Skip to main content

Privacy Information

General Information

We place a high value on the protection of personal data and comply with valid data protection regulations. In this privacy information you will find out which personal data we process, for what purposes and how you can update and delete your data. At no time will personal data be disclosed to third parties without your consent. The data processing on this website is done by Marco Schmidt.

Marco Schmidt, Normannenstr. 3, D-10367 Berlin
Tel: +49 (0)30 - 555779522
Email: info@wonos.com

What is personal data?

Personal data means any information relating to an identified or identifiable natural person. This includes information such as your real name, address, postal address and telephone number. Your IP address, email address, username, useragent, cookies and User-IDs are also included.

How do we collect your data?

On the one hand, your data is recorded by you telling them to us. This may be e.g. data that you enter in our contact form or specify when you create an account. Other data is collected automatically through our IT systems when you visit our website. These are above all technical information (for example Internet browser, operating system or time of the page request). The collection of this data takes place automatically as soon as you enter our website.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal information at any time and free of charge. You also have the right to request the correction, blocking or deletion of your data. You can contact us at any time regarding these rights and for further questions on data protection. Just use the contact form or the addresses specified in the Impressum.

Which external analysis tools are used?

We do not use any external analysis tools.

Which data will be passed on to third parties?

We do not intend to disclose the data we collect to third parties or to entities outside the EU. All data is processed on servers in the EU.

Will my data be used for profiling?

Your data will not be used for profiling. We do not create profiles of our users.

Which cookies are used?

No cookies are used, if you use our website without an account. A session cookie is required if you want to use an account. Optionally, you can use the Remember Me auto-login feature, which requires a Remember Me Cookie .


Data processing (with or without an account)

Server-Logfile

Intended Use: Detection and Prevention of Unauthorized Access (DDos, SPAM, Data Mining).
Basis for data processing: Article 6 (1) (f) GDPR, processing is necessary for the purposes of the legitimate interests pursued by the controller.
Retention period: After expiration of the specified retention period (7 days), this data will be deleted.

Description Retention period Example
IP address 7 days 192.168.111.1
Useragent 7 days Mozilla/5.0 (Windows NT 10.0; Win64) Gecko/20100101 Firefox/58.0
Referrer-URL 7 days https://www.google.com
Date and time of access 7 days 2018-05-01 15:57:57
Visited-URL 7 days /privacyinformation/

Contact form and email

If you contact us by contact form or by email, the contact information provided by you are stored with us for the purpose of processing the request and in the case of follow-up questions. We will not share this information without your consent.

The processing of the provided data from the contact form or the email is based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time. An informal message by email to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you provided in the contact form or email will remain with us, until you ask us for deletion, you revoke your consent or the purpose for data storage is omitted (for example, after completion of your request). Mandatory statutory provisions - especially retention periods - remain unaffected.


Data processing (with an account)

Successful registration of an account and its use

In addition to the data processing (with or without an account), the following additional data processed is required for registration of an account and its use. Registration is only successfully completed after a so-called double opt-in. For this purpose, an email will be sent to the specified email address and only after the visit of the activation link contained therein, the account is activated and the registration completed. Accounts without this activation can not be used and will be deleted automatically.

Intended Use: Access to the free members area, authentication of the user, internal identification of the user as well as account management (e.g., creating a new password)
Basis for data processing: Article 6 (1) (a) GDPR, the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Retention period: This personal data is stored indefinitely. Inactive accounts that have not been used for 366 days will be automatically and without additional request, with all associated data deleted. In addition, at any time an immediate deletion of the account and all related data can be requested free of charge. Just use the contact form or the addresses specified in the Impressum.

Description Retention period Example
UserID indefinitely 586
Username indefinitely ExampleUsername
Password indefinitely Passwordhash
Email address* indefinitely My@ExampleEmail.com
Session cookie** 12 hours d938bn8so6ftn7e8ib8892emg4

* Your email address will only be used to manage your account (for example, delivery of a new password). It is not used for sending newsletters, promotional emails or similar emails. That means you will not receive emails from us that you did not explicitly request.

** For continuous authentication, a so-called Session Cookie is required. The session cookie contains a temporary automatically generated ID and will be processed by your browser after a successful login. It is absolutely necessary to use your account. It has a maximum validity of 12 hours. The timeout will be reset every time a web page is loaded. It will only be saved for the duration of your session. This means that as soon as you close your browser, it will automatically be deleted. Your next successful login will create a new Session Cookie.

Optional cookie for automatic login (Remember Me)

This cookie is used to implement the so-called Remember Me feature. It is not necessary to use your account. It can be used on the login page by checking the field Remember Me.
Intended Use: Automatic login without reentering your username and password.
Basis for data processing: Article 6 (1) (a) GDPR, the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Retention period: The Remember Me Cookie is valid for 3 months. After expiration, the cookie will be deleted automatically by your browser. The cookie contains your username and a temporary auto-generated ID. You can invalidate all your Remember Me Cookies by using the logout function in the member area.

Description Retention period Example
reme 3 month ExampleUsername:|:x1234sadWa9zRh324MJHGHWV324seAP8DnsfasfYu

Additional Information

Password security

Passwords are never stored in a readable clear form. They are only stored as a hash value. The used hash function is Bcyrpt which was especially developed for hashing and saving of passwords (Wikipedia regarding Bcrypt).

SSL or TLS encryption

For security reasons, all websites can only be reached via an encrypted connection. You can recognize an encrypted connection by looking at the address bar of the browser. "http://" changes to "https://" and the lock icon in your browser bar.

Revoke your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by email to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit this data to another party. If you require the direct transfer of data to another person, this only happens if it is technically feasible.

Right of appeal to the competent supervisory authority

In the case of violations of data protection law, the person concerned has a right of appeal to the responsible supervisory authority. Responsible supervisory authority in data protection questions is the state data protection officer of the federal state in which our company is based (Berlin). A list of data protection officers and their contact details can be found on the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.