Privacy policy

Controller: Martin Ostermann, Gewerbeparkring 1, 15517 Fürstenwalde/Spree, Germany, contact@ostrmn.com, +49 3361 3759978. By using this website and/or the services provided by the controller personal data is collected and processed.

Data subject: This is you.

Purposes of the processing

Art. 6 (1) b) GDPR - Steps at the request of the data subject prior to entering into a contract and performance of a contract: enquiring or using one of the services of the controller result in the processing of personal data, including but not limited to in the course of a possible exchange via email, invoicing, and processing of payments. Your data will be deleted without the need for a request as soon as said data is no longer required for the performance of the contract and no legal obligations the controller is subject to dictates otherwise, or a potential conclusion of the contract in the course of steps prior to entering into a contract is no longer sufficiently likely.

Art. 6 (1) c) GDPR - Legal obligations: the controller has the legal obligation to keep invoicing records for ten years, beginning from the end of the year of the invoice date. Invoices routinely include the name and the address of the data subject as well as the services ordered by the data subject. Furthermore, there may exist less foreseeable legal obligations not specifically mentioned in this policy.

Art. 6 (1) f) GDPR - Legitimate interests: to ensure the proper functioning of the website and the services provided by the controller as well as to counter technical attacks server logs as well as lab environment access logs are being retained. Website server log retention defaults to two weeks. Server log retention in the context of using the services provided by the controller defaults to two weeks after the use of said services has ended. For secure access to a lab environment the subject has to provide an SSH public key conforming to the controller's technical specifications; secure access to the lab environment requires to place said key within the lab environment for as long as the lab environment is being used.

Server log example:

192.0.2.123 [08/Jun/1949:02:58:09 +0100] - 318 200 "https://example.ostrmn.com/ GET /favicon.ico HTTP/1.1 -" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" HTTP/1.1 0.000

A server log entry contains the following data originating from the activities of the data subject:

• IP address of the request
• Date and time of the request including the offset from Greenwich Mean Time
• Amount of bytes transmitted
• HTTP status code
• Requested content
• HTTP methode and HTTP version
• Browser information including information of the platform running the browser from the perspective of the server
• Request processing duration

Lab environment access log example:

Jun 08 19:58:00 yourlabenv sshd-session[12345]: Connection from 192.0.2.123 port 1234 on 192.0.2.12 port 4321

A lab environment access log entry contains the following data originating from the activities of the data subject:

• IP address and port number of the request
• Date and time of the request

Operating system data inside and outside the lab environment is the result of using the lab environment, including:

• Command history
• Data related to the resource consumption of the operating system
• Log files created by the operating system

SSH public key example:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIX3mZp7ptPzV2COLZNdMYbaoaFsqBFtW1olwQSqgvJ you@yourlaptop

Failure to provide personal data

Art. 13 (2) e) GDPR - Information in the case of failing the provision of personal data:

Is there a legal obligation to provide personal data?

No.

Are there contractual obligations to provide personal data?

No.

Does entering into a contract require the provision of personal data?

Yes.

Is there an obligation to provide personal data?

No.

What are the possible consequences of failing to provide personal data?

You cannot use the services provided by the controller as this website as well as the Lab Environments offering could not be operated and used safely.

Rights of the data subject

Art. 13 (2) b) and d) GDPR - Information about your rights:

Art. 77 GDPR

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes data protection requirements.

Art. 15 GDPR

Right of access by the data subject: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

• The purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source.

The services of the controller do not include automated decision-making. The use of certain payment processors by the data subject may involve automated-decision making performed by said payment processors.

Art. 16 GDPR

Right to rectification: the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Art. 17 GDPR

Right to erasure (‘right to be forgotten’) - the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject objects to the processing;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Art. 18 GDPR

Right to restriction of processing: the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

• Accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing.

Art. 19 GDPR

Notification obligation regarding rectification or erasure of personal data or restriction of processing: the controller shall communicate to the data subject in case a notification obligation has been carried out by the controller if the data subject requests it.

Art. 20 GDPR

Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, or have those data transmit by the controller, if this is feasible in a technical sense.

Art. 21 GDPR

Right to object: the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.

Technical service providers

Netcup

The controller uses the services of netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany. This may result in additional server logs.

EuroDNS

The controller uses the services of EuroDNS S.A. 24, rue Léon Laval, L-3372 Leudelange, Luxembourg. This may result in additional server logs.

Heinlein Hosting

The controller uses the services of Heinlein Hosting GmbH, Schwedter Straße 8/9A, 10119 Berlin, Germany. E-Mails are being stored and processed on the servers of Heinlein Hosting GmbH. This may result in additional server logs.

Let's Encrypt

The controller uses for his web presence only TLS encrypted connections. The underlying certificate supporting the encryption is based on the services of Let's Encrypt (Internet Security Research Group), 548 Market St, PMB 77519, San Francisco, CA 94104-5401, USA. Verifying whether a certificate has been revoked in a technical sense (Certificate Revocation List) requires connecting to the servers of Let's Encrypt.

Shopping platform, payment and accounting service providers

The service providers used by the controller may use cookies for their websites (from a technical point of view this includes shop.ostrmn.com and berlin-onsite-technician.de) while the data subject accesses said websites for online shopping, booking or payment purposes.

Stripe

The controller uses Stripe Payments Europe, Limited (Stripe), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland, as a payment processor. Stripe requires data relevant for the processing of payments. If you prefer not to use Stripe you can pay in advance using SEPA for your payments.

Paypal

The controller uses PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, as a payment processor. Stripe requires data relevant for the processing of payments. If you prefer not to use Stripe you can pay in advance using SEPA for your payments.

SumUp

The controller uses SumUp Limited, Block 8, Harcourt Centre, Charlotte Way, Dublin 2, Irland D02 K580, as a payment processor as well as for the online shop available at shop.ostrmn.com and the booking functionality on berlin-onsite-technician.de. SumUp requires data relevant for the processing of payments. If you prefer not to use SumUp you can pay in advance using SEPA for your payments.

Lexware

The controller uses for invoicing and accounting obligations the services of Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg.