Privacy Policy

We are pleased that you are interested in our organization. The protection of your Personal Data is particularly important to our management. As a rule, you can use our websites without disclosing any Personal Data to us. However, if you wish to use more specific services via our websites, including our other websites, applications and social media pages, we may have to process your Personal Data. If we wish to process data about you and we cannot rely on any other legal basis, we will always ask you for your Consent first (e.g., via a cookie banner).

We always comply with applicable data protection laws when handling your Personal Data (such as name, address, email or telephone number). With this Privacy Policy, we inform you about which data we process. This Privacy Policy also explains to you what rights you have as a Data Subject.

We have taken various technical and organizational measures to protect your data on our websites in the best possible way. Nevertheless, there are always risks on the internet and complete protection is not possible. For this reason, you can also transmit your Personal Data to us by other means, for example by telephone, if you prefer.

This Privacy Policy is not only intended to fulfill the obligations under GDPR and to comply with the law of the Member States of the European Union (EU) and the European Economic Area (EEA). This Privacy Policy is also intended to comply with legislation such as UK data protection laws (UK-GDPR), Swiss Federal Data Protection Act and Swiss Data Protection Ordinance (DSG, DSV), California Consumer Privacy Act (CCPA/CPRA), China's Personal Information Protection Law (PIPL), Delaware Personal Data Privacy Act (DPDPA), Tennessee Information Protection Act (TIPA), Minnesota Consumer Data Privacy Act (MCDPA), Iowa Act Relating to Consumer Data Protection (ICDPA), Maryland Online Data Privacy Act (MODPA), Nebraska Data Privacy Act (NDPA), New Hampshire Consumer Data Privacy Law (SB255), New Jersey Data Privacy Law (SB332), South Carolina Consumer Privacy Bill (House Bill 4696) and other global data protection regulations and shall be interpreted accordingly. The following Privacy Policy shall be interpreted for each country, state or federal state in such a way that the terms and legal bases used correspond to the terms and legal bases used in the respective state or federal state.

For reasons of better readability, the simultaneous use of the language forms male, female, diverse and other gender identities (m/f/d/other) is avoided on our websites, in publications, in communication and in our Privacy Policy. All formulations used apply equally to all genders.

In our Privacy Policy, we use special terms from various data protection laws. We want our statement to be easy to understand and therefore explain these terms in advance.

The following definitions shall be interpreted or expanded, as appropriate, based on the case law of the General Court of the European Union (EGC), the European Court of Justice (ECJ), the Swiss Federal Supreme Court (SFSC), the Supreme Court of the United Kingdom (UKSC) or on national data protection laws or national case law of a state or federal state, including but not limited to California, including case law, also under common law, if this is necessary for the application of the law in individual cases.

The Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and the European Economic Area, British data protection laws, Swiss data protection laws (DSG, DSV), Californian data protection law (CCPA/CPRA), Chinese data protection law (PIPL), as well as international laws and provisions with a data protection nature is:

RIVED
Berlin
eMail: info@rived.community
Website: https://www.rived.community/

Our websites collect a range of general data and information each time the websites are accessed by a Data Subject or an automated system. This general data and information are stored in the log files of the respective server. Among other things, the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our websites, sub-websites accessed, the date and time of access, IP address, internet service provider and other similar data and information used for security purposes can be recorded.

When using this general data and information, we generally do not draw any conclusions about the Data Subject. Rather, this information is required to correctly deliver website content, optimize website content and advertising, ensure long-term functionality and provide law enforcement authorities with information necessary for criminal prosecution in the event of a cyber-attack.

The purpose of processing is to avert danger and ensure IT security, as well as the aforementioned purposes. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is the protection of our information technology systems. The log files are deleted after the stated purposes have been achieved.

Our website contains information that enables quick electronic contact with our organisation as well as direct communication with us, which also includes a general email address and possibly a telephone number. If a Data Subject contacts us by email, via a contact form, via an input form or in any other way, the Personal Data transmitted by the Data Subject will be stored automatically. This Personal Data transmitted to us on a voluntary basis is processed for the purposes of usage or contacting the Data Subject.

We obtain your Consent for the transmission, storage and Processing of your contact data and inquiries and for contacting you in accordance with Art. 6 (1) (a) GDPR and Art. 49 (1) (1) (a) GDPR as follows:

We process and store Personal Data for the period required to achieve the purpose of processing or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject, or if a legal basis for the Processing exists.

If the purpose of processing no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, or if the legal basis for the Processing no longer applies, the Personal Data will be routinely restricted or deleted in accordance with the statutory provisions.

The general purpose of processing Personal Data is the handling of all activities relating to the Controller, customers, interested parties, business partners or other contractual or pre-contractual relationships between the aforementioned groups or legal obligations of the Controller. This general purpose applies if no more specific purposes for specific Processing are specified.

The categories of Personal Data that we process are customer data, prospective customer data, employee data (including applicant data) and supplier data. The categories of recipients of Personal Data are public bodies, external bodies, internal processing, intragroup processing and other bodies.

A list of our Processors and data recipients in third countries and, if applicable, international organizations is either published on our website or can be requested from us free of charge.

Art. 6 (1) (a) GDPR serves as the legal basis for Processing operations for which we obtain Consent for a specific Processing purpose. If Processing is necessary for the performance of a contract, Processing is based on Art. 6 (1) (b) GDPR. If we are subject to a legal obligation requiring Processing, Processing is based on Art. 6 (1) (c) GDPR.

In rare cases, Processing may be necessary to protect vital interests of the Data Subject or another natural person and is then based on Art. 6 (1) (d) GDPR. If Processing is necessary for a task carried out in the public interest or in the exercise of official authority, the legal basis is Art. 6 (1) (e) GDPR.

Ultimately, Processing operations could be based on Art. 6 (1) (f) GDPR where Processing is necessary for legitimate interests pursued by our organisation or a Third Party, except where overridden by the interests or fundamental rights and freedoms of the Data Subject.

If the Processing of Personal Data is based on Art. 6 (1) (f) GDPR and no more specific legitimate interests are stated, our legitimate interest is the performance of our business activities for the benefit of the well-being of our staff and our shareholders.

We may send you direct advertising about our own goods or services that are similar to the goods or services you have requested, commissioned or purchased. You may object to direct advertising at any time. Processing for direct marketing purposes is based on Art. 6 (1) (f) GDPR. The legitimate interest is direct marketing.

Our messages and newsletters may also constitute direct marketing communications within the meaning of Article 13(2) of EU Directive 2002/58 and national law resulting from the Directive, provided that legal requirements are met.

The criterion for the duration of the storage of Personal Data is the respective statutory retention period. If there is no statutory retention period, the criterion is the contractual or internal retention period. After this period has expired, the corresponding data is routinely deleted if it is no longer required to fulfill or initiate a contract.

We would like to inform you that the provision of Personal Data is partly required by law or may result from contractual obligations. Sometimes it may be necessary for a contract to be concluded for a Data Subject to provide us with Personal Data that must subsequently be processed by us. Failure to provide Personal Data could mean that the contract with the Data Subject could not be concluded.

As a responsible company, we do not normally use automated decision-making or Profiling. If, in exceptional cases, we carry out automated decision-making or Profiling, we will inform the Data Subject either separately or via a sub-item in our Privacy Policy.

Automated decision-making, including Profiling, may take place if necessary for contract conclusion or performance, permissible on the basis of Union or Member State legislation, or based on explicit Consent.

According to Art. 46 (1) GDPR, the Controller or Processor may only transfer Personal Data to a third country if appropriate safeguards are provided and enforceable rights and effective legal remedies are available to Data Subjects. Appropriate safeguards can be provided by standard contractual clauses without special approval from a supervisory authority.

The EU standard contractual clauses or other appropriate safeguards are agreed with recipients from third countries prior to the first transfer of Personal Data, or transfers are based on adequacy decisions.

In all cases where the European Commission, or a government or competent authority of another country, has decided that a third country ensures an adequate level of protection and/or a valid framework exists, transfers may be based on such frameworks or adequacy decisions.

As the Controller, we are obliged to inform the Data Subject of the existence of the right to lodge a complaint with a supervisory authority. According to Art. 77 (1) GDPR, every Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement.

IONOS is a web hosting and domain services company. As a provider in this area, IONOS provides the technical infrastructure for our online presence and related services such as email hosting, SSL certificates and data backup.

IONOS collects data about website traffic to ensure IT security and ward off attacks such as DDoS attacks. This information may include IP addresses, timestamps and pages accessed. The purpose is to provide and optimize hosting services, ensure network and information security and improve user-friendliness.

The company that operates the service and thus the recipient of personal data is: IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. The representative under national law in the United Kingdom is: IONOS Cloud Limited, 2 Cathedral Walk, The Forum, Gloucester, GL1 1AU, United Kingdom.

Processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the reliable and secure provision of our website and related services.

Further information and the applicable data protection provisions of IONOS SE can be found at https://www.ionos.de.

We inform our customers and business partners about offers and news at regular intervals by means of a newsletter. You are therefore given the opportunity to subscribe to our newsletter on our website. You can only receive our newsletter if you have a valid email address and have registered to receive the newsletter.

For legal reasons, a confirmation email is sent to the email address entered by a Data Subject for the first time for the newsletter using the double opt-in procedure. The legal basis for sending this double opt-in confirmation email is Art. 6 (1) (c) GDPR.

When registering for the newsletter, we also store the IP address assigned by the internet service provider at the time of registration, as well as the date and time of registration. This storage is necessary to trace possible misuse and serves as legal protection for the Controller.

We obtain your Consent for the transmission and storage of your email address for the subscription to our newsletter in accordance with Art. 6 (1) (a) GDPR and Art. 49 (1) (1) (a) GDPR as follows:

Your Consent to the Processing of Personal Data that you have given us for the storage of the email address for sending the newsletter can be revoked at any time. There is a corresponding link in every newsletter for revoking Consent. It is also possible to inform us of your wish to unsubscribe by other means.

The Personal Data collected when registering for the newsletter will be used exclusively to send our newsletter. By subscribing to our newsletter, you conclude a contract with us for the delivery of the newsletter, which is why Processing in connection with dispatch is based on Art. 6 (1) (b) GDPR. The contract can be terminated at any time.

ChatGPT is an advanced AI-driven platform that enables natural and informative conversations. This technology supports us in a wide range of applications, including customer service, education, content creation and much more.

When using ChatGPT, data such as text entered, questions and contextual information of the conversation are processed. This information enables the AI to generate relevant and personalized responses. The data collected is used to improve the model, increase response quality and create a better user experience.

The company that operates the service and thus the recipient of personal data is: OpenAI OpCo, LLC, 3180 18th Street, San Francisco, CA 94110, USA. For data subjects in the EU and EEA, OpenAI Ireland Limited, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, acts as contact and representative within the meaning of Art. 27 GDPR. The representative under national law in the United Kingdom is: OpenAI UK Ltd., Suite 1, 3rd Floor, 11-12 St. James's Square, London, SW1Y 4LB, United Kingdom.

Processing is based on Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in the development, improvement and provision of innovative services and in increasing economic efficiency.

The company that operates the service is based in a third country, namely the USA. Transfers to third countries may be based on the conclusion of Standard Contractual Clauses or other suitable or appropriate safeguards referred to in Art. 46 (2) GDPR.

Further information and the applicable data protection provisions of OpenAI can be found at https://openai.com.