Responsible for the processing of your personal data:
Schönhauser Allee 163
Tel.: +49 (0)30-403 639 730
Amtsgericht Berlin-Charlottenburg HRB 192374 B
Data Protection Officer:
LuckyShot stands for data protection. The protection of our users’ data is our top priority. The rules of the German Federal Data Protection Act (BDSG) and the European Data Protection Regulation (GDPR) are observed and constantly monitored.
In the following, you will be informed about what kind of data is collected and for what purpose:
- Data transmission/data logging when visiting the website
When visiting the website, the web server automatically records log files that cannot be assigned to a specific person by us, but are considered personal data according to the DSGVO. This data includes, for example, the browser type and version, operating system used, referrer URL (the previously visited page), IP address of the requesting computer, access date and time of the server request and the client’s file request (file name and URL). This data is only collected pseudonymously for the purpose of statistical evaluation and is only stored for as long as is necessary for the stated purposes. Data is not passed on to third parties for commercial or non-commercial purposes. An exception to this is the transfer of data to third parties for the fulfilment of the requested services. The legal basis for the processing of this usage data is Article 6 (1) f) GDPR.
- Data processing within the framework of our app
If you want to use our app for iOS and other operating systems, it is necessary for you to register with a user account. You can provide us with further information (such as a profile picture or other profile details) in the app itself. We will only process this data to enable you to use the app in accordance with your preferences. Our legal basis for processing this app data is Article 6(1)(b) GDPR.
- Processing of personal data in general
Further personal data is only collected or processed if you provide this information voluntarily, e.g. in the context of an enquiry via e-mail or contact form. Unless there are necessary reasons in connection with a business transaction, you can revoke the previously granted permission to shop your personal data at any time with immediate effect in writing by sending an email to info(at)luckyshot.io. Your data will not be passed on to third parties unless this is required by law. Your data may be used for our own advertising purposes.
- Our legal bases
When processing your personal data, we rely on various legal bases in accordance with the GDPR, which we have already informed you about in the section concerning the respective data processing. In summary: For the processing of data within the scope of our service (i.e. our website and our app), Article 6(1)(b) of the GDPR applies, as we process this data in order to fulfil our contractual obligations with you. For the processing of usage data (also anonymised by Google Analytics or Sentry), we rely on Article 6(1)(f) of the GDPR, as we process this data in order to exercise our legitimate interests through reach measurement and web analytics regarding the improvement of our app and website.
- Your legal rights
You can assert the following rights against us within the scope of the GDPR with regard to your personal data: the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR. You also have the right to lodge a complaint with the competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). Furthermore, you can also revoke your consent to the processing of your personal data at any time. However, this revocation is only valid for the future. Processing that took place before the revocation remains unaffected.
Information about your right to object according to Article 21 of the GDPR: In addition to the rights already mentioned, you have the right to object at any time to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR (processing of data on the basis of a balance of interests) for reasons related to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
- Security of your data & transmission to third parties
Your personal data made available to us will be secured by taking all technical and organisational security measures in accordance with the latest state of the art so that they are inaccessible to unauthorised third parties. When sending very sensitive data or information, it is advisable to use the postal service, as complete data security cannot be guaranteed by e-mail. We will not pass on your data to third parties unless this is obligatory for us due to legal regulations or necessary to protect our legitimate interests (e.g. to a lawyer for the assertion or defence of legal claims). Otherwise, we only transmit personal data to our service providers, who are subject to strict contractual provisions to process personal data exclusively for the provision of their services to us and exclusively on our instructions. Our service providers primarily include our hosting providers. Our website is hosted by Heroku, a subsidiary of Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States (participating in the EU-US Privacy Shield) our app is hosted by Firebase, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (participating in the EU-US Privacy Shield).
- Adequate level of data protection for recipients abroad
Where our service providers are based abroad, i.e. outside the territory of the European Economic Area (EEA) (such as Google), we will nevertheless ensure an adequate level of data protection at all times by ensuring that either the EU’s model contracts for the transfer of data to other EU countries, as amended from time to time, are in place or that there are otherwise appropriate safeguards for an adequate level of data protection.
- Duration of storage
We process and store your personal data to the extent and for as long as necessary to fulfil our contractual or legal obligations. Therefore, we store your data as long as our contractual relationship with you exists and after termination only to the extent and for as long as required by the law of the Federal Republic of Germany. All other data will be deleted when you unsubscribe from us. If data is no longer required for the fulfilment of legal obligations (e.g. according to tax or commercial law), it is therefore regularly deleted, unless its further processing is necessary for the preservation of evidence or for the defence of legal claims against us.
- SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us, we use SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
- Google Analytics
- Google Cloud Platform
- Google Tag Manager
This website uses Google Tag Manager. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, Ireland. The Google Tag Manager does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. The use is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. You can find Google’s data protection information on this tool in Google’s data protection statement.
- Google Fonts
- Google Maps
- Online presence in social media
- Newsletter and notifications
We send newsletters, e-mails and other electronic notifications containing promotional information only with the consent of the recipient or with legal authorisation. The newsletters contain information about our offers and services. However, notifications sent in the context of contractual or business relationships are not considered advertising. This includes, for example, the sending of service e-mails with technical or organisational information within the scope of our service provision, notices of technical or legal changes or questions about our offers. Notifications of activities to which the customer has subscribed. So-called double opt-in e-mails sent within the framework of registration or subscription to a newsletter are also not advertising messages. These double opt-in emails invite users to confirm a registration or subscription. The double opt-in emails are necessary to verify that the registration was really made by the email owner. The first and last name details are used to personalise the newsletter. Consent to the storage of data, e-mail addresses and their use for sending the newsletter can be revoked at any time. The revocation can be made, for example, via an unsubscribe link in the newsletter or an e-mail to info(at)luckyshot.io with “Unsubscribe” in the subject line. The registrations for the newsletter are logged in order to be able to check the registration process in compliance with the legal requirements. For this purpose, the moment of registration and activation are recorded in particular.
- Amazon Web Services