Privacy Policy

With this privacy policy we would like to inform you about how we process personal data and inform you about your rights. We are aware of the importance of processing personal data for you as a data subject, and accordingly observe all relevant legal requirements. In doing so, the protection of your privacy is of utmost importance to us. The processing of your personal data by us is carried out in compliance with the GDPR, as well as the data protection regulations of the respective country.

  1. Name and contact details of the responsible person and his/her representative
    Cosmonauts & Kings GmbH
    Alt-Moabit 103
    D-10559 Berlin
    Phone: (+49) 030 420 997 14
    E-Mail: houston@cosmonautsandkings.com

Contact details of the data protection officer: datenschutz@cosmonautsandkings.com

  1. Definitions

This privacy statement uses the terms of the General Data Protection Regulation (GDPR).

III. Processing operations//categories of personal data

We collect and process the following personal data about you: contact and address information, if you provide us with your contact information, online identifiers (e.g. your IP address, browser type and version, the operating system used, the referrer URL, the file name, the access status, the amount of data transferred, the date and time of the server request), payment information, image and video material if you have provided us with the same.

We may publish personal data on social networks to perform our contracted services with you.

  1. Processing purposes

We process your data for one or more of the following purposes:

  • for the contact you have requested,
  • to process or initiate contracts with you,
  • for advertising purposes,
  • for statistical evaluations and analysis, and/or
  • for the security of our website (log files);
  1. Legal basis of the data processing

The processing of your data is based on the following legal grounds: your consent according to Art. 6 para. 1 lit. a) GDPR, for the performance of a contract with you according to Art. 6 para. 1 lit. b) GDPR, for the fulfilment of legal obligations according to Art. 6 para. 1 lit. c) GDPR or for a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.

The legal basis for processing your data in accordance with the stated processing purposes is:

  • Contacting: If you wish to contact us, for example because you send us an e-mail message or write to us via a contact form, the legal basis is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in fully processing your contact. Since you have contacted us, we assume that you have no interests that conflict with our processing of your request. If the contact is aimed at the conclusion of a contract or the fulfilment of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. If consent has been given, the legal basis for the processing of the contact is Art. 6 (1) a) GDPR.
  • Contracts: The legal basis for the processing of your personal data for the execution or initiation of contracts is Art. 6 para. 1 lit. b) GDPR. In addition, we also process your data in accordance with the statutory provisions resulting, for example, from tax law. This type of processing is lawful according to Art. 6 para. 1 lit. c) GDPR.
  • Advertising purposes: We process your personal data for advertising purposes if we have your consent pursuant to Art. 6 (1) a) GDPR. In a few cases, the processing of your personal data may take place due to our legitimate interest (Art. 6 (1) (f) GDPR) in advertising our products, for example if you are an existing customer of our company (see also recital 47 GDPR and Section 7 UWG).
  • Statistical evaluations and analysis: We process your personal data for statistical evaluations and analysis of our website (for example, via cookies and other technologies) as well as our services if we have your consent pursuant to Art. 6 (1) a) GDPR. Due to the necessity of accounting, an indirect statistical evaluation of your personal data could occur due to a legal obligation (Art. 6 para. 1 lit. c) GDPR). Furthermore, a processing of your data could take place for the purpose of statistical evaluation of the key figures of our economic activity. This represents a legitimate interest of our company according to Art. 6 para. 1 lit. f) GDPR, as it enables us to carry out financial planning and allocate economic resources.
  • Security of our website: Each time our website is accessed, usage data is transmitted by the respective internet browser and stored in log files, the so-called server log files. The data records stored in this process contain the following data: Domain from which the user accesses the website, date and time of access IP address of the accessing computer Website(s) visited by the user within the scope of the offer, amount of data transferred, browser type and version, operating system used, name of the Internet service provider, message as to whether the access was successful. These log file data records are evaluated in order to improve the offer and make it more user-friendly, to find and correct errors and to control the utilisation of servers. This is also our legitimate interest according to Art. 6 para. 1 lit. f) GDPR.

  1. Legitimate interests

Unless otherwise stated in this privacy policy and if we base the processing of your personal data on legitimate interests pursuant to Art. 6 (1) lit. f) GDPR, such interests are the protection against misuse, the enforcement of our legal claims, the adaptation of our offer and the processing of enquiries that arise.

VII. Data sources

We obtain the data from you (including via the devices you use). If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it is from publicly available sources.

VIII. Recipients or categories of recipients of the personal data

When processing your data, we work together with service providers who have access to your data. Possible recipients of your personal data are: (i) software companies that enable us to provide our services, help us to improve them and/or serve us for marketing purposes (for example, to send newsletters, emails, manage customer contacts or applications); (ii) public bodies and administrations, insofar as we are legally obliged to do so; (iii) payment service providers; (iv) hosting providers; (v) social media platforms; (vi) service companies, such as tax advisors or lawyers.

For the purposes of fulfilling the contract, we may also transfer your personal data to anyone to whom we assign rights arising from the contractual relationship with you.

Some of the recipients of your personal data are:

ALL-INKL.COM – New Media Münnich

We use ALL-INKL.COM – Neue Medien Münnich to host our website. Personal data may be passed on in the process. We use the aforementioned services in order to be able to offer a website.

https://all-inkl.com/datenschutzinformationen/

Cloudinary

We use Cloudinary to reload content on our website. Personal data may be passed on in the process. We use the aforementioned services for a complete and informative presentation of our website.

https://cloudinary.com/privacy

Fontawesome

We integrate services from Fontawesome on our website in order to embed fonts. Personal data may be passed on in the process. We use the aforementioned services for a complete and informative presentation of our website.

https://fontawesome.com/privacy

Google Ireland Limited

We integrate Google services on our website in order to (i) analyse the use of our website (Google Analytics) and (ii) to integrate fonts (Google Fonts). Personal data may be passed on to Google in the process. We use these services to (i) analyse the use of our website (Google Analytics) and (ii) for a complete and appealing presentation of our website (Google Fonts).

https://policies.google.com/privacy?hl=de

MailChimp

We use MailChimp to create and send the newsletter. When you become a subscriber to our newsletter via our website, you confirm by email that you are a member of a MailChimp email list. Personal data is passed on to MailChimp in this process. We use the aforementioned services to advertise our company and to obtain key figures about the success of this advertising.

https://mailchimp.com/legal/privacy/

Metomic

We include services from Metomic on our website in order to integrate a cookie banner. This may involve the transfer of personal data to Metomic. We use these services to comply with our legal obligations.

https://metomic.io/privacy-policy

Personio

We use Personio to advertise vacancies and to contact potential new employees. If they apply or contact us as part of a job application, their data may be shared with Personio.

https://www.personio.de/datenschutzerklaerung/

Pipedrive Leadbooster

We use services of Pipedrive to contact (potential) customers by providing their contact details. Personal data may be passed on to Pipedrive in the process. We use the aforementioned services to initiate and maintain future and current business relationships.

https://www.pipedrive.com/en/privacy

  1. International data transfers

Data is transferred to third countries outside the European Union. Information we collect from you could be processed in the United States or other third countries. Some third countries, for example the United States, have not currently received an adequacy decision from the European Union under Article 45 of the GDPR, which means that your data may not receive the same level of protection there as under the GDPR.

International data transfers are made on the basis of contractual and other regulations provided for by law, which are intended to ensure adequate protection of your data and which you can view on request. In doing so, we rely on the rules set out in Article 49 of the GDPR or, where applicable, on safeguards pursuant to Article 46 of the GDPR. We and our processors aim to apply appropriate safeguards to protect the privacy and security of your personal data. Therefore, we only process your personal data in accordance with the practices described in our Privacy Policy.

  1. Storage period

We store your personal data only as long as it is necessary to achieve the purpose of processing. We store your data if you have consented to the processing at most until you revoke your consent, if we need the data to perform a contract at most as long as the contractual relationship with you exists, if we use the data on the basis of a legitimate interest at most as long as your interest in deletion or anonymisation does not prevail.

In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. In these cases, the data is deleted when a storage or retention period prescribed by the aforementioned standards expires.

  1. Your rights

As a data subject, you may have the right under applicable data protection law to:

– Information, in accordance with Art. 15 of the GDPR,

– Rectification, in accordance with Art. 16 of the GDPR,

– Data erasure (“right to be forgotten”), in accordance with Art. 17 of the GDPR,

– Limitation of processing, pursuant to Art. 18 GDPR,

– Data portability, in accordance with Art. 20 GDPR and/or

– Objection to the processing, pursuant to Article 21 of the GDPR.

Information on the right to object pursuant to Art. 21 (4) GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

Revocation of consents

You also have the right to withdraw consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

XII. Right of appeal to a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR or other data protection provisions.

XIII. Requirement or obligation to provide data

Unless expressly stated at the time of collection, the provision of data is not required or obligatory. Such an obligation may result from legal requirements or contractual regulations. Failure to provide required personal data generally results in a contract not being able to be concluded and/or in us not being able to provide a requested service. Our employees will clarify on a case-by-case basis whether the provision of personal data is required by law or contract or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

XIV. Automated decisions

We do not use automated decision-making mechanisms, including profiling, that have legal effect on the data subject or similarly significantly affect the data subject.

  1. Data backup

We have taken extensive technical and organisational measures to protect your data against possible dangers, such as unauthorised access, unauthorised disclosure, modification or dissemination, as well as against loss, destruction or misuse. In order to protect your personal data from unauthorised access by third parties during transmission, we secure data transmissions using SSL encryption where necessary. This is a standardised encryption procedure for online services, especially for the web.

XVI. Cookies

Our website uses cookies and similar technologies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. Cookies contain a characteristic string of characters that can uniquely identify the browser when the website is called up again. Similar technologies are used to refer to other technical tools that enable the identification of website visitors, such as tracking pixels.

Technically necessary cookies and technologies are those without which our website is not functional and usable. This category only contains cookies and technologies that ensure basic functions and security features of the website. Technically necessary cookies and technologies can be set without the user’s consent.

Non-essential cookies are all cookies and technologies that are not particularly necessary for the functioning of the website and are used specifically to collect personal data from the user via analytics, ads and other embedded content. Non-essential cookies and technologies (for example, cookies for marketing, advertising or customer analysis purposes) require the consent of the website user.

Please refer to our cookie banner to see which cookies and technologies we use and for what purpose.

By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to use all the functions of the website to their full extent.

XVII. Status of this Privacy Policy & Changes

We reserve the right to change this privacy policy at any time with effect for the future.

Status: 1 March 2021