Effective May 25, 2018

Privacy policy

This privacy policy clarifies what personal data we process, how it is processed and why it is processed. Furthermore, persons whose personal data is being processed by us are informed about their legal rights.

Data protection in the European Union

This website is run from within the European Union. Your personal data is therefore protected by the General Data Protection Regulation (GDPR). Art. 4 defines several terms used in this privacy policy, such as personal data, processing, controller, processor, third party, consent, personal data breach and supervisory authority.

We refers to the controller within the meaning of Art. 4 (7) GDPR.

redigester refers to the website served under the domain digest.markusweimar.de

Visitors are persons who visit redigester.

Users are persons who linked an account from a third party to redigester, such as a Reddit account.

You refers to you as a visitor or user of redigester.

What personal data is processed, when and why

Visiting redigester

Request data

Personal data may be stored when a web page is requested and served. This includes date, time, type, result, amount of transferred data, web address, user agent (system information as reported by your web browser), referrer (web address of the referring web page) and IP address (network address assigned to your device) of the request.

Usage

• To protect redigester from abuse and fraud.

Deletion

• After six weeks unless data is still required in an ongoing investigation.

Legal basis

• Legitimate interests, Art. 6 (1) f) GDPR.

Hiding subreddits from your personalized Reddit digest

Hidden subreddits

Usage

• To hide subreddits you have hidden from your personalized Reddit digest.

Deletion

• If you have not linked your Reddit account: When deleting the respective cookie. See Cookies below for more information.
• If you have linked your Reddit account: When you remove your Reddit account from redigester (requires to be signed in).

Legal basis

• Performance of a contract, Art. 6 (1) b) GDPR.

Linking your Reddit acount to redigester

Reddit username, subscriptions, access and refresh tokens

When granting access to your Reddit account, you will be shown a list of all the information redigester will be able to access.

Usage

• Your Reddit username to show you which account you are using and to remember for you how far you have read your digest.
• Your subreddit subscriptions to create your personalized digest.
• Reddit does not share your account’s password with redigester. Instead, a time-limited access token and a refresh token is provided. The refresh token allows to receive a new access token. These tokens allow recurring access to your Reddit account, which is used to keep your subreddit subscriptions current.

Deletion

• When you remove your Reddit account from redigester (requires to be signed in). Access and refresh tokens are revoked when you revoke access to your Reddit account.

Legal basis

• Performance of a contract, Art. 6 (1) b) GDPR.

Time of your last visit

Usage

• Most Reddit users subscribe to several subreddits (sometimes hundreds). To provide a user with a personalized Reddit digest, all submissions from any of his subreddit subscriptions must be retrieved and processed by redigester. To reduce server costs, only subreddits from users who have recently visited redigester are retrieved.

Deletion

• When you remove your Reddit account from redigester (requires to be signed in).

Legal basis

• Legitimate interests, Art. 6 (1) f) GDPR.

Contacting us

Personal data you provide when contacting us

This may include personal data such as your email address and the content of your email.

Usage

• To process your inquiry.

Deletion

• When the legal obligation to preserve business records ends.

Legal basis

• Performance of a contract, Art. 6 (1) b) GDPR.

Cookies

When a web page is requested and served, redigester may store small, encrypted files on your computer (so-called cookies).

Usage

• To store how far you have read, the filter settings you have applied and, for the Reddit digest, the subreddits you have hidden.
• If applicable, to identify your Reddit account while you are signed in.

Deletion

• When you clear cookies in your browser.
• Common web browsers delete expired cookies.
• If applicable, the information to identify your Reddit account is removed from the cookie when you sign out.

Legal basis

• Performance of a contract, Art. 6 (1) b) GDPR.

Third party data processors

We use third party services that may process your personal data for us in accordance with Art. 6 (1) f) GDPR. Data Processing Agreements have been entered with each party (Art. 28 GDPR). The following services may be provided by third parties:

• Web hosting to operate the redigester website. This includes related tasks, such as data backups. Web hosts will process any personal data the redigester website collects.
• Email hosting to operate our email accounts. Email hosts may process personal data, such as your name or email address.

Your rights regarding your personal data

• Right to withdraw consent to processing your personal data (Art. 7 (3) GDPR).
• Right of access, which includes requesting confirmation whether your personal data is being processed and information about how it is being processed as well as requesting a copy of your personal data (Art. 15 GDPR).
• Right to rectification of your personal data (Art. 16 GDPR).
• Right to erasure of your personal data (Art. 17 GDPR). Personal data that is no longer necessary for the purpose it was collected for is deleted unless legal obligations for retention apply.
• Right to restriction of processing of your personal data (Art. 18 GDPR).
• Right to data portability, which includes receiving your personal data and its transfer to another controller (Art. 20 GDPR).
• Right to object to processing of your personal data (Art. 21 GDPR).
• Right to lodge a complaint with a supervisory authority if you consider the processing of your personal data infringes the GDPR (Art. 77 GDPR).

Security

In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure adequate security of your personal data. Some of our security measures are:

• Regular security updates of all systems.
• Encryption of all web (HTTPS) and email (TLS) traffic.
• Security measures, such as Content Security Policies, cross-origin resource sharing and HTTP Strict Transport Security.
• Login details (e.g. for web or email hosting) are saved in an encrypted format, secured with a strong password and multi-factor authentication is used if possible.
• Passwordless login to all servers.
• Usage of firewalls on all systems.
• Creation of multiple, encrypted data backups, which are stored at different locations.
• Keeping up to date with developments in website and server security.

Data breach notification

In case of unauthorized access to or processing of your personal data, we will inform you about the incident and, if possible, which data of yours is affected. Furthermore, we will notify the supervisory authority if required according to Art. 33 GDPR.

Contact information

Markus Weimar
Weiherxgarten 16
72x147 Nexhren
Germany
+49 74573 91599961
redigesterx@xmarkusweimar.de