1. Responsible body for data protection and data protection officer

The person responsible is:

JoeWP | Lisbon Office
Rua Correia Teles, 28 A
1350-100 – Lisbon
contact[at]joewp.com
Web: joewp.com

If you have any questions about data protection, please contact our data protection officer:

JoeWP | Lisbon Office
Rua Correia Teles, 28 A
1350-100 – Lisbon
contact[at]joewp.com
Web: joewp.com

2. Legal basis

The basis for the collection and processing of personal data is always the latest European law. You can find all of the following legal bases in the General Data Protection Regulation (GDPR). Depending on the purpose of the data collection, one or more of the following legal bases apply:
– Consent – Basis: Article 6 (1) (a) of the General Data Protection Regulation (GDPR). – Consent – Basis: Article 6 (1) (a) of the General Data Protection Regulation (GDPR). Consent can either be given in writing in the form of a declaration or with some other clear confirmatory action. Regardless of this, consent must always be voluntary! In addition, it must apply to a very specific case and clearly state that the data subject consents to the processing of their personal data. To do this, the data subject must be adequately informed and understand the consent.

– Necessity to fulfill the contract or to carry out preparatory measures – Basis: Article 6 Paragraph 1 lit. b GDPR. What is meant by this: The data is either required so that we can fulfill our contractual obligations towards you or we need the data to prepare a contract with you.
– Processing to fulfill legal obligations – Basis: Article 6 Paragraph 1 lit c GDPR. What is meant by this: We are required to process the data, e.g. due to a law or other (state / official) regulations.
– Processing to safeguard legitimate interests in accordance with Article 6 Paragraph 1 lit. f GDPR. What is meant by this: The processing of the data is necessary in order to safeguard legitimate interests on our part or third parties, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh this.

3. Rights of data subjects

You are the data subject when it comes to your personal data. You are therefore entitled to the following rights with regard to data processing by us – to the extent specified in the respective articles of the General Data Protection Regulation:
– Right to information according to Art. 15 GDPR
– Right to rectification in accordance with Art. 16 GDPR
– Right to erasure (“right to be forgotten”) in accordance with Art. 17 GDPR
– Right to restriction of processing in accordance with Art. 18 GDPR
– Right to data portability in accordance with Art. 20 GDPR
– the right of objection in accordance with Art. 21 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data Data violates the GDPR.

4. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.

5. Concrete data processing

5.1 Data processing on our website

5.1.1 Customer account / use of your email address

When you visit our website, our web server collects and stores the following data:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– content of the request (specific page)
– Access status / HTTP status code
– Amount of data transferred in each case
– Website from which the request comes so-called referrer
– Browser
– Operating system and its interface
– Language and version of the browser software
– screen resolution
– Unique device names (MAC addresses or, for mobile devices, the IMEI)

The IP address and the host name are only available to us in anonymized form in the log files. This data is not stored together with other personal data of the user.

Legal basis

The legal basis for processing the data is Art. 6 Para. 1 lit. f GDPR.
The legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR lies in the functionality of our website and its availability.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be saved for the duration of the session. The server on which our pages are hosted does not collect any personal data in the form of server log files (log files and access logs are deactivated by us).

Opposition and removal option

The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.

5.1.2 Customer account

You have the option of registering on our website and creating a customer account.

Legal basis

The legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR.

You give your consent by voluntarily creating a customer account.

Purpose of data processing

In order to protect your customer account against access by third parties, we save your user name and password. An evaluation of the data for marketing purposes does not take place in this context.

Duration of storage

We save your data as long as your customer account exists.

Opposition and removal option

You have the option to delete your customer account at any time.

5.1.3 Orders

Legal basis

The legal basis for processing the data is Art. 6 Para. 1 lit. b GDPR.

Purpose of data processing

In order to be able to deliver the order as requested, we save your contact data, your order and payment information. We can also use your e-mail address to inform you about your credit card that is about to expire, failed payments or for other reasons necessary for the execution of the contract.

Duration of storage

Orders are commercial letters that are subject to retention under commercial and tax law. The respective statutory retention period applies.

Opposition and removal option

A deletion can only take place if there is no legal retention period; in this case, however, the data will be blocked for other use.

5.1.4 Payment for your order

Your payment data will be transmitted to the corresponding payment service provider depending on the payment method you have selected. The payment service provider is responsible for your payment data. Information, in particular about the responsible office of the respective payment service provider, the contact details of the data protection officer of the payment service provider and the categories of personal data processed by the payment service providers, can be obtained from the following addresses:

– PayPal (Europe) S.à.r.l. et Cie., Luxembourg, data protection declaration: www.paypal.com/de/webapps/mpp/ua/privacy-full

5.2 Contacting JoeWP

Legal basis

The legal basis for processing the data is Art. 6 Para. 1 lit. f und ggfs. also lit. a GDPR. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

The legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR lies in answering a customer inquiry or answering a contact request on other topics

Opposition and removal option

A deletion can only take place if there is no legal retention period; in this case, however, the data will be blocked for other use.

6.0 Use of Jitsi Meet video conference

We do not save any information about you or your video chats – the nginx-based web server is configured so that it does not write any log files:

LOGS

access_log off;
error_log off;

Video chats
The open source software Jitsi Meet is used to transmit video and audio signals within video chats. On the basis of WebRTC, data or media streams are transmitted in encrypted form via Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). However, WebRTC does not (yet) offer the option of encrypting video chats with several people end-to-end. This means: the video chat is encrypted on the transport route or in the network, but on the video chat server that hosts Jitsi Meet, all data traffic is decrypted and can therefore be viewed by the operator.

As the operator, however, we do not save any information about you or the video chats. Nothing is logged or saved / recorded. If you do not have us as the operator, you also have the option of hosting your own Jitsi Meet instance.

Logfiles Video chat
Jitsi Meet is delivered with the logging level INFO as standard, Jitsi Meet is delivered with the logging level INFO as standard. In this mode, the video bridge records the IP addresses of the participants. Since we do not want to collect and save this information, we have set the logging level to WARNING.

nano /etc/jitsi/videobridge/logging.properties
.level=WARNING

STUN / TURN-Server
The STUN protocol recognizes clients that are e.g. are behind a router or firewall and have a NAT address. With the help of the STUN server, NAT clients can find out their public IP address and are then able to establish a direct communication link between (two) participants. In order to avoid the transmission of the IP address to external providers, the Jitsi instance uses a STUN / TURN server that is operated by us.

Legal notice

This privacy policy was drawn up on the basis of provisions of various legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this website, if not stated otherwise within this document.

Last updated: February 19, 2022