top of page
A7407403.JPG

Privacy Policy

 

I. General Information

This Privacy Policy explains how we process personal data when you use our online presences. It applies to our website www.randombychance.de as well as to our profiles on social networks (for example, Instagram: “random_by_chance”).

Personal data means any information relating to you personally, such as your name, address, email address, IP address, or user behavior.

For the definitions of terms such as “processing,” “controller,” or “data subject,” please refer to Article 4 of the GDPR. In particular:

  • “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person (Art. 4(1) GDPR).

  • “Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction (Art. 4(2) GDPR).

  • “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).

  • “Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller (Art. 4(8) GDPR).

Because these terms—especially “processing” and “personal data”—are defined broadly, almost any use of data is covered.

II. Controller

The controller responsible for data processing is:

Random by Chance
Ksawery Kamyszek
Kaiser-Friedrich-Str. 9
53113 Bonn, Germany
+49 173 298 7113
info@randombychance.de

III. Data Protection Officer

Our Data Protection Officer is:

Ksawery Kamyszek
Kaiser-Friedrich-Str. 9
53113 Bonn, Germany
+49 173 298 7113
info@randombychance.de

IV. Data Subjects

If you visit our website—whether as an interested party, customer, supplier, service provider, or other visitor—your personal data is processed in accordance with statutory provisions and this policy. All website visitors are collectively referred to as “users.”

V. Data We Collect and Legal Basis

When you visit our site without registering or otherwise transmitting information, we process only the personal data your browser sends to our server, including:

  • IP address of the requesting computer

  • Date and time of the request

  • Name and URL of the retrieved file

  • Access status / HTTP status code

  • Amount of data transmitted

  • Referrer URL (website from which the request originated)

  • Browser used

  • Operating system

Processing this data (log files) is necessary to display the site and ensure stability and security.

If you send us additional personal data—for example via email or a contact form—we may also process:

  • Inventory data (e.g., name, address)

  • Contact data (e.g., email, phone number)

  • Content data (e.g., text entries, photos, videos)

  • Usage data (e.g., pages visited, access times)

  • Communication/metadata (e.g., device information, IP addresses)

For providing contractual services, customer care, or marketing we may additionally process:

  • Contract data (e.g., subject matter, duration, customer number)

  • Payment data (e.g., bank details, payment history)

Purposes include providing our online services, ensuring smooth connections and comfortable use, system security, responding to inquiries, performing contracts, and customer service.

Legal bases:

  • Consent – Art. 6(1)(a), Art. 7 GDPR

  • Contract performance or pre-contractual measures – Art. 6(1)(b)

  • Legal obligations – Art. 6(1)(c)

  • Vital interests – Art. 6(1)(d)

  • Legitimate interests – Art. 6(1)(f)

Data may be shared with third parties only when legally permitted, you have consented, or we have a legitimate interest (e.g., hosting providers, payment/shipping services). Processors act under Art. 28 GDPR.

VI. Recipients

We regularly cooperate with:

  • Email hosting providers

  • Web hosting providers

All external service providers are carefully selected, contractually bound to our instructions, and regularly monitored.

VII. Data Transfers Outside the EU

Transfer of personal data to third countries (outside the EU/EEA) or international organizations occurs only in specific cases, based on consent, legal obligation, contract performance, or legitimate interest, and only under the safeguards of Art. 44 ff. GDPR (e.g., adequacy decisions or EU Standard Contractual Clauses).

If we process your personal data in a third country or have it processed by third parties, this will occur only if it is necessary for the performance of our (pre-)contractual obligations, is based on your consent, a legal obligation, or our legitimate interests. Your personal data will be processed in a third country only if the special requirements of Articles 44 et seq. GDPR are met, unless statutory or contractual permissions apply in an individual case. This means, for example, that processing takes place on the basis of special safeguards, such as an officially recognized determination that the third country provides a level of data protection equivalent to that of the European Union, or in compliance with specific, recognized contractual obligations (in particular the so-called “EU Standard Contractual Clauses”).

VIII. Storage Period

Retention follows statutory storage periods (e.g., commercial law: 6 years; tax law: 10 years; German General Equal Treatment Act for rejected applicants: 6 months). Data is deleted once it is no longer required for these purposes, unless further storage is justified by contract, legitimate interest, or your consent.

IX. Your Rights

Under the GDPR you have the right to:

  • Access (Art. 15)

  • Rectification (Art. 16)

  • Erasure (Art. 17)

  • Restriction of processing (Art. 18)

  • Data portability (Art. 20)

  • Not be subject to automated decisions including profiling (Art. 22)

  • Lodge a complaint with a supervisory authority (Art. 77)

  • Object to processing based on Art. 6(1)(e) or (f), including profiling (Art. 21)

  • Withdraw consent at any time (Art. 7(3))

X. Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(1)(f) GDPR, or for the purposes of direct marketing or profiling, you have the right to object to such processing at any time. In that case we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is required for the establishment, exercise, or defense of legal claims.

This right to object applies only where there are reasons arising from your particular situation, except where your objection is directed against direct marketing. In the latter case you have a general right to object which we will implement without requiring you to state a specific situation.

To exercise your right to object, simply send us a message using the contact details provided above.

XI. Withdrawal of Consent

You can withdraw any consent you have given at any time, with future effect, by contacting us.

XII. Complaints

You may lodge a complaint with a supervisory authority. A list of German state data protection authorities is available at:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

XIII. Obligation to Provide Data

Providing certain data (e.g., name, address, email) may be legally required or necessary for (pre-)contractual measures. Without it, we may be unable to conclude a contract or respond to your inquiry. Other details are voluntary unless otherwise specified.

XIV. Automated Decision-Making

No automated decision-making, including profiling, takes place.

XV. Contact

You can contact us by post, telephone, or email (see contact details above). Data you voluntarily provide will be stored for processing your request and will not be shared with third parties.

XVI. Website Security

We implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk (Art. 32 GDPR), including confidentiality, integrity, and availability of data, privacy by design, and privacy by default. Our site uses SSL encryption (https and lock icon in your browser).

XVII. Cookies

We use cookies—small text files stored by your browser.

  • Session (transient) cookies are deleted when the browser is closed or you log out.

  • Persistent cookies remain for a set period.

We currently use only cookies necessary for providing our services (e.g., login status). Legal basis: Art. 6(1)(f) GDPR. Where non-essential cookies are used, we obtain your consent (Art. 6(1)(a)).

You can delete cookies anytime or refuse third-party cookies in your browser settings, though some features may not work.

XVIII. Social Media Profiles

We maintain the following social media profile to interact with users and inform them about our services:


https://www.instagram.com/random_by_chance

When visiting that platform, its own terms and privacy policies apply. We process user data there only when users communicate with us (e.g., by posting or sending messages).

Date of this Privacy Policy: 16 September 2025

bottom of page