Legal
Privacy Policy
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
The Sixsters Family GmbH
Schloßstr. 91 a
44357 Dortmund, Germany
Email: [email protected]
Represented by Managing Director Ulf Th. Bellmann. Full provider details are in theLegal Notice.
2. General principles
We process personal data only where necessary to provide a functioning website and our content and services. We use no analytics, tracking or advertising serviceson this site and do not create user profiles.
3. Hosting & server log files
This website is hosted by our provider Hostkoss (vul. Chornovola 30, 59400 Zastavna, Ukraine; email: [email protected]), which processes the data required to deliver the website on our behalf. When the site is accessed, server log files are collected automatically: IP address, date and time, page requested, HTTP status, data volume, referrer, and browser/operating-system information. The legal basis is our legitimate interest in secure, stable operation (Art. 6(1)(f) GDPR). A data-processing agreement pursuant to Art. 28 GDPR is in place with the provider. As the provider is based in Ukraine (a third country without an adequacy decision), any transfer takes place on the basis of appropriate safeguards (Standard Contractual Clauses). Log data is stored only briefly and then deleted.
4. Content delivery network (Cloudflare)
For secure and fast delivery we use the CDN of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare processes visitors’ IP addresses to deliver content and defend against attacks. This may involve a transfer to the USA, safeguarded by the EU Commission’s Standard Contractual Clauses. Legal basis: Art. 6(1)(f) GDPR. More:cloudflare.com/privacypolicy.
5. Cookies
We use only strictly necessary cookies. One cookie (csrf) protects forms against cross-site request forgery; logged-in administrators additionally get a session cookie (sid). Both are httpOnly andSameSite=Strict. No marketing or analytics cookies are set, so a consent banner is not required. Legal basis: § 25(2) TDDDG and Art. 6(1)(f) GDPR.
6. Auction & bidding
When you place a bid, we process the name, email address and bid amount you provide. To prevent abuse and spam, your IP address is evaluated briefly (rate limiting). This data is used solely to run the auction and to contact the winner. Legal basis: Art. 6(1)(b) and (f) GDPR. Bids are shown publicly only in anonymised form. We delete the data once it is no longer needed and no statutory retention periods apply.
7. Contacting us
If you contact us by email, we process your details to handle the request (Art. 6(1)(b) or (f) GDPR). The data is deleted once the request has been dealt with and no retention obligations remain.
8. Embedded content (YouTube, Spotify)
Videos and music are embedded via “click-to-load”: data is transferred to the respective providers (e.g. YouTube/Google Ireland Ltd., Spotify AB) only once you actively click to load the content. No data is transferred beforehand. After clicking, the provider’s privacy policy applies. Legal basis: your consent by clicking (Art. 6(1)(a) GDPR).
9. Fonts
All fonts are hosted locally on our server. No data is transferred to third parties (such as Google Fonts) when the page loads.
10. Your rights
Under the GDPR you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection to processing based on legitimate interests (Art. 21). You may withdraw any consent at any time with effect for the future. An informal message to[email protected]is sufficient.
11. Right to lodge a complaint
You have the right to lodge a complaint with a data-protection supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement.
12. Currency
This privacy policy is currently valid. As the website develops or legal requirements change, it may need to be amended.