- Details of the Controller
- Information on the Types of Data Processed and Their Origin
- Processing Purposes & Legal Bases
- To Whom do we Transmit Your Data?
- Transmission to Countries Outside the EU or the EEA
- How long will my data be stored?
- Information on The Voluntary Nature of the Information
- Information About Your Rights
- Information About Your Right of Objection
We take appropriate organisational, contractual and technical measures to protect your data from unauthorised or unlawful processing and against accidental loss, destruction or damage.
Responsible for data processing is Ideawise Limited, Room 604, Alliance Building, 133 Connaught Road, Central Hong Kong, Hong Kong. Its representative is SmH ServiceCenter.de GmbH, P.O. Box: 20 04 34, 13514 Berlin.
Ideawise Limited is also meant when the terms “we” or “us” are used below. You can contact our data protection officer at:
Please note that we are a company based outside the European Economic Area (“EEA”). As far as you use our service and data is processed, these data are collected from within a so-called “third country”. Details can be found in section 5 below.
If we provide the Service for your use, we process personal data from various sources. This is data that we collect automatically – for example when you visit a website – as well as other data that you have additionally provided to us.
a. Types of Data That We Automatically Collect
When you visit our website, you submit technical information to our servers. Each time a page is accessed, access data is stored in a file, the so-called server log. The following data is stored:
Your IP address, the time, the status of your website visit (status means in this case whether the visit of the website was successful or not) as well as the request that your browser has made to the server to open the page, the amount of data transferred and the website from which you came to the requested page (referrer), as well as the product and version information of the browser used (user agent).
b. Types of Data You Transmit to Us
In addition to the data we receive from all website visitors, we also process additional data if users make this available, depending on how they use the Service. For instance, if you sign up to our ICO Update Newsletter, your e-mail address will be processed.
We process your data exclusively for the following defined purposes:
- To allow you and other users to use the Service and to ensure its functionality
- To continuously improve the service offer and to correct errors
- To detect and prevent fraud attempts
- To disclose your personal data to third parties if we are legally obliged to do so
- To assert legal claims and to defend against legal disputes
- To ensure IT security and operation of our systems
In doing so, we rely on various legal bases in accordance with the so-called General Data Protection Regulation, a European Union legal framework for the standardisation of data protection law (“GDPR” for short). We refer in detail to the following legal bases:
When you visit the website, you agree to our cookie guidelines and to the processing of your IP address in a cookie bar. If you have given your consent to the processing of personal data for specific purposes, this consent ensures the legality of such processing.
Accordingly, if we process your data, it is because you expressly allowed us to do so. Your consent is therefore the most important legal basis for the processing of your personal data by us. If you provide us with information about your religious or philosophical beliefs, we will process this data principally on the basis of your consent.
Safeguarding legitimate interests
Legal requirements or public interest
In addition, we are legally obliged to provide certain information to criminal prosecution in individual cases upon request.
We treat your personal data with care and confidentiality and will only pass them on to third parties to the extent described below and not beyond.
a. To Group Companies:
We transfer data to our affiliated companies, which form a group with us, within the framework of strict protection requirements. This is the case, for example, when you make sign up to the ICO Update Newsletter. We will then forward this request to our Community Management and Marketing team at Playamedia S.L.
b. To Third Parties & Cookies
In addition, we transmit data to external service providers that enable us to provide the Services. These include hosting providers and providers of analytics platforms. We require these service providers to comply with strict rules to ensure the security of your data when processing personal data on our behalf. Such processing is generally based on contractual regulations such as Data Processing Agreements or standard data protection clauses.
We use our own cookies (so-called “first-party cookies”) to analyze web traffic, tailor services to your needs and interests, measure the effectiveness of advertising campaigns and promote confidence in and security of the service. In addition, we use first-party cookies to distinguish the various users from each other and, in conjunction with the log files of our web server, to calculate the total number of people who visit the service. The web usage data collected in this way helps us to receive the necessary feedback to continuously improve the service.
Users can prevent the acceptance of first-party cookies by configuring their browser settings so that they do not accept cookies at all. However, if this setting is made, you may not be able to use certain current or future elements of our Service.
Google LLC is a privacy shield certified provider from the USA. Google Analytics is used to analyse the behaviour of users of our services. With the help of Google Drive we make documents available for visitors to view, such as the ICO Whitepaper. YouTube videos are embedded in our service in “enhanced privacy mode”. While no YouTube cookies are set by this particularly data protection-friendly type of embedding, calling up the pages nevertheless leads to a connection with YouTube and the DoubleClick network. A click on the video can trigger further data processing processes over which we no longer have any control. Here you find a resource to opt-out of Google Cookies. (https://tools.google.com/dlpage/gaoptout?hl=en)
This storage service (processing in the USA and Europe, Privacy-Shield certified) is used by us to store encrypted backups.
Cookies set by the Wordfence Security plugin are used to protect the site against malicious attacks. Wordfence only uses data about your visit and does not store personally identifiable information and therefore does not require user consent.
The ICO Update Newsletters will be sent via MailChimp, a privacy shield certified mail-order service based in the USA. MailChimp may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve their own services, e.g. for the technical optimization of delivery and display of newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to address them themselves or to pass the data on to third parties.
With this survey tool (location Spain, adequate level of data protection) we improve and maintain our community, through means of permanent feedback surveys, as well as regular quizzes, other types of surveys and evaluations. The type of information that is passed on to Typeform depends on the respective survey, and you also decide yourself what content your contribute to such activities.
We transmit data to authorities in the event of a legal obligation based on a request for information from the respective authority.
All servers of the Service are located in the EEA, hence initially your data does not leave the EEA technically, but the technical provision and processing of the data for the operation of the service takes place in the European Union.
However, when you submit data to us, it will be legally transferred to a country outside the EEA, as we have our registered office in the People’s Republic of China. In addition, our development company is also based in China, from where it has technical access to the servers in the European Union. According to the GDPR, China is a so-called “third country” in which an adequate level of data protection cannot be guaranteed in principle; there is no corresponding decision on adequacy and there are also no specific guarantees to compensate for this deficit. However, we have concluded strict Data Processing Agreements and standard contractual clauses that work towards a secure level of data protection. What do we mean with the information about China? It means that we may have to transmit data to government agencies there under less stringent conditions than is the case within the EEA. The legal hurdles to the protection of personal data in China are thus generally regarded as lower from a European point of view, as would also be the case for processing in Australia, Russia or India, for example.
6. How Long Will My Data Be Stored?
We process and store your personal data as long as it is necessary for the fulfilment of our contractual or legal obligations. Therefore, we store the data only as long as our contractual relationship with you exists and also after termination only, as far as the laws of the Federal Republic of Germany and the People’s Republic of China require this. If the data are no longer necessary for the fulfilment of such obligations, they will be regularly and promptly deleted, unless their further processing is necessary for the protection of legitimate interests or for the preservation of evidence within the framework of statute of limitations.
7. Information on The Voluntary Nature of the Information
You are not required by law to provide us with the above information. In principle, the relationship that you have entered into with us by agreeing to the Cookie Banner or by giving any other consent does not give rise to any obligation to provide this personal data. However, the transmission of automatically collected data is a basic prerequisite for using our Services. Furthermore, you may not be able to use the Services, or only to a limited extent, if you do not provide us with certain data or object to their use.
8. Information About Your Rights
You can assert the following rights:
- Your right to access to information under Article 15 GDPR,
- Your right to rectification under Article 16 GDPR,
- Your right to erasure under Article 17 GDPR,
- Your right to restriction of processing under Article 18 GDPR and
- Your right to data portability under Article 20 GDPR.
If you have any questions in this regard, please contact our customer service at:
You can revoke your consent to the processing of personal data at any time. However, this revocation will then only be effective for the future. Processing that took place before the revocation is not affected by this.
In addition, you have a right of appeal to the competent data protection supervisory authority.