In connection with the use of mySea, Euminia GmbH, Goethestraße 24, D-88079 Kressbronn, collects, uses, and processes user data. This Privacy Policy explains the nature, scope, and purpose of the storage and use of personal data (hereinafter referred to as “data”) within our online services, as well as the related websites (e.g. blog) and our social media profile.
Every access to our website and every retrieval of a file stored on this website is logged. When using the app, all steps are also stored. This storage serves internal statistical purposes in order to continuously improve our service.
The following data is logged:
name of the retrieved file
date and time of retrieval
amount of data transferred
time spent on a page
confirmation of successful retrieval
browser and requesting domain
In addition, the IP addresses of the requesting computers are logged.
Personal data is collected only as part of registration. By personal data, we mean in particular information relating to the identity of users, such as names, email addresses, telephone numbers, or postal addresses.
Use of mySea is governed by this Privacy Policy and the General Data Protection Regulation (GDPR). By using mySea (website, apps, and social media), the user agrees to these rules governing the use of their personal data by Euminia GmbH.
When using mySea on mobile devices, users may allow the service provider to access their location via their mobile device (self-location). However, mySea does not store location-based data.
Users may optionally create a user account. During registration, users will be informed of the required mandatory information. The data entered during registration is used for the purposes of using the service.
Users may be informed by email about service-related or registration-related information, such as changes to the scope of services or technical circumstances.
If users cancel their user account, their data relating to the user account will be deleted, subject to retention where required for commercial or tax law reasons pursuant to Art. 6 para. 1 lit. c GDPR. Users are responsible for backing up their data before the end of the contract after cancellation. We are entitled to irreversibly delete all user data stored during the term of the contract.
As part of the use of our registration and login functions, as well as the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and the users’ legitimate interest in protection against misuse and other unauthorized use.
As a rule, this data will not be disclosed to third parties unless disclosure is necessary to pursue our claims or we are legally obliged to do so pursuant to Art. 6 para. 1 lit. c GDPR.
IP addresses are anonymized or deleted no later than after 7 days.
This does not affect the possibility of anonymous use of the website and app by means of a fictitious username. When using the app, the transmitted device identification number is also stored.
If, as part of our processing activities, we disclose data to other persons or companies (processors or third parties), transfer data to them, or otherwise grant them access to the data, this will only take place on the basis of a legal permission (e.g. if transfer to payment service providers (Paymill) is required for contract performance pursuant to Art. 6 para. 1 lit. b GDPR), if you have consented, if a legal obligation requires it, or on the basis of our legitimate interests.
Where we commission third parties to process data on the basis of a so-called “data processing agreement” (Auftragsverarbeitungsvertrag), this is done on the basis of Art. 28 GDPR.
Our payment service provider stores no personal data and no payment data for credit card payments.
The collected user data is used and processed to fulfill the services arising from the user agreement concluded between the user and Euminia GmbH.
We only pass personal data on to third parties if this is necessary for the performance of the contract or for billing purposes, or if the user has previously consented.
In the case of a berth booking, the data relevant for processing the booking—such as yacht type, length, width, draft, yacht name, as well as the user’s surname, first name, and, where applicable, mobile phone number—will be passed on to the respective partners.
The user has the right to revoke consent granted at any time with future effect. This must be submitted to Euminia GmbH in writing.
The username, profile picture, and other contributions, including POIs created or edited by the user, are visible to other mySea users. This content may also be found and displayed by search engines.
However, the email address in particular is not made accessible to other users and cannot be found by search engines.
Each user agrees to be found in the member search (user search) using criteria such as username, gender, or nationality, unless the user account has been marked as “not public” in the relevant user account settings.
Users may view and edit their information in the user account settings at any time or permanently and irrevocably delete the user account together with all content.
You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about such data, as well as further information and a copy of the data, in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request completion of data concerning you or correction of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to request that data concerning you be deleted without undue delay, or alternatively, in accordance with Art. 18 GDPR, to request restriction of processing of the data.
You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.
Information on payment processing: We use Revolut Ltd. as our payment service provider. By completing your purchase, you agree that your payment data will be processed by Revolut in accordance with Revolut’s privacy policy.
We provide a chatbot on our website through which users can submit general inquiries and request the status of a booking.
When using the chatbot, we process the information you enter (e.g. your message and—if provided by you—the booking number) for the purpose of handling your inquiry and providing a status update.
Important note regarding booking status requests:
The chatbot itself has no direct access to our booking system (backend). The booking status request is performed technically via a separate API interface. Only the booking status required to respond to the inquiry is transmitted through this interface. The chatbot does not receive access to complete booking data.
Please do not enter any sensitive personal data in the chat (e.g. health data, ID data, payment data, or passwords) unless this is necessary for your request.
Categories of data processed (depending on use):
content of your chat message
booking number (if entered)
date and time of the request
technical log data (e.g. IP address, browser information, device information), insofar as required for technical and security-related reasons
booking status response information (status information only, no complete booking data)
Purposes of processing:
handling and responding to your inquiry
providing a booking status response
ensuring technical operation and IT security
prevention of misuse and error analysis
Legal bases for processing:
Art. 6 para. 1 lit. b GDPR (processing for the performance of pre-contractual measures or the performance of a contract), insofar as the inquiry relates to your booking or the provision of booking status information
Art. 6 para. 1 lit. f GDPR (legitimate interest), insofar as processing is necessary to ensure secure and stable operation, prevent misuse, and perform technical error analysis
To operate the chatbot, we use external service providers, including the AI technology provider OpenAI. Where personal data is processed on our behalf, this takes place on the basis of a data processing agreement pursuant to Art. 28 GDPR.
No use for training purposes:
Chat content entered as part of chatbot use is not used for training AI models.
Where personal data is transferred to third countries outside the EU/EEA in connection with the use of the chatbot, this is done only in compliance with the legal requirements of Art. 44 et seq. GDPR (e.g. on the basis of an adequacy decision or appropriate safeguards).
Storage period:
Chat content is stored in anonymized form for 4 weeks and is then deleted. Any further storage only takes place to the extent necessary to ensure secure operation, detect/trace misuse, or comply with statutory retention obligations.
No automated decision-making within the meaning of Art. 22 GDPR takes place via the chatbot in connection with booking status requests.
Cookies are used when using mySea. Cookies are data records sent by the web server to the user’s web browser and stored there for later retrieval. You can decide for yourself whether cookies may be collected by configuring your browser so that you are informed before a cookie is stored and storage only takes place if you expressly accept it.
Setting your browser accordingly can prevent cookies from being set. However, this may result in functional limitations.
We store and evaluate the following information in anonymized form in a file:
time of server request
browser type/version
hostname of the accessing computer (IP address)
referrer URL (the previously visited page)
operating system used
time spent on a page
When using the app, the following data is collected and evaluated:
user’s device type
operating system of the device used
manufacturer-assigned device ID of the device used
functions accessed in the application (e.g. search, filter, lists, or check-in)
time of use of the functions
The stored information cannot be assigned to any specific user.
We use Google Analytics to analyze website usage. The data obtained is used to optimize our website and advertising measures.
Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and contractually undertakes measures to ensure the security and confidentiality of the processed data.
During your visit to our website, the following data may be transmitted to Google, among other things:
pages viewed
achievement of “website goals”
your behavior on the pages (for example time spent, clicks, scroll depth)
your approximate location (country and city)
your internet address (IP address)
technical information such as browser, internet provider, end device, and screen resolution
source of your visit (i.e. via which website or advertising medium you came to us)
a randomly generated user ID
No personal data such as name, address, or contact details is transmitted to Google Analytics.
This data is transferred to Google servers in the USA. Please note that in the USA, the same level of data protection as within the EU may not be guaranteed.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID, which can be used to recognize you on future visits to the website.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored indefinitely in aggregated form.
If you do not agree to this data collection, you can prevent it by one-time installation of the browser add-on to disable Google Analytics or by rejecting cookies via our cookie settings dialog.
With the following information, we inform you about the contents of our newsletter, as well as the registration, sending, and statistical evaluation procedures, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Newsletter content:
We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter “newsletter”) only with the consent of the recipient or on the basis of a legal permission. If the content of the newsletter is specifically described during registration, this description is decisive for the user’s consent. Otherwise, our newsletters contain information about our services and our company.
Double opt-in and logging:
Registration for our newsletter takes place using a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else’s email address.
Newsletter registrations are logged in order to document the registration process in accordance with legal requirements. This includes storage of the registration and confirmation times, as well as the IP address. Changes to your data stored by the sending service provider are also logged.
Registration data:
To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal addressing in the newsletter.
The newsletter is sent and its performance is measured on the basis of the recipients’ consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 107 para. 2 TKG, or on the basis of legal permission pursuant to § 107 para. 2 and 3 TKG.
Logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves both our business interests and users’ expectations and also allows us to provide proof of consent.
Cancellation / withdrawal:
You may unsubscribe from our newsletter at any time, i.e. withdraw your consent. A link to unsubscribe can be found at the end of every newsletter.
We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for newsletter dispatch purposes, in order to prove previously given consent. Processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
Newsletters are sent using the service provider MailChimp, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
You can view the service provider’s privacy policy here: https://mailchimp.com/legal/privacy/.
The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield framework and thereby offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
The sending service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and a data processing agreement pursuant to Art. 28 para. 3 sentence 1 GDPR.
The sending service provider may use recipients’ data in pseudonymized form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. for technical optimization of the sending and presentation of newsletters or for statistical purposes. However, the sending service provider does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
The newsletters contain a so-called “web beacon,” i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a sending service provider, from the provider’s server.
As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval.
This information is used for technical improvement of the services based on technical data or on target groups and their reading behavior, based on the retrieval locations (which can be determined using the IP address) or access times.
The statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the sending service provider to monitor individual users. Rather, the evaluations help us recognize our users’ reading habits and adapt our content to them or send different content according to our users’ interests.
You may revoke your consent to the collection, use, and processing of data at any time without giving reasons. Please contact:
Euminia GmbH
Goethestraße 24
D-88079 Kressbronn
info@my-sea.com
We are available to answer further questions regarding our data protection notice and the processing of your personal data.
However, in the event of withdrawal, we will delete the user account. Contributions posted by the user may remain, provided they do not contain personal data of the user.
The data processed by us will be deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this Privacy Policy, data stored by us will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion.
If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, retention takes place in particular for 6 years pursuant to § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, booking vouchers, etc.) and for 10 years pursuant to § 147 para. 1 AO (books, records, management reports, booking vouchers, commercial and business letters, documents relevant for taxation, etc.).
According to legal requirements in Austria, retention takes place in particular for 7 years pursuant to § 132 para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statements of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically supplied services, telecommunications, radio and television services provided to non-business customers in EU Member States and for which the Mini One Stop Shop (MOSS) is used.
We make every effort to ensure the security of user data; however, electronic communication is never completely secure. We point out that despite high standards, information transmitted voluntarily over the Internet may be used by third parties.
Therefore, we cannot assume responsibility or liability for the disclosure of information due to errors in data transmission and/or unauthorized access by third parties.
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services.
When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in this Privacy Policy, we process users’ data where they communicate with us within social networks and platforms, e.g. by posting on our online presences or sending us messages.
Within our online services, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online services within the meaning of Art. 6 para. 1 lit. f GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).
This always requires that the third-party providers of this content process users’ IP addresses, since without the IP address they could not send the content to the users’ browser. The IP address is therefore required for the display of this content.
We make efforts to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” may be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information may also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, visit time, and other information regarding the use of our online services, and may also be combined with such information from other sources.
We integrate videos from the platform “YouTube” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
We integrate maps from the service “Google Maps” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
This Privacy Policy includes passages generated with Datenschutz-Generator.de by attorney Dr. Thomas Schwenke.
Privacy Policy Version 2.2