Sendlix

Privacy Policy

Last updated: 1.5.2024

1. Introduction

This Privacy Policy describes how Sendlix ("we", "us", or "our") collects, uses, and discloses your personal information when you visit our website sendlix.com (the "Service").

We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about this privacy policy or our practices with regard to your personal information, please contact us at info@sendlix.com.

This Privacy Policy applies to all information collected through our Service as well as any related services, sales, marketing, or events.

2. Data Controller

Sebastian Brunow
Badstraße 1
91220 Schnaittach
Germany
Email: info@sendlix.com
Phone: +49 1575 5971280

3. Information We Collect

3.1 Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Payment information (processed by our payment processor)
  • Usage data

3.2 Usage Data

We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

4. Legal Basis for Processing Personal Data Under GDPR

We process your personal data for the purposes set out in this Privacy Policy based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent to process your personal data for specific purposes.
  • Performance of a Contract (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
  • Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

5. Third-Party Services

5.1 Firebase

We use Google Firebase for hosting, authentication, and database services. Firebase processes personal data according to the Google Privacy Policy.

Types of data processed:

  • Authentication data (email addresses, passwords stored securely)
  • User identifiers
  • Usage information
  • IP addresses and other device information

Legal basis for processing: Performance of contract (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR).

Data protection measures: Standard Contractual Clauses for international data transfers. For more information, please visit: Firebase Privacy and Security and Google Privacy Policy.

5.2 Google reCAPTCHA

We use Google reCAPTCHA to protect our website from spam and abuse. reCAPTCHA works by collecting hardware and software information, such as device and application data, and sending it to Google for analysis.

Types of data processed:

  • IP address
  • Browser information
  • Cookies
  • Mouse movements and typing patterns
  • Information about your operating system
  • The date of your visit
  • The referrer URL

Legal basis for processing: Legitimate interests (Art. 6(1)(f) GDPR) to protect our website from abusive automated crawling and spam.

Data protection measures: Standard Contractual Clauses for international data transfers. For more information, please visit: Google Privacy Policy.

Opt-out: You may opt-out of Google reCAPTCHA by avoiding our login and contact forms, though this may limit your ability to use certain features of our Service.

5.3 Stripe

We use Stripe for payment processing. When you make a payment, your payment information is collected directly by Stripe and is subject to Stripe's privacy policy.

Types of data processed:

  • Payment card information
  • Billing information
  • Name
  • Email address
  • Billing address
  • Transaction information

Legal basis for processing: Performance of contract (Art. 6(1)(b) GDPR) and legal obligation (Art. 6(1)(c) GDPR).

Data protection measures: Stripe implements strong security measures and is PCI-DSS compliant. For international data transfers, Stripe relies on Standard Contractual Clauses. For more information, please visit: Stripe Privacy Policy.

5.4 Google Analytics

We use Google Analytics to analyze the use of our website. Google Analytics collects information through cookies about website usage.

Types of data processed:

  • IP address (anonymized through IP masking)
  • Browser type and version
  • Operating system
  • Referrer URL
  • Time and date of visits
  • Pages visited
  • Time spent on pages

Legal basis for processing: Consent (Art. 6(1)(a) GDPR) and legitimate interests (Art. 6(1)(f) GDPR).

Data protection measures: We have activated IP anonymization and disabled data sharing with Google where possible. For international data transfers, Google relies on Standard Contractual Clauses.

Opt-out: You can prevent the collection of data by Google Analytics by clicking on this link: Opt-out of Google Analytics. You can also control cookie preferences through your browser settings or our cookie consent tool.

5.5 Social Login Providers

We offer the option to sign in using your Google or GitHub account. When you choose this authentication method, we receive certain information from these providers.

5.5.1 Google Sign-In

Types of data processed:

  • Email address
  • Name
  • Profile picture
  • Google account ID

Legal basis for processing: Consent (Art. 6(1)(a) GDPR) and performance of contract (Art. 6(1)(b) GDPR).

Data protection measures: Standard Contractual Clauses for international data transfers. For more information, please visit: Google Privacy Policy.

5.5.2 GitHub Sign-In

Types of data processed:

  • Email address
  • Username
  • Profile information
  • GitHub account ID

Legal basis for processing: Consent (Art. 6(1)(a) GDPR) and performance of contract (Art. 6(1)(b) GDPR).

Data protection measures: Standard Contractual Clauses for international data transfers. For more information, please visit: GitHub Privacy Statement.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

Types of cookies we use:

  • Essential Cookies: Necessary for the functioning of the website (legal basis: legitimate interest).
  • Performance and Functionality Cookies: Help us enhance the performance and functionality of our Service (legal basis: consent).
  • Analytics and Customization Cookies: Help us understand how visitors interact with our Service (legal basis: consent).
  • Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed to deliver more relevant ads (legal basis: consent).

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

7. How We Use Your Information

We use the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To process transactions and prevent fraudulent transactions
  • To send you technical notices, updates, security alerts, and support and administrative messages

For each purpose, we rely on a specific legal basis as outlined in Section 4 of this policy.

8. International Data Transfers

Our operations are primarily based in [Your Country], but some of our service providers (including Google and Stripe) are based in countries outside the European Economic Area (EEA), particularly the United States. This means that when we process your personal data, it may be processed in countries that do not offer the same level of data protection as the country in which you reside.

Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards:

  • We use Standard Contractual Clauses approved by the European Commission
  • Where applicable, we rely on adequacy decisions from the European Commission
  • We implement appropriate technical and organizational measures to ensure the security of your data

9. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. Different retention periods apply for different types of data, taking into account:

  • The purposes for which we use your data and whether we can achieve those purposes through other means
  • Legal, accounting, or reporting requirements
  • The existence of ongoing or potential legal disputes

When personal data is no longer needed, we will securely delete or anonymize it.

10. Your Data Protection Rights

Under the GDPR, you have certain data protection rights, including:

  • Right to Access (Art. 15 GDPR): You can request copies of your personal data.
  • Right to Rectification (Art. 16 GDPR): You can request that we correct inaccurate or complete incomplete data.
  • Right to Erasure (Art. 17 GDPR): You can request that we erase your personal data in certain circumstances.
  • Right to Restrict Processing (Art. 18 GDPR): You can request that we restrict the processing of your personal data.
  • Right to Data Portability (Art. 20 GDPR): You can request the transfer of your data to another organization or directly to you.
  • Right to Object (Art. 21 GDPR): You can object to our processing of your personal data.
  • Rights Related to Automated Decision Making (Art. 22 GDPR): You can request human intervention in automated decision making.
  • Right to Withdraw Consent (Art. 7 GDPR): You can withdraw your consent at any time.

You will not have to pay a fee to exercise any of these rights, but we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive, or excessive. We may need to request specific information from you to help us confirm your identity for security purposes.

To exercise any of these rights, please contact us at [your contact email].

You also have the right to lodge a complaint with your local data protection authority.

11. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of sensitive data
  • Regular security assessments
  • Access controls and authentication procedures
  • Regular backups
  • Staff training on data protection

While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. No method of transmission over the Internet or method of electronic storage is 100% secure.

12. Children's Privacy

Our Service is not directed at children under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.