Version and change history
Version 1 – Released on May 1st, 2021
Responsible and contact
Responsible within the meaning of the General Data Protection Regulation (GDPR) §4 (7) is LocosLab GmbH. If you have any questions or comments about this statement, please contact us at:
What data is collected and for what purpose?
- Data that you give us: In order to use the functions of the Digitall-Pro applications for a certain club, you have to open a club-specific account. For this we ask you for your personal data, your email address, an account name and a secret password. We use the email address and your name to contact you and to offer you automatic functions, such as resetting your password via your email account. We use your account name and password to authorize access to your account. To prevent unauthorized access, you must keep your password secret. In addition, the Digitall-Pro applications allow you to manage your club membership. This includes, for example, the provision and updating of your personal data such as your address and bank details or the registration for events. The processing of the data is necessary for the implementation of the respective functions of the service and is carried out on the basis of GDPR §6 (a) with your consent.
- Data on the use of the service: Both the web application and the mobile application communicate with the service via the HTTPS protocol. With every interaction we save the connection and request data such as the time of the request, the current IP address of the requesting party, the retrieved URL and the parameters contained in the request as well as the duration and results of the request. The purpose of this recording is the (possibly subsequent) detection, analysis and fight against attacks by automatic mechanisms as well as the correction of program errors and the improvement of the function and performance of the service and the applications. Accordingly, the data is recorded in accordance with GDPR §6 (f) .
Where is the data stored and processed?
The data is currently stored and processed exclusively on servers in Germany.
Who will the data be passed on to?
- Your club: The data you provide via your club-specific account will be passed on to your club. The aim here is the efficient digital implementation of the processes in the club as well as the statistical evaluation of the member data by your club.
- Authorized bodies: If we are legally obliged (e.g. by a valid court order) to hand over data to an authorized body, we will pass on your data to such a body and inform you (if this is legally and technically possible) about the handover.
How long will the data be saved?
The storage period depends on the type and use of the data. Data on the use of the service is usually overwritten by regular rotation after a few days. This time can increase in individual cases (e.g. when analyzing past attacks). We keep data about your account and your club membership until it is no longer needed by your club.
Regardless of the type of data, we try to keep the storage time short. However, we strive to operate the service in a way that protects the data of all users from system failures and willful damage by third parties. That is why we use regular backups and delay irrevocable deletion processes for a certain period of time (usually a few days). Due to these measures, unused data or data released for deletion may not be deleted immediately by our computer and security systems.
What rights can be asserted?
Your rights are described in detail in Chapter 3 of the GDPR and your rights are not affected by this data protection declaration. Your rights include the
- Right to confirmation and information (GDPR §15), right to correction (GDPR §16) and right to deletion (GDPR §17): You have the right to free information about your stored personal data, origin at any time within the scope of the applicable legal provisions the data, its recipients and the purpose of the data processing and, if necessary, a right to correct, block or delete this data. In this regard, please contact the person responsible mentioned above.
- Right to restriction of processing (GDPR §18), right to object to processing (GDPR §21) and right to revoke data protection consent (GDPR §7): Some data processing operations are only possible with your express consent. A revocation of the consent already given is possible at any time. An informal notification by email is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
- Right to data transferability (GDPR §20): You have the right to have data that we process automatically handed over to you or to third parties. It is provided in a machine-readable format. Also note that you can export your data in CSV format yourself at any time via the web application. If you request the direct transfer of the data to another person responsible, this will only take place if this is technically feasible.
- Right to lodge a complaint with a supervisory authority (GDPR §77): As the person concerned, you have the right to lodge a complaint with the responsible supervisory authority in the event of a data protection violation. The responsible supervisory authority for data protection issues is the state data protection officer of the state of North Rhine-Westphalia. You can find the contact details of the data protection officer here .
If you have any questions, concerns or requests for information, please contact the person responsible mentioned above.
Information on online dispute resolution
According to Art. 14 Para. 1 ODR-VO (EU Regulation No. 524/2013), the EU Commission provides an internet platform for the online settlement of disputes (so-called “OS platform”). The OS platform serves as a point of contact for extrajudicial settlement of disputes. You can reach the OS platform via this link.