1. Controller
The controller is [GESCHÄFTSBEZEICHNUNG], [VOLLSTÄNDIGER_NAME], [STRASSE], [PLZ] [ORT], [LAND].
Contact: [E-MAIL] / [TELEFON].
Privacy
This template covers the main processing activities for the KEEP-THE-MOMENT website, web app, PWA and a later app-store launch.
Template notice
Template – final legal review recommended before production launch. Please replace the placeholders with final company data and obtain legal review before production launch.
The controller is [GESCHÄFTSBEZEICHNUNG], [VOLLSTÄNDIGER_NAME], [STRASSE], [PLZ] [ORT], [LAND].
Contact: [E-MAIL] / [TELEFON].
When the website or web app is accessed, technically necessary information may be processed in order to deliver content, maintain security and ensure system stability.
This may include in particular IP address, date and time of access, requested resources, browser information, operating system and referrer data.
If you create an account or sign in, KEEP-THE-MOMENT processes your email address, authentication data, profile language and the account information required for access.
The processing is required to provide your personal account, a protected dashboard and access to orders, memories and uploads.
If you upload content, KEEP-THE-MOMENT processes the original files as well as generated preview, app and print versions, together with file information such as resolution, size, format and upload time.
The content is processed, stored and displayed only to the extent necessary for contract performance, memory presentation, quality checks and preparation of personalised products.
In connection with orders, KEEP-THE-MOMENT processes order, package, delivery and communication data. Payment handling is carried out through the configured payment provider.
Processing may be necessary for contract fulfilment, fraud prevention, invoicing and documentation.
The website, web app, API endpoints and storage processes may be provided through [HOSTING_PROVIDER], Cloudflare R2 and, where applicable, Cloudflare.
Server logs may in particular contain IP address, access times, status codes, technical error messages and request-related metadata.
Local storage entries or technically necessary cookies may be used to remember your language setting and to keep essential site functions available.
Without these technical storage mechanisms, core parts of the website or web app may not function properly.
Optional analytics and tracking are currently not active by default. If [ANALYTICS_PROVIDER optional] or any other non-essential services are activated later, they should only be used after valid consent has been obtained.
Newsletter or marketing email communication is currently not an essential part of the service. If [NEWSLETTER_PROVIDER optional] or comparable tools are activated later, consent, documentation and withdrawal mechanisms should be implemented.
Personal data may be shared with processors and infrastructure providers to the extent necessary to operate the service.
Depending on the provider, processing in third countries, especially the United States, may occur. In such cases the transfer mechanism, for example adequacy decisions or standard contractual clauses, should be checked and documented before launch.
Personal data is retained only as long as required for the relevant purpose or as required by statutory retention obligations.
Account data, order information and uploaded content may in particular be retained while the account exists, contracts are being performed or legitimate interests such as documentation, security and legal defence continue to apply.
Data subjects have the right, to the extent provided by law, to access, rectify, erase, restrict processing, data portability and object to certain processing operations.
Where processing is based on consent, that consent may be withdrawn with effect for the future.
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection law.