1. Responsible body for data protection and data protection officer

The person responsible is:

JoeWP | Lisbon Office
Rua Correia Teles, 28 A
1350-100 – Lisboa
contact[at]joewp.com
Web: joewp.com

If you have any questions about data protection, please contact our data protection officer:

JoeWP | Lisbon Office
Rua Correia Teles, 28 A
1350-100 – Lisboa
contact[at]joewp.com
Web: joewp.com

2. Legal basis

The basis for the collection and processing of personal data is always the latest European law. You can find all of the following legal bases in the General Data Protection Regulation (GDPR). Depending on the purpose of the data collection, one or more of the following legal bases apply:
– Consent – basis: Article 6 (1) (a) General Data Protection Regulation (GDPR). – Consent – Basis: Article 6 (1) (a) of the General Data Protection Regulation (GDPR). Consent can either be given in writing in the form of a declaration or with some other clear confirmatory action. Regardless of this, consent must always be voluntary! In addition, it must apply to a very specific case and clearly state that the data subject consents to the processing of their personal data. To do this, the data subject must be adequately informed and understand the consent.

– Necessity for the performance of the contract or the implementation of preparatory measures – basis: Article 6 (1) lit. b GDPR. What this means is that the data is either necessary for us to fulfil our contractual obligations towards you or we need the data to prepare for a contract with you.
– Processing for the fulfilment of legal obligations – basis: Article 6 (1) (c) GDPR. What is meant by this: We are required to process the data, e.g. on the basis of a law or other (state / official) regulations.
– Processing for the purposes of legitimate interests pursuant to Article 6(1)(a) f GDPR. What is meant by this: The processing of the data is necessary to protect our legitimate interests or those of third parties, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

3. Rights of data subjects

You are the data subject when it comes to your personal data. Therefore, you are entitled to the following rights with regard to data processing by us – to the extent specified in the respective articles of the General Data Protection Regulation:
– Right of access pursuant to Art. 15 GDPR
– Right to rectification pursuant to Art. 16 GDPR
– Right to erasure (“right to be forgotten”) in accordance with Art. 17 GDPR
– Right to restriction of processing in accordance with Art. 18 GDPR
– Right to data portability in accordance with Art. 20 GDPR
– the right to object in accordance with Art. 21 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data Data violates the GDPR.

4. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

5. Concrete data processing

5.1 Data processing on our website

5.1.1 Customer account / use of your email address

When you visit our website, the following data is collected and stored by our web server:
–IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request comes, so-called referrer
–Browser
– Operating system and its interface
– Language and version of the browser software
–Screen resolution
– unique device designations (MAC addresses or, in the case of mobile devices, the IMEI)

The IP address or host name is only available to us in anonymized form in the log files. This data is not stored together with other personal data of the user.

Legal basis

The legal basis for processing the data is Art. 6 Para. 1 lit. f GDPR.
The legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR lies in the functionality of our website and its availability.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. The server on which our pages are hosted does not collect any personal data in the form of server log files (log files and access logs are deactivated by us).

Opposition and removal option

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

5.1.2 Customer account

You have the option of registering on our website and creating a customer account.

Legal basis

The legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR.

You give your consent by voluntarily creating a customer account.

Purpose of data processing

In order to secure your customer account against access by third parties, we store your username and password. An evaluation of the data for marketing purposes does not take place in this context.

Duration of storage

We save your data as long as your customer account exists.

Opposition and removal option

You have the option to delete your customer account at any time.

5.1.3 Orders

Legal basis

The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

Purpose of data processing

In order to be able to deliver the order to you as requested, we store your contact details, your order and payment information. We may also use your email address to inform you about your upcoming credit card, failed payments, or for other reasons necessary for the purpose of performing the contract.

Duration of storage

According to commercial and tax law, orders are commercial letters that must be retained. The respective statutory retention period applies.

Opposition and removal option

A deletion can only take place if there is no legal retention period; in this case, however, the data will be blocked for other use.

5.1.4 Payment for your order

Your payment details will be transmitted to the relevant payment service provider depending on the payment method you have selected. The payment service provider is responsible for your payment data. Information in particular about the responsible body of the respective payment service provider, the contact details of the data protection officers of the payment service providers and the categories of personal data processed by the payment service providers can be obtained at the following addresses:

– PayPal (Europe) S.à.r.l. et Cie., Luxembourg, data protection declaration: www.paypal.com/de/webapps/mpp/ua/privacy-full

5.2 Contacting JoeWP

Legal basis

The legal basis for processing the data is Art. 6 Para. 1 lit. f und ggfs. also lit. a GDPR. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

The legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR consists of answering a customer inquiry or answering a contact request on other topics

Opposition and removal option

A deletion can only take place if there is no legal retention period; in this case, however, the data will be blocked for other use.

6.0 Use of Jitsi Meet video conference

We do not save any information about you or your video chats – the nginx-based web server is configured so that it does not write any log files:

LOGS

access_log off;
error_log off;

Video chats
The open-source software Jitsi Meet is used to transmit video and audio signals within the video chats. On the basis of WebRTC, data or media streams are transmitted in encrypted form via Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). However, WebRTC does not (yet) offer the option of encrypting video chats with several people end-to-end. This means: the video chat is encrypted on the transport route or in the network, but on the video chat server that hosts Jitsi Meet, all data traffic is decrypted and can therefore be viewed by the operator.

However, as the operator, we do not store any information about you or the video chats. Nothing is logged or stored / recorded. If you do not use us as the operator, you also have the option of hosting your own Jitsi Meet instance.

Logfiles Video Chat
By default, Jitsi Meet is delivered with the logging level INFO. In this mode, the video bridge records the IP addresses of the participants. Since we do not want to collect and save this information, we have set the logging level to WARNING.

nano /etc/jitsi/videobridge/logging.properties
.level=WARNING

STUN/TURN Server
The STUN protocol recognizes clients that are e.g. are behind a router or firewall and have a NAT address. With the help of the STUN server, NAT clients can find out their public IP address and are then able to establish a direct communication link between (two) participants. In order to avoid the transmission of the IP address to external providers, the Jitsi instance uses a STUN / TURN server that is operated by us.

Legal notice

This privacy policy was drawn up on the basis of provisions of various legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this website, if not stated otherwise within this document.

Last updated: 08 December 2022