Here is the translation of the privacy policy into English:

Privacy Policy

Last updated: 07 October 2024

The original version of these Terms of Use is from the German language. Translations may distort the meaning and may differ from the actual statements of the original version. The terms of the original version (German) apply.

General Information

In accordance with the legal provisions of data protection law (in particular the BDSG n.F. and the European General Data Protection Regulation “GDPR”), we hereby inform you about the type, scope, and purpose of the processing of personal data through our services. This privacy policy applies to our websites, services (the Discord bots “Task Manager#4550,” “Knowledge Manager#8167,” or “Calendar Manager#5911”), and social media profiles. For definitions of terms such as “personal data” or “processing,” we refer to Art. 4 GDPR.

Name and Contact Details of the Controller

Our controller (hereinafter “Controller”) within the meaning of Art. 4 No. 7 GDPR is:

Bnder UG (limited liability) Im Flath 12 38542 Leiferde Germany Phone: +49 511 45032009 Email: contact@bnder.net Website: https://www.bnder.net Registry Court: Local Court of Hildesheim Register Number: HRB 209373 Managing Director authorized to represent: Jan Brinkmann

Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or our services. We will inform you of significant changes on our website. The latest version is always available on our website.

Types of Data, Purposes of Processing, and Categories of Data Subjects

Below, we inform you about the type, scope, and purpose of the collection, processing, and use of personal data.

Types of Data We Process

IT usage data (IP address, device information, access times, visited websites, etc.)
Your Discord ID (an identification number unique across the Discord platform, which we cannot link to your person)
Data you provide through our services (individual task texts, project names, server settings, and other data you submit through interaction with our services)
Payment data (e.g., credit card numbers, bank details, transaction data)
Search queries and interactions with the search function (when using Algolia)

To optimize our services technically and economically, ensure easy access to our services, optimize and statistically evaluate our services, support commercial use of the services, improve user experience, and create statistics.
Your Discord ID is required to link your data to your Discord account. We do not collect personal data. All data is only linked to your account’s ID.
To enable you to use our services optimally and tailor them to your preferences.
To process payments and manage contracts (e.g., through Stripe).
To improve the search function and user experience by integrating Algolia.

Visitors/users of the website
Discord users who share a Discord server with one of our services
Customers who use Stripe for payment services
Users of the search function on our website

The data subjects are collectively referred to as “users.”

Use of Algolia

We use Algolia to provide a fast and relevant search function on our website. The following data is processed:

Search queries
Interactions with the search function
Usage data (e.g., IP address, device type, access times)

Algolia processes this data as a processor on our behalf and stores it on servers within the EU. For more information on data processing by Algolia, please refer to their privacy policy at https://www.algolia.com/policies/privacy.

Data Processing by Our Discord Bots

Our Discord bots process data to provide you with the full functionality of our services. All submitted data is stored securely on servers in the EU. Processing is automated and solely for the purpose of providing the bot functions. You can request the deletion of your data at any time by removing the bot from your server and sending us a request to our contact address.

Additionally, we use external service providers such as Cloudflare (for secure access to our services), Google Cloud (for hosting and data processing), and Algolia (for search functionality).

Payment Processing via Stripe

We use Stripe as a payment service provider to process payments for our paid services. When using Stripe, the payment information you provide (e.g., credit card numbers, bank details) is forwarded directly to Stripe and processed by them. We do not store payment data ourselves.

The processing of data by Stripe complies with applicable data protection regulations and is carried out solely for the purpose of processing payments. Stripe may transfer your data to the USA. To ensure an adequate level of data protection, Stripe uses standard contractual clauses and other measures recognized by data protection authorities.

For more information on data protection at Stripe, visit https://stripe.com/de/privacy.

Legal Basis for the Processing of Personal Data

We inform you about the legal basis for the processing of personal data as follows:

If we have obtained your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) GDPR serves as the legal basis. If the processing is necessary for the performance of a contract or for pre-contractual measures initiated by your request, Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis. If the processing is necessary to comply with a legal obligation to which we are subject (e.g., statutory retention obligations), Art. 6 para. 1 sentence 1 lit. c) GDPR serves as the legal basis. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d) GDPR serves as the legal basis. If processing is necessary for the purposes of legitimate interests pursued by us or a third party and your interests, fundamental rights, and freedoms do not override those interests, Art. 6 para. 1 sentence 1 lit. f) GDPR serves as the legal basis.

Disclosure of Personal Data to Third Parties and Processors

We only share personal data with third parties if it is necessary to fulfill our contractual obligations, if we are legally obligated to do so, or if there is a legitimate interest in sharing the data.

We use the following processors to process your data:

Google Cloud Platform: For hosting our website and services as well as for storing and processing data. Data is processed on servers within the EU. We have agreements with Google ensuring GDPR compliance.
Cloudflare: To secure access to our website and services and to defend against threats (e.g., DDoS attacks). We have a processing agreement with Cloudflare to ensure GDPR compliance.
Stripe: To process payments. Stripe processes your payment data and may transfer this data to countries outside the EU, particularly the USA. We have a processing agreement with Stripe to ensure GDPR compliance.

Data Transfers to Third Countries

Your personal data is generally processed within the European Union (EU). However, it is possible that through the use of Google Cloud, Cloudflare, and Stripe, data may be transferred to third countries (outside the EU).

In such cases, we ensure that your data is processed only in compliance with the special requirements outlined in Art. 44 ff. GDPR. This includes the use of standard contractual clauses or other suitable safeguards to ensure an adequate level of data protection.

Deletion of Data and Retention Period

Unless explicitly stated in this privacy policy, your personal data will be deleted or blocked once the purpose for storing it no longer applies, unless further retention is required for legal purposes or statutory retention obligations apply. For example, commercial retention obligations for business letters under Section 257(1) of the German Commercial Code (HGB) (6 years) and tax retention obligations for records under Section 147(1) of the German Tax Code (AO) (10 years). Once the prescribed retention period expires, your data will be deleted unless its continued storage is necessary for contract conclusion or fulfillment.

Your data will be specifically deleted when you no longer use our services. For our Discord bots, this means that the bot is no longer present on your server. Once this is detected and 30 days have passed since the last interaction with the Discord bot or related services, a request for data deletion will automatically be initiated. If you wish for immediate deletion of your data, please contact us via the contact details provided above. All data you have provided will then be irreversibly deleted. This includes your individual task texts, project data, and server settings.

Data Subject Rights

You have the following rights:

Right to Access: You have the right to request confirmation as to whether your personal data is being processed, to obtain information about that data, as well as additional details and a copy of the data, in accordance with Art. 15 GDPR.
Right to Rectification: In accordance with Art. 16 GDPR, you have the right to request the correction of inaccurate data or the completion of incomplete data.
Right to Erasure: In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data, or alternatively, in accordance with Art. 18 GDPR, to request a restriction on the processing of your data.
Right to Data Portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data you have provided to us and to request its transfer to another controller.
Right to Lodge a Complaint: In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the relevant supervisory authority.

Right to Object

Users can object to the processing of

their personal data at any time in accordance with the legal provisions. This includes, in particular, objections to processing for direct marketing purposes.

Contact for Data Protection Inquiries

For data protection inquiries, you can reach us at:

Email: contact@bnder.net Address: Im Flath 12, 38542 Leiferde, Germany