This privacy policy applies to all services of cryeffect Media Group Görsch & Müller GbR.

Foreword

Data protection is not only important to us at the cryeffect Media Group because of the GDPR, but it is also deeply rooted in our personal conviction.

All data we collect, where collection is necessary at all, is treated strictly confidentially and will not be passed on to third parties without your explicit consent. All of our services run exclusively on servers of a major German hosting company within the EU, over which we have sole and complete control.

In this privacy policy, we inform you which personal data (hereinafter referred to as data) we collect, how we process it, and which rights you have regarding your data.

The use of our public services is generally possible without providing personal data. Where personal data (for example name, address, or email addresses) is collected in our services, this is always done on a voluntary basis where possible.

To protect sensitive data, our websites use HTTPS, which encrypts all data transmitted between our servers and your browser. Nevertheless, we point out that data transmission on the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Controller

cryeffect Media Group Görsch & Müller GbR

Wassermannstraße 81
12489 Berlin, Germany

📞 Phone: +49 160 8191047
✉️ Email: info@crymg.de

For general inquiries, please use our Support / Contact page.

Types of data processed

• Inventory data (e.g., names, addresses).
• Contact data (e.g., email).
• Content data (e.g., text entries, photographs, videos).
• Usage data (e.g., pages visited, interest in content, access times).
• Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of our services.
(Hereinafter, we collectively refer to the data subjects as users.)

Purpose of processing

• Provision of our services, their functions and content.
• Responding to contact requests and communicating with users.
• Security measures.
• Reach measurement.
• Rectification of potential errors.

Definitions

Personal data is any information relating to an identified or identifiable natural person (hereinafter data subject). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Tracking is the collection of data about user behavior on websites. This can include which pages are visited, how long someone stays on a page, which links are clicked, and more. Such information is usually collected through cookies, pixels or other tracking technologies.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not stated in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfill our services, perform contractual measures, and respond to inquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. In cases where processing personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.

Security measures

In accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Measures in particular include ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data as well as access, input, disclosure, ensuring availability, and segregation of data. Furthermore, we have procedures in place to ensure the exercise of data subject rights, deletion of data, and response to data threats. We also take into account the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6(1)(b) GDPR), if you have consented, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, etc.).

If we commission third parties to process data on the basis of a so-called data processing agreement, this is done on the basis of Art. 28 GDPR.

Use of sevDesk

We use the cloud-based accounting software sevDesk, a service of sevDesk GmbH, Im Unteren Angel 1, 77652 Offenburg, Germany, to manage our accounting.

Processing is carried out pursuant to Art. 6(1)(c) GDPR to fulfill legal obligations (e.g., retention and documentation obligations under the HGB, AO) and pursuant to Art. 6(1)(b) GDPR to fulfill contractual obligations towards our customers.

In particular, the following data is processed: name, address, invoice data, payment information, and communication data.

sevDesk GmbH processes this data on our behalf under a data processing agreement pursuant to Art. 28 GDPR. Data processing takes place exclusively within the EU or EEA.

Further information on data processing by sevDesk can be found in sevDesk’s privacy policy:
https://sevdesk.de/sicherheit-datenschutz/

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of the use of third-party services or disclosure/transmission of data to third parties, this only happens if it is necessary to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process data in a third country only when the special conditions of Art. 44 et seq. GDPR are met. I.e., processing occurs, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the USA through the Privacy Shield) or the observance of officially recognized special contractual obligations (so-called standard contractual clauses).

Rights of data subjects

You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

Pursuant to Art. 17 GDPR, you have the right to request that data concerning you be deleted without delay or, alternatively, to request restriction of processing of the data in accordance with Art. 18 GDPR.

You have the right to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transmission to other controllers.

You also have the right, in accordance with Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.

Right of withdrawal (consent)

You have the right to withdraw consents granted pursuant to Art. 7(3) GDPR with effect for the future.

Right to object

You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection can be made in particular against processing for the purposes of direct marketing.

Cookies and right to object to direct marketing

Cookies are small files that are stored on users’ computers. Different information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering. Temporary cookies, i.e., session cookies or transient cookies, are cookies that are deleted after a user leaves an online offering and closes their browser. For example, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie. Permanent or persistent cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved when users return after several days. Likewise, user interests can be stored in such a cookie for reach measurement or marketing purposes. Third-party cookies are cookies offered by providers other than the controller operating the online offering (otherwise, if it is only their cookies, they are referred to as first-party cookies).

We may use temporary and permanent cookies and provide information about this within our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional restrictions of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for many services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that not all functions of this online offering may then be usable.

Deletion of data

The data we process is deleted or its processing is restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated within this privacy policy, the data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Comments and posts

If users leave comments or other contributions, their IP addresses may be stored for 14 days on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR. This is for our security in case someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In such cases, we may ourselves be held liable for the comment or contribution and therefore have an interest in the identity of the author.

Furthermore, on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, we reserve the right to process user information for the purpose of spam detection.

The data provided as part of comments and posts is stored by us permanently until the users object.

Collection of access data and log files

On the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR, we collect data about every access to the servers on which our services are located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of 14 days and then deleted. Data whose further storage is necessary for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

In anonymized form, we can automatically evaluate the log files to create statistics about access, for example.

Error and performance data collection with Sentry

In some of our services, especially cryForms, we use Sentry as a self-hosted solution.

Sentry is software primarily used to monitor, track, and analyze errors and exceptions in software applications. It helps us identify issues in real time so that we can fix them quickly and improve the user experience.

Data collection is carried out in our legitimate interest within the meaning of Art. 6(1)(f) GDPR with the aim of identifying and fixing problems promptly.

The information collected by Sentry may contain personal data, which we expressly do not use for tracking individual users but solely for error analysis.

Because we operate Sentry as a self-hosted solution, all collected data remains with us and is protected from access by third parties.

As of 2025-07-25