Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also abbreviated as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Date: February 21, 2024

Table of Contents

Controller

Email address: datenschutz@nntp4.net
Legal Notice: https://www.nntp4.net/impressum.php

Overview of Processing

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected individuals.

Types of processed data

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of affected persons

  • Communication partners.
  • Users.

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Administration and response to inquiries.
  • Feedback.
  • Providing our online offering and user-friendliness.
  • Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR): The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection in Germany apply. This includes in particular the Federal Data Protection Act (BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and Swiss DPA: These data protection notices serve both to provide information under the Swiss Federal Data Protection Act (Swiss DPA) and under the General Data Protection Regulation (GDPR). For this reason, please note that due to the broader geographical application and comprehensibility, the terms of the GDPR are used. In particular, the terms "processing" of "personal data", "legitimate interest", and "special categories of data" used in the GDPR are used instead of the terms "processing" of "personal data", "overriding private interest", and "particularly sensitive personal data" used in the Swiss DPA. However, the legal meaning of the terms is still determined within the scope of the applicability of the Swiss DPA.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include in particular ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, availability, and separation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also take the protection of personal data into account in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

TLS/SSL encryption (https): To protect the data of users transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this only occurs in compliance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise secured, in particular by means of standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Art. 49 para. 1 GDPR). Furthermore, we will inform you about the basis of the third-country transfer for each provider from the third country, with adequacy decisions being the primary basis. Information on third-country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA within the framework of the adequacy decision of 10.07.2023 as safe. You can find the list of certified companies as well as further information on the DPF on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you within the scope of the data protection notices which service providers certified under the Data Privacy Framework we use.

Data Deletion

The data processed by us will be deleted or its processing restricted in accordance with legal requirements as soon as its storage is no longer necessary for the purposes for which it was processed, the consents given are revoked, or other permissions are revoked (e.g., if the purpose of processing this data has ceased to apply or it is no longer required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person. Our data protection notices may also contain further information on the storage and deletion of data that is primarily applicable to the respective processing.

Rights of Data Subjects

Rights of data subjects under the GDPR: As data subjects, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent given at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and other information and a copy of the data according to legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of personal data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request the immediate erasure of personal data concerning you or alternatively to request restriction of processing according to legal requirements.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request transmission to another controller in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and retrieve information from end devices, e.g., to store login status in a user account, shopping cart contents in an e-shop, accessed content, or used functions of an online offering. Cookies can also be used for various purposes, e.g., for the functionality, security, and convenience of online offerings as well as for creating analyses of visitor flows.

Consent Information: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless this is not legally required. Consent is not required, in particular, if storing and retrieving information, including cookies, is absolutely necessary to provide users with an online service expressly requested by them. Cookies that are absolutely necessary usually include cookies with functions related to the display and operability of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to providing the main and ancillary functions of the online offering requested by users. The revocable consent is clearly communicated to users and contains information about the respective cookie use.

Information on Data Protection Legal Bases: The legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if it is necessary for the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We will inform users about the purposes for which we process cookies during this privacy statement or as part of our consent and processing processes.

Storage Duration: With regard to storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
  • Persistent Cookies: Persistent cookies remain stored even after the end device is closed. For example, login status can be stored or preferred content can be displayed directly when the user revisits a website. Likewise, data collected using cookies can be used for audience measurement. If we do not provide explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.

General Information on Revocation and Objection (so-called "Opt-Out"): Users can revoke any consent given and object to processing in accordance with legal requirements at any time. To do so, users can, among other things, restrict the use of cookies in their browser settings (which may also limit the functionality of our online offering). Objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further Information on Processing Processes, Procedures, and Services:

  • Processing of Cookie Data Based on Consent: We use a consent management procedure: Procedure for obtaining, logging, managing, and revoking consents, in particular for the use of cookies and similar technologies for storing, retrieving, and processing information on users' end devices and their processing, referred to as processing and providers within the framework of the consent management procedure: Procedure for obtaining, logging, managing, and revoking consents, in particular for the use of cookies and similar technologies for storing, retrieving, and processing information on users' end devices and their processing. Here, consents of users regarding the use of cookies, or the processing referred to as processing and providers within the framework of the consent management procedure: Procedure for obtaining, logging, managing, and revoking consents, in particular for the use of cookies and similar technologies for storing, retrieving, and processing information on users' end devices and their processing, can be obtained and managed and revoked by users. The consent declaration is stored to avoid having to repeat the query and to be able to prove consent in accordance with legal obligations. Storage can be server-side and/or in a cookie (so-called opt-in cookie, or similar technologies) to be able to assign the consent to a user or their device. Subject to individual information about providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. For this purpose, a pseudonymous user identifier is created and stored together with the time of consent, information about the scope of consent (e.g., which categories of cookies and/or service providers), and the browser, system, and device used; Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Provision of the Online Offering and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

  • Processed Data Types: Usage Data (e.g., visited web pages, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Processes, Procedures, and Services:

  • Provision of Online Offering on Own/Dedicated Server Hardware: We use server hardware operated by us and the associated storage space, computing capacity, and software for the provision of our online offering; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, data volumes transferred, message about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and in the usual case, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid overloading servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the utilization and stability of servers; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidence purposes are excluded from deletion until the respective incident is finally clarified.
  • Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Providers: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.hetzner.com; Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz. Data Processing Agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Registration, Login, and User Account

Users can create a user account. As part of the registration, users are informed about the necessary mandatory information and processed for the purpose of providing the user account on the basis of contractual fulfillment. The processed data includes, in particular, login information (username, password, and an email address).

As part of using our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as those of users in protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed via email about transactions relevant to their user account, such as technical changes.

  • Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Content Data (e.g., entries in online forms); Meta, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Management and response to inquiries. Provision of our online offering and user-friendliness.
  • Legal Bases: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Processes, Procedures, and Services:

  • Registration with Pseudonyms: Users are allowed to use pseudonyms as usernames instead of real names; Legal Bases: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • User Profiles are Not Public: User profiles are not publicly visible and not accessible.
  • Two-Factor Authentication: Two-factor authentication provides an additional layer of security for your user account and ensures that only you can access your account, even if someone else knows your password. For this purpose, you must perform an additional authentication measure in addition to your password (e.g., entering a code sent to a mobile device). We will inform you about the procedure we use; Legal Bases: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). Reader data is processed for the purposes of the publication medium only to the extent necessary for its representation and communication between authors and readers or for security reasons. For further information on the processing of visitors to our publication medium, please refer to the information provided in this privacy policy.

  • Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Content Data (e.g., entries in online forms); Usage Data (e.g., visited web pages, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collection of feedback via online form). Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) and in the context of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to answer the contact inquiries and any requested measures.

  • Processed Data Types: Contact Data (e.g., email, phone numbers); Content Data (e.g., entries in online forms); Usage Data (e.g., visited web pages, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collection of feedback via online form). Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further Information on Processing Processes, Procedures, and Services:

  • Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to process the respective request; Legal Bases: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

The provided text seems to be a detailed privacy policy outlining the use of cookies, the provision of online services, registration processes, blogs, and contact management. It covers various aspects of data processing, including legal bases, types of data processed, affected persons, purposes of processing, and additional information on specific processes, procedures, and services.
It appears to comply with data protection regulations such as the General Data Protection Regulation (GDPR) by providing transparency about data processing activities, informing users about their rights, and specifying the legal basis for each processing activity.

Special Features of Using Usenet

Method of Storage within Usenet
The articles and posts published by the user via the access system (News Server) are automatically distributed to other servers via so-called news feeds. The operator of the access system has no control over which systems process the data after distribution via a news feed or where these systems are located, as Usenet is a decentralized network. Storage also occurs on systems outside the European Union.

Storage of Personal Data within Usenet
Posts and articles contain a so-called "Message Header" in which personal data is transmitted and stored,
which are visible on all systems where the article/post is stored.

These include the following:

  1. The name and email address of the user
    • Users have the option to use a pseudonym instead of their real name.
    • A placeholder can also be inserted by the user instead of the email address.
      For this purpose, ".invalid" is available as the domain name extension. (e.g., my@email.invalid)
  2. Publication timestamp (e.g., Mon, 19 Feb 2024 21:43:35 +0100)
  3. Hostname of the access system through which the article/post was published (e.g., news.nntp4.net)
  4. Signatures of the newsreader used by the user (e.g., X-Newsreader: Claws Mail 4.2.0)
  5. Unique Message-ID, used to uniquely identify articles and posts and to which further articles,
    posts, and replies can refer (e.g., uqtkxxxxxxxxxxx@news.nnpt4.net)
  6. IP address and user identifier of the user
    The IP address and user identifier of the user are encrypted and stored within the "Message Header"

Changing and revising data sent to Usenet
Revising an article or post directly in Usenet is not possible. The only way to revise an article or post is to compose a new version of the respective article or post and publish this revised version as a so-called "Superseed". However, there is no guarantee or warranty that a "Superseed" will be correctly executed by all systems, so it can be assumed that the original version of the article or post will remain, and the revised version will be published as a new article or post.

Right to erasure ("Right to be forgotten") according to Art. 17 of the GDPR in Usenet
Articles and posts published within Usenet can be deleted via a "CANCEL" control message, but it is to be assumed that the processing of such control messages is not implemented on every system.

Data archives within Usenet
Within Usenet, there are systems that permanently store published articles and posts for archiving purposes and are not domiciled in the European Union at the same time. On these systems, articles or posts cannot be deleted or revised.

Amendment and Update of the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to verify the information before contacting.

Created with the free Privacy Policy Generator from Dr. Thomas Schwenke and extensively supplemented by the operator.