Last Updated: July 18, 2022
We know that the handling of your personal information is important to you. For this reason, we take the greatest possible care when handling your personal information and thus ensures a high level of data security. We respect the personal rights of our customers and are aware of the importance of protecting the personal information we receive from you.
Personal information in this sense are all individual details about personal or factual circumstances of an identified or identifiable natural person, such as your name, your telephone number, your address, and other information that you provide to us when you register, use our offers by you or contact us about you.
Person responsible for data processing
Citysurfing is the data controller within the meaning of the GDPR and the SB 1864
7901 4th St N, STE 300
St. Petersburg, FL 33702
Collection and storage of personal information as well as type and purpose of their use
a) processing of data for the use of the website
When you access the website via your browser, we only collect personal information that your browser or mobile device automatically transmits to us in order to enable you to visit our website and to ensure stability and security. These can be in particular:
-Your IP address,
-Your device identification, i.e., the unique number of the end device,
-the content, date, and time of the request,
-the time zone of the requesting computer or mobile device,
-the website from which the request was forwarded,
-the requested page,
-the http status code,
-the amount of data transferred,
-your operating system,
-language and version of the browser software and
-Advertising Identifier (IDFA)
The processing of this data serves to ensure a smooth connection of the website, the display of our services and listings, the usability of our services, the evaluation and system security and stability, as well as for other administrative purposes.
We process the transmitted data strictly for the intended purpose, for a period of 90 days, in the interest of being able to detect, limit and eliminate attacks on our websites. After this period has expired, we delete or anonymize the IP address, unless there are separate legal obligations to store it.
The legal basis for this processing of your personal information is Art. 6 (1) lit. f GDPR.
b) processing of data when you are contacting us
We offer you the possibility to contact us via email or chat. If you contact us, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message.
The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Art. 6 (1) b) GDPR and/or our legitimate interest in processing your enquiry in accordance with Art. 6 (1) f) GDPR.
c) processing of data for the use of our services
We only process and store personal information that is required for your use of our service offer and the associated service offer. For this purpose, we collect:
-your e-mail address,
-your bank details;
-payment data; and
-the personal and non- personal information that you are voluntarily disclosing (for example when creating a listing, creating an account, communicating with others, posting a review, paying for service or withdrawing your funds etc)
The legal basis for this processing are Art. 6 (1) a) GDPR, your consent, to fulfill our contractual obligations or to carry out pre-contractual measures. Art. 6 (1) b) GDPR, our legal obligations Art. 6 (1) c) GDPR, and our legitimate interest to protect ourselves and our users from fraud or economic damage Art. 6 para. 1 lit. f GDPR.
d) processing of data for contract fulfilment and data management
We process various data within the framework of the provision of our services and for the initiation and processing of the existing contractual relationship between you and us. If you have commissioned us to provide a service, we process your data (if provided: Name, contact details address, bank details and payment data) and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship. Accordingly, the data is processed on the basis of Art. 6 (1) b) GDPR as well as to fulfil our legal obligations pursuant to Art. 6 (1) c) GDPR.
e) processing of data for Administration, financial accounting, office organization, contact management
We may also process your personal information in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving Art. 6 (1) c) GDPR. In this regard, we process the same data that we process in the course of providing our contractual services Art. 6 (1) b) GDPR.
f) processing of data for payments and payouts
If you make a purchase your payment will be processed via the payment service provider Stripe Inc. of 510 Townsend Street, San Francisco, California, 94103, United States to which you pass on your payment details during the checkout, for payment and payout processing. The legal basis for the processing of your personal information is Art. 6 (1) b) GDPR.
g) processing of data for analysis of the website
h) processing of data for system notifications
By using our services, you are giving your consent to receiving system notifications per email. Those typically include administrative information about your account or profile activity. The system notifications are designed to serve as reminders or helpful tips enhancing your experience on our website. The legal basis for such notifications are Art. 6 (1) b) GDPR to provide you with our services and Art. 6 (1) a) GDPR your consent.
i) processing of data for reviews
In the context of the review function on this website, in addition to your comment, information on the time of the creation of the comment and the comment name you have chosen will be stored and published on the website. Furthermore, your IP address will be logged and stored. This storage of the IP address is for security reasons and in case the person concerned infringes the rights of third parties by posting a comment or posts illegal content. We need your e-mail address to contact you if a third-party objects to your published content as being illegal. The legal basis for data processing is your consent Art. 6 (1) a) GDPR. To revoke your consent simply contact us using email@example.com. The legal basis for storing your data is Art. 6 para. 1 lit. b) and f) GDPR. We reserve the right to delete comments if they are objected to by third parties as unlawful.
j) processing of data for our newsletter
On our website, you can subscribe to our newsletter. In principle, our newsletter can only be received by the data subject if he or she registers for the newsletter mailing. For legal reasons, a confirmation email is sent to the email address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.
The personal information collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances. The processing of your e-mail address is thus based exclusively on your consent. You can revoke this consent at any time. To revoke your consent simply contact us using firstname.lastname@example.org.
The provider is SendGrid operated by Twilio Inc., a Delaware corporation, with a place of business at 101 Spear Street, 1st Floor, San Francisco, California, 94105. SendGrid is a service with which, among other things, the sending of newsletters can be organized and analyzed. When you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on SendGrid's servers.
k) processing of data for comments and contributions in our blog and posts
When you leave comments in our blog or posts, your IP addresses is stored for 7 days on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts. In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Within the blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. It’s your choice whether to include sensitive information on your comment and to make that sensitive information public. Please do not post or add personal information to your comment that you would not want to be available. The legal basis for the storage is our legitimate interest Art. 6 (1) f) GDPR.
We also use Google`s reCAPTCHA from Google Inc of 1600 Amphitheatre Parkway Mountain View, CA 94043, US to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website.
n) Convenience log in and sign up
The Third-party Connect features Google and Facebook Connect is offered as an option to register with us. When registering via connect functions of Google or Facebook, you agree to the respective terms and conditions of Google or Facebook and also consent to certain data from your respective profile of being transferred to us.
To provide our website, we use the services of DigitalOcean, LLC of 101 Avenue of the Americas 10th Floor New York, NY 10013, USA who process the above-mentioned data and all data to be processed in connection with the operation of this website on our behalf. The legal basis for the data processing is our legitimate interest in providing our web site in accordance with Art. 6 (1) f) GDPR.
Transfer of your data to order processors and third parties
In order to process your data, we use special external service providers such as the credit institution entrusted with payment processing, online marketing providers, providers of marketing solutions, providers of web analysis tools and IT service providers. These are carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
Duration of storage
We store your personal information for as long as necessary to achieve the respective storage purpose. Afterwards, your data will be deleted by us, unless we are obliged to store it for a longer period of time according to Art. 6 para. 1 lit. c GDPR due to tax, commercial or other legal storage or documentation obligations, or you have agreed to a storage beyond this period according to Art. 6 para. 1 lit. a GDPR.
You are entitled at any moment to enforce the rights available to you, as a Florida Resident or Citizen, you may have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
-the categories and specific pieces of personal information we have collected about you;
-the categories of sources from which we collected the personal information;
-the business or commercial purpose for which we have collected or sold the personal information;
-the categories of third parties with whom we have shared the personal information; and
-the categories of personal information about you that we have sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.
You also may have the right to request that we provide you with (1) a list of certain categories of personal information we have disclosed to third parties for direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties. In addition, you have the right to request that we delete the personal information we have collected from you.
The following rights arise from the GDPR for you as a Citizen of the European Union:
-Pursuant to Art. 15 GDPR, you may request information about your personal information processed by me. In particular, you can request information about the processing purposes, the categories of personal information, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by me, about a transfer to third countries or to international organizations, and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
-Pursuant to Art. 16 GDPR, you can immediately request the correction of inaccurate or the completion of your personal information stored by me.
-Pursuant to Art. 17 GDPR, you may request the erasure of your personal information stored by me, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise, or defense of legal claims.
-Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal information if you dispute the accuracy of the data, the processing is unlawful, we no longer need the data, and you object to their erasure because you need them for the assertion, exercise or defense of legal claims. You also have the right under Article 18 of the GDPR if you have objected to the processing in accordance with Article 21 of the GDPR.
-Pursuant to Art. 20 GDPR, you may request to receive your personal information that you have provided to me in a structured, commonly used and machine-readable format or you may request that it be transferred to another controller.
-Pursuant to Art. 7 (3) GDPR, you may revoke your consent once given to me at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
-In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work for this purpose.
-Right of objection. When your personal information is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal information pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right of objection, which is implemented by me without specifying a particular situation.
If you wish to access such personal information or exercise any of the rights listed above, you should apply in writing, providing evidence of your identity to us using email@example.com.
Any communication from us in relation to your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.
We use technical and organizational security measures to ensure that your personal information is protected against loss, incorrect modification, misuse or unauthorized access by third parties. The security measures are constantly adapted to the improved technical possibilities. All data exchanged between your computer and us over the Internet is encrypted with 256-bit. The encryption is done with SSL technology. This is a technology that encrypts all of your personal information, including your credit card information and other payment information, in such a way that this data cannot be viewed by any unauthorized third party while the data is being transmitted over the Internet. You can recognize the transmission of encrypted data by the display in your browser. Your browser indicates the security of the website by an icon in the form of a padlock or a key in the status bar at the bottom of the window. In addition, a green bar will be displayed in your browser bar to show you that you are connected to our server and can be sure that your data will not end up on a phishing server. If your browser is configured appropriately, you will receive a warning message the first time you access the website. This simply informs you that your data will be protected by the website.
Disclosure of data
In general, and unless otherwise mentioned in this policy, we will not share your data. However, if we do so we will only pass on your personal information to third parties if:
-you have given your express consent to this in accordance with Art. 6 (1) a) GDPR,
-this is legally permissible and necessary for the fulfilment of a contractual relationship with you according to Art. 6 (1) b) GDPR,
-if there is a legal obligation for the disclosure according to Art. 6 (1) c) GDPR,
-the disclosure is necessary in accordance with Art. 6 (1) f) GDPR for the protection of legitimate business interests and for the assertion, exercise or defense of legal claims and -there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
-If we commission third parties with the processing of personal information, this is done on the basis of a contract processing agreement in accordance with Art. 28 of the GDPR.
Our web site contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from our web site directly to the web site of the other provider. You will recognize this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party web sites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal information by these companies directly on these web sites.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal information.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please do so within your user account or by contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Personal information and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Your contact for data protection
If you have any questions regarding the collection, processing, or use of your personal information, or if you wish to request information, correct, block or delete data, or revoke any consent you have given, please contact us using firstname.lastname@example.org.