Schwelmer Online | Privacy Policy

Privacy Policy

Privacy Policy Schwelmer Online

 

Effective from: 01.11.2025

Responsible / Provider:

DomiXo – IT-Service
Frank Marten
Kirchstr. 21
58332 Schwelm
Deutschland

E-Mail: info@domixo.de

Phone: +49 2336-9151462

 

1. Preliminary remark and scope

 

This privacy policy informs you about the type, scope, purpose, legal basis and duration of the processing of personal data when using the social network Schwelmer Online (hereinafter referred to as the platform). It applies to all visitors, registered users and site visitors whose data we collect via our website.

The processing is carried out in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The rights of data subjects include, in particular, access, rectification, erasure, restriction of processing, data portability and objection (see section "Your rights"). GDPR+1

 

2. Controller and location of data processing

 

DomiXo - IT-Service in Schwelm is responsible for data processing  . The platform servers are located in Frankfurt, Germany, so data processing takes place within the EU.

 

3. Personal data collected

 

In particular, we process the following data:

  • Name and username
  • E-mail address
  • IP address
  • Technical information about the device and browser
  • Posts, comments, messages, and other content created by you on the Platform

 

4. Use and storage of data

 

Personal data is used exclusively for the provision and operation of the platform. They are used to manage your user account, to correctly assign posts and messages, to ensure the security of the platform and to provide technical functions.

Your data is backed up multiple times to prevent loss and unauthorized access. Regular backups are created and the data is stored encrypted.

 

5. Disclosure to third parties

 

Your personal data will not be shared with third parties unless we are legally obliged to do so. Third-party providers such as YouTube, X, Facebook, LinkedIn, WhatsApp, or SoundCloud only receive data if you actively use their features, such as playing a video or embedding a widget.

 

6. Rights of Users

 

As a user, you have the following rights in relation to your personal data:

  • Right to information: You can find out at any time what data we have stored about you.
  • Right to rectification: Incorrect or incomplete data can be corrected.
  • Right to erasure: You can request that your personal data be deleted, provided that there are no legal retention obligations.
  • Right to restriction of processing: You can temporarily restrict the processing of your data, e.g. if you contest the accuracy of the data.
  • Right to data portability: You can receive the data stored about you in a common format in order to transfer it to another provider, for example.
  • Right to object: You can object to the processing of your data if it is based on legitimate interest.
  • Revocation of consent: You can revoke consents you have given (e.g. for cookies or third-party plugins) at any time.

To exercise these rights, you can contact datenschutz@domixo.de by email  . We process requests within the time limit provided for by law.

 

7. Security

 

We use technical and organizational measures to protect your data from unauthorized access, loss or misuse. This includes encryption, access controls, regular security updates, and backups.

 

8. Changes to the Privacy Policy

 

This Privacy Policy may be adapted as necessary, e.g. in the event of new features or legal changes. Significant changes will be posted on the platform or announced by email.

 

9. Contact

 

DomiXo – IT-Service
Frank Marten
Kirchstr. 21
58332 Schwelm
Deutschland

E-Mail: datenschutz@domixo.de

Phone: +49 2336-9151462

 

10. Controller and Data Protection Officer

 

The controller within the meaning of the GDPR is the above-mentioned provider (DomiXo - IT-Service). 

 

11. Categories of personal data

 

Depending on the function and use, we process at least the following categories of data:

  1. Master data / account data: name, user name, e-mail address, if applicable, phone number, profile picture, profile details (location, biography, etc.)
  2. Usage data: posts, comments, messages (private messages), likes/reactions, group memberships, event data
  3. Connection data / log data: IP address, time of login, browser type, device identifier, operating system, page views, referrer URL, error messages
  4. Payment data: only for fee-based services (e.g. premium features) — separate regulations and, if applicable, external payment service providers
  5. Device and location data: if shared by users (e.g., location in posts or geotagging)
  6. Third-party data: Data that is generated when integrating external services (see section "Third-party providers and embeds")

 

12. Purposes of processing and legal bases

 

We process personal data for the following purposes and base the processing on the legal bases set out in brackets from time to time:

  1. Provision and operation of the platform, hosting, security, troubleshooting, system administration (contract/legitimate interest). Art. 6 (1) (b) or (f) GDPR. GDPR
  2. Provision of the contractually agreed services (for registered users; e.g. creation and management of user accounts). (Art. 6 para. 1 lit. b GDPR). GDPR
  3. Consent-based processing (e.g. tracking, personalized advertising, certain widgets/embeds) only after explicit consent. (Art. 6 para. 1 lit. a GDPR). iapp.org
  4. Legal compliance, fulfilment of legal obligations (e.g. retention periods, information obligations). (Art. 6 para. 1 lit. c GDPR).
  5. Operational security, protection against abuse, protection of our rights (legitimate interest). (Art. 6 para. 1 lit. f GDPR).
  6. Analysis, product improvement, personalization - where necessary on the basis of legitimate interests or after consent, depending on the level of personal evaluation. (Art. 6 para. 1 lit. f or a GDPR).

 

Note: The specific legal basis for individual processing operations is clearly stated in consent and data protection notices within the scope of the respective functions (e.g. cookie banner, registration form).

 

13. Processing of registration and use of the account

 

When registering, we process the contact details and profile data you provide for the administration of the user account and for the provision of the platform services (Art. 6 para. 1 lit. b GDPR). You can make visible in the profile which information is public; Please note that public profile information can be seen, stored and disseminated by other users.

If you post content (posts, photos, videos), you are responsible for legality and rights clearance. By uploading, you grant us the rights of use described in the Terms of Use; Deletion takes place according to your specifications, technical residual copies can remain.

 

14. Log and Log Data, Server Hosting

 

To ensure operation, security and troubleshooting, we store log data (IP, time stamp, pages viewed). This data is technically necessary to defend against attacks and functions as the basis for the provision of the service (Art. 6 para. 1 lit. f GDPR). The server is located in Frankfurt, Germany (within the EU). GDPR

 

15. Cookies, Trackers and Analytics

 

Our website uses cookies and similar technologies to:

  • Technically necessary functions (session cookies)
  • Preferences / Settings
  • Performance and analysis purposes (e.g. evaluation of page views) - only with consent
  • Marketing / Personalization - only with explicit consent

Consent is obtained via a cookie consent tool; you can revoke consent at any time. Details of the types of cookies used, storage period and opt-out options are provided in the cookie banner and in a cookie table on the website.

 

16. Third-Party Providers, Embeds and Social Plugins

 

On our platform, we use external third-party services to function and enrich the content. When these services are activated or embedded, data is transmitted to the respective providers. Below is a detailed explanation for the services you mentioned:

 

8.1 YouTube (Google)

  • Application: Embedding YouTube videos via iFrame or API.
  • What data is transmitted: When the player is loaded (especially if JavaScript is activated), technical data (IP, browser info) and, if applicable, cookies are transmitted to Google/YouTube; if you are logged in to Google accounts, viewer data can be linked to the Google profile and used for recommendations and advertising. When you play a video, the player also transmits usage data to Google.
  • Legal situation / information: Google offers settings and information on data use; YouTube / Google is a data controller for the processing on their systems. Check the privacy policy of Google/YouTube. policies.google.com+1

8.2 X (formerly Twitter)

  • Use: Embedding tweets, login via X (if offered), sharing functions.
  • What data is transmitted: When X content is loaded, technical data (IP, UserAgent), cookies and, when logging in, account information may be transmitted to X/Twitter; X may further process this data in accordance with its guidelines.
  • Legal situation / Notes: X is an independent data controller; in some cases third-country transfers take place (e.g. USA) - X participates in the EU-US Data Privacy Framework (DPF) Privacy+1

8.3 Facebook / Meta (incl. WhatsApp)

  • Use: Facebook Like/Share buttons, login via Facebook, embedding Facebook content; WhatsApp contact links or use of WhatsApp Business for communication.
  • What data is transmitted: When Meta plugins are loaded, data is transmitted to Meta (e.g. IP, referrer, possibly login status). Meta may use data for personalized advertising across its platforms (Facebook, Instagram, Messenger, WhatsApp). WhatsApp is part of the Meta group; Metabusiness models allow data exchange within the group in certain cases.
  • Legal situation / Notes: Meta is an independent controller; special caution is required due to extensive sanctions practice and audits by EU supervisory authorities. There are special data processing terms for WhatsApp Business when companies use WhatsApp as a business service. Facebook+1

8.4 LinkedIn

  • Use: Embedding LinkedIn content, LinkedIn share/follow buttons or login with LinkedIn.
  • What data is transferred: When LinkedIn content is loaded, technical connection data is transmitted; when logging in, data is transmitted in accordance with LinkedIn policy. LinkedIn processes the data according to its own guidelines (third-country transfers are also possible). LinkedIn+1

8.5 SoundCloud

  • Application: Embedding audio players (tracks) from SoundCloud.
  • What data is transmitted: When the player is loaded, technical data and cookies are set by SoundCloud; when playback, further usage data is collected. SoundCloud may process metadata related to uploads and audience statistics. Observe SoundCloud's policies regarding copyright and (current) AI use of content. SoundCloud+1

Note on social plugins and embeds: If we use third-party plugins, the following applies: These providers are usually independent controllers of the data collected there. As far as technically possible, we provide privacy-friendly embeddings (e.g. 2-click solution or no cookies without consent); if this is not possible, we will explicitly obtain consent before activating the plugins.

 

17. Third country transfers and safeguard measures

 

Many large third-party providers (Google, Meta, X, LinkedIn, SoundCloud) are companies with locations outside the EU/EEA (e.g. USA). Transfers to third countries may only take place if an adequate level of data protection is ensured (e.g. through an adequacy decision by the EU Commission such as the EU-US Data Privacy Framework, Standard Contractual Clauses (SCC) or binding operational regulations). The European Data Protection Authority (EDPB) and national supervisory authorities provide guidance and measures in this regard. Where possible, we rely on providers who provide appropriate safeguards (e.g. participation in the EU-US Data Privacy Framework or standardised contractual clauses). Nevertheless, risks may remain in third-country transfers; you have the right to request further information about the specific protective measures (see contact details). edpb.europa.eu+1

 

18. Disclosure to processors and partners

 

We work with service providers (hosting providers, email providers, payment service providers, analytics tools). They are contractually bound as processors (Art. 28 GDPR). A list of the categories of processors (e.g., hosting: DomiXo IT-Service, mail: DomiXo IT-Service, will be provided upon request. Certain third-party providers (e.g., LinkedIn, Meta, Google, X, SoundCloud) have their own data processing and accountability policies; for business integrations, we may conclude additional Data Processing Agreements (DPAs) (cf. LinkedIn DPA). legal.linkedin.com

 

19. Retention Periods

 

We only store personal data for as long as is necessary for the purposes or for as long as there are statutory retention periods (e.g. tax obligations). Profile and log data will be deleted or anonymized after a reasonable period of time in terms of content; Posts and content will remain in your space unless you delete them or your account is deactivated. Exact deadlines depend on the purpose and legal requirements; detailed deletion concepts can be provided.

 

20. Your rights (rights of data subjects)

 

According to the GDPR, you have the following rights (summarized in a nutshell; the articles are linked):

  • Right to information (Art. 15 GDPR): What data do we process about you?
  • Right to rectification (Art. 16 GDPR): Have incorrect data corrected.
  • Right to erasure ("right to be forgotten") (Art. 17 GDPR): Request erasure under certain conditions.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object to processing based on legitimate interests (Art. 21 GDPR).
  • Right to withdraw consent (Art. 7 GDPR) - Revocation has no effect on the lawfulness of the processing until the withdrawal.
  • Right to lodge a complaint with a supervisory authority (e.g. State Commissioner for Data Protection in North Rhine-Westphalia). GDPR+1

To exercise rights: Please send your request by e-mail to: [datenschutz@domixo.de] or by post to the above business address. We will process requests within the period provided for by law (usually 1 month). We may ask for proof of identity verification.

 

21. Security Measures

 

We implement technical and organizational measures (encryption, access controls, regular security updates, backups) to protect personal data from loss, unauthorized access or unlawful processing. Nevertheless, no transmission on the Internet is 100% secure; When transmitting sensitive data, please pay attention to secure communication channels.

 

22. Data protection of children and minors

 

The platform is generally intended for persons aged 16. If content of minors is processed, we observe special protection regulations; we ask parents or guardians to contact us if they have any concerns.

 

23. Changes to this Privacy Policy

 

We will amend this Privacy Policy as necessary (e.g., in the event of new features or legal changes). We will provide appropriate information about material changes (e.g. notice on the platform or by e-mail).

 

24. Supervisory authority and enforcement

 

If you believe that the processing of your personal data violates our Statement or the GDPR, you can lodge a complaint with the relevant supervisory authority: e.g. State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), P.O. Box 20 02 11, 40102 Düsseldorf, or online via their complaints portal.

 

25. Contact for data protection inquiries

 

DomiXo – IT-Service
Frank Marten
Kirchstr. 21
58332 Schwelm
Deutschland

E-Mail: datenschutz@domixo.de

Phone: +49 2336-9151462

 

26. Notes on Special Third-Party Services (Quick Reference with Sources)

 

  • YouTube / Google: Information on data usage and privacy can be found at Google / YouTube. Embedded players can transmit data to Google. policies.google.com+1
  • X (Twitter): X documents data processing in its Privacy Policy; X participates (depending on the region) in transfer mechanisms such as the EU-US DPF. Privacy+1
  • Meta / Facebook / WhatsApp: Meta maintains a central privacy policy; WhatsApp also has business data processing conditions. Facebook+1
  • LinkedIn: LinkedIn provides detailed privacy information and offers DPAs for business customers. LinkedIn+1
  • SoundCloud: SoundCloud's privacy page provides information about collection and embedded player cookies; SoundCloud has recently adjusted its AI usage rules. SoundCloud+1

 

© 2025 Schwelmer Online