Data Privacy Statement

Your data in the high-security data centre
stashcat will be provided in a secure high-security data centre in Germany. Your data remain in any case in the jurisdiction of the EU Data Protection Regulation (GDPR). The data centre has the highest standards for failover and access protection.

Preamble
stashcat is an offer from stashcat GmbH based in Hanover. At stashcat, the protection of personal data is taken very seriously and all relevant data protection regulations, in particular the provisions of the Telemedia Act (TMG) and the Basic Data Protection Regulation (EU-GDPR) are observed. Below we would like to inform you about the nature, scope and purpose of the processing of personal data within our online portal. With regard to the terminology used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible for data protection is the provider of this offer (hereinafter referred to as the "Provider"):

stashcat GmbH
Hamburger Allee 2-4
30161 Hannover
Germany
Tel.: +49 (0)511/675190
hello@stashcat.com

For data protection concerns, please contact us by providing sufficient information in regards to you as a data subject (e.g. name, e-mail address, name of your institution).

I. The provider provides, via the Internet, (web application/desktop application/mobile applications for iOS and Android) accessible software (hereinafter "stashcat").

1. Categories of data subjects
Users of the stashcat communication platform (hereafter "users")

  • Management members (management users)
  • Employees/regular users (users)
  • Possibly guests who receive stashcat access (guests)

2. Description and scope of data processing
Stashcat is a communication portal provided by heinekingmedia GmbH for your company/institution for communication and file sharing. The use of stashcat is only possible for people who have been granted user access at stashcat.

3. Purpose of the data processing
Each user has their own user account in stashcat, which is initially created centrally by the organisation. The individual user has the right to change the profile picture and to adjust the profile and privacy settings. Relevant personal data that we collect, process, store and use in the context of using stashcat include:

  • Name
  • First name
  • E-mail address
  • Belonging to an institution
  • User role (Administrator, User, Guest)
  • Profile picture (optional)

stashcat includes (optional) features that can tell other users of your entity about your usage behaviour. These include in particular:

Online status: other users of your entity can see if your status is "online" or "offline". As soon as you open stashcat and even if the desktop client is running in the background, you will be marked as "online". As soon as you close the app or log out of the web client, your status will change to offline. This may result in a slight time delay. The transmission of the online status can be deactivated in the privacy settings, so that no data is transmitted about your online status and the status is not displayed on the platform.

Read message confirmation: in channels and single conversations, the caller can see if you have read their message. A transmission of the exact time does not take place in any case. This feature can also be disabled in the privacy settings. Therefore, no data is communicated as to whether the message has been read or not.

4. Legal basis for data processing
Insofar as we obtain the consent of the data subject for processing their personal data, Art. 6 Para. 1 a) of the EU General Data Protection Regulation (GDPR) serves as legal basis.

In processing personal data necessary for performance of a contract to which the data subject is a party, Art. 6 para. GDPR applies as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c of the GDPR applies as the legal basis.

In the event that vital interests of the data subject or another natural person require a processing of personal data, Art. 6 para. 1 d) of the GDPR applies as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f)  of the GDPR is applicable as a legal basis for processing.

5. Transfer of data to third parties
Transfer of data to third parties takes place only as follows:
stashcat is operated on servers of Mivitec GmbH (Wamslerstraße 4, 81829 Munich). Mivitec GmbH provides the infrastructure, does not access personal data and does not process it.

6. Transparency for requesting personal data
When using stashcat, the user is informed about which data is necessary in each individual case. For example, if a user wishes to create a user account in stashcat, stashcat will indicate the personal information to be submitted, in this case, inter alia, name, first name and email address.

7. Storage duration
The data processed by us will be deleted or their processing restricted in accordance with art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, the processing of the data will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

8. Right to file complaints with the regulatory authorities
If there has been a breach of data protection legislation, the data subject may file a complaint with the competent regulatory authorities. The responsible supervisory authority in regards to data protection is:

The state data protection officer of the federal state of Lower Saxony
Prinzenstraße 5
30159 Hannover,
Germany