Privacy Policy

Preamble: This privacy policy applies to the website scorty.eu and all associated services of MADOX GmbH.

1. General

1.1 What are personal data

Personal data are information that can reveal or disclose the identity of the user. We adhere to the principle of data avoidance. The collection of personal data is avoided as far as possible.

1.2 Handling of personal data

Personal data are used exclusively for contract initiation, content design, execution or processing of the contractual relationship (Art. 6 para. 1 sentence 1 lit. b GDPR).

In addition, personal data are only processed to the extent that we have received your consent (Art. 6 para. 1 sentence 1 lit. a GDPR) or it concerns data whose processing is necessary for our legitimate interests and to the extent that the weighing shows that no overriding interests, fundamental rights or fundamental freedoms on your part are opposed (Art. 6 para. 1 sentence 1 lit. f GDPR).

We may use processors for the processing of your personal data, with whom we have concluded a contract for order processing in accordance with Art. 28 GDPR. Personal data are generally not passed on to third parties beyond these processors.

Only for contract fulfillment, data are passed on to commissioned service providers, insofar as this is necessary for the provision of the booked services. For processing payments, the payment data required for this are passed on to the commissioned and selected payment service provider.

The processing of your personal data takes place in the EU as well as in countries classified by the EU as safe or adequate. If the processing of personal data takes place in the USA, care is taken to ensure that the services we use are certified under the "Data Privacy Framework".

1.3 Usage data

When visiting the website, general technical information is collected. These are the IP address used, time, duration of visit, browser type and, if applicable, the referring page. These usage data are technically registered in a log file and can be used and stored for the purpose of statistical evaluation of this website. A connection of these usage data with your other personal data does not take place.

1.4 Duration of storage

We store your personal data after the termination of the purpose for which the data were collected only as long as this is required by legal (in particular tax and commercial law) regulations.

The following retention periods apply in particular:

2. Your Rights

2.1 Right to information

You can request information from us as to whether we process personal data from you and to the extent that this is the case, you have a right to information about this personal data and about the further information mentioned in Art. 15 GDPR.

2.2 Right to rectification

You have the right to rectification of incorrect personal data concerning you and can request the completion of incomplete personal data in accordance with Art. 16 GDPR.

2.3 Right to deletion

You have the right to demand from us that the personal data concerning you be deleted immediately. We are obliged to delete them immediately, in particular if one of the following reasons applies:

• Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing of your data was based, and there is no other legal basis for the processing.
• Your data were processed unlawfully.

The right to deletion does not exist insofar as your personal data are necessary for the assertion, exercise or defense of our legal claims.

2.4 Right to restriction of processing

You have the right to demand from us the restriction of the processing of your personal data if

• you dispute the accuracy of the data and we therefore check the accuracy,
• the processing is unlawful and you refuse deletion and instead request restriction of use,
• we no longer need the data, but you need them for the assertion, exercise or defense of legal claims,
• you have lodged an objection to the processing of your data, and it has not yet been determined whether our legitimate reasons outweigh your reasons.

2.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transmit these data to another controller without hindrance by us, provided that the processing is based on consent or a contract and the processing is carried out by us using automated procedures.

2.6 Right to withdraw and object

Insofar as the processing of your personal data is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you have the right to withdraw this consent at any time. The legality of the processing carried out on the basis of the consent until withdrawal is not affected.

Insofar as the processing of your personal data is based on Art. 6 para. 1 sentence 1 lit. e GDPR or Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. We will then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

2.7 General and right to lodge a complaint

The exercise of your above rights is generally free of charge for you. You have the right to contact the supervisory authority responsible for us directly in case of complaints.

3. Data Security

3.1 Data security

All data on our website are secured against loss, destruction, access, alteration and dissemination through technical and organizational measures. Access to your user account is only possible after entering your personal password. You should always treat your access information confidentially and close the browser window when you have finished communicating with us, especially if you use the computer together with others.

3.2 Sessions and Cookies

To operate our website, we use cookies or server-side sessions in which data can be stored. Cookies are small files that are placed on your hard drive by a website to automatically recognize you on your next visit.

We use different types of cookies on our website:

• Essential Cookies: These cookies are required for the basic functions of the website and cannot be disabled. The legal basis for this data processing is our legitimate interest in the error-free and functional operation of our website (Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with § 165 para. 3 TKG 2021).
• Analytics Cookies: These cookies help us understand how visitors interact with the website by collecting and reporting information anonymously. These cookies are only set with your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

You can adjust your cookie settings at any time via the cookie banner on our website or disable cookies in your browser settings. Please note that disabling cookies may impair the functionality of our website.

4. Third-Party Services

4.1 External Hosting

Our website is hosted by the following external service provider:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz

The (personal) data collected on this website are transmitted to the servers of the third-party provider mentioned above with server location in Germany (Nuremberg) and stored there, which may include, among other things,

• IP addresses,
• Contact data,
• Contract data,
• Date and time of the request,
• Time zone difference to Greenwich Mean Time,
• Content of the request,
• HTTP status code,
• Amount of data transferred,
• Website from which the request comes,
• Browser and operating system information
• and other data generated via a website.

The use of the hoster is for the purpose of contract fulfillment towards our potential and existing customers (Art. 6 para. 1 sentence 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 sentence 1 lit. f GDPR). The third-party provider mentioned above will only process your data to the extent necessary to fulfill the performance obligations and will follow our instructions regarding this data.

4.2 Google Analytics and Google Tag Manager

This website uses Google Analytics 4 and Google Tag Manager, web analytics services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses cookies and other tracking technologies to collect information about the use of this website and create reports on website activities. The information generated by the cookie about your use of this website (including your IP address) is usually transmitted to and stored on a Google server in the USA. Google is certified under the EU-US Data Privacy Framework.

We use Google Analytics in conjunction with Google Consent Mode Version 2. This ensures that the collection and processing of user data only takes place after your explicit consent. If consent is missing, no Google Analytics cookies are set and only a limited transmission of aggregated and anonymized data takes place to ensure functionality.

Google Tag Manager itself does not set cookies and does not collect personal data. It only serves to manage website tags. However, other tracking services that can set cookies can be integrated via Google Tag Manager.

The use of Google Analytics and Google Tag Manager is based exclusively on your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 165 para. 3 TKG 2021. You can withdraw your consent at any time with effect for the future by changing the cookie settings on our website.

The following cookies are set by Google Analytics:

• _ga: Used to distinguish visitors, sessions and campaign data (Duration: 2 years, Provider: Google Ireland Limited)
• _ga_*: Used to distinguish visitors (Duration: 2 years, Provider: Google Ireland Limited)

For more information about Google's data usage, please see Google's privacy policy: https://policies.google.com/privacy

4.3 Stripe Payment Processing

To process payments on our platform, we use the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland ("Stripe").

If you choose to pay via Stripe, your payment data (e.g. credit card number, card verification number, expiry date, cardholder name, billing address) are transmitted directly to Stripe and processed there. We do not store complete credit card data on our servers.

The transfer of your data to Stripe is based on Art. 6 para. 1 sentence 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in secure and efficient payment processing). Stripe is certified under the EU-US Data Privacy Framework and may transfer data to the USA.

Stripe processes the following data:

• Payment data (credit card number, expiry date, card verification number)
• Billing address
• Transaction data (amount, date, transaction number)
• Technical data (IP address, device information)

For more information about Stripe's data processing, please see Stripe's privacy policy: https://stripe.com/de/privacy

For more information about payment processing with Stripe Checkout: https://docs.stripe.com/payments/checkout

5. Special Notes on Platform Use

5.1 Registration and Profile Creation

Registration is required to use certain features of our platform. As part of the registration, we collect the following personal data:

• Personal information (name, age, gender)
• Contact information (email address, phone number)
• Profile information (photos, descriptions, preferences)
• Payment information (only for members with paid subscription)

The collection and processing of this data is for contract fulfillment in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. Members who subscribe to a paid subscription can create a public profile that is listed on the platform after review by our team.

5.2 Public Profiles

Profiles of members with active subscriptions are publicly displayed on our platform. These profiles can be viewed by other users. The publication is based on the contract between us and the member (Art. 6 para. 1 sentence 1 lit. b GDPR).

Members can edit, deactivate or completely delete their profile at any time.

5.3 Communication between Users

Communication and arrangement of meetings between users and members takes place outside our platform via external messenger services. We do not have access to this communication and do not process any data from these external communication channels.

5.4 Verification and Security

To ensure the security of our users, we conduct a verification process for all members who wish to create a public profile. As part of this review, we may request additional identity documents and information. The processing of this data is based on Art. 6 para. 1 sentence 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in platform security).

6. Contact

To contact us regarding data protection, please feel free to contact us using the following contact options. Controller within the meaning of the GDPR: