Data Protection

1. Information on the collection of personal data

1.1 In the following, we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. In this way, we would like to inform you about our processing operations and at the same time fulfil our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

1.2 The controller pursuant to Art. 4 (7) GDPR is Jose Antonio de Leon Vilar II (see our legal notice).

1.3 For questions regarding data protection, you can contact our Data Protection Officer at: E-mail: info@drooky.io

1.4 When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. If the enquiry is assigned to a contract, we delete the data arising in this context after the contract expiry date, otherwise after the storage is no longer required, or restrict the processing if there are statutory retention obligations.

If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail below about the respective processes. In doing so, we also specify the defined criteria for the storage period.

2. Your rights

2.1 You have the following rights vis-ร -vis a controller with regard to your personal data:

2.2 You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

3. Processing of personal data when visiting our website

When using the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR:

4. Other functions and offers on our website

4.1 In addition to the purely informational use of our website, we offer various services that you can use if you are interested and use other common functions to analyse or market our offers, which are presented in more detail below. For this purpose, you must generally provide additional personal data or we process such additional data that we use to provide the respective services.The aforementioned data processing principles apply to all data processing purposes described here

4.2 In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are regularly monitored.

4.3 Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, contracts or similar services together with partners. Depending on the service, your data may also be collected by the partners on their own responsibility. You will receive more detailed information when you provide your data or below in the description of the respective offers.

4.4 If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

5. Processing of location data in the Drooky app

5.1 When you use the Drooky mobile application, we process your location data to connect you with 3D printing partners in your vicinity. This processing only occurs with your explicit consent, which you provide when first using the location features of our app.

5.2 The location data we process includes:

5.3 We use this location data exclusively for:

5.4 Your location data is processed in real-time and is not stored on our servers beyond the duration necessary to provide the service. Location history is retained for a maximum of 30 days for service improvement purposes and is then automatically deleted. You can withdraw your consent for location processing at any time in your device settings or within the app settings. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with ยง 23 TTDSG.

6. Processing of partner and printer data

6.1 If you register as a 3D printing partner on our platform, we process additional business-related data to facilitate the partnership and enable payment processing.

6.2 The partner data we process includes:

6.3 This data is processed for the following purposes:

6.4 Partner data is retained for the duration of the partnership agreement and for 10 years thereafter to comply with commercial and tax law retention requirements (ยง 257 HGB, ยง 147 AO). Bank account details are securely encrypted and processed only through our payment service providers (Stripe and PayPal) in compliance with PSD2 requirements. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. b GDPR (contract fulfillment) and lit. c GDPR (legal obligations).

7. Data retention periods

7.1 We store your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. The specific retention periods are:

7.2 After expiry of the retention periods, your data will be securely deleted or anonymized so that identification is no longer possible.

8. International data transfers

8.1 In the course of our data processing, data may be transferred to recipients in countries outside the European Economic Area (EEA), particularly to the USA. This primarily affects the following services:

8.2 For all international data transfers, we ensure an adequate level of data protection through:

8.3 You have the right to receive a copy of the safeguards we have implemented for international data transfers. Please contact our Data Protection Officer for more information.

9. Objection or revocation against the processing of your data

9.1 If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.

9.2 Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

9.3 Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. The best way to object to advertising is to contact us using the contact details given above.

10. Processing of data from your end devices ('Cookie Policy')

10.1 In addition to the data mentioned above, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical perspective (10.2) before going into more detail about your individual choices by describing technically necessary cookies (10.3) and cookies that you can voluntarily select or deselect (10.4).

10.2 Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below:

10.3 Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

10.4 Optional cookies if you give your consent: We only set various cookies with your consent, which you can select on your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyse and improve visits to our website, to make it easier for you to use our website via different browsers or end devices, to recognise you when you visit us again or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

11. Newsletter

11.1 You can subscribe to our newsletter, with which we inform you about our current interesting offers, in particular about the availability of our mobile apps, updates to our apps or other news, by giving your consent. The advertised goods and services are named in the declaration of consent.

11.2 We use the double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an email to the email address provided, in which we ask you to confirm that you are the owner of the email address provided and that you wish to receive the notifications. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

11.3 The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

11.4 You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter e-mail, by e-mail to info@drooky.io or by sending a message to the contact details given in the imprint.

11.5 In addition, you can also give your consent for us to evaluate your user behaviour when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the analyses, we link the data mentioned above [in ยง 3] and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on and infer your personal interests. We link this data to actions you have taken on our website. You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact method as described above. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail programme by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

12. Web tracking using Google Analytics

12.1 This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ('Google'). The purpose of our use of the tool is to enable us to analyse your user interactions on websites and in apps and to use the statistics and reports obtained to improve our offering and make it more interesting for you as a user.

12.2 We primarily record the interactions between you as a user of the website and our website using cookies, device/browser data, IP addresses and website or app activities. In Google Analytics, your IP addresses are also recorded to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the respective user originates (so-called 'IP location determination'). For your protection, however, we naturally use the anonymisation function ('IP masking'), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.

12.3 Google acts as a processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and undertakes to comply with the applicable data protection laws when transferring data internationally. We have also agreed so-called standard contractual clauses with Google, which serve to ensure an appropriate level of data protection in the third country.

12.4 The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time without this affecting the lawfulness of processing up to the point of withdrawal. In apps, you can reset the advertising ID in the Android or iOS settings. The easiest way to revoke your consent is via our Consent Manager or by installing the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/..

12.5 You can find more information on the scope of services provided by Google Analytics at marketingplatform.google.com/about/analytics/terms/en/. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google's privacy policy at www.google.de/intl/de/policies/privacy/.

13. Social Media

13.1 Use of social media plug-ins

We currently use the following social media plug-ins

These are only loaded if you have previously activated the function with your consent. We offer you the opportunity to interact with social networks and other users via the plug-ins. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent.

The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

The information collected is stored on the provider's servers, in the case of international providers also outside Europe. For these cases, the provider has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to maintain an appropriate level of data protection in the third country.

You can withdraw your consent at any time without this affecting the permissibility of processing up to the point of withdrawal. The easiest way to revoke your consent is via our Consent Manager or via the functions of the social media providers.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of these providers. There you will also find further information on your rights in this regard and setting options to protect your privacy.

13.2 Our presence on social networks

We have various presences

We use the technical platform and services of the providers for these information services. We would like to point out that you use our presence on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your end device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about the interaction with us.

The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own information, all of the aforementioned providers maintain an appropriate level of data protection that corresponds to that of the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies. We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user.

When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can be used to track how you have moved around the network. Buttons integrated into websites enable the platforms to record your visits to these websites and assign them to your respective profile. This data can be used to offer you customised content or advertising. If you wish to avoid this, you should log out or deactivate the 'stay logged in' function, delete the cookies on your device and restart your browser. As the provider of the information service, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for the processing of your data on the social media platform is Art. 6 para. 1 sentence 1 lit. f GDPR.

To exercise your rights as a data subject, you may contact us or the social media platform provider. If one party is not responsible for responding or must receive the information from the other party, we or the provider will forward your request to the appropriate partner. If you have any questions about profiling and the processing of your data when using the website, please contact the operator of the social media platform directly. If you have any questions about the processing of your interaction with us on our website, please write to the contact details provided above. What information the social media platform receives and how it is used is described by the providers in their privacy policies (see link in the table above). There you will also find information about contact options and advertising preferences.