Privacy Policy

1. Introduction

We, mix&match GmbH (hereinafter jointly referred to as “the company”, “we” or “us”) take the protection of your personal data seriously and would like to inform you about data protection in our company.

Under the EU General Data Protection Regulation (Regulation (EU) 2016/679; “GDPR”), there are obligations to ensure the protection of personal data of the data subject (hereinafter also “customer”, “user”, “you” or “data subject”).

Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (Art. 13 and 14 GDPR). With this declaration (“Data Protection Notice”), we inform you about the manner in which your personal data is processed by us.

Our privacy policy is modular. It consists of a general part for all processing of personal data and processing situations that come into play each time a website is called up (A. General) and a special part, the content of which relates in each case only to the processing situation specified there (B. Visit to websites).

2. General

Definitions

Following Art. 4 GDPR, this data protection notice is based on the following definitions:

• Personal data (Art. 4(1) GDPR): any information relating to an identified or identifiable natural person (“data subject”). Identifiability may exist directly or indirectly, including by reference to identifiers such as name, ID number, online identifier, location data, or factors specific to identity. The origin or form of information is irrelevant (photos, video or audio may contain personal data).
• Processing (Art. 4(2) GDPR): any operation performed on personal data, automated or not, including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, alignment, restriction, erasure, destruction, or change of purpose.
• Controller (Art. 4(7) GDPR): the person or entity which alone or jointly determines purposes and means of processing.
• Processor (Art. 4(8) GDPR): an entity processing personal data on behalf of the controller, under instructions (e.g. IT service provider). A processor is not a “third party”.
• Third party (Art. 4(10) GDPR): any entity other than the data subject, controller, processor, and persons authorised to process under their authority; includes other group entities.
• Consent (Art. 4(11) GDPR): freely given, specific, informed and unambiguous indication of wishes by statement or clear affirmative action.

Name and address of the controller

mix&match GmbH
Oranienstraße 183
10999 Berlin
Germany
Email: hello[at]getcheex.com

For further information, see our Privacy Policy: https://getcheex.com/privacy-policy/.

Contact details of the data protection officer

If you have questions, our data protection officer can be reached at:

advokIT data protection
Kopernikusstraße 24
10245 Berlin
Germany

Weißmann Data Protection GmbH
Riemenschneiderstraße 4
55543 Bad Kreuznach
Germany

Email: Privacy [at]advokit.de

Legal basis for data processing

Any processing of personal data is only allowed if it falls under one of the following justifications:

• Art. 6(1)(a) GDPR (consent)
• Art. 6(1)(b) GDPR (contract or pre-contractual measures)
• Art. 6(1)(c) GDPR (legal obligation)
• Art. 6(1)(d) GDPR (vital interests)
• Art. 6(1)(e) GDPR (public interest / official authority)
• Art. 6(1)(f) GDPR (legitimate interests), unless overridden by interests/rights of the data subject

A processing operation may be based on several legal bases.

General information on legal basis for this website

If you have consented, we process your data on the basis of Art. 6(1)(a) GDPR (and Art. 9(2)(a) GDPR if special categories of data are processed). If you consented to transfer to third countries, processing may also be based on Art. 49(1)(a) GDPR.

If you consented to cookies or access to information in your terminal device (e.g. device fingerprinting), processing is additionally based on Section 25(1) TTDSG. Consent can be revoked at any time.

If data is required to perform a contract or pre-contractual steps, processing is based on Art. 6(1)(b) GDPR. If required to fulfil a legal obligation, processing is based on Art. 6(1)(c) GDPR. Processing may also take place on the basis of legitimate