Privacy Policy

Service: The Service is the website operated by Crosspaint https://www.crosspaint.tv/
Personal Data: Personal Data is data relating to a living individual that is derived from that data (or from that data in combination with other information that we already have or likely to come into our possession).
Usage data: Usage data is data that is collected automatically as part of the use of the service or within the service infrastructure itself (e.g. for the duration of a page visit).
Cookies: Cookies are small files that are stored on your device (computer or mobile device).
Data controller: The data controller is a natural or legal person who (either alone or together with other persons) determines the purposes and manner for and in which personal data are or are processed .are to be processed. For the purposes of this Privacy Policy, we are the data controller of your personal data.
Data processor (or service provider): A data processor (or service provider) is a natural or legal person who processes the data on behalf of the data controller. We may use the services of various service providers to process your data in a more efficient manner.
Data Subject (or User): A Data Subject is a living individual using our Service who is the subject of Personal Data.

We engage third party service providers to monitor and analyze the use of our service.​

We engage third party service providers to monitor and analyze the use of our service.

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Nature and purpose of the processing
​
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use Google Signals. This allows Google Analytics to collect additional information about users who have personalised ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behaviour is recorded in the form of “events”. Events can be:

Also recorded:

Purposes of the data processing
​
On behalf of the operator Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website and the success of our marketing campaigns.

Recipients
​
Recipients of the data are/may be

Third country transfer

For the USA, the European Commission adopted a news adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.

Retention period
​
The data sent by us and linked to cookies are automatically deleted after 2. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis
​
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.

Withdrawal
​
You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by
A) not giving your consent to the setting of the cookie or
B) downloading and installing the browser add-on to deactivate Google Analytics HERE.

For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.​

This website includes videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers will be established. The YouTube server is informed which of our pages you have visited.

Furthermore, YouTube can store various cookies on your end device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used i.a. used to collect video statistics, improve usability and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

​YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR and Article 25 Paragraph 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information on how to handle user data, see YouTube’s privacy policy at: https://policies.google.com/privacy

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, contact the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

We use ActiveCampaign on our website as a service for our e-mail marketing. The service provider is the American company “ActiveCampaign, 1 N Dearborn St 5th floor, Chicago, IL 60602,USA”.
Data Privacy Frameworks
ActiveCampaign also processes your data in the USA, among other places. ActiveCampaign is an active participant in the EU-U.S. Data Privacy Framework, the UK extension of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. This certification regulates the correct and secure transfer of personal data of EU citizens, British and Swiss citizens to the USA. More information about the EU adequacy decision on the EU-U.S. Data Privacy Framework can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

​STANDARD CONTRACTUAL CLAUSES (SCCS UND UK ADDENDUM)
​
ActiveCampaign also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, ActiveCampaign undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

​You can find more information on the standard contractual clauses and the data processed through the use of ActiveCampaign at https://www.activecampaign.com/legal/privacy-policy 

DATA PROCESSING AGREEMENT (DPA)
​
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Inquiry via contact form
​
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried; consent is at any time
revocable.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Request via email
​
If you contact us by e-mail, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested; the consent can be revoked at any time.
The data you sent to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Newsletter Data
​
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . Further data is not collected or only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after it no longer serves any purpose. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.

Data stored by us for other purposes remain unaffected.

After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

We may make paid products and/or services available within our Service. In this case, we use third-party payment providers for payment processing.

We will not store or collect your payment card details. This data is transmitted directly to the named third-party payment providers, whose use of your personal data is subject to their respective data protection guidelines (privacy policy). The payment providers mentioned adhere to the standards set out by PCI-DSS administration of the PCI Security Standards Council. The latter is a joint project of brand names such as Visa, MasterCard, American Express and Discover. The PCI DSS requirements support secure handling of payment data.
The payment providers we use are:

1. Description and Scope of Data Processing
​
We use Salesforce Nonprofit, operated by Salesforce.com, Inc., located in the USA, to manage our donor data, fundraising efforts, and communications. Various personal data are processed that arise through interactions with our donation forms, emails, and other related services.

Categories of Processed Data:

2. Legal Basis for Processing

The processing of personal data takes place in accordance with Art. 6 para. 1 lit. a GDPR, based on the user’s consent, or in accordance with Art. 6 para. 1 lit. f GDPR, due to our legitimate interest in efficiently managing donations, improving user engagement, and maintaining donor relations.

3. Data Transfer to Third Countries

Since Salesforce Nonprofit is operated by a company located in the USA, data is transferred to a third country outside the EU/EEA. Salesforce uses Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection. Further information on this can be found in Salesforce’s Data Processing Agreement (DPA), available at:

Salesforce DPA.

4. Storage Duration
​
Personal data is stored for a period of up to 7 years after the termination of the donor relationship or as long as required by legal retention obligations, particularly for tax and financial reporting purposes.

5. Data Transfer Impact Assessment
​
We have conducted a Data Transfer Impact Assessment (DTIA) to evaluate the risks and safeguards associated with the transfer of personal data to the USA. In doing so, we have particularly considered the legal situation and data processing practices in the USA. The results of this DTIA are incorporated into our continuous evaluation and adaptation of data protection measures to ensure an adequate level of protection for your data.

6. Right to Object and Data Subject Rights
​
Affected users have the right, according to GDPR:

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

We use cookies and similar tracking technologies to monitor activity within our Service and store certain data in connection with this.

Cookies are files with small amounts of data, such as anonymous unique identifiers. Cookies are sent to your browser from a website and stored on your device. The other tracking technologies we use are so-called beacons, tags and scripts and are used to collect and track data and to improve and analyze our service.

You can determine in your browser settings whether you want to reject all cookies or only accept certain cookies. However, if you refuse to accept cookies, you may not be able to use parts of our service.

Examples of cookies we use:

1. Description and Scope of Data Processing

We use ClickFunnels, operated by Etison, LLC, located in the USA, to provide our websites, landing pages, and marketing funnels. Various personal data are processed that arise through interaction with our pages and forms.

​Categories of Processed Data:

2. Legal Basis for Processing

The processing of personal data takes place in accordance with Art. 6 para. 1 lit. a GDPR based on the user's consent or in accordance with Art. 6 para. 1 lit. f GDPR due to our legitimate interest in effectively designing our online offerings and marketing processes.

3. Data Transfer to Third Countries
​
Since ClickFunnels is operated by a company located in the USA, data is transferred to a third country outside the EU/EEA. ClickFunnels uses Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection. Further information on this can be found in the Data Processing Agreement (DPA) of ClickFunnels, available at: https://signup.clickfunnels.com/dpa 

4. Storage Duration
​
Personal data is stored for a period of up to 2 years after the termination of the customer relationship, unless there are legal retention obligations.

5. Data Transfer Impact Assessment
​
We have conducted a Data Transfer Impact Assessment (DTIA) to evaluate the risks and safeguards associated with the transfer of personal data to the USA. In doing so, we have particularly considered the legal situation and data processing practices in the USA. The results of this DTIA are incorporated into our continuous evaluation and adaptation of data protection measures to ensure an adequate level of protection for your data.

6. Right to Object and Data Subject Rights
​
Affected users have the right to, according to GDPR:

Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be taken directly to that third party’s website. We strongly encourage you to review the privacy policies of any website you visit.

We have no control over, and accept no liability for, the content, privacy policies and practices of any third-party websites or services.

Our Service is not directed to persons under the age of 18 (“Minors”).
We do not knowingly collect personally identifiable information about minors. If you are a parent or guardian and you become aware that a minor in your care has provided us with personal information, please contact us. If we become aware that we have collected personal information from a minor without parental consent, we will implement steps to remove that information from our servers.

If you have any questions about this privacy policy, you can contact us as follows:

Further information about us as the data controller can be found in the imprint.