Privacy Notice

General

We generally try to be as privacy aware as possible. Our system is build in a way that minimizes the amount of personal data needed. As a rule of thumb we use psydonymization if possible. The complete source code is available for auditing on Github.

All data collection and processing is done in accordance with relevant regulations, particularly the GDPR (General Data Protection Regulation - (EU) 2016/679). We will never share any personal information with 3rd parties.

Data We Collect

Votes (Session IDs)

In order to be able to provide the websites functionality, we store which mob was chosen by the user, in combination with the timestamp and the session IDs. The reason we store the raw data instead of aggregated data is that we want to be able to remove votes in case we determine that they are spam. The details of the implementation are explained on the About page.

The data processing is necessary to provide the basic functionality of this website.

The association between votes and sessions is deleted after 6 months.

Audit Log (Session IDs)

Actions on the website that are relevant for determining whether votes are spam (e.g. when a new session was created, when a vote was cast, ...) are logged. The log entries contain the session IDs, the timestamp, the event type and some details about the event (e.g. the ID of the vote).

Processing of security relevant data is a legitimate interest.

Audit logs are automatically deleted after 6 months.

Access Log (IP Addresses, User Agent)

For security purposes (e.g. fail2ban) we temporarily store the client IP address and user agent string. The IP addresses are stored in anonymized form.

Processing of security relevant data is a legitimate interest.

Access logs are automatically deleted after 6 months.

Hosting

This website is hosted in Germany. No data is stored outside the EU.

Cookies

We use session cookies. There are multiple reasons for that:

• Functional: The votes are associated with the session ID. This way we can provide a better experience for the users. For example, as long as the session is active, the user will not be shown the same pairing twice.
• Web Security: We store security-related data in the session that we use to prevent CSRF and similar attacks on our website.
• Spam Protection: We use the session ID in our audit log, so we can find and undo votes by spammers or bots.

We do not use 3rd party tracking cookies or advertising cookies of any kind.

Your Rights

The GDPR grants you the right to access, rectify, erase or transfer your data, as well as restrict and object to processing of your data.

However, due to the fact that we only ever store psydonymized data, we are generally not able relate specific data sets to a user. In any case, if you do want to exercise your rights, please contact us so we can take a look at your specific case.

Responsibility

In case you have any question regarding our privacy notice, please reach out via the following email address:

Data Controller: Florian Buchberger (privacy@mobmash.click)