Privacy Policy (Datenschutzerklärung)

Preamble

With the following Privacy Policy, we inform you which types of your personal data (hereinafter also referred to as “data”) we process, for which purposes and to what extent. This Privacy Policy applies to all processing of personal data in connection with our online offering freeshell.de (including subdomains) and external online presences (collectively the “Online Offering”).

Our offering freeshell.de is aimed at users who wish to use free Linux shell accounts and related services (e.g., web-based SSH, email, file storage, web hosting, database access, text collaboration). We operate this service privately and non-commercially (non-profit), without the intention of making a profit.

The terms used are not gender-specific.

Controller (Verantwortlicher)

Sebastian Krajenski
Sulzgrieser Str. 112
73733 Esslingen
Germany

E-mail: mail@krajenski.de
Telephone: +49-162-8741288

Overview of Processing

Types of Data Processed

  • Inventory data (e.g., names, addresses).
  • Payment data (e.g., bank details, payment history; donations only).
  • Contact data (e.g., email address, telephone number).
  • Content data (e.g., entered texts, uploads, emails).
  • Contract data (e.g., subject matter, term, user status).
  • Usage data (e.g., pages visited, access times).
  • Meta/communication data (e.g., IP address, device information).
  • Log data (e.g., login and access logs).

Categories of Data Subjects

  • Users/recipients of services (website visitors, account holders), interested parties, communication partners, supporters/donors, business and contractual partners.

Purposes of Processing

  • Performance of contractual services and fulfillment of contractual obligations.
  • Communication and handling of inquiries.
  • Security measures.
  • Office, organizational and administrative procedures.
  • Feedback.
  • Provision of our Online Offering and user-friendliness.
  • Information technology infrastructure.
  • Business processes and administrative procedures.
  • Consent (Art. 6(1)(a) GDPR).
  • Performance of a contract / pre-contractual measures (Art. 6(1)(b) GDPR).
  • Legal obligation (Art. 6(1)(c) GDPR).
  • Legitimate interests (Art. 6(1)(f) GDPR).

In addition, national provisions apply (in particular the German Federal Data Protection Act – BDSG). Where the Swiss Federal Act on Data Protection (Schweizer DSG) applies, we use the GDPR terminology for ease of understanding.

Security Measures

We implement appropriate technical and organizational measures (TOM) to ensure a level of security appropriate to the risk (including measures to safeguard confidentiality, integrity and availability through access, input, transfer and access controls, separation, procedures for data subject rights, erasure and incident response). We take data protection into account in the design of technology and through privacy-friendly default settings.

We secure our online connections with TLS/SSL encryption (HTTPS). You can recognize a secure connection by the “https://” prefix in the URL.

General Information on Storage and Deletion

We delete personal data in accordance with legal requirements as soon as the underlying consent is withdrawn or no other legal basis exists (in particular where the purpose no longer applies). Exceptions apply where statutory retention obligations or legitimate interests require longer storage. Data that must be retained for commercial or tax reasons or that are required for the establishment, exercise or defense of legal claims are archived accordingly.

If multiple deadlines are possible, the longest applies. Data retained solely for retention purposes are processed exclusively for these purposes.

Typical retention periods (DE):

  • 10 years – e.g., books/records, annual financial statements, inventories, management reports, opening balance sheet, organizational records (AO/HGB).
  • 8 years – e.g., accounting records/invoices.
  • 6 years – e.g., business correspondence and other relevant documents.
  • 3 years – data for asserting/defending claims (regular limitation period).

Rights of Data Subjects

  • Right to object: to processing pursuant to Art. 6(1)(e) or (f) GDPR (including profiling) as well as to direct marketing.
  • Right to withdraw consent: withdraw consent at any time with future effect.
  • Right of access, rectification, erasure/restriction, data portability in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority.

Business Services

We process data of our contractual and business partners (users, interested parties) within the framework of contractual or quasi-contractual relationships and related communication (before and during the contract). This includes in particular the provision of the agreed services (including shell access and related services), obligations to update, handling of disruptions, protection of our rights, and organizational tasks.

Data are disclosed only to the extent necessary for these purposes or due to legal obligations.

  • Data types: inventory, payment (donations), contact, contract data.
  • Purposes: performance of contract, communication, organization/administration, security.
  • Legal bases: Art. 6(1)(b), (c), (f) GDPR.
  • Storage/deletion: according to the section “General Information on Storage and Deletion”.

Donations & “Hall of Fame”: We process donations for handling and bookkeeping. A nominal acknowledgment (e.g., in a thank-you list) is made only with your consent; otherwise anonymously or without naming.

Provision of the Online Offering and Web Hosting

To deliver content we process, among other things, the IP address. Only technically necessary cookies are used (e.g., for logins/sessions). We do not use web analytics or tracking.

  • Server log files: Logging of access (pages/files retrieved, date/time, amount of data, status, browser/version, operating system, referrer URL, IP address, requesting provider). Purposes: operation, IT security (e.g., DDoS mitigation), stability. Storage: max. 30 days; longer retention only for evidence purposes until clarification.
  • Email sending/hosting: Sending, receiving and storage via the hoster’s infrastructure; processing of sender/recipient data, contents and technical transmission data; automated checks (spam/malware) may occur.
  • Hosting provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place.

Registration, Login and User Account

Users can create an account; mandatory fields are indicated during the process. During registration/login/use, we store the IP address and timestamps of actions to prevent misuse. Users may be informed by email about account-related events.

  • Data types: login information (username, password, email), log data (login/activity), where applicable content data within the services.
  • Profiles: not public; use under a pseudonym is possible.
  • Deletion: after termination, subject to statutory obligations/permissions.
  • Legal bases: Art. 6(1)(b), (f) GDPR.

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone), we process the information provided by the inquiring person to handle the request and, if applicable, to initiate/perform a contract.

  • Data types: inventory, contact, content, usage as well as meta/communication data.
  • Purposes: communication; organization/administration; where applicable, feedback.
  • Legal bases: Art. 6(1)(b) GDPR (contract-related), Art. 6(1)(f) GDPR (general communication).

Contact form: We process the data provided (e.g., name, email, message) solely to handle your request.

Spam Protection with reCAPTCHA

To protect our contact form and registration/login forms from misuse by automated programs (spam/bots), we use Google reCAPTCHA. This serves exclusively to distinguish whether an entry is made by a natural person.

  • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (and, for some services, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
  • Data processed: technical usage/metadata such as IP address, referrer URL, date/time, device and browser information, interaction data (e.g., mouse/keyboard activities), and—depending on the integration—cookies necessary for the service.
  • Purpose / legal basis: prevention of abuse and ensuring the availability and integrity of our services; legitimate interests (Art. 6(1)(f) GDPR).
  • Transfers: processing by Google; data may be processed outside the EU/EEA. Google states it applies appropriate safeguards (e.g., standard contractual clauses).
  • No advertising use: we integrate reCAPTCHA solely for security/spam protection, not for marketing.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

No Automated Individual Decision-Making

We do not use automated decision-making in individual cases (including profiling) within the meaning of Art. 22 GDPR.