Back to TacOps

Privacy Policy

Summary

This privacy policy provides an overview of the processing of your data by TacOps ("we," "us"). We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Table of contents

Responsible Person (Imprint)

Patrick Probst
c/o IP-Management #8844
Ludwig-Erhard-Str. 18
20459 Hamburg

Email address: admin@tacops.gg

Overview of processing

The following overview summarizes the types of data processed and the purposes for which they are processed and refers to the data subjects.

Types of data processed

Categories of data subjects

Purposes of processing

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile . If more specific legal bases are relevant in individual cases, we will inform you of this in the privacy policy.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transfer as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the different probabilities of occurrence and the severity of the risk to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to it, input, disclosure, securing availability, and separation. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, the deletion of data, and responses to threats to data. In addition, we take the protection of personal data into account as early as the development or selection stage of hardware, software, and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Truncation of the IP address: If IP addresses are processed by us or by the service providers and technologies we use and the processing of a complete IP address is not necessary, the IP address is truncated (also known as "IP masking"). This involves removing the last two digits or the last part of the IP address after a dot or replacing them with placeholders. The purpose of shortening the IP address is to prevent or significantly impede the identification of a person based on their IP address.

Securing online connections with TLS/SSL encryption technology (HTTPS): To protect the data of users that is transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information that is transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transfers meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of personal data

In the course of our processing of personal data, it may happen that this data is transferred to or disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies, or companies (which can be identified by the postal address of the respective provider or if the privacy policy expressly refers to the transfer of data to third countries), this is always done in accordance with the legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and stipulate contractual obligations to protect your data.

This double safeguard ensures comprehensive protection of your data: The DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes occur within the framework of the DPF, the standard contractual clauses will serve as a reliable fallback option. In this way, we ensure that your data will always remain adequately protected , even in the event of political or legal changes.

We will inform you whether the individual service providers are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English).

Appropriate security measures apply to data transfers to other third countries, in particular standard contractual clauses, express consent, or transfers required by law. Information on third country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission at : https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or there are no further legal grounds for processing . This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the storage and deletion of data that specifically applies to certain processing procedures.

If there are several specifications regarding the retention period or deletion deadlines for a piece of data, the longest period shall always apply. Data that is no longer required for its original purpose but is retained due to legal requirements or other reasons shall be processed by us exclusively for the reasons that justify its retention. Retention and deletion of data: The following general periods apply to the retention and

Storage and deletion of data: The following general periods apply to storage and archiving under German law:

Start of the period at the end of the year: If a period does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred . In the case of ongoing contractual relationships in which data is stored, the event triggering the period is the date on which the termination or other termination of the legal relationship takes effect.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

Competent supervisory authority: Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), Ludwig-Erhard-Str. 22, 20459 Hamburg; website: https://datenschutz-hamburg.de.

Provision of online services and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

Further information on processing procedures, methods, and services:

Use of cookies

The term "cookies" refers to functions that store information on users' end devices and read it from them . Cookies can also be used for various purposes, such as to ensure the functionality, security, and convenience of online offerings and to create analyses of visitor traffic. We use cookies in accordance with legal requirements. To this end, we obtain the consent of users in advance where necessary. If consent is not necessary, we rely on our legitimate interests. This applies if the storage and retrieval of information is essential in order to provide expressly requested content and functions. This includes, for example, the storage of settings and the ensuring of the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about their scope and which cookies are used.

Information on the legal basis for data protection: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: Withregard to the storage period, the following types of cookies are distinguished:

General information on revocation and objection (opt-out): Userscan revoke their consent at any time and also object to the processing in accordance with the legal requirements, including through their browser's privacy settings.

Registration, login, and user account

Users can create a user account. During registration, users are informed of the required mandatory information and this is processed for the purpose of providing the user account on the basis of contractual obligation fulfillment. The data processed includes, in particular, login information (user name, password, and email address).

When using our registration and login functions and the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and those of the users in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so.

Users can be informed by email about processes that are relevant to their user account, such as technical changes. Further information on processing processes, procedures, and services:

Further information on processing procedures, processes, and services:

Community functions

The community functions provided by us allow users to engage in conversations or otherwise interact with each other. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our terms and conditions and guidelines, and the rights of other users and third parties.

Further information on processing procedures, methods, and services:

Single sign-on

"Single sign-on" or "single sign-on login or authentication" refers to procedures that allow users to log in to our online offering using a user account with a single sign-on provider (e.g., a social network). The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose, or are already logged in with the single sign-on provider and confirm the single sign-on login via a button.

Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in under this user ID with the respective single sign-on provider and an ID that cannot be used by us for other purposes (so-called "user handle"). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, the data releases selected during authentication, and also on which data users have released in the privacy or other settings of their user account with the single sign-on provider. Depending on the single sign-on provider and the user's choice, this may be different data, but it is usually the email address and username. We cannot see the password entered during the single sign-on process with the single sign-on provider, nor do we store it.

Users are asked to note that the information we have stored about them can be automatically synchronized with their user account with the single sign-on provider, but that this is not always possible or actually happens. If, for example, users' email addresses change, they must change them manually in their user account with us .

We can use the single sign-on registration, if agreed with the users, within the scope of or prior to the performance of the contract, insofar as the users have been asked to do so within the scope of a consent and otherwise use it on the basis of our legitimate interests and the interests of the users in an effective and secure login system.

If users decide that they no longer wish to use the link to their user account with the single sign-on provider for the single sign-on procedure, they must remove this link within their user account with the single sign-on provider. If users wish to delete their data from our system, they must cancel their registration with us .

Further information on processing procedures, processes, and services:

Contact and inquiry management

When contacting us (e.g., by mail, contact form, email, telephone, or social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

Further information on processing procedures, methods, and services:

Web analysis, monitoring, and optimization

Web analysis (also known as "reach measurement") is used to evaluate visitor flows to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are most frequently used or invite reuse. It also enables us to understand which areas require optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored in a browser or on a terminal device and then read. The information collected includes, in particular, visited websites and elements used there, as well as The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have agreed to the collection of their location data by us or by the providers of the services we use , the processing of location data is also possible.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, web analysis, A/B testing, and optimization, no clear data of users (such as email addresses or names) is stored, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Information on legal bases: If we ask users for their consent to the use of third-party providers , the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Further information on processing procedures, methods, and services:

Current Data Processors (Key Services)

The following table lists key third-party services used for analytics, error monitoring, logging, and feedback processing, including the data processed and legal basis. Additional providers used for hosting, content delivery, and authentication are described in the relevant sections of this privacy policy.

Processor Purpose Data Collected Retention Lawful Basis
Umami Anonymous usage analytics Page views, device type, browser (no PII) 12 months Legitimate interest (Art. 6(1)(f))
Sentry Error tracking Error stack traces, browser and operating system details, IP address 90 days Legitimate interest (Art. 6(1)(f))
BetterStack Log aggregation & uptime monitoring Server logs, IP addresses 30 days Legitimate interest (Art. 6(1)(f))
GitHub Feedback via issue tracker Username, feedback content Until issue closed Legitimate interest (Art. 6(1)(f))

Management, organization, and support tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and providing our services. When selecting the third-party providers and their services, we comply with the legal requirements.

In this context, personal data may be processed and stored on the servers of third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their contents.

If users are referred to third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the privacy policies of the respective third-party providers.

Further information on processing procedures, methods, and services:

Changes and updates

We ask you to regularly review the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing we carry out make this necessary . We will inform you as soon as the changes require action on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to check the information before contacting them.

Definition of terms

This section provides an overview of the terms used in this privacy policy. Where the terms are defined by law, their legal definitions apply. The following explanations are primarily intended to aid understanding. Created with free Datenschutz-Generator.de by Dr. Thomas

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke