Version of July 3, 2018

Preliminary note

Sorry for the Google translation!

Almost everything that the current EU legislation wants was always a matter of course for me: that I do not do things with your data instead, that would be surprising and that I tell you exactly what I use the data that you communicated to me in the context of a contract to have. So far, however, I have not had a single request in 20 years. But law is law, so:

1. For website visitors and Dellekom customers

The EU, in its infinite wisdom, has issued a new "General Data Protection Regulation", which has been in force throughout the EU since 25.5.2018, unless national laws supplement, restrict or replace this basic regulation - which has not been done before. The basic data protection regulation can be read here. It contains only 99 items that you can immediately understand and use. But it also applies in addition to the Civil Code (BGB) which governs, inter alia, the Telemedia Act (TMG), the Law against Unfair Competition (UWG), in my case the Telecommunications Act (TKG), the Federal Data Protection Act (BDSG) and several running meter tax legislation. If you still miss your favorite law here, please let me know!

1.1. Warning

Should you have a problem, be it with us, the website or our offer, please let me know. I bring you great empathy, I can also learn something, no question: You can call me, mail, send mail but of anthrax broadcasts and formal warnings with attached "cost note" I urge you to refrain. My war chest is not only well filled, I'll tell you now: For you it may at first only look like a small legal finger exercise to extort money from me through the detour of a warning, for me it would be a great pleasure and an honor to pursue you possibly to the end of the world (of course always in the constitutionally appropriate distance of course!). I have been reprimanded twice because of a false nullity, once by a court-known address book cheater (that's why there is no blog), a second time by Gruner and Jahr (that's why there is no Vauban press archive anymore). Also because of the General Data Protection Regulation I have hired the volunteer website vauban.de, which I had set up and looked after for 20 years. Do not you dare to sign up for a charge! You will surely regret it.

1.2. Legal Basis

Article 13 of the GDPR obliges us to provide you with the legal basis. Unless the legal basis in the data protection declaration is mentioned, the following applies: "The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 DS-GVO, the legal basis for the processing for the performance of our services and the performance of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b DS-GVO, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c DS-GVO, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f DS-GMO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DS-GMO as legal basis. "

Now that was easy!

Remember, the next time you buy a knife, you will not hurt a living thing with it. To do this you commit yourself to visit this website, as well as to dance pogo in Lapland on a toilet seat.

1.3. Our data protection officer

The contact person for all data protection concerns is the company owner

Andreas Delleske
Walter-Gropius-Str. 22
79100 Freiburg

Tel .: 0761 4568330
Mail: post@dellekom.de

Do not be surprised if you do not get an answer, I have even in January 2018 want to clarify some questions relating to protocol file in telephone systems, they referred me only to the federal authority.

1.4. Your right to access, update, delete

Ever since its founding in 1998, you have had the right, at any time, from Dellekom, to request access to your personal data stored about you and to have the data corrected or deleted. This right is partially limited insofar as, for example, tax laws require that I retain all communications relating to an offer or a contract for at least 10 years, and in any event up to 10 years after the date on which a tax assessment for that year becomes final , This is of course a different day for each calendar year, so there is no exact time window to call it. A pending lawsuit would also hamper this deletion. In general, however, you can assume that after this time all your personal data will be deleted at Dellekom, including the backups (the word "data backup" DS_GVO does not even know). For the conclusion of the contract, data or data that I do not need to delete earlier due to other rules, of course, I delete at an earlier date. See the section Deletion periods in this document.

And because the previous section was certainly difficult to understand, here again in a very simple language:

1.5. Your right of withdrawal

You have the right to grant consent in accordance with. Article 7 paragraph 3 DS-GVO with effect for the future. I ask you as a visitor of the website to any consent, there is nothing to revoke. If you, as a Dellekom customer, object to the storage of the information I need to fulfill your order, it will only be worth your while. Interested parties who have come into contact with me without an offer or contract have been created can, of course, have their data deleted.

1.6. Your right to object

You may object to the processing of your data in accordance with Art. 21 of the GDPR at any time in the future, provided that no legitimate interests are opposed to me, as in the case of temporary storage of your IP address. This includes defending the site against password or system spying attacks, denial-of-service attacks, etc.

1.7. My duty to reduce data acquisition

According to the Federal Data Protection Act, a (praiseworthy) principle of data economy has been in force for some time: only data that is absolutely necessary for the provision of the service may be collected. Because I always adhere to this principle, I save if you are a customer with me, for example. no date of birth, do not ask Schufa information but convince me by inspection that you are older than 18 years, so contracted. I only save the data which you voluntarily give me as part of a customer relationship or as an interested party

1.8. Your IP address when visiting the website

Whenever you are on the Internet, the other party has to communicate with you, for example, where they should send back the retrieved page content: This is their so-called "IP address", a number that looks something like this: 10.200.30.40. Strictly speaking, this is usually not the address of your computer on your desk, but that of your Internet device in your home (the router).

For normal Internet users, this (external) IP address changes every night, sometimes several times in a connection when you're on the go.

But there are lawyers who believe in people who live alone and yet have a fixed IP address of their Internet company, can not be ruled out that the IP address is a "personal" date - and therefore particularly worthy of protection.

Normally, a server running a web page (as here) automatically creates a so-called log file, a log in which every access to the web page (but not to the server sent form data) is stored. This is no longer the case with the Dellekom since 23.5.2018. In order to best secure my website against attacks or spying, I first save each access with its IP address in a database.

Thus stored IP addresses are not stored unnecessarily long, each of these addresses an evaluation counter ( "Karma value"): For unsuccessful (page does not exist) and frequent requests (many per second or very persistent repeat visits, the so-called "scanning") this counter is counted up, as well as unsuccessful login attempts and other features about which I will make no information for security reasons. However, for every normal page access within the usual time span of a normal user, this value drops again. If a karma value for an IP address remains low in this sense, the IP address record will be deleted after a few days.

In short: If you use this page normally, your "data traces" are deleted after a few days - even if we have never used the data tracks for a reprehensible or even surprising purpose and would have.

Only in this way is it possible for me to slow down internationally active criminals who try to penetrate my technology or spy on user data day and night. If the karma value gets too high, the visitor will get an error message, if he ignores this error message he will be locked after a while. This lock can also be permanent.

1.9. Your right to anonymous use

Of course, the use of this website is anonymous for all visitors, whether they are now customers with the Dellekom or not. I do not even force you to agree to a cookie or the like.

1.10. Cookies (markers for recognizing browsers)

A cookie is usually a small, mostly random number or file that the server (in the example this website) tries to set in your browser. The idea is that during the subsequent page access your browser sends back the "cookie" to the server, so that the server does not lose track of different, simultaneously logged-in users (sessions). This will prevent you, for example, from reading other people's mails if several members of your family are logged in to the same website at the same time. So if you are logged in to any website, setting a cookie is essential.

Cookies are blocked in your browser by default and, if necessary, for each web address individually. This is how it has worked since 1994.

The EU legislator ignores this: he demands that we inform you about cookies before sending a cookie. So if you do not want a cookie and you do not know how to handle cookies, we could only remember your choice by setting a cookie in your browser to log your decision - absurd.

Most website owners "solve" this so that they overlay each page with a cookie warning until you click unnerved on "OK". Thus, the legislator urges you exactly to the behavior he pretends to want to protect you. I have always been an advocate of privacy and data economy, but with the current General Data Protection Regulation, the legislator provides the serious issue with Kafkaesque absurdity and stupidity. It looks as if the topic should be ridiculed, have the lobbyists once again prevailed?

Because we just do not want to push in one direction and the missing cookie enlightenment under German law (UWG) is abmahnfähig, we have no other choice than to append this text to each side - especially as the basic Regulation will overwrite the existing before its entry into force reasonable German practice.

Only if you are a registered user of this website, you should allow in your own interest this site to set a cookie in your browser. In the next few months, I will work to ensure that my "PHPSESSIONID" cookie is not set until you have successfully logged in.

11.1. Other types of tracking

Unlike many other websites, I have never used so-called flash cookies, pixel counts, or the more or less secretly espionage tools developed by the advertising industry. I also do not fingerprint your regular browser data.

We have never used any types of tracking (visitor tracking) or measuring visitor behavior and will continue to do so in the future, nowhere in our offering. We do not use Google Analytics, we do not show ads, Facebook pixels or like buttons, we do not even have a profile there.

1.12. Use by children

Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians, although we do not offer content that is harmful to minors

1.13. Your encrypted access (SSL) to this website

Your browser should show a green, small padlock on all the web pages you visit (please always use a current browser) in the top left corner next to the address bar of your browser. Often you will also see the text "https: //" in front of it , This means that your prior art browser has made sure that all communication between your browser and my server is encrypted and authenticated:

This site is set up to enforce encrypted communication with your browser. If you see a warning message from your browser, this is actually an indication that someone is trying to hook you into your communication with my web server. Unfortunately, some antivirus systems are notorious for such a violation of privacy or trust.

1.14. Encryption on the email transport route

As you can check here, we have set up a high level of security on the way of mail from and to you. However, since we can only influence the way from our devices to our mail server and the quality of our mail server, we can not guarantee that emails from you to the whole transponder will be encrypted according to the state of the art.

1.15. Technical measures to protect your data

We are better than the average. We are constantly educating ourselves, we exist since 1998. Therefore, your data is safe enough with us. If companies like Merck or the German Bundestag are not immune from attacks, what do you expect us to do?

2. For Dellekom customers

This chapter is only relevant for customers of Dellekom!

2.1. Your customer data and purpose of storage

We save at most the following personal data:

The purpose is exclusively the provision of services ordered by you as well as maintenance, possibilities of contacting in case of failure.

2.2. Our deletion deadlines

The deletion periods of your personal master and billing data are usually the result of the tax legislation: I am forced to keep all invoices, but also all communication about the initiation of contracts, ancillary agreements, etc. for at least 10 years after the final tax assessment for a tax year has happened. That can also be like 12 years. However, customers who have left as customers for over 365 days will no longer be displayed in the normal view of our database. They can only be reactivated by qualified personnel.

Your individual connection data, on the other hand, enjoy special protection: I delete them 80 days after the invoice has been sent. Complaints are only possible within this time span.

Unfortunately, I have the service which consists of pre-service providers incoming connection data using my telephone systems to check for correctness since 23.5. set. I will wait and see how the legal situation develops. See also section "Telecommunications data".

According to legal requirements in Germany, the storage takes place in particular for 6 years pursuant to § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, records , Management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).

2.3. Data processing by third parties

Your personal data is currently stored exclusively by a server, which is located in Freiburg and is not accessible via the Internet, as well as several data backups that are all but one in the same building.

This website, which currently contains no personal data (except when a visitor voluntarily uses the contact form), is located on a server in Germany, but may be located in another EU country in the future. I have concluded a contract processing contract with the pre-service provider in accordance with Article 28 (3) of the General Data Protection Regulation. This is visible to me if necessary.

My mail service is currently running on my pre-service provider "New Media Münnich" operated servers that are in Dresden and Fredersdorf. However, I have no insight on this server, neither on the contents of your mails nor on metadata, nor on log files.

2.4. Data processing on behalf of customers

Only insofar as you are a customer with me, it is possible that I pass personal data from you to pre-service providers, but only insofar as they are necessary for the provision of the service.

As a pre-service provider I use in this sense at the moment only the companies Easybell, Sipgate, Deutsche Telekom, a href = "https://www.all-inkl.com/"> New Media Münnich and Unitymedia, as well as for all payment transactions the GLS Bank Freiburg. In individual cases, you will be informed there about the transfer of your data before conclusion of the contract.

2.5. Data processing by our employees

If we use third parties to support, troubleshoot or generally cooperate with Dellekom, we will have them sign a confidentiality statement and the obligation to privacy in advance.

2.6. Our telephone directories

Until 23.5.2018 we have still for all projects we supervise project telephone directories issued. Unfortunately, we will have to discontinue this service until further notice, as we have not yet obtained any explicit one-offs for it. This should be made up in 2019.

2.7. Your telecommunications data

The Dellekom has for some years as a standard service individual connection data of telephone calls, which came from my pre-service providers, automatically and automatically checked for plausibility and they only put on the bill if they appeared through the telephone system comprehensible. In this way, I was able to collect evidence at least in a call-by-call provider that the provider is fraudulent by extending almost every connection by a random number of seconds in the billing (but never shortened). Of course, I have long changed the provider.

Due to the currently foreseeable hysteria and ignorance in the area I turn off all connection protocols in telephone systems to 24.5.2018 and delete all associated individual connection data.

Since individual connection data are particularly protected by the legislator, I will send you up to the clarification of the legal situation also no single connection proof by mail, however on other suitable way if you contact me with interest. Of course you still have the right to get these data from me free of charge, as far as they accrue to me.

I am already working on the fact that these individual connection data, if you wish, are to be downloaded encrypted online.

2.8. Postal and telecommunications secrecy and exceptions

Of course, for me, the secrecy of the postal and telecommunications secrecy is also protected by Article 10 of the Basic Law, (which does not prevent investigating authorities like the rest of the world from undermining it almost every year).

Therefore, I do not store any content or metadata of your internet communication - metadata (connection data) of your telephony - only in the narrow scope described under "Telecommunications Data".

Should I have to perform malfunctions or attacks in individual cases, I will be forced to divert and log customer data from the physically accessible communication for a limited period of time, up to the full copy. If there is no danger to life and limb or an extension of the danger must be remedied by immediate action, I will inform you beforehand at an appropriate time interval by means of email communication about the nature and scope of the measure, and afterwards about the end of the measure.

Of course, I assure in the context of this and my other work, complete discretion and delete the data completely after completion of the measure, possibly reduced to the pure evidence.

Should it be necessary or if I am called upon by the investigating authorities, I will share the data with them and / or switch on the police themselves.

3. Annex

3.1. What's wrong with privacy laws?

A few thousand years of history of law have so far revealed the following:

It prohibits actions that are dangerous, but good behavior is not defined by law: for example, it does not regulate which side of the plate the knife comes from, though it may be a meaningful convention shared by most in our culture. It also does not regulate the handling of a knife exactly, but murder and assault is criminalized.

Things that are not dangerous but meaningful are generally regulated by standards. That would have been a better way to approach privacy. The DS-GVO would have first had to be cast in a standard and would then have been discussed and further developed in a multi-year process at the universities and the public. In this way, almost all, even technical details of the Internet, have come about and seemingly with success. Each customer would then have been able to decide individually whether to trust a small self-employed person or whether he would like to comply with some standards. Of course, I would then have tried to follow reasonable standards or even to overachieve.

Not so suddenly at the data protection: Here since 25.5.2018 at once a certain good behavior is regulated in detail, instead of forbidding what is forbidden: Soe it is still possible today to bring together data stocks with which the visitor to a website or customer of a website does not expects. It is also possible to run automated facial recognition, the person concerned only has to be warned or blackmailed somewhere in the confusion of the privacy policy to agree.

I would have expected lawmakers to penalize the merging of tables from the customer's unknown or unexpected sources before the individual has precise knowledge of the type of data and the purpose of the merge.

I would have expected from the legislature that it criminalizes the mass face recognition and makes only a few dedicated exceptions.

Of course, I too am convinced of the general goal of data protection and data economy. It seems to have come out of a handcrafted very bad law. If living behavior continues to be coded, we are heading in the direction of a police state, a development that unfortunately I also see with concern.

3.2. Future improvements

What else is left to do?