The Ocean Package

Menu

Privacy Policy

Privacy Policy


Preamble


With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent in the context of providing our application.


The terms used are gender-neutral.


Last updated: March 23, 2023






Table of Contents


  • Preamble

  • Controller

  • Overview of Processing Activities

  • Applicable Legal Bases

  • Security Measures

  • Transfer of Personal Data

  • Data Processing in Third Countries

  • Deletion of Data

  • Use of Cookies

  • Provision of the Online Offer and Web Hosting

  • Contact and Inquiry Management

  • Amendments and Updates to the Privacy Policy

  • Rights of Data Subjects

  • Definitions





Controller


Philip Mayer
Auenstraße 74
80469 Munich
Germany


Authorized Representative:
Joshua Linn


Email:
[email protected]


Legal Notice (Imprint):
https://theoceanpackage.com/impressum






Overview of Processing Activities


The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.



Types of Data Processed


  • Contact data

  • Content data

  • Usage data

  • Meta, communication and procedural data


Categories of Data Subjects


  • Communication partners

  • Users


Purposes of Processing


  • Contact requests and communication

  • Security measures

  • Management and response to inquiries

  • Feedback

  • Provision of our online services and user-friendliness

  • IT infrastructure





Applicable Legal Bases


Below you will find an overview of the legal bases of the GDPR on which we process personal data.


Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence.



Contract performance and pre-contractual inquiries


(Art. 6(1)(b) GDPR)
Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.



Legitimate interests


(Art. 6(1)(f) GDPR)
Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject.


In Germany, additional national data protection regulations apply, particularly the Federal Data Protection Act (BDSG), which includes specific provisions regarding access rights, deletion rights, objection rights, processing of special categories of personal data, automated decision-making including profiling, and employment-related data processing (§ 26 BDSG).



Security Measures


We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.


These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, securing availability, and separation of data.


We have also established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data breaches. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.



TLS Encryption (https)


To protect your data transmitted via our online services, we use TLS encryption. You can recognize encrypted connections by the prefix “https://” in your browser’s address bar.






Transfer of Personal Data


In the course of processing personal data, it may occur that data is transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals.


Recipients of this data may include service providers entrusted with IT tasks or providers of services and content integrated into a website.


In such cases, we comply with legal requirements and conclude appropriate contracts or agreements with the recipients of your data to ensure its protection.






Data Processing in Third Countries


If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or disclosing/transferring data to other persons, entities, or companies, this will only occur in compliance with legal requirements.


Unless explicitly consented to or contractually or legally required, we only process data in third countries with:



  • A recognized adequate level of data protection

  • Contractual obligations through EU Standard Contractual Clauses

  • Certifications or binding internal data protection rules


(Art. 44–49 GDPR)


More information:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en






Deletion of Data


The data processed by us will be deleted in accordance with legal requirements as soon as the consent permitting processing is withdrawn or other permissions cease to apply (e.g., if the purpose of processing no longer applies or the data is no longer required).


If data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for other purposes.


For example, this applies to data that must be retained for commercial or tax law reasons or whose storage is required for the establishment, exercise, or defense of legal claims.






Use of Cookies


Cookies are small text files or other storage technologies that store information on end devices and read information from end devices.


They may be used for various purposes, such as:



  • Ensuring functionality and security

  • Improving user convenience

  • Creating analyses of visitor flows


Consent Notice


We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required.


Consent is not required when storing and reading information is strictly necessary to provide a telemedia service explicitly requested by the user (i.e., our online service).


Consent is clearly communicated and includes information about respective cookie usage.



Legal Bases for Processing Cookie Data


The legal basis for processing personal data using cookies depends on whether we request consent.



  • If users give consent, the legal basis is Art. 6(1)(a) GDPR.

  • Otherwise, cookie data is processed based on our legitimate interests (Art. 6(1)(f) GDPR), such as the economic operation and usability of our website.

  • If cookies are necessary to fulfill contractual obligations, processing is based on Art. 6(1)(b) GDPR.


The purposes for which cookies are processed are explained in this privacy policy or within our consent procedures.






Storage Duration


We distinguish between the following types of cookies:



Temporary Cookies (Session Cookies)


These are deleted at the latest when a user leaves the online service and closes their device (e.g., browser).



Permanent Cookies


These remain stored even after the device is closed. For example, login status or preferred content may be saved.


Unless otherwise specified, cookies may be stored for up to two years.






Withdrawal and Objection (Opt-Out)


Users may withdraw consent at any time and object to processing in accordance with Art. 21 GDPR.


Users may also object via browser settings (e.g., disabling cookies), although this may limit functionality.


Opt-out options for online marketing cookies:







Cookie Consent Management


We use a cookie consent management system in which user consent is obtained, managed, and can be withdrawn.


Consent declarations are stored to avoid repeated prompts and to provide proof of consent.


Storage may occur server-side and/or in a cookie (opt-in cookie).


Consent may be stored for up to two years and includes:



  • A pseudonymous user ID

  • Time of consent

  • Scope of consent

  • Browser, system, and device information





Provision of Our Online Services and Web Hosting


We process user data in order to provide our online services.


For this purpose, we process the user’s IP address, which is necessary to deliver website content and functionality.



Types of Data Processed


  • Usage data (visited pages, interest in content, access times)

  • Meta, communication, and procedural data (IP addresses, timestamps, consent status)


Data Subjects


  • Users (e.g., website visitors)


Purposes of Processing


  • Provision of online services

  • IT infrastructure

  • Security measures


Legal Basis


Legitimate interests (Art. 6(1)(f) GDPR)






Hosting


We use server space, computing capacity, and software from a hosting provider (web host) to provide our online services.


Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)






Collection of Access Data and Log Files


Access to our website is logged in so-called server log files.


These may include:



  • Website/file accessed

  • Date and time

  • Amount of data transferred

  • Browser type and version

  • Operating system

  • Referrer URL

  • IP address

  • Requesting provider


Log files are used for:



  • Security purposes (e.g., DDoS defense)

  • Ensuring server stability


Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)


Log files are stored for a maximum of 30 days and then deleted or anonymized.

GET IN TOUCH

Get In Touch - En