the data controller,
  • is permitted by the Union or Member State legislation to which the data controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  • with your expressed consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to uphold your rights and freedoms as well as your legitimate interests, including the right to obtain assistance from the data controller or their representative, to express your opinion on the matter, and to contest the decision.

Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in the Member State of their residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Provision of website and creation of logfiles

Description and scope of data processing
Each time our website is accessed, our system automatically collects data and relevant information from the computer system of the calling device.

The following data is collected:

  • Browser type and version used
  • The user’s operating system
  • The internet service provider of the user
  • IP address
  • Date and time of access
  • Web pages from which the user’s system accessed our website
  • Web pages accessed by the user’s system through our website

The data is stored in the log files of our system. The data is not stored with the user’s other personal data.

Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in logfiles is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Objection and removal
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. The user can object to this. Whether the objection is successful is to be determined in the context of a balancing of interests. To do so, send us an informal email to info(at)luckyshot.io.

Use of cookies

Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user’s computer system. If a user calls up a website, a cookie can be stored on the user’s operating system. These cookies contain a string of characters that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page break.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Log-in information
  • Cookie setting
  • Search queries
  • Further information that is required for the provision of the website

We also use cookies on our website, which enable us to analyse the browsing behaviour of our users. As a result, the following data will be transmitted:

  • User behaviour on our website
  • Further information used for marketing purposes

The user data collected in this manner is pseudonymised by technical measures. It is therefore not possible to assign the data to the user accessing the site. The data is not stored together with other personal data of the users.

Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The user data collected through technically necessary cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

Legal basis for data processing
The legal basis for the processing of personal data using non-technical cookies is Art. 6 (1) (a) GDPR.

The legal basis for the processing of personal data using technical cookies is Art. 6 (1) (f) GDPR, legitimate interests.

Duration of storage and possibility of objection and removal
Cookies are stored on the user’s device and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

Contact via Email

Description and scope of data processing
On our website, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data is used exclusively for processing the conversation.

Purpose of data processing
In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data sent by Email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has been conclusively resolved.

Objection and removal
If the user contacts us by email at info(at)luckyshot.io, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Application via Email and application form

Scope of processing personal data
An application form is available on our website, which can be used for electronic applications. For the provision of the application form, we use the recruiting page of the personnel and applicant management software Personio of the service provider Personio GmbH, Rundfunkplatz 4, 80335, Munich, Germany.

If an applicant takes advantage of this option, the data entered in the input mask will be transmitted to and stored to us and Personio. These data are:

  • First name/ Last name
  • Address
  • Telephone / mobile phone number
  • Email address
  • Salary expectations
  • Curriculum vitae
  • Awareness channel
  • Other personal data communicated voluntarily in the application process

For the processing of your data, a confirmation of awareness of this privacy policy is obtained during the submission process.

Alternatively, you can also send us your application by email. In this case, we will collect your email address and the data you provide in the email.

After sending your application, you will receive a confirmation of receipt of your application documents by email from us.

For more information, please see Personio’s privacy policy here.

Purpose of data processing
The processing of personal data from the application form serves us solely to process your application. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

Legal basis for data processing
The legal basis for the processing of the data is the initiation of the contractual relationship at the request of the data subject, Art. 6 (1) (b) GDPR and § 26 (1) BDSG.

Duration of storage
After completion of the application procedure, the data will be stored for up to six months. Your data will be deleted after six months at the latest. In the event of a legal obligation, the data will be stored within the framework of the applicable provisions.

Objection and removal
The applicant has the option to object to the processing of personal data at any time. If the applicant contacts us by email at info(at)luckyshot.io, he or she can object to the storage of his or her personal data at any time. In such a case, the application can no longer be considered. All personal data stored in the course of electronic applications will be deleted in this case.

Contact via the website

The website of the LuckyShot GmbH contains legal requirements which enable a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts us by e-mail or by means of a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted to us on a voluntary basis by a data subject will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.

Blog comment function

LuckyShot GmbH offers its users the possibility to leave individual comments on individual blog posts on a blog, which is located on our website. A blog is a portal on a website, usually publicly viewable, in which one or more persons, called bloggers or web bloggers, can post articles or write down thoughts in so-called blog posts. The blog posts can usually be commented on by third parties.

If a data subject leaves a comment on the blog published on our website, in addition to the comments left by the data subject, information on the time of comment entry and the user name (pseudonym) chosen by the data subject will be stored and published. Furthermore, the IP address assigned by the Internet service provider (ISP) of the person concerned is also logged. This storage of the IP address is done for security reasons and in case the data subject violates the rights of third parties by posting a comment or posts illegal content. The storage of this personal data is therefore in its own interest, so that it could defend itself if necessary in the event of a violation of the law. There is no disclosure of this collected personal data to third parties, unless such disclosure is required by law or serves the legal defense of the controller.

Data processing within the scope of our app

If you want to use our app for iOS and other operating systems, it is necessary that you register for this with a user account. For this purpose, it is necessary that we process your mobile number and a profile name selected by you in order to be able to confirm your registration based on the mobile number provided; the provision of a real name is not necessary for the use of the app. We will only use your mobile number and name to confirm your registration. You can provide us with additional information (such as a profile picture or other profile details) in the app itself. We process this data exclusively to enable you to use the app according to your wishes. Our legal basis for the processing of this app data is Art. 6 (1) lit. b GDPR.

Newsletter and notifications

We send newsletters, e-mails and other electronic notifications containing promotional information only with the consent of the recipient or with legal authorization. The newsletters contain information about our offers and services. However, notifications sent in the context of contractual or business relationships are not considered advertising. This includes, for example, the sending of service e-mails with technical or organizational information within the scope of our service provision, notices of technical or legal changes or questions about our offer. Notifications of activities to which the customer has subscribed. So-called double opt-in emails sent within the framework of registration or subscription to a newsletter are also not advertising messages. These double opt-in emails invite users to confirm a registration or subscription. The double opt-in emails are necessary to verify that the registration was really made by the email owner. The first and last name information is used to personalize the newsletter. The consent to store the data, e-mail addresses as well as their use for sending the newsletter can be revoked at any time. The revocation can be made, for example, via an unsubscribe link in the newsletter or an e-mail to info(at)campai.com with “Unsubscribe” in the subject line. Registrations for the newsletter are logged in order to be able to check the registration process in compliance with legal requirements. For this purpose, the registration and confirmation moments in particular are recorded.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

Use of social networks

The use of social media platforms with server locations in the USA may result in the processing of personal data outside the EU. To ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by social media operators outside the EU takes place on the basis of appropriate safeguards pursuant to Art. 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR.

We use the possibility of corporate presence in the network Instagram.

Instagram: Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

On our company website we provide information and offer Instagram users the possibility of communication. If you carry out an action on our Instagram company website (e.g. comments, contributions, likes etc.), you may make personal data (e.g. clear name or photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your personal data by Instagram, the company jointly responsible for our company appearance, we cannot make any binding statements regarding the purpose and scope of the processing of your data.

Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the company’s presence for information about our products and services.

Publications on the company appearance can contain the following content:

  • Information about products
  • Information about services
  • Sweepstakes
  • Advertisement
  • Customer contact

Every user is free to publish personal data through activities. The data generated on the company appearance are not stored in our own systems.

The legal basis for data processing is Art. 6 (1) (a) GDPR.

You can object to the processing of your personal data that we collect in the context of your use of our Instagram company presence at any time and assert your data subject rights as stated in this privacy policy. To do so, send us an informal email to info(at)luckyshot.io.

For further information on the processing of your personal data by Instagram and the corresponding objection options, please click here.

We use the possibility of corporate presence in YouTube.

YouTube: Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland

On our company profile we provide information and offer YouTube users the possibility of communication. If you carry out an action on our YouTube company profile (e.g., comments, contributions, likes etc.), you may make personal data (e.g., clear name or photo of your user profile) public.

Our corporate profile in social networks is used for communication and information exchange with (potential) customers. We use the company’s profile to provide Information about products and services.

To improve user experience, we have also embedded videos from YouTube on our website. The videos are embedded in such a way that only a preview image of the video can be seen, and no cookies are set by YouTube. If you click on the preview image of the YouTube video, you will be redirected in a new tab directly to a page of YouTube on which no cookies are set (youtube-nocookie.com). It cannot be ruled out that YouTube will change this in the future and set cookies after all. We will review this situation regularly, taking into account proportionality and appropriateness.

If you are logged into your YouTube account during your visit, Google can assign your website visit to this account. This information is transmitted directly to Google and stored there.

The legal basis for data processing is Art. 6 (1) (f) GDPR.

You can object at any time to the processing of your personal data that we collect in the course of your use of our YouTube corporate presence and exercise your data subject rights as set out in this privacy policy. You can find more information about the processing of your personal data by YouTube and the corresponding objection options here.

We use the possibility of corporate presence in the network Facebook.

Facebook: The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The controller has integrated components of the company Facebook on this website. Facebook is a social network. A social network is a social meeting place operated on the Internet, an online community that generally allows users to communicate and interact with each other in virtual space. A social network can serve as a platform for sharing opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos and network via friend requests, among other things.

By each call of one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found here. Within the scope of this technical procedure, Facebook receives knowledge about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website.

The data policy published by Facebook, which can be accessed here, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that allow data transmission to Facebook to be suppressed. Such applications can be used by the data subject to suppress data transmission to Facebook.

The legal basis for data processing is Art. 6 (1) (f) GDPR.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here.

Hosting

Our website is hosted on servers operated by Netlify: Netlify, Inc, 2325 3rd Street, Suite 215, San Francisco, 94107 CA.

Our app is hosted by Firebase, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043.

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of server request
  • IP-address


This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.

Part of the order processing contract with Netlify are so-called EU standard data protection clauses (Art. 46 (2) (1) lit. c GDPR). These are to be classified as an appropriate guarantee for the protection of the transfer and processing of personal data outside the EU.

You can find more information about data processing by Netlify here and by Firebase here.

Use of Google Analytics (incl. Google Analytics Remarketing)

Scope of the processing of personal data
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google).

Google Analytics examines, among other things, the origin of visitors, the time they spend on individual pages, and the use of search engines, thus allowing better monitoring of the success of advertising campaigns. Google sets a cookie on your computer. This allows personal data to be stored and evaluated, including:

  • The user’s activity (in particular, which pages have been visited and which elements have been clicked on),
  • Device and browser information (in particular, the IP address and operating system),
  • Data about the advertisements displayed (in particular, which advertisements were displayed and whether the user clicked on them) and
  • Data from advertising partners (in particular pseudonymized user IDs).

We use Google Analytics to evaluate your use of our online presence, to compile reports about your activities and to use other Google services related to the use of our online presence and internet usage.

In addition, we use Google Analytics Remarketing, whereby the data collected and evaluated about you is used to play out targeted advertising.

We have requested the anonymization of IP addresses, whereby Google shortens your IP address as soon as technically possible. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and shortened there.

Google transfers your personal data to Google affiliates and other processors.

Purpose of data processing
The use of Google Analytics, including Google Analytics Remarketing, serves us to evaluate the use of our online presence as well as the targeted playout of advertising, to the people who have already expressed an initial interest through their visit to the site.

Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the users is basically the consent of the user according to Art. 6 (1) (1) lit. a GDPR.

Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes. Advertising data in server logs is anonymized by Google deleting parts of the IP address and cookie information after 9 and 18 months, respectively, according to Google.

Right to withdraw consent and removal options
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, using the “”Do Not Track”” feature of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript or Ghostery in your browser.

For more information about objection and removal options by Google click here.

You can also prevent the collection of data generated by the cookie and related to your use of the online presence (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link.

With the following link you can deactivate the use of your personal data by Google.

Further information and the applicable Google privacy policy can be found here and here. Google Analytics is explained in more detail here.

Use of Google Tag Manager

Scope of processing of personal data
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). With Google Tag Manager, tags from Google and third-party services can be managed and bundled and embedded on an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behaviour, capture the impact of online advertising and social channels, use remarketing and targeting, and test and optimize online presences. When a user visits the online presence, the current tag configuration is sent to the user’s browser. It contains statements about which tags are to be triggered. Google Tag Manager triggers other tags that may themselves collect data. You will find information on this in the passages on the use of the corresponding services in this data protection declaration. Google Tag Manager does not access this data.

Further information about Google Tag Manager can be found here.

Purpose of data processing
The purpose of the processing of personal data lies in the collected and clear administration as well as an efficient integration of the services of third parties.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be stored for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law. Advertising data in server logs is anonymized by Google’s own statements to delete parts of the IP address and cookie information after 9 and 18 months, respectively.

Right to withdraw consent and removal options
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript or Ghostery in your browser.

You can also prevent the collection of data generated by the cookie and related to your use of the online presence (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link.

With the following link you can deactivate the use of your personal data by Google.

You can find more information on how to object to and remove Google here.

Use of Google Fonts

Scope of processing of personal data
We use Google web fonts of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter: Google). In the process, the web fonts are transferred to the browser’s cache when the page is called up in order to be able to use them for the visually improved display of various information. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor’s computer when the page is accessed. Data transmitted in connection with the page call is sent to resource-specific domains such as https://fonts.googleapis.com or https://fonts.gstatic.com. As a result, personal data can be stored and evaluated, especially the user’s activity (in particular, which pages have been visited and which elements have been clicked on) and device and browser information (in particular, the IP address and the operating system).

The data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can find more information about Google Web Fonts here.

Purpose of data processing
The use of Google web fonts serves an appealing display of our texts. If your browser does not support this function, a standard font from your computer will be used for display.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.

Right to withdraw consent and removal options
With the following link you can deactivate the use of personal data by Google.

For more information on the processing of data by Google, click here.

Use of Google Ads Remarketing

Scope of processing of personal data
We use Google Ads Remarketing of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter: Google). Google Remarketing is used for retargeting visitors to the online presence for advertising purposes via Google Ads ads. With the help of Google Ads Remarketing, target groups (“similar target groups”) can be created, which have called up certain pages, for example. This makes it possible to identify the user on other online presences and display targeted advertising. Google sets a cookie on the user’s computer. Personal data can be stored and evaluated, especially the activity of the user (in particular which pages have been visited and on which elements have been clicked), device and browser information (in particular the IP address and the operating system), data about the displayed advertisements (in particular which advertisements were displayed and whether the user clicked on them) and also data from advertising partners (in particular pseudonymized user IDs).

Purpose of data processing
The purpose of processing personal data is to address a specific target group. The cookies stored on the end device of the users recognize them when they visit an online presence and can therefore show them interest-based advertising.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.

Right to withdraw consent and removal options
With the following link you can deactivate the use of personal data by Google.
For more information on the processing of data by Google, click here.

Use of Google Cloud Plattform

Scope of processing of personal data
We use services of the Google Cloud Platform, a developer platform operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). The data processing is based on our legitimate interests in the technically error-free and optimized provision of our services.

We have concluded a so-called “Data Processing Agreement” with Google, operator of the Google Cloud Platform, in which we oblige Google to protect the data of our customers, not to pass them on to third parties and, in the event of a transfer of personal data to the USA, to comply with the regulations of the standard contractual clauses pursuant to Art. 46 GDPR.

Purpose of data processing
The purpose of the processing of personal data is the collected and clear management, as well as an efficient integration of the services of third parties.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.

Possibility of revocation of consent and removal
You can object to the processing of your personal data that we collect in the course of your use of Intercom at any time and exercise your data subject rights as stated in this privacy policy. To do so, send us an informal email to info(at)luckyshot.io.

For more information on the processing of data by Google, click here.

Use of Google-AdWords

Scope of processing of personal data
We have integrated Google AdWords, Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in Google’s search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google’s search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

If a data subject accesses our website via a Google ad, a so-called conversion cookie is stored by Google on the data subject’s information technology system. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. The conversion cookie is used to track whether certain subpages, for example the shopping cart from an online store system, have been called up on our website, provided the cookie has not yet expired. Through the conversion cookie, both we and Google can track whether a data subject who has accessed our website via an AdWords ad has generated a sale, i.e. has completed or cancelled a purchase of goods.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which the data subject could be identified.

By means of the conversion cookie, personal information, for example the internet pages visited by the data subject, is stored. Each time the data subject visits our website, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google discloses this data collected via the technical process

Purpose of data processing
The purpose of Google AdWords is to advertise our website by displaying relevant advertisements on the websites of third-party companies and in the search engine results of the Google search engine and to display third-party advertisements on our website.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

Possibility of revocation of consent and removal
You can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must call up the link from any of the internet browsers he or she uses and make the desired settings there.

Further information and the applicableGoogle privacy policy can be found here.

Use of Intercom

Scope of processing of personal data
We use Intercom, 3rd Floor, Stephens Ct, 18-21 St. Stephen’s Green, Dublin 2 for analysis and communication purposes. By setting cookies and similar technologies on your terminal device, Intercom can evaluate your user behavior in order to offer our support and improve the product. Among other things, the following data is collected: Time and duration of your login, your location, which areas within the platform were visited.

Purpose of data processing
The system-inherent evaluation serves the sole purpose of eliminating technical malfunctions in order to be able to guarantee uninterrupted operation of our platform.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

Possibility of revocation of consent and removal
You can object to the processing of your personal data that we collect in the course of your use of Intercom at any time and exercise your data subject rights as stated in this privacy policy. To do so, send us an informal email to info(at)luckyshot.io.

Further information and the applicable Intercom privacy policy can be found here.

Use of MongoDB

Scope of processing of personal data
We use Atlas by MongoDB, Inc., 3 Shelbourne Building, Crampton Avenue Ballsbridge, Dublin 4, Ireland as our central database. The data processing is based on our legitimate interests (Art.6 (1) lit. f GDPR) in the technically error-free and optimized provision of our services. No personal data of our users is stored in the Atlas database.

We have concluded a so-called “Data Processing Agreement” with MongoDB, in which we oblige MongoDB to protect our customers’ data, not to pass it on to third parties and, in the event of a transfer of personal data via sub-processors or affiliated companies to the USA, to comply with the regulations of the standard contractual clauses pursuant to Art. 46 GDPR.

Further information and the applicable MongoDB privacy policy can be found here.

Use of Sentry

Scope of processing of personal data
We use the service Sentry of Functional Software Inc., 132 Hawthorne Street, San Francisco, California 94107 for our app to monitor system stability and to detect and collect code errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as device details or time of error, are collected exclusively pseudonymously and do not allow us to draw any conclusions about individual users. Sentry only processes data related to the respective error incident and does not process any general usage data on our behalf.

Further information and the applicable Sentry privacy policy can be found here.

Use of AWS/ AWS3/ AWS SES

Scope of processing of personal data
We use the service of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxemburg for our app server (running the backends) as well as AWS S3 for hosting the uploaded files in our apps and AWS SES for sending invitation emails within our apps for our users.

Purpose of data processing
The system-inherent evaluation serves the sole purpose of eliminating technical malfunctions in order to be able to guarantee uninterrupted operation of our platform.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

Possibility of revocation of consent and removal
You can object to the processing of your personal data that we collect in the course of your use of Intercom at any time and exercise your data subject rights as stated in this privacy policy. To do so, send us an informal email to info(at)luckyshot.io.

Further information and the applicable AWS privacy policy can be found here.

Use of Prismic

Scope of processing of personal data
We use the service of Prismic, Data Privacy Office, New Prismic, 9 rue de la Pierre Levée, 75011, PARIS, France to provide content and content delivery for our App.

Purpose of data processing
The use of Prismic is solely for the purpose of providing content and uninterrupted operation of our app.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

Possibility of revocation of consent and removal
You can object to the processing of your personal data that we collect in the course of your use of Intercom at any time and exercise your data subject rights as stated in this privacy policy. To do so, send us an informal email to info(at)luckyshot.io.

Further information and Prismic’s applicable privacy policy can be found here.

Use of FinApi

Scope of the processing of personal data
We use the services of FinAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich, Germany, to provide an API interface to our platforms to enable our users to transact their business.

Purpose of data processing
The use of FinApi serves the sole purpose of being able to offer a bank interface in our platforms for a bank transfer.

Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is basically the user’s consent pursuant to Art. 6 (1) (a) GDPR.

Duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.

Possibility of revocation of consent and removal
You can object to the processing of your personal data that we collect in the course of your use of Intercom at any time and exercise your data subject rights as stated in this privacy policy. To do so, send us an informal email to info(at)luckyshot.io.

Further information and FinApi’s applicable privacy policy can be found here.

Security of personal data & transmission to third parties

Your personal data provided to us will be secured by taking all technical and organizational security measures according to the latest state of the art so that they are inaccessible to unauthorized third parties. When sending very sensitive data or information, it is recommended to use the postal service, as complete data security cannot be guaranteed by email. We will not pass on your data to third parties, unless this is obligatory for us due to legal regulations or necessary to protect our legitimate interests (e.g. to a lawyer for the assertion or defense of legal claims). However, please note that your data will be transferred to your club or other members if your club or organization uses our management software and/or our app. Otherwise, we only transfer personal data to our service providers, who are subject to strict contractual provisions to process personal data solely for the purpose of providing their services to us and solely on our instructions. Our service providers primarily include our hosting providers.

Adequate level of data protection for recipients abroad

If our service providers are based abroad, i.e. outside the territory of the European Economic Area (EEA) (e.g. Google), we will ensure an adequate level of data protection at all times by ensuring that either the EU’s model contracts for the transfer of data to other EU countries, as amended from time to time, have been concluded or that other appropriate safeguards for an adequate level of data protection are in place.

Transfer to third parties

We transfer your data to certain third parties in order to be able to provide corresponding applications and services (so-called “processors”), who provide external services for us. For example, newsletter services, IT providers, tax firms, etc. A transfer to other third parties may take place in order to fulfill our obligations (authorities, banks, social security institutions, etc.). Third parties process the data only in accordance with our instructions, and they are also prohibited from using this data for their own commercial purposes that do not correspond to the agreed purposes.

We must disclose personal data if we are required to do so as part of ongoing legal proceedings, by order, by law or by applicable law (Art. 6(1)(f) GDPR).

We will only disclose your personal data to third parties if: you have given your express consent in accordance with Art. 6 (1) (1) lit. a GDPR, the disclosure in accordance with Art. 6 (1) (1) lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data, in the event that a legal obligation exists for the disclosure in accordance with Art. 6 (1) (1) lit. c GDPR, and this is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6 (1) (1) lit. b GDPR. S.1 lit.c GDRP, as well as this is legally permissible and necessary according to Art. 6 (1) (1) lit.b GDPR for the processing of contractual relationships with you. If the processing of your data takes place outside Europe, this transfer will take place in compliance with all applicable data protection laws and in particular in accordance with Art. 44f GDPR.

Legal or contractual requirements for the provision of personal data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

Changes to this privacy policy

We will update this policy from time to time to protect your personal information. You should review this policy from time to time to stay informed about how we are protecting your information and continually improving the content of our website. If we make any material changes to the collection, use and/or disclosure of the personal information you provide to us, we will notify you by posting a prominent notice on the Site. By using the Site, you agree to the terms of this Privacy Policy. If you have any questions about this Privacy Policy, please contact us at info(at)luckyshot.io.