Privacy Policy

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of statutory provisions (GDPR, BDSG, TDDDG, DDG). Below, we provide detailed information about how we handle your data.

1. General Information, Security, and Recipients

The use of our website is generally possible without providing personal data. However, for certain functions (e.g., login, analysis dashboard, upload of monitoring data, ordering goods), the provision of personal data is required.

Categories of Recipients:
Within our company (sole proprietorship), only those departments that need your data to fulfill our contractual and legal obligations will have access to it. In addition, we utilize external service providers in the following areas:

• Hosting and IT service providers (e.g., for web servers and email)
• Payment service providers (for processing purchases and subscriptions)
• Shipping service providers (for the delivery of goods)

SSL or TLS Encryption:
For security reasons, this site uses SSL or TLS encryption. You can recognize this by the browser's address bar ('https://' and the padlock symbol). Data you transmit to us cannot be read by third parties.

2. Hosting and Server Log Files

We host our website with STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter: Strato).

When you visit the website, Strato automatically collects information in so-called server log files (IP address, browser type, referrer URL, timestamp). We have concluded a data processing agreement (DPA) with Strato pursuant to Art. 28 GDPR.

The processing is based on Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to guarantee the technical security, stability, error analysis, and abuse prevention of our website.

Storage Duration of Log Files:
IP addresses in log files are stored for a maximum of 7 days to detect attacks and are subsequently anonymized. After anonymization, it is no longer possible to draw conclusions about your person.

3. Cookies and Tracking

We use technically necessary 'session cookies'. These are strictly required to identify you as an authorized user after logging in and to grant access to your territory dashboard.

The legal basis for this storage is § 25 Para. 2 No. 2 TDDDG. These cookies are automatically deleted after the end of your visit (session).

No Tracking: We do not use external analysis tools (such as Google Analytics, Matomo) or advertising trackers.

Language Selection Cookie: If you change the language of our website, we also store this setting in a technically necessary cookie. This ensures that the website is consistently displayed in your preferred language during future visits or after a login/logout. The legal basis for storing this cookie is likewise Section 25 (2) No. 2 TDDDG (technical necessity) as well as our legitimate interest in a user-friendly design of the website (Art. 6 (1) (f) GDPR). The cookie is automatically deleted after 12 months.

4. Integration of YouTube Videos

YouTube videos are integrated into our website (two-click solution). The video is only loaded when you click on the thumbnail image. The videos are integrated via the platform youtube-nocookie.com, so no personal data is transmitted before clicking.

Only when the video starts does YouTube (Google Ireland Ltd., Dublin, Ireland; if applicable, Google LLC, USA) transmit data to the platform. Google is certified under the EU-U.S. Data Privacy Framework.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest) before clicking, Art. 6 Para. 1 lit. a GDPR (consent) after clicking.

Further information can be found in Google's privacy policy.

5. Contacting Us

When you contact us by email or via a contact form, the data you provide (e.g., email address, name, content of the inquiry) will be stored to process your request.

The legal basis is Art. 6 Para. 1 lit. b GDPR if your request is related to a contract. In all other cases, processing is based on our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in effectively processing the inquiries addressed to us. Data is regularly deleted after final processing of the request, provided that no statutory retention obligations conflict.

6. Registration and User Account

Upon registration, we collect your email address and an encrypted password. This data is used exclusively to provide and manage your user access. The legal basis is the performance of our contract with you (Art. 6 Para. 1 lit. b GDPR).

Obligations to Provide Evidence (Log Data): To secure our systems and, in case of doubt, to be able to prove the conclusion of the contract as well as the consent to our GTC and privacy provisions, we store the exact time and the IP address used during registration and any cancellation. The legal basis for this is our legitimate interest in legal protection (Art. 6 Para. 1 lit. f GDPR) as well as our statutory obligation to provide evidence (Art. 6 Para. 1 lit. c in conjunction with Art. 7 Para. 1 GDPR).

7. Payment Processing (Mollie)

To process payments (e.g., for subscriptions or purchases of goods), we use the payment service provider Mollie B.V. (Keizersgracht 126, 1015 CW Amsterdam, Netherlands). Mollie enables us to accept various payment methods (e.g., credit card, SEPA direct debit, SOFORT, PayPal, Apple Pay). When you make a payment, your payment data is transmitted directly to Mollie.

Credit Card and Other Payments: Your sensitive payment information (e.g., credit card number, IBAN) is processed exclusively by Mollie. We do not store this data ourselves. For the technical assignment of your payments and to manage your subscription, we only store reference data from the payment service provider in our database (e.g., Customer ID, transaction numbers, associated payment email address).

PayPal: When paying via PayPal, a data transfer to PayPal Inc. (USA) may occur. The transfer takes place on the basis of the EU-U.S. Data Privacy Framework or standard contractual clauses to ensure an adequate level of data protection.

Since Mollie is based within the European Union, no transfer to an unsecure third country takes place for all other payment methods. The high European data protection standards of the GDPR apply.

The legal basis for the transfer and processing of the data is Art. 6 Para. 1 lit. b GDPR (contract performance). Further information on data protection at Mollie can be found at: https://www.mollie.com/en/legal/privacy.

8. Order of Goods and Shipping (Merchandise)

If you order physical goods, we process your name and your address.

Transfer to Shipping Service Providers: For the purpose of delivery, we pass your address data on to the commissioned transport company (e.g., DHL, Hermes). Legal basis: Art. 6 Para. 1 lit. b GDPR.

9. Monitoring Data, Image Metadata, Invitation Function, and Wolf Reports

When you upload wildlife sightings or image metadata, they are stored assigned to your user account. This includes timestamps, species, and, if applicable, GPS coordinates. This data serves exclusively your personal territory statistics.

Invitation of Co-users: If you use the function to invite other people (e.g., co-users), we process the email address of the third party provided by you exclusively to send the invitation email and for technical assignment to the territory. The inviter is responsible for ensuring that they are authorized to pass the email address on to us.

If you invite co-users, they will receive access to the data released by you. Processing takes place for contract performance (Art. 6 Para. 1 lit. b GDPR).

Wolf Report Feature: When you use our wolf reporting function, the location data and details of the sighting are stored in your private history. If you give your express consent via the corresponding checkbox during the report (Art. 6 Para. 1 lit. a GDPR), this data and any uploaded evidentiary image will be forwarded by email directly to the responsible bodies (e.g., hunting association, wolf management). For data protection reasons, the image is used exclusively for this dispatch and is completely deleted from our servers immediately after transmission.

10. Use of our Hegemonitor App (Google Play Store)

In addition to our regular website, we offer Hegemonitor as a mobile app. Technically, this is a so-called Trusted Web Activity (TWA), which essentially presents our mobile-optimized website as an app experience.

Data processing: Data processing in the app does not differ from use in a regular web browser. No additional app-specific tracking tools (such as Firebase Analytics) are used.

Device permissions: If you want to upload trail camera images or evidentiary photos (e.g., for wolf reporting) within the app, your operating system will ask you for permission to access your camera or device storage. This permission is used exclusively for the upload process actively initiated by you. We never secretly read your storage in the background at any time. You can revoke these permissions at any time in your smartphone's settings.

11. Storage Duration

Personal data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the event of account deletion, all data will be removed, provided that no statutory retention obligations conflict (e.g., 10 years for tax-relevant vouchers for purchases of goods).

12. Your Rights

You have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as a right to rectification, erasure, or restriction of processing and the right to data portability.

Withdrawal of Consent: Many data processing operations are only possible with your express consent. You can withdraw consent already given at any time. An informal notification by email is sufficient.

13. Controller

Christoph Biebel
c/o Online-Impressum #7452
Europaring 90
53757 Sankt Augustin
Phone: +49 177 7489104
E-Mail: webmaster@hegemonitor.de

14. Additional Mandatory Information

• Provision of Data: The provision of your personal data is required for the conclusion of a contract (use of the software or purchase of goods). Without the provision of data, we cannot perform the services.
• Automated Decision-Making: Automated decision-making, including profiling (pursuant to Art. 22 Para. 1 and 4 GDPR), does not take place.

15. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority (e.g., Bavarian State Office for Data Protection Supervision) if you believe that the processing of your data violates the GDPR.