1. I. Name and contact details of our Data Controller and Data Protection Officer

1) Data Controller according to Art. 4 (7) EU Data Protection Regulation (GDPR) is 360 Service Agency GmbH, c/o LISTAN GmbH, Wilhelm-Bergner-Straße 11C, 21509 Glinde, Germany, email: help@mountain.gg, see our Imprint at https://mountain.gg/imprint/.

(2) You can contact our Data Protection Officer at

Jens Borchardt, LL.M.

Certified Data Protection Officer (TÜV)

SCHLUTIUS Data Privacy & Compliance GmbH

Ludwig-Erhard-Straße 1a

20495 Hamburg
Germany

j.borchardt@schlutius-privacy.de

or by writing to our postal address with the addition “The Data Protection Officer.”

1. II. Information about the collection and disclosure of personal data

1. 1. General Provisions

(1) We collect your personal data as a customer, potential customer, or supplier only if you provide it to us voluntarily by email, post, or telephone. Then we collect the information that is generated during the contact process. In particular, this includes the names and contact information provided, as well as the date and the reason for contacting us. The personal data we collect from you will only be used for the purpose of providing you with the products or services you have requested (legal basis Art.  6 (1) (b) GDPR), or for other purposes for which you have given your consent (legal basis Art. 6 (1) (a) GDPR) and which are described in this Privacy Policy. As far as processing personal data is required to fulfil a legal obligation to which we are subject, Sec. 6 (1) (c) GDPR serves as the legal basis. If processing is required to safeguard the legitimate interests of our company or a third party, and if your interests, fundamental rights, and freedoms do not prevail over the first interest, Sec. 6 (1) (f) GDPR serves as the legal basis.

(2) You are not obliged to provide us with the aforementioned personal data. The disclosed data may be necessary for establishing a contract. Communication and the establishment or performance of a contract may not be possible without the provision of said data.

(3) A transfer of data relevant to the individual case will be made on the basis of legal provisions or a contractual agreement to public bodies in the presence of overriding legal provisions, to external service providers or other contractors and to other external bodies, provided you have given your consent (Art. 6 (1) (a) GDPR) or our overriding interest permits a transfer (Art. 6 (1) (f) GDPR). Unless expressly stated otherwise in this Privacy Policy, we do not intend to transfer your data to a recipient in a third country (non-EU/EEA member state) or to an international organization.

(4) The data is deleted as soon as it is no longer required for the purpose it was collected. With respect to the personal data you provide, we will do so when our interaction with you is complete. The interaction will end when the circumstances indicate that the matter in question has been finally resolved. As far as the data submitted is subject to a tax or commercial law retention obligation, it will be stored for the duration of the retention obligation of ten years and then deleted, unless you have consented to storage beyond this period or further processing of the data is required for the assertion, exercise, or defense of legal claims. The legal basis for processing personal data for the purpose of fulfilling the legal archiving and retention obligations is Art. 6 (1) (f) GDPR.

1. 2. Communication via WhatsApp

We offer the WhatsApp business version of the WhatsApp instant messaging service for communication with you or third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (in the following: “WhatsApp”).

In this case, communication takes place using end-to-end (peer-to-peer) encryption, which prevents WhatsApp or other third parties from accessing the contents of the communication. We have also configured our WhatsApp accounts so that no automatic data synchronization takes place with the address book on the devices we use.. The contents of the communications exchanged between you and us will remain in our possession until you revoke any consent you may have given to the storage of the data, until you instruct us to delete the data, or until the purpose for which the data was stored no longer applies (e.g. after we have completed dealing with an inquiry), unless the continued processing of your data is necessary to comply with legal obligations to which we are subject, in particular obligations to keep records under tax or commercial law (legal basis): Art. 6 (1) (c) GDPR). In this case, the data will be deleted after this purpose has been fulfilled.

Please note that WhatsApp also processes personal data when the WhatsApp service is used (in particular, meta data generated in the course of communication, such as sender, recipient, and the time of communication). We cannot necessarily trace the individual data processing operations and their scope. We also have no control over the specific retention period for the processed data, which is determined by WhatsApp. For this reason, we cannot rule out the possibility that data may be transferred to third countries, in particular to the USA. The USA is currently considered an unsafe third country because of the risk that the authorities there may access the data for security and surveillance purposes without notifying you or allowing you to seek redress. If you provide your consent in the context of our WhatsApp communication feature, the transfer to an unsecure third country takes place based on Art. 49 (1) (a) GDPR. For more information, please see the WhatsApp Privacy Policy: https://www.whatsapp.com/legal/privacy-policy-eea?lang=en.

As far as the use of the WhatsApp service is not based on your consent pursuant to Art. 6 (1) (a) GDPR and Art. 25 (1) German Teleservices Data Protection Act (TDDSG), the legal basis for its use is our overriding legitimate interest pursuant to Art.  6 (1) f GDPR. Within the context of the necessary balancing of interests, we have weighed our interest in using the WhatsApp service, namely the interest in communicating as quickly and effectively as possible with customers, prospective customers and other business and contractual partners, against your interest in confidentiality. As a result, your interests in confidentiality always come second, otherwise we would not be able to offer WhatsApp as a communication channel.

1. III. The Collection of Personal Data on Our Website

1. 1. When You Visit Our Website

(1) If you use our site for informational purposes only, i.e., you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. When you want to view our website, we collect information as a technical requirement for displaying our website to you and to ensure its stability and security. The data is stored in the log files on our system. This data is not stored with any other personally identifiable data about the user. This date includes the IP address, the timestamp of the request with date, time and time zone, the URL path requested, the HTTP status code, the amount of data transferred, the referrer, and the user agent. The latter includes information about the browser name and version, operating system, and preferred language.

(2) The legal basis for the temporary storage of the data and the log files is formed by Art. 6 (1) (f) GDPR. The temporary storage of the IP address by the system is required so that the website can be delivered to your browser. Your IP address needs to be stored for this purpose for the duration of the session. The storage in log files takes place to ensure the functionality of the website. We also use the data to optimize the website and guarantee the security of our information technology systems. These purposes also include our legitimate interest in processing personal data in accordance with Art. 6 (1) (f) GDPR.

(3) The data is deleted as soon as it is no longer required for the purpose it was collected. In the event that data is collected in order to stage the website, it takes place when the respective session has ended. Log files are not deleted.

(4) The collection of the data when visiting the website and the storage of the data in log files is essential for operating the website. This means that there is no option for you to opt-out in this case.

1. 2. Use of Cookies

(1) Cookies are stored on your computer system when you use our website. Cookies are text files that are stored in or by the browser on your computer system. When you visit a web site, a cookie may be stored on your operating system. This cookie contains a unique string that allows us to clearly identify your browser when you return to our site.

(2) Several ways are available for distinguishing cookies:

First, there is the distinction between first-party and third-party cookies depending on where a cookie comes from:

First-party cookies are cookies that are set and accessed by the website operator as the data controller or by a data processor acting on behalf of the website operator. Third-party cookies are cookies that are set and accessed by data controllers other than the website operator who are not acting as data processors on behalf of the website operator.

A distinction can also be made between non-persistent and persistent cookies, depending on their validity period:

Non-persistent cookies (session cookies) are cookies that are automatically deleted when you close your browser. Persistent cookies are cookies that remain stored on your personal device for a certain period of time after you close your browser.

You can also possibly distinguish between cookies that do not require consent and those that do:

The use of certain cookies may require user consent, depending on their function and purpose. In this respect, cookies can be classified according to whether the user’s consent is required for their use.

(3) So-called cookie banners are used to obtain your consent to the use of cookies on our website:

When you visit our website, we display a cookie banner. You can consent to the use of all cookies requiring consent on our website by clicking on the “Accept All Cookies” button on our cookie banner. Alternatively, you can also choose to opt out of the use of cookies that require your consent entirely by clicking on the “Accept Only Essential Cookies” button. Your decision is stored in a cookie. Clicking on the “Information About Using Cookies” link on our cookie banner, or if the banner is not displayed, clicking on the “Cookies” link at the bottom of the page, will take you to our “Cookies and Settings” page, where you can make specific privacy settings. This also allows you to select the individual cookies you wish to accept on the page and to change your selection at a later date. We store your cookie preferences in the form of a cookie on your personal device so that we can determine whether you have already made cookie settings when you return to our website.

Cookies that are essential to the functioning of the website cannot be disabled in the website’s cookie management. However, you can always disable these cookies in your browser. Different browsers offer different ways to configure the cookie settings in the browser. One website where further detailed information about this can be found is https://allaboutcookies.org/how-to-manage-cookies. However, please be aware that some features of our website may not function properly or at all if you disable cookies generally in your browser.

1. IV. Additional Features and Services on Our Website
2. 1. General Rules

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. This usually means that you will have to provide additional details about yourself which we use to provide the relevant service and to which the aforementioned data processing principles apply.

(2) In some cases, we use other service providers to process your data. We have carefully selected and commissioned these service providers, who are bound by our instructions and are regularly audited.

(3) We may also share your personal data with third parties when we offer promotions, contests, contracts, or similar offers/services in conjunction with our partners. You will receive more detailed information when you provide your personal data or below in the description of the service or offer. If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the implications of this fact in the description of the service/offer.

(4) Please note that you are free to choose whether or not to provide us with your date in connection with the other features and services/offers. However, if and when you do not provide us with the data required for a particular service, you will not be able to use the corresponding service or not use it in its entirety. We use the data only to provide you with the service you have requested. The legal basis for this formed by Art. 6 (1) (a) or (f) GDPR.

1. 2. Use of Contact Forms

(1) Additional personal data is collected when you voluntarily provide it to us through our contact forms. Then we collect the information that is generated during the contact process. In particular, this includes the names and contact information provided, as well as the date and the reason for contacting us. We use the personal data we collect from you only for the purpose of providing you with the products or services you have requested (legal basis: Art.  6 (1) (b) GDPR), or for other purposes for which you have given your consent (legal basis Art. 6 (1) (a) GDPR) and which are described in this Privacy Policy.

(2) The data will be deleted as soon as the respective interaction with you has ended, unless the continued processing of your data is necessary to comply with legal obligations to which we are subject, in particular tax or commercial retention obligations (legal basis: Art. 6 (1) (c) GDPR). In this case, the data will be deleted after this purpose has been fulfilled. The interaction will end when the circumstances indicate that the matter in question has been finally resolved.

1. 3. Personal Email Communication (Newsletter)

(1) You can consent and subscribe to our newsletter which informs you about the latest and interesting offerings from our company. The goods and services promoted are named in the declaration of consent.

(2) We use the double opt-in procedure for subscribing to our newsletter. This means that after you subscribe, we send an email to the email address that you provide and ask you to confirm that you wish to receive our newsletter. We also store your IP addresses and the time point when you subscribed and confirmed your subscription. The purpose of this procedure is to prove that you subscribed and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this is formed by Art. 6 (1) (a) and (c), Art. 7 (1) GDPR. Once you have confirmed your subscription, we save your email address for the purpose of sending you our newsletter. The legal basis for this is also formed by Art. 6 (1) (a) GDPR. The data is deleted as soon as it is no longer required for the purpose it was collected. Accordingly, the email address is stored for as long as the newsletter subscription is active.

(3) The only mandatory information required to subscribe to the newsletter is your email address. If you choose to provide us with personal data in addition to your email address (e.g., name, address, date of birth, preferred store), you will receive information tailored to your information (e.g., local offers, birthday wishes, product and service information) as part of our personalized email communications. The provision of any additional, separately marked data is voluntary and is used to address you personally.

(4) You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare this by clicking on the link provided in each newsletter you receive or by sending a message to the contact details provided in the Imprint.

(5) We use the service of Mailchimp to send our newsletter (within the scope of our legitimate interest in the technically flawless processing of our customer information and analysis pursuant to Art. 6 (1) (f) GDPR).

(6) We use the service of MailChimp to send our newsletter. The provider of the service is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (in the following:  “Mailchimp”). We have entered into a data processing agreement with Mailchimp for the use of this service, so that Mailchimp can only process data on our behalf.

Mailchimp is a service that can be used for newsletter management and analysis, and more. The data you provide to receive the newsletter is stored on Mailchimp servers in the USA. Mailchimp helps us analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file in the email (called a web beacon) connects to the Mailchimp servers in the USA. This allows us to determine whether a newsletter mail has been opened and which links, if any, have been clicked on. Technical information is also logged (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be traced back to the individual newsletter recipient. It is used solely for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better tailor future newsletters to the interests of the recipients.

If you do not want MailChimp to perform analyzes, you will need to unsubscribe from the newsletter.  We put a link in each newsletter to allow you to do so.

The use of Mailchimp is based on your consent pursuant to Art. 6 (1) (a) GDPR and Sec. 25 (1) German Teleservices Data Protection Act (TTDSG).

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where the European Commission has not issued an adequacy decision (e.g. in the USA), we have agreed with the recipients of the data on other appropriate safeguards in accordance with Art. 44 et seq. GDPR. Unless otherwise stated, these are the standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, before any such transfer to a third country can take place, we will obtain your consent pursuant to Art.  49 (1) (a) GDPR, which you provide on the cookie banner or otherwise. Please note that in the case of transfers to third countries, the details of the potential risks may not be known (e.g. data processing by security services in the third country, the exact scope, and consequences for you of which we do not know, over which we have no control and of which you may not be aware).

We or MailChimp store the data you provide for the purpose of receiving the newsletter until you unsubscribe from the newsletter, after which it is deleted. Data stored with us for other purposes remain unaffected by this.

After you unsubscribe, we and/or Mailchimp may add your email address to a blocklist if required to prevent future mailings. Data from the blocklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legal basis: Art. 6 (1) (f) GDPR). Storage in the blocklist is not limited in time. You can opt out of the storage if your interests outweigh our legitimate interest.

1. 4. Links to Social Media Channels

We provide links to the following social media channels on our website: Facebook, Instagram, X (formerly Twitter), TikTok, Discord, Reddit, and YouTube. We do not process personal data through the link. We do not use social media plugins on our website.

1. 5. YouTube Video

(1) We have embedded YouTube Video on our website. YouTube Video is a component of the YouTube video platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in the following: “Google”), on which users can upload content, share it over the Internet and obtain detailed statistics. All YouTube videos on our website are embedded in “enhanced privacy mode”, which means that data about you as a user is not transferred to Google unless you choose to play the videos. If you play YouTube videos, Google receives information that you have accessed the corresponding sub-page on our website. In addition, basic data such as IP address and timestamp are transferred. This takes place regardless of whether you are registered and/or signed into Google. If you are signed into Google, your information will be associated directly with your account. You should therefore sign out before playing YouTube videos if you do not want them to be associated with your profile.

(2) The use of YouTube video takes place based on your consent pursuant to Art. 6 (1) (a) GDPR and Sec. 25 (1) German Teleservices Data Protection Act (TTDSG).

(3) We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where the European Commission has not issued an adequacy decision (e.g. in the USA), we have agreed with the recipients of the data on other appropriate safeguards in accordance with Art. 44 et seq. GDPR. Unless otherwise stated, these are the standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

(4) In addition, before any such transfer to a third country can take place, we will obtain your consent pursuant to Art. 49 (1) (a) GDPR, which you provide on the cookie banner or otherwise. Please note that in the case of transfers to third countries, the details of the potential risks may not be known (e.g. data processing by security services in the third country, the exact scope, and consequences for you of which we do not know, over which we have no control and of which you may not be aware).

(5) We have no control over the specific storage period for the processed data, which is determined by Google. For more information, please see the YouTube Video Privacy Policy: https://policies.google.com/privacy.

1. 6. Google Fonts

Our website uses Google Fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in the following: “Google”), to display fonts in a consistent manner. Their use takes place in each case in the interest of the consistent and attractive presentation of our website.  Your computer uses a default font if your browser does not support Google Fonts.  We have placed Google Fonts on our servers in Germany. Accordingly, your IP address is not transferred to third countries outside the European Economic Area, in particular the USA, in order to reload fonts.

(2) The legal basis for using Google Fonts is our overriding legitimate interest pursuant to Art. 6 (1) (f) GDPR. Within the context of the necessary balancing of interests, we have weighed our interests in using Google Fonts without a transfer to a third country, namely the interest in a consistent and attractive presentation of our website, against your interest in confidentiality. As a result, your interests in confidentiality always come second, otherwise we would not be able to use Google Fonts.

(3) For more information, please see the Google Fonts Privacy Policy: https://policies.google.com/privacy.

1. V. Web Analytics; Online Marketing
2. 1. Google Analytics

We use Google Analytics (Version 4) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in the following: “Google”), as an analysis service for the statistical evaluation of our website. This includes, for example, the number of visits to our website, the sub-pages visited, and the length of time visitors spend there.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users again. Among other things, this information is used to compile reports on website activity.

When using Google Analytics 4, your IP address that your personal device transfers when you use the website is automatically collected and processed solely anonymously by default, so that the information collected cannot be directly linked to a specific person. This automatic anonymization is performed by truncating the last few digits of the IP address that your personal device transfers to Google within the European Union (EU) and other European Economic Area (EEA) member states.

The use of Google Analytics takes place on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) German Teleservices Data Protection Act (TTDSG).

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where the European Commission has not issued an adequacy decision (e.g. in the USA), we have agreed with the recipients of the data on other appropriate safeguards in accordance with Art. 44 et seq. GDPR. Unless otherwise stated, these are the standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, before any such transfer to a third country can take place, we will obtain your consent pursuant to Art. 49 (1) (a) GDPR, which you provide on the cookie banner or otherwise. Please note that in the case of transfers to third countries, the details of the potential risks may not be known (e.g. data processing by security services in the third country, the exact scope, and consequences for you of which we do not know, over which we have no control and of which you may not be aware).

We have no control over the specific storage period for the processed data, which is determined by Google. For more information, please see the Google Analytics Privacy Policy: https://policies.google.com/privacy.

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

1. VI. Use of our Social Media Pages

(1) We maintain public profiles on various social networks and platforms. Your visit to these profiles triggers a variety of data processing operations. You are under no obligation to provide us with any personal data when using our social media pages. However, this may be required for some of the functions on our pages. If you do not provide us with your personal data, these functions will not be available to you or only to a limited extent.

When you visit our social media pages, not only do we collect, use, and store your personal data, but also the operators of the corresponding social network. This happens even if you do not have a personal profile on the social network in question. The individual data processing operations and their scope differ depending on the respective social network operator, and they are not necessarily transparent for us. Please refer to the privacy policies of the social networks and platforms for details on the collection and storage of your personal data and the nature, scope, and purpose of their use by the corresponding social network operator:

• Facebook Privacy Policy (Data Controller: Meta Platforms Ireland Limited): https://www.facebook.com/privacy/policy;
• Instagram Privacy Policy (Data Controller: Meta Platforms Ireland Limited): https://privacycenter.instagram.com/policy;
• X (formerly Twitter) Privacy Policy (Data Controller: Twitter International Unlimited Company): https://twitter.com/en/privacy;
• TikTok Privacy Policy (Data Controller: TikTok Technology Limited): https://www.tiktok.com/legal/page/eea/privacy-policy/en;
• Discord Privacy Policy (Data Controller: Discord Netherlands BV): https://discord.com/privacy;
• Reddit Privacy Policy (Data Controller: Reddit, Inc): https://www.reddit.com/policies/privacy-policy;
• YouTube Privacy Policy: (Data Controller: Google Ireland Limited): https://policies.google.com/privacy?hl=en.

(3) As the operator of the respective social media page, we can only view the information stored in your public profile, and only if you have such a profile. In addition, the respective social network operator provides us with anonymous user statistics, which we use to improve the user experience when visiting our social media page. We do not have access to the user data that the social network operator collects to generate these statistics. The respective operator of the social network has committed to us to assume primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with respect to this data, and to disclose the material terms of this commitment to data subjects. The additional data processing that takes place serves our (and their) legitimate interest in improving the user experience when visiting our social media profile in a manner tailored to the target group. The legal basis for this data processing is formed by Art. 6 (1) (f) GDPR.

(4) If you use our social media pages to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we will process the data you provide us with solely for the purpose of being able to contact you. The legal basis for the data collection is formed by Art. 6 (1) (a) and (b) GDPR. We delete stored data as soon as it is no longer necessary to store it, or you ask us to delete it. Where we are required by law to retain information, we will restrict the processing of the stored information accordingly.

• VII. Data Security

(1) We use the popular SSL (Secure Socket Layer) procedure during the visit to our website, in conjunction with the highest level of encryption that your browser supports. Usually, this involves 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page on our website is encrypted by the presence of the locked key or padlock icon in the bottom status bar in your browser.

(2) We also apply suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties. We improve our security measures continuously in line with technological developments.

• VIII. Objecting To/Withdrawing Your Consent to Processing Your Data

(1) If you have consented to your data being processed, you can withdraw your consent at any time. Withdrawing your consent in this way will affect the permissibility of processing your personal data after you have withdrawn your consent.

(2) Insofar as we rely on the balancing of interests to process your personal data, you may object to such processing. This is the case when processing is not specifically required to fulfill a contract with you, which we will illustrate in each case in the functional description that follows. When you exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds for continuing with the processing.

(3) Of course, you can at any time object to your personal data being processed for the purposes of advertising and data analysis. You can inform us of your objection in relation to advertising using the contact details above.

• IX. Your Rights

(1) In accordance with Art. 15 GDPR, you are entitled to request information about your personal data that we process. Specifically, you can demand information on purposes of processing your personal data, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, your right to have your data rectified, deleted, limited in processing or object to it completely, the existence of your right to complain, the source of your data if we did not collect it, and the existence of automated decision-making processes including profiling and, where appropriate, full and in-depth information on the details of this.

(2) In accordance with Art. 16 GDPR, you have the right to demand that we promptly correct or amend any inaccuracies in the personal data we hold on you. In accordance with Art. 17 GDPR, you have the right to demand the deletion of your personal data that we store, as far as its processing is not required for the purpose of exercising the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for the pursuit, exercise, or defense of rights.

(3) In accordance with 18 GDPR, you have the right to demand that the processing of your personal data is restricted, insofar as you dispute the accuracy of the data, and its processing is unlawful, but you reject its deletion and we no longer require the data, but you require for the pursuit, exercise or defense of rights or you have objected to its processing in accordance with Art.  21 GDPR.

(4) In accordance with Art. 20 GDPR, you are entitled to receive your personal data that you have submitted to us in a standard, structured, and machine-readable format, or to request that it be transferred to another data controller.

(5) In accordance with Art. 7 (3) GDPR, you have the right at any time to withdraw the consent you have granted us at any one time. The consequence of this is that we are not permitted to continue processing your data for the future based on this consent.

(6) In accordance with Art. 77 GDPR. you also have the right to appeal to a data protection supervisory authority about our processing of your personal data.

• X. Updates and Amendments to This Privacy Policy

(1) This Privacy Policy is currently in force and was last updated in September 2023.

(2) We may find it necessary to amend this Privacy Policy as a result of changes to our website and related services or owing to amended legal or official requirements. You can call up and print our latest Privacy Policy at any time on our website under: https://mountain.gg/imprint/.