Data Protection Declaration
The protection of your data has the highest priority!
Your data in the high-security data center
stashcat is provided through a high-security data center of net.DE AG in Hanover (Germany). In any case, your data will remain within the legal area of the EU, thus within the General Data Protection Regulation (GDPR). The data center has the highest standards for failure and access protection.
Solely secure communication
The communication between your browser and our server is bug proof due to secure SSL communication. Our software forces every communication to employ the bug proof SSL-version, you can recognize this by the https:// - identification in the address bar of your browser.
Information on data protection in accordance with GDPR
stashcat is an offer of heinekingmedia GmbH based in Hanover. At stashcat, the protection of personal data is taken very seriously and all relevant data protection regulations, in particular the regulations of the German Telemedia Act (TMG) and the basic data protection regulation (EU-GDPR) are considered. Below we would like to inform you about the type, scope and purpose of the processing of personal data within our online proposition and the websites, functions and contents connected with it, as well as external online presences. With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of General Data Protection Regulation (GDPR).
The provider of this website (hereinafter "provider") is responsible for data protection:
Hamburger Allee 2-4
Registry Court: Amtsgericht Hannover
Commercial Register Number: HRB 215710
The provider offers software (hereinafter “stashcat”) that can be accessed via the Internet (web application/desktop application/mobile applications for iOS and Android). If you have any questions about data protection, you can reach the provider via the following contact details:
Phone: +49 511 / 675 190
If you have any data protection concerns, please contact us while providing sufficient information to individualize your personality (e.g. name, e-mail address, name of your institution).
Categories of persons concerned
Visitors and users of the stashcat online proposition (hereinafter “users”)
Purpose of data processing
stashcat is a communication portal provided by heinekingmedia GmbH for your company/institution for communication and file exchange. The use of stashcat is exclusively possible for people for whom a user account was generated. Each user has an individual user account in stashcat, which is created centrally by the respective organization/institution. The individual user has the right to change the profile picture and to adjust the profile and privacy settings. Relevant personal data that we collect, process, store and use in regard with the operation of stashcat are: surname, first name, e-mail address, affiliation to an institution, profile picture.
stashcat contains (optional) features that can share information about your user behavior with other users on your stashcat instance. These include in particular:
Online status: Other users of your stashcat instance can see whether you are in “online” or “offline” status. As soon as you open stashcat and even if the desktop client is active in the background, you will be shown as “online”. As soon as you close the app or log out of the web client, your status changes to “offline”. There might be a small time delay in the change. Online status transmission can be disabled in the privacy settings, so no information about your online status is transmitted and the status is not displayed on the platform.
Read confirmation of messages: In channels and individual conversations, the other party can see whether you have read his/her message. The exact time will not be communicated under any circumstances. This feature can also be disabled in the privacy settings. This means that no data is transmitted as to whether the message was read or not.
Types of data processed / Obligation to provide data
You can visit our website and inform yourself without having to provide any personal information. During your visit on our website, you will basically remain anonymous. The connection data transmitted by your Internet browser each time you visit our website, such as the date, the length of stay or the name of your Internet service provider, will be used by us without any personal reference.
As soon as you log on to the stashcat online portal via our website and use the platform, the data listed above is collected, processed, used and stored. The input of this user data is voluntary and without obligation. You yourself decide which data you make available within the scope of using our online presence.
When using our online presence, you have the following rights with regard to personal data concerning you:
Legal basis of data processing
The personal data mentioned above are in accordance with the provisions of the EU’s General Data Protection Regulation (GDPR):
1. Obtaining consent (Article 6. par. 1 a GDPR)
The collection, processing, use and storage of data only takes place if the user has consented to this. By registering the user account, the user consents to the collection, processing, use and storage of data.
2. Fulfillment of contractual obligations (Article 6. par. 1 b GDPR)
Personal data is processed to provide the service as part of the operation of stashcat or to carry out measures at your request.
3. Compliance of our legal obligations (Article 6. par. 1 c GDPR)
4. Within the scope of the balancing of interests (Article 6. par. 1 f GDPR)
Data transmission to third parties
Data will only be transmitted to third parties as follows:
- stashcat is operated on servers of net.DE AG (Büttnerstraße 57, 30165 Hanover, Germany). net.DE AG provides the infrastructure, but does not access or process personal data.
- Anonymous transmission of the IP address to Google (www.google.com, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the use of Google Analytics (information see section below) and for the Google ReCaptcha to distinguish between input made by a human and by a bot or automated script.
Transparency for requesting personal data
When using stashcat, the user is informed about which data is required in individual cases. For example, if a user wants to create a user account in stashcat, stashcat will point out the personal information to be entered, in this case among other things, surname, first name and e-mail address.
Data transmission to third countries
Data are not transmitted to countries outside the EU or the EEA (so-called third countries) with the exception of the recipients mentioned above (see previous section).
How long is the data stored?
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained in relation with commercial or tax laws.
According to legal requirements in Germany, the storage is carried out in particular for 10 years in accordance with §§ 147 par. 1 AO, 257 par. 1 no. 1 and 4, par. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 par. 1 no. 2 and 3, par. 4 HGB (commercial letters).
Are cookies used?
A cookie is a small piece of information that is transmitted between your browser and an Internet server used to provide a website. Cookies are also transferred when you use this website. With the help of cookies your correct registration can be guaranteed and the use of stashcat is facilitated. Cookies are used to save your registration to our system. To use our offer, cookies must be activated in your browser. After the end of the browser session, most of the cookies we use are deleted from your hard disk (“session cookies”). The so-called “permanent cookies”, on the other hand, remain on your computer and enable us, for example, to recognize you as a specific user.
Technical and organizational measures for data security / contract for order data processing
The technical and organizational measures for data security are attached to our contract for order processing. The contract for order processing can be signed and downloaded directly in stashcat's administration console by the authorized representative of the respective organization.
Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including your IP address) is generally transmitted to and stored by Google on servers in the United States. This website uses Google Analytics with the additional function “anonymizeIP()”. This means that IP addresses are usually already shortened and processed shortened within member states of the European Union or in other signatory states to the Agreement on the European Economic Area in order to exclude a direct conclusion about the person. Only in exceptional cases will the IP address be transmitted in full length to a Google server in the USA and shortened there.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
With reCAPTCHA it should be checked whether the data entry on our websites (e.g. in a contact form) is done by a human being or by an automated program. For this reCAPTCHA analyzes the behavior of the web site visitor on the basis different characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis reCAPTCHA evaluates various information (e.g. IP address, time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.
Data processing is carried out on the basis of Art. 6 par. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his website offers against abusive automated spying and spam.
Information on your right to object under Article 21 of the EU General Data Protection Regulation (GDPR)
Right to object on a case-by-case basis: You have the right to object at any time on grounds arising from your particular situation to the processing of personal data concerning you, which is based on Article 6 par. 1 e GDPR (data processing in the public interest) and Article 6 par. 1 f GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 par. 4 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection implies deletion of the existing stashcat user account. Since stashcat stores and uses personal data exclusively on behalf of your company, please contact your company directly to assert the above rights.
Right of appeal to the competent supervisory authority
In the event of breaches of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based (based on German jurisdiction). A list of data protection officers and their contact details can be found at:
Links to other websites
Our online proposition may contain links that refer to pages of third parties. We have no influence on the content and design of the webpages of external providers. This data protection information does not apply in this respect.
Changes to this data protection declaration
The constant development of the Internet and the frequently associated amendments to the applicable legal norms make it necessary from time to time to adapt our data protection information. If this is the case, we will inform you about corresponding changes.
If you send us enquiries using the contact form, your details from the enquiry form, including the contact data you provided there, will be stored for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 par. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing processes carried out up to the revocation remains unaffected by the revocation.
The data entered by you into the contact form will remain with us until you request us to delete, revoke your consent for storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
If you would like to subscribe to the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the rightful owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use these data exclusively for the distribution of the requested information and do not pass these on to third parties.
The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Art. 6 par. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing processes already carried out remains unaffected by the revocation.
The data you provide us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the user area) remain unaffected by this.
Plugins and Tools
Our website uses plugins from Google's YouTube site. This website is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. Thereby, the YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 par. 1 lit. f GDPR.
Google Web Fonts
This site uses so-called web fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to Google's servers. This gives Google the knowledge that our website has been accessed via your IP address. The use of Google web fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 par. 1 lit. f GDPR.
If your browser does not support web fonts, a default font is used by your computer.
This page uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing representation of our online offers and of an easy find-ability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 par. 1 lit. f GDPR.
You can find more information on the handling of user data in Google's data protection declaration: https://www.google.de/intl/en/policies/privacy/.