Privacy Policy
Content : privacy_policy_en.txt
Controller:
Yannick Sternberg, sole proprietorship
Sennefelderstrasse 3
63322 Rödermark
Germany
Email: sys[at]plus23.org
Privacy overview:
PLUS23.CYBER.SECURITY processes personal data only where necessary to provide, operate, and protect PLUS23.ORG, software, user accounts, licences, payments, support, and security functions.
Categories of data processed:
Depending on the service used, this may include account and contact details, contract and licence data, payment and billing references, support communications, IP addresses, timestamps, request and header data, accessed paths, browser and device information, and detected security events and signatures.
Purposes and legal bases:
Where required, processing is carried out for pre-contractual steps or performance of a contract under Article 6(1)(b) GDPR, compliance with legal obligations under Article 6(1)(c) GDPR, consent under Article 6(1)(a) GDPR, or legitimate interests under Article 6(1)(f) GDPR. Legitimate interests include the secure and reliable operation of the systems, prevention of misuse and fraud, error analysis, and the prevention and investigation of attacks.
Server and security logging:
PLUS23.CYBER.SECURITY uses active security, abuse-prevention, and attack-detection mechanisms. Requests may be analysed and logged when they trigger security rules or indicate suspicious behaviour. This may include IP addresses, CIDR ranges, request headers, access paths, timestamps, technical characteristics, and detected signatures. The usual legal basis is Article 6(1)(f) GDPR.
Cookies and local storage:
Technically necessary cookies or local browser storage may be used for sessions, authentication, security, language selection, and user preferences. Non-essential analytics, tracking, or marketing technologies are used only where they are transparently disclosed and any required consent has been obtained.
Payment processing:
Payments may be processed by external payment service providers. Contract, contact, payment, and transaction data required for a payment may be transmitted directly to the relevant provider. The provider's own privacy policy also applies to its independent processing. PLUS23.CYBER.SECURITY does not store complete payment-card details where those details are processed directly by the payment provider.
Hosting, technical providers, and processors:
Carefully selected external providers may be used for hosting, infrastructure, communications, payment processing, or support. Where they process personal data on behalf of the controller, this is based on an agreement under Article 28 GDPR where legally required.
PLUS23.HUB, external links, and affiliate links:
PLUS23.HUB may contain links to external websites and services, and some links may be affiliate links. Merely viewing a PLUS23 page does not normally transmit data to the destination provider through an ordinary external link. Once an external link is opened, the privacy terms and technical procedures of the relevant provider apply. PLUS23.CYBER.SECURITY has no control over that provider's processing.
Recipients and disclosure:
Personal data is not sold or rented. It is disclosed only where necessary to provide a service, operate infrastructure, process payments, comply with legal obligations, establish or enforce claims, or protect systems and users.
International transfers:
Where providers outside the European Economic Area are used, personal data is transferred only where the legal requirements are met, including through an adequacy decision, appropriate safeguards, or a statutory exception.
Retention:
Personal data is retained only for as long as required for the relevant purpose or applicable statutory retention obligations. Contract, payment, and accounting data may be retained for the legally required periods. Security logs are generally retained only for as long as required for attack detection, abuse prevention, error analysis, and preservation of evidence; repeated or serious security incidents may require longer retention.
Data security:
Appropriate technical and organisational measures are used to protect personal data against loss, manipulation, unauthorised access, and other risks. Completely risk-free operation or completely secure data transmission cannot be guaranteed.
Your rights:
Subject to the statutory requirements, you may have rights of access, rectification, erasure, restriction of processing, data portability, and objection. Consent may be withdrawn at any time with effect for the future. An objection to processing based on legitimate interests may be made on grounds relating to your particular situation.
Right to complain:
You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR.
Requirement to provide data:
Where data is required for a contract, registration, licence, payment, or support request, the relevant service may not be available without that information.
Automated decisions:
As a rule, no decision based solely on automated processing that produces legal or similarly significant effects is made. Automated security mechanisms may temporarily or permanently block access where technical rules or signatures indicate misuse or attacks.
Contact:
Privacy requests may be sent to sys[at]plus23.org.
Changes:
This Privacy Policy may be updated when services, technical procedures, or legal requirements change. The version published on PLUS23.ORG is the current version.
Yannick Sternberg, sole proprietorship
Sennefelderstrasse 3
63322 Rödermark
Germany
Email: sys[at]plus23.org
Privacy overview:
PLUS23.CYBER.SECURITY processes personal data only where necessary to provide, operate, and protect PLUS23.ORG, software, user accounts, licences, payments, support, and security functions.
Categories of data processed:
Depending on the service used, this may include account and contact details, contract and licence data, payment and billing references, support communications, IP addresses, timestamps, request and header data, accessed paths, browser and device information, and detected security events and signatures.
Purposes and legal bases:
Where required, processing is carried out for pre-contractual steps or performance of a contract under Article 6(1)(b) GDPR, compliance with legal obligations under Article 6(1)(c) GDPR, consent under Article 6(1)(a) GDPR, or legitimate interests under Article 6(1)(f) GDPR. Legitimate interests include the secure and reliable operation of the systems, prevention of misuse and fraud, error analysis, and the prevention and investigation of attacks.
Server and security logging:
PLUS23.CYBER.SECURITY uses active security, abuse-prevention, and attack-detection mechanisms. Requests may be analysed and logged when they trigger security rules or indicate suspicious behaviour. This may include IP addresses, CIDR ranges, request headers, access paths, timestamps, technical characteristics, and detected signatures. The usual legal basis is Article 6(1)(f) GDPR.
Cookies and local storage:
Technically necessary cookies or local browser storage may be used for sessions, authentication, security, language selection, and user preferences. Non-essential analytics, tracking, or marketing technologies are used only where they are transparently disclosed and any required consent has been obtained.
Payment processing:
Payments may be processed by external payment service providers. Contract, contact, payment, and transaction data required for a payment may be transmitted directly to the relevant provider. The provider's own privacy policy also applies to its independent processing. PLUS23.CYBER.SECURITY does not store complete payment-card details where those details are processed directly by the payment provider.
Hosting, technical providers, and processors:
Carefully selected external providers may be used for hosting, infrastructure, communications, payment processing, or support. Where they process personal data on behalf of the controller, this is based on an agreement under Article 28 GDPR where legally required.
PLUS23.HUB, external links, and affiliate links:
PLUS23.HUB may contain links to external websites and services, and some links may be affiliate links. Merely viewing a PLUS23 page does not normally transmit data to the destination provider through an ordinary external link. Once an external link is opened, the privacy terms and technical procedures of the relevant provider apply. PLUS23.CYBER.SECURITY has no control over that provider's processing.
Recipients and disclosure:
Personal data is not sold or rented. It is disclosed only where necessary to provide a service, operate infrastructure, process payments, comply with legal obligations, establish or enforce claims, or protect systems and users.
International transfers:
Where providers outside the European Economic Area are used, personal data is transferred only where the legal requirements are met, including through an adequacy decision, appropriate safeguards, or a statutory exception.
Retention:
Personal data is retained only for as long as required for the relevant purpose or applicable statutory retention obligations. Contract, payment, and accounting data may be retained for the legally required periods. Security logs are generally retained only for as long as required for attack detection, abuse prevention, error analysis, and preservation of evidence; repeated or serious security incidents may require longer retention.
Data security:
Appropriate technical and organisational measures are used to protect personal data against loss, manipulation, unauthorised access, and other risks. Completely risk-free operation or completely secure data transmission cannot be guaranteed.
Your rights:
Subject to the statutory requirements, you may have rights of access, rectification, erasure, restriction of processing, data portability, and objection. Consent may be withdrawn at any time with effect for the future. An objection to processing based on legitimate interests may be made on grounds relating to your particular situation.
Right to complain:
You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR.
Requirement to provide data:
Where data is required for a contract, registration, licence, payment, or support request, the relevant service may not be available without that information.
Automated decisions:
As a rule, no decision based solely on automated processing that produces legal or similarly significant effects is made. Automated security mechanisms may temporarily or permanently block access where technical rules or signatures indicate misuse or attacks.
Contact:
Privacy requests may be sent to sys[at]plus23.org.
Changes:
This Privacy Policy may be updated when services, technical procedures, or legal requirements change. The version published on PLUS23.ORG is the current version.
