Privacy Policy
We take the protection of your data seriously and generally strive to collect and store as little data as possible. Nevertheless, a certain amount of storage and evaluation of user data is necessary to ensure and improve the operation of this website. In principle, it is possible to use this website without having to provide any personal data. There is also no assignment of data to a specific person – unless you tell us your name, for example, in an email, via one of our forms or as part of an order.
If you use any of the services offered on this website or purchase goods, this regularly also requires the collection, processing and storage of personal data, such as your name, address, email address or telephone number. This collection, processing and storage is generally based either on your previously obtained explicit consent or on a corresponding legal permission and on the basis of the regulations of the European General Data Protection Regulation and the local data protection laws.
We would like to inform you here about the type, scope and purpose of the data collected, processed, stored and used by us via this website, as well as about your existing rights in this context.
We use SSL transport encryption on this website. This ensures, among other things, the protection of confidential content, for example, when sending inquiries to us. You can see that the connection is actually encrypted in the address bar of your browser, which always begins with "https://" and confirms the existing transport encryption with a lock symbol.
1. Name and address of the responsible for the data processing
The person responsible in the sense of the General Data Protection Regulation and the other determinations under data protection law is:
Matthias Kittsteiner
Breitschwertstraße 21
70378 Stuttgart
Email Address: hey@epiph.yt
2. Definitions
The data protection law has specific terminology, which we also use in this privacy policy in accordance with the legal definitions of the European General Data Protection Regulation. Therefore, in this privacy policy the term:
"Personal data"
any information relating to an identified or identifiable natural person ("affected person");
"Affected person"
any identified or identifiable natural person whose personal data are processed; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
"Processing"
any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Restriction of processing"
the marking of stored personal data with the aim of limiting their future processing;
"Profiling"
any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location;
"Pseudonymization"
processing of personal data in such a way that the personal data can no longer be allocated to a specific affected person without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not allocated to an identified or identifiable natural person;
"File system"
any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally, or on a functional or geographic basis;
"responsible person for the processing"
the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;
"Order processor"
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible person;
"Recipient"
a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection regulations pursuant to the purposes of the processing;
"Third party"
a natural or legal person, public authority, agency or other body, other than the affected person, the responsible person, the order processor and the persons authorized to process the personal data under the direct responsibility of the responsible person or the order processor;
"Consent" of the affected person
any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the affected person signifies his or her agreement to personal data relating to him or her being processed;
"Violation of the protection of personal data"
a breach of security resulting in the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;
"cross-border processing"
a processing of personal data carried out in the context of the activities of establishments of a controller or an order processor in the Union in more than one Member State, where the controller or processor is established in more than one Member State, or a processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union but which has or is likely to have a significant effect on data subjects in more than one Member State;
"authoritative and reasoned objection"
an objection as to whether or not there is a breach of this regulation or whether the intended measure against the responsible person or the order processor is in compliance with this regulation, clearly indicating the scope of the risks posed by the draft decision in relation to the fundamental rights and freedoms of the affected persons and, where applicable, the free flow of personal data within the Union.
3. Legal basis for data processing
For processing operations where we obtain consent for a specific processing purpose, the processing is based on art. 6 para. 1 lit. a of the General Data Protection Regulation.
As far as the processing of personal data is necessary for the performance of a contract to which the affected person is a party (such as the delivery of goods or the provision of any other service or consideration) or for the performance of pre-contractual measures (such as inquiries about our products or services), the processing is based on art. 6 para. 1 lit. b of the General Data Protection Regulation.
As far as a processing of personal data is necessary due to a legal obligation affecting us, such as the fulfillment of tax obligations or commercial law retention requirements, the processing is based on art. 6 para. 1 lit. c of the General Data Protection Regulation.
As far as the processing of personal data should exceptionally be necessary in order to protect the vital interests of the affected person or another natural person, the processing would be performed on the basis of Art. 6 para. 1 lit. d of the General Data Protection Regulation.
The processing of personal data necessary for the purposes of a legitimate interest of our company or a third party is performed on the basis of art. 6 para. 1 lit. f of the General Data Protection Regulation, unless such interests are overridden by the interests or fundamental rights and freedoms of the affected person which require the protection of personal data. Such a legitimate interest also constitutes the conduct of our business for the benefit of the well-being of all our employees and our shareholders.
4. Log files
On our Internet server, as on other web servers, a log file is used. In this log file, data records are stored in which:
- the IP address you are using on the Internet and the Internet service provider you are using,
- date and time of each access to our website,
- the exact URL of the individual web page you are visiting
- the data you have requested from the server,
- general information about the web browser (in particular the browser type and version) and operating system used by you when accessing the website, as well as
- partly the website from which you came to our website (the so-called "referrer")
are being recorded. This information is required and used by us to
- deliver the correct web page,
- for statistic purposes,
- to further improve our website,
- permanently ensure the functionality and integrity of our information technology systems, including the prevention of danger in the event of attacks on our information technology systems, and
- in the event of an attack on our information technology systems to provide the necessary information to law enforcement authorities
We collect this data anonymously and store it separately from any personal data provided to us by an affected person for 7 days. The storage of the IP address is performed in a shortened and thus pseudonymized form.
5. Cookies and usage profiles
Within the scope of the legal regulations, we may
- to provide user-friendly services that would not be possible without the cookie setting,
- within our webshop to remember the articles you have put into the (virtual) shopping cart,
- for the purposes of advertising, market research and
- to improve our services and websites
evaluate usage profiles under a pseudonym, but only as far as you have not exercised your legal right to object to this use of your data. Some of our services require that we use so-called cookies.
Cookies are small amounts of data (text files) that your internet browser stores on your computer. Cookies can store information about your visit on our website, which allows us to recognize your browser and distinguish it from the browsers of other affected persons.
Most browsers are set to accept cookies by default. However, you can reconfigure your browser at any time so that it rejects cookies or asks for your confirmation beforehand. If you reject cookies, however, this may mean that not all offers and functions of this website will work or be usable for you without interruption.
6. Email
As far as you send us an email, the personal data voluntarily transmitted to us will be automatically stored and possibly processed for the purpose of processing or contacting you. This includes – as far as provided by you – in particular your name, your address or email address, your telephone number and any other information you provide voluntarily. As a matter of principle, we only use the personal data collected in this process to the extent necessary to process your requests and orders. A transfer of this data to third parties is not performed in any case, unless we would be legally obliged to do so.
7. Use of the comment function
As far as you leave a comment on one of our articles, the data collected will be stored. This includes the name you provide (which may also be a pseudonym), the email address you provide and the IP address you use for this activity.
The storage of this data, in particular also the IP address, is performed
- to protect us from spam
- for tracking purposes and for our protection in cases where comments are submitted that infringe third party rights or contain other illegal content.
A transfer of the personal data collected in this way to third parties will only be performed if it serves the legal defense of the responsible person or another of our employees or helpers, if it is necessary to protect our rights against an abusive use of our website or if we are legally obligated to do so.
If you do not agree with the collection of this data, do not use the comment function!
8. Embeds
9. Duration of storage, deletion and blocking of personal data
Personal data of the affected persons shall be processed or stored by the responsible person, unless other legal regulations apply, only for the period of time necessary to achieve the purpose of storage. Another determining criterion for the duration of the storage of personal data is the respective legal retention period.
After the purposes of storage no longer apply and existing legal storage periods have expired, the responsible person shall block or delete the personal data in accordance with the legal regulations and requirements, even without a corresponding request from the affected person.
10. Your rights as an affected person
Below we describe the rights that any person affected by the processing of personal data has against the responsible person.
If you wish to perceive any of these rights, you can contact the responsible person at any time. We recommend that you notify us of your request either in writing or by email at hey@epiph.yt.
Responsible person for data protection is:
Matthias Kittsteiner
Breitschwertstraße 21
70378 Stuttgart
Email Address: hey@epiph.yt
Any person affected by the processing of personal data shall have the following rights vis-à-vis the responsible person for the processing
- the right to confirmation,
i.e. the right to obtain confirmation from the responsible person as to whether personal data concerning them are being processed; - the right to information,
i.e. in case of processing of personal data, a right of access to such personal data and to the following information:- the purposes of processing;
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the responsible person, or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the affected person, any available information on the origin of the data
- the existence of automated decision-making, including profiling, pursuant to art. 22 para. 1 and 4 of the General Data Protection Regulation and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the affected person. (Note: We do not use profiling or other methods of automated decision making.)
- in case of transfer of personal data to a third country or to an international organization, the right to be informed of the appropriate safeguards pursuant to art. 46 of the General Data Protection Regulation in connection with the transfer;
- the right to provide
a copy of the personal data that are subject of the processing. For any additional copies requested by the affected person, the responsible person may charge a reasonable fee based on the administrative costs. If the affected person makes the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified by the affected person. This right to receive a copy shall not affect the rights and freedoms of other persons; - the right to correction
i.e. the right to obtain the rectification from the responsible person without delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the affected person has the right to request the completion of incomplete personal data – also by means of a supplementary declaration; - the right to deletion ("right to be forgotten")
i.e. the right to require the responsible person to delete personal data concerning them without undue delay, and the responsible person is obliged to delete personal data without undue delay if one of the following reasons applies:- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The affected person withdraws the consent on which the processing was based pursuant to art. 6 para. 1 lit. a or art. 9 para. 2 lit. a of the General Data Protection Regulation and there is no other legal basis for the processing.
- The affected person objects to the processing pursuant to art. 21 para. 1 of the General Data Protection Regulation and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to art. 21 para. 2 of the General Data Protection Regulation.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the responsible person is subject.
- The personal data have been collected in relation to information society services offered pursuant to art. 8 para. 1.
This does not apply as far as the processing is necessary- for the exercise of the right to freedom of expression and information
- for compliance with a legal obligation which requires processing under Union or Member State law to which the responsible person is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person
- for reasons of public interest in the area of public health pursuant to art. 9 para. 2 lit. h and i and art. 9 para. 3 of the General Data Protection Regulation
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to art. 89 para. 1 of the General Data Protection Regulation, as far as the said right is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or
- for the assertion, exercise or defense of legal claims.
- the right to limit the processing
i.e. the right of a person affected by the processing of personal data to obtain from the responsible person the erasure without delay of personal data concerning him or her, and the responsible person is obliged to erase personal data without delay if one of the following grounds applies:- the accuracy of the personal data is contested by the affected person for a period enabling the responsible person to verify the accuracy of the personal data,
- the processing is unlawful and the affected person objects to the erasure of the personal data and instead requests the restriction of the use of the personal data;
- the responsible person no longer needs the personal data for the purposes of processing, but the affected person needs them for the establishment, exercise or defense of legal claims; or
- the affected person has objected to the processing pursuant to art. 21 para. 1 of the General Data Protection Regulation, as long as it has not yet been determined whether the legitimate grounds of the responsible person override those of the affected person.
- the right to data portability
i.e. the right of the data subject affected by the processing of personal data to receive the personal data concerning him or her that he or she has provided to a responsible person in a structured, commonly used and machine-readable format, and he or she has the right to transmit such data to another responsible person without hindrance from the responsible person to whom the personal data have been provided, if- the processing is based on consent pursuant to art. 6 para. 1 lit. a or art. 9 para. 2 lit. a of the General Data Protection Regulation or on a contract pursuant to art. 6 para. 1 lit. b of the General Data Protection Regulation and
- the processing is performed with the aid of automated procedures.
When exercising his or her right to data portability, the affected person has the right to obtain that the personal data be transferred directly from one responsible person to another responsible person, as far as technically feasible. This right may not affect the rights and freedoms of other persons.
The exercise of this right to data portability shall be without prejudice to the right to deletion ("right to be forgotten"). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person.
the right to object,
i.e. the right of the person affected by the processing of personal data to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is performed on the basis of art. 6 para. 1 lit. e or f of the General Data Protection Regulation, including to any profiling based on those regulations. The responsible person shall no longer process the personal data unless he can demonstrate compelling legitimate reasons for the processing which override the interests, rights and freedoms of the affected person, or for the establishment, exercise or defense of legal claims.If personal data are processed for direct marketing purposes, the affected person has the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If the affected person objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
In connection with the use of information society services, notwithstanding Directive 2002/58/EC, the affected person may exercise his or her right to object by means of automated procedures using technical specifications.
The affected person has the right to object, for reasons relating to his or her particular situation, to the processing of personal data concerning him or her which is performed for scientific or historical research purposes, or for statistical purposes pursuant to para. 89 of the General Data Protection Regulation, unless the processing is necessary for the performance of a task carried out in the public interest.
- The right not to be subject to an automated decision on a case-by-case basis (including profiling) which produces legal effects vis-à-vis her or similarly significantly affects her.
This does not apply if the decision- is necessary for the conclusion or performance of a contract between the affected person and the responsible person,
- is permitted by legal provisions of the Union or the Member States to which the responsible person is subject, and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the affected person, or
- is performed with the explicit consent of the affected person.
In the cases mentioned in lit. a and c above, the responsible person shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which shall include, at least, the right to obtain the intervention of an affected person, to express his or her point of view and to contest the decision.
Automated decisions shall not be based on special categories of personal data unless the affected person has consented or the processing is necessary for reasons of substantial public interest on the basis of Union law or the law of a Member State which is proportionate to the aim pursued, respects the essence of the right to data protection and provides for adequate and specific measures to safeguard the fundamental rights and interests of the affected person.
11. PayPal Payment Gateway
PayPal is an online payment provider and is used to receive payments on our website. If you select PayPal to pay your order, you agree to send your personal data, which includes but is not restricted to name, address, email address and IP address, to PayPal in order to process the payment. The legal basis for the processing of the aforementioned data categories is Art. 6 (1) (b) of the European General Data Protection Regulation (GDPR).
The aggregation of the collected data in your PayPal Account is based solely on your consent, which you may submit or revoke on PayPal (Article 6, Section 1 of the GDPR).
For more information and privacy policy, read PayPal’s privacy policy here: https://www.paypal.com/webapps/mpp/ua/privacy-full
12. Stripe Payment Gateway
Stripe is an online payment provider and is used to receive payments on our website. If you select Stripe to pay your order, you agree to send your personal data, which includes but is not restricted to name, address, email address and IP address, to Stripe in order to process the payment. The legal basis for the processing of the aforementioned data categories is Art. 6 (1) (b) of the European General Data Protection Regulation (GDPR).
The aggregation of the collected data in your Stripe Account is based solely on your consent, which you may submit or revoke on Stripe (Article 6, Section 1 of the GDPR).
For more information and privacy policy, read Stripe’s privacy policy here: https://stripe.com/privacy