Privacy Policy – Datenschutzerklärung
Your privacy, and ours, is vulnerable and open to attack. While you are on Thweis.com we do everything possible to protect it!
Privacy Policy
Contents
The global privacy landscape
Currently (2021), the global privacy regulation landscape can be defined as in flux. Regulations are constantly changing and adapting to trends, international best practice, and even regulatory rulings as in the case of data flow from the European Union to the United States of America.
Here is a list (this list is not intended to be exhaustive) of countries with international privacy laws for data protection currently in action or under development:
European Union: General Data Protection Regulation (GDPR)
United States of America: California Consumer Privacy Act (CCPA). A list of the status of federal US privacy laws can be accessed here: https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
Brazil: General Data Protection Law
South Africa: Protection of Personal Information Act (POPIA)
Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
India: Personal Data Protection Bill 2019 (PDP Bill 2019)
United Kingdom: Data Protection Act 2018 (based on GDPR)
We are a small Germany based business with two employees and a potentially international customer base for our products and services. We try hard to tailor this Privacy Policy so that it complies with the Privacy Laws of the countries where we expect to serve the most customers.
According to https://gdpr.eu/: “The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world”.
We do make sure to comply fully with the GDPR.
While we comply fully with the GDPR there might still be laws in other countries which could apply to you. We try hard to comply with the various privacy laws relevant for our international visitors and members but we still can’t guarantee that we can keep up them all. Our Privacy Policy should make clear that we are very serious about your privacy. We don’t just comply but tried hard to follow the lead of the GDPR by stripping thweis.com from all the “privacy harming bloat and junk”. However if you are still not happy with how we handle your privacy then please just contact us. We are happy to cooperate.
General information about how we comply with the GDPR
Effective date: 01.01.2022
Thweis UG (Haftungsbeschränkt) is located at: Zum Lappentascher Hof 36C 66424 Homburg Saarland Deutschland
For the purposes of General Data Protection Regulation (GDPR), the “Data Controller” is Thweis UG (Haftungsbeschränkt).
It is Thweis’s policy to respect our visitors’ (the “user” “you”, “your”), mailing list subscribers’ ( the “recipient”) and paying customers’ (the “member”; logged-in user”; “you”, “your”) privacy with utmost respect and importance regarding any information we may collect while operating our website. This Privacy Policy applies to https://thweis.com (hereinafter, “this Website”, “our Website”, “us”, “we”, “Thweis”, “Thweis UG (haftungsbeschränkt) or “Thweis.com”).
We respect your privacy and won’t store or process any individual personal information of you as an data subject without prior consent given based on a legal basis and are committed to protecting personally identifiable information you may provide us through this Website.
We have adopted this privacy policy (“Privacy Policy”) to explain what information may be collected on our Website, how we use this information, and under what circumstances we may disclose the information to third parties. This Privacy Policy applies to information we collect through this Website and our mailing list and does not apply to collection of information from other sources.
This Privacy Policy, together with the Terms of Service and the Legal Disclaimer posted on our Website, set forth the general rules and policies governing your use of our Website.
Depending on your activities when visiting our Website, you may be required to agree or consent to additional terms and conditions.
Note: The General Data Protection Regulation (GDPR) represents the international and thus English expression for the German “Datenschutz Grundverordnung DSGVO” 2018.
How about the California Consumer Privacy Act (CCPA)?
While our main focus is to comply with the strict GDPR privacy law we also make sure that we do not violate The California Consumer Privacy Act (CCPA) despite the fact that it does not apply to us as a small business which does not sell or rent any personal data and does not store and process personal data of at least fifty thousand Californians per year.
The main differences between GDPR and CCPA are as follows:
GDPR: The GDPR protects data subjects, defined as “an identified or identifiable natural person” which can be any person and not only EU residents or citizens. GDPR requires prior consent based on a legal basis before storing and processing of individual personal information which can include sensitive personal data.
CCPA: The CCPA gives certain rights to consumers, defined as “a natural person who is a California resident” which excludes any individials who are not citizen or residents of the State of California. CCPA is about having the option to opt-out of any storage and processing of personal data which is not specific to an individual but includes household data.
In accordance with the CCPA we explicitiy do not sell or rent any of your personal data (household data) to anyone, including third-parties.
Please refer to this PDF document for a more detailed comparison of the GDPR and CCPA: https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf
Essential legal basis in the context of GDPR
We process personal data on the basis of the General Data Protection Regulation (GDPR). The following list gives you an overview of the essential privacy related legal basis of the affected and responsible person. Please note that in addition to the GDPR, national data protection regulations may apply for your country. If more specific legal rights are relevant in individual cases, you will be informed about those in the privacy policy.
Consent (Art. 6 Abs. 1 S.1 lit. a. GDPR) The person affected has given his/her consent to the processing of their personal data for a specific purpose.
Fulfillement of the contract and pre-contractual requests (Art. 6 Abs. 1 S. 1 lit. b. GDPR) The processing is necessary for the fulfillment of a contract or for the execution of pre-contractual measures taken at the request of the affected person.
Legal Obligation (Art. 6 Abs. 1 S. 1 lit. c. GDPR) The processing is necessary for compliance with a legal obligation to which the person responsible is liable.
Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f. GDPR) The processing is necessary for the protection of the legitimate interests of the affected person or a third party unless fundamental rights and the right to freedom, which require the protection of personal data, prevail.
In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. Furthermore, specific data protection laws of the individual german federal states may apply as well.
Your privacy at a glance
We here at Thweis don’t make your privacy vulnerable by collecting, storing and processing unnecessary personally-identifying information.
Thweis is built for stock trading education, not ads. Therefore we are ad-free and tracking-free.
We don’t set any tracking cookies or similar technologies for visitors and therefore do not need to get consent before granting access to the Website.
Therefore Thweis.com does not need to have a cookie banner!
We do have to set a couple strictly necessary technical session cookies to fulfill the contract and pre-contractual requests (Art. 6 Abs. 1 S. 1 lit. b. GDPR) for members and during the registration process but that’s about it.
If you are a visitor just browsing our Website, you won’t experience any cookies or similar technologies at all.
We do have to share some of the data for logged-in users with the usual third parties and contractors, such as our website hosting provider and our content management system provider. We also have to employ an e-mail bulk sending service to provide logged-in users with real time stock related e-mail alerts but do not share any of your personally identifiable information with them. This type of technically necessary data sharing is needed to run the website and is based on an legimate interests (Art. 6 Abs. 1 S. 1 lit. f. GDPR) of us and the aforementioned third parties.
Should you decide to sign-in to our free e-mail marketing list (independent from registering on thweis.com) you are required to Consent (Art. 6 Abs. 1 S.1 lit. a. GDPR ) to the transfer of your data to cloud servers in the USA and to be the recipient of marketing e-mails from us. You will be noticed and can easly prevent that from happening by refusing to sign-in, e.g., by leaving our mailchimp hosted landing page. This mailing list is not integrated into thweis.com but can be reached via a hyperlink in this Website’s footer.
We make it easy for members to exert their “right to be forgotten” (in accordance with GDPR). Members can request us to hand over of all personal data stored on thweis.com. Moreover members can request a deletion of their member account and all stored data expect for invoices. According to German fiscal and commercial law ( Abgabenordnung AO and “Handelsgesetztbuch HGB) we have a obligation to preserve relevant records (e.g., invoices for paying customers) for 10 years.
The type of information we collect!
Non-personally-identifying browser log data:
Like most website operators, Thweis collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type and its plugins, as well as your time zone, operating system, language preference, referring siteand the date and time of each visitor request. Thweis’s purpose in collecting non-personally identifying information is to better understand how Thweis’s visitors use its website. From time to time, Thweis may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
Personally-Identifying Information:
Certain visitors to Thweis’s websites choose to interact with Thweis in ways that require Thweis to gather personally-identifying information. The amount and type of information that Thweis gathers depends on the nature of the interaction as follows:
Thweis collects potentially personally-identifying information like Internet Protocol (IP) and e-mail addresses for logged-in users. We ask visitors who want to become members (by purchasing a paid member subscription at Thweis.com) to also provide strictly necessary billing information such as their adress needed for the payment processing with PayPal Standard. We store this data so that members can log into the member area and to provide them with invoices.
We don’t collect potentially personally-identifying information like Internet Protocol (IP) addresses for users leaving comments on Thweis.com.
When you contact us via e-mail or via a contact form on this website you provide us with your e-mail adress. This e-mail adress is only used to reply back to you and is then forgotten.
We use a third party mailing list service to collect information (mandatory: e-mail address optional: Username and stock trading preferences) for marketing purposes whenever a visitor of thweis.com is directed to the dedicated landing page and signs in to our mailing list there. You have to actively consent to the fact that this data might be transferred to cloud servers in the USA.
We also work closely with third parties (e.g: contractors, payment services, search information providers) and may receive information about you from them. You can learn more about those third parties further down in this Privacy Policy.
What we do with this information!
We will use this information as necessary to carry out our obligations, arising from any contracts between you and us, for which we have been given permission. This information may also be used as required or permitted for legal compliance or other lawful purposes, as well as to provide you with the products and services you request from us and notify you about any changes in that regard.
Your information is primarily used to:
- Inform you about important news regarding the products or services you purchased (if you are a member).
- Fullfill our contract by granting you access to the internal member area with invoices (if you are a member).
- Improve internal operations, such as troubleshooting, data analysis, testing, research, and for statistical and survey purposes;
- Improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- Allow you to participate in interactive features of our services, when you choose to do so;
- Maintain our websites security;
- Offer suggestions and recommendations to you and other users regarding our products or services that may be of interest.
We may combine these details with information we have already collected from you as well as what you have already provided. If you send us a request (for example via a direct email to contact(at)thweis.com, via our contact form in the Websites footer or via the “ask us” functionality of the Q&A section), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.
Our advertising policy
This website is built for stock trading advice, not ads.
- We don’t promote products and services. We mention products and services when they are relevant, but we do not promote them. The content on this website must be honest and neutral. We will mostly mention products and services which we use in our own trading process.
- We don’t let advertisers influence the content. We don’t accept guest posts. We don’t let advertisers review our content. We don’t follow branding guidelines.
- We don’t use affiliate or referral links
- We don’t run any ads
General website and data security
All reasonably necessary steps will be taken to ensure that your information is treated securely and in accordance with this Privacy Policy.
We seek to ensure that we keep your personal data accurate and up to date however, you are responsible for informing us of any changes to your personal data and other information (such as a change in contact details).
While we take these steps to maintain the security of your information, you should be aware of the many information security risks that exist and take appropriate care to help safeguard your information.
The nature of the Internet is such that we cannot guarantee the security of the information you transmit to us electronically, and any transmission is done at your own risk.
While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We do use WordPress and various WordPress plugins as the Content Management System (CMS) for this website. We keep up with the latest CMS security updates via an automated security update function.
Furthermore, we have established procedures to ensure deletion of stored member data upon request (“right to be forgotten” according to GDPR ).
For the registration on thweis.com we employ a secure so-called “double opt-in” process. We require members-to-be to choose passwords in accordance with our password strength guidelines. We do not enforce a so-called “two factor authentification” during the log-in process as this could prevent members to receive real time signals in time. This is especially true because we do not provide users with a “so-called” remember me function for the log-in process as this would require a perisistent cookie to be set.
To protect your transmitted data, we enforce SSL encryption on thweis.com and all sub-domains noticeable by the https:// prefix in your browser.
We also have many security server headers active to reduce the success chance of potential cyber attacks.
We use external payment service providers based on our and your Legitimate Interests to provide our members with effective and secure payment options (Art. 6 Abs. 1 lit. b. GDPR). Our external payment service providers use secure SSL encryption during the payment process as well.
Protection and disclosure of Personally-Identifying Information
Thweis discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Thweis’s behalf or to provide services available at Thweis’s website, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Thweis’s website, you consent to the transfer of such information to them. Thweis will not hand-over or share potentially personally-identifying and personally-identifying information to anyone other than to its employees, contractors and affiliated organizations. We will never rent or sell potentially personally-identifying and personally-identifying information to anyone!
Thweis discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Thweis believes in good faith that disclosure is reasonably necessary to protect the property or rights of Thweis, third parties or the public at large.
If you are a member of thweis.com and have supplied your email address, Thweis may occasionally send you an email to tell you about new features, major updates to our legal documents, solicit your feedback, or just keep you up to date with what’s going on with Thweis and our products. We primarily use our member blog (accessible in the member area of thweis.com or how we call it, “the dojo”) to communicate this type of information, so we expect to keep this type of e-mails to a minimum.
Thweis takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
How you can exert your “right to be forgotten” on Thweis.com
Thweis only stores personally-identifying information about members or former members. Here is how you can view and/or delete your stored personal data on thweis.com:
- Members can request access to their personal data stored on thweis.com via e-mail: privacy(at)thweis.com If you do so we will send you a zipped file with all your data.
- Members can request a deletion of their thweis.com account and all personal data stored via e-mail: privacy(at)thweis.com
- Members who are logged-in can delete their account and all stored data via a button in the member area of the dojo: https://thweis.com/member-account/
- Mailing List subscribers can unsubscribe from our mailing list and furthermore request a deletion of their stored data via e-mail: privacy(at)thweis.com
When a subscription membership plan expires, your registered user account and stored data will not be automatically deleted! In that case you can still log into the secure member area. If you want your account and stored data to be deleted you have to reach out and request a deletion or delete it yourself according to option 3 above.
Exception: According to German fiscal and commercial law (Abgabenordnung AO and Handelsgesetztbuch HGB) we have the legal obgliation to preserve relevant records for 10 years. This law applies to your invoices which contain personally-identifying information such as your contact details and address. We will disclose this information only in response to a subpoena, court order or other governmental request.
Links to external sites
This website (including this Privacy Policy) may contain links to external sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy and Terms and Services of every site you visit.
We have no control over, and assume no responsibility for the content, integrity and accuracy of information, privacy policies or practices of any third party sites, products or services. Our website doesn’t contain any pornographic, violent, graphic, casino and gambling links that we know off. However we do have a comments functionality for logged-in users and can’t guarantee that we will be able to delete any potentially harmful links in time before they are clicked by you.
Aggregated statistics
Thweis may collect statistics about the behaviour of visitors and members to its website. Thweis may display this information publicly or provide it to others. However, Thweis does not disclose your personally-identifying information.
Our use of online graphics, pictures and artwork
We do use graphics, pictures and artwork (hereafter “item”, “items”) from various online sources on our Website. However we make sure to only use items which are free for commercial use and don’t require a reference or attribution to the respective creator. For that reason we would only use items who run under the Creative Commons Zero (CC0) or similar licenses which allow you to copy, modify, distribute and use the items, even for commercial purposes and where attribution is not required.
Currently we do not have items licensed under Creative Commons Zero in use on this website!
Our individual sources:
Website: https://unsplash.com/ License: https://unsplash.com/license
Website: https://realisticshots.com License: https://realisticshots.com/terms
Website: https://pixabay.com/ License: https://pixabay.com/service/terms/
Third party service providers
E-Commerce
Those who engage in transactions with Thweis – by purchasing Thweis’s services or products, are asked to provide additional information, including as necessary the personal and financial billing information required to process those transactions. In each case, Thweis collects such information only insofar as it is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Thweis. Visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
Third party Payment-Service-Provider (PSP)
In the context of the Fulfillment of the contract and pre-contractual requests we use the payment service providers on the basis of Art. 6 Abs. 1 S. 1 lit. b. DSGVO
If you make a payment to us, we will ask for payment/billing information and other information needed for the orderly processing of your payment.
We use third partypayment service providers, currently PayPal and Stripe to assist in securely processing your payment and payment information.
Depending on how you pay, the payment information you provide through the Services may be encrypted and transmitted directly to the payment provider. We have no control over the payment providers and are not responsible for their collection or use of your information. You can learn more about how the payment provider stores and uses your payment information by accessing the payment provider’s privacy policy. We also store some of the information you provided during the purchase process of our subscription service in our content management system. We use this information only to provide you with your invoices on Thweis.com. This information is explicitly not shared with third parties (other than the payment providers mentioned here) and is not used for marketing purposes.
By law, Strong Customer Authentication (e.g. so-called “two-factor authentication”) is not required for direct debits, invoices, prepayments, recurring payments and small value payments (up to EUR 30). We nevertheless ensure that all our external payment service providers (Stripe and Paypal) employ Strong Customer Authentication (“SCA”) and thus comply with the Payment Services Directive (PSD2).
Our third party Payment-Service-Provider PayPal:
If you choose to use PayPal to make a purchase through our website, you will be redirected to the PayPal website during the checkout process, where you must first log in to your PayPal account in a PSD2 compliant manner using your chosen SCA method. Your payment information will then be passed directly to PayPal. The information you provide on the PayPal website is subject to PayPal’s privacy policy.
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Website: https://www.paypal.com/
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Our third party Payment-Service-Provider Stripe:
If you choose to pay by credit card (Stripe) to make a purchase through our website, a connection to Stripe’s servers is established during the checkout process and information to verify your credit card information is displayed in a pop-up window. Your payment/billing information will be shared with Stripe during this process and their privacy policy will apply. Credit card payment on Thweis.com via Stripe uses the SCA technologies 3D Secure and 3D Secure 2 and is therefore PSD2 compliant!
Stripe, Inc. 354 Oyster Point Boulevard South San Francisco, California, 94080, USA
Website: https://stripe.com/de
Privacy Policy: https://stripe.com/en-de/privacy
Website Infrastructure
In the context of the Fulfillment of the contract and pre-contractual requests we use a website hosting service, Content Delivery Network, Content Management System and bulk e-mail sender on the basis of Art. 6 Abs. 1 S. 1 lit. b. DSGVO
Web Hosting and Content Delivery Network (CDN):
We use a third party hosting service (contractor), currently WPX to provide the following services on thweis.com: Infrastructure and platform services, computing capacity, storage space and database services, security services, technical maintenance services and content delivery, which we use for the purpose of operating this website and it’s content management system. WPX also comes with it’s own Content Delivery Network based on the Litespeed web server technology.
Our hosting and CDN provider:
K Media Tech (owner of WPX.net) BG 202249002 #13, 20th April Street, Sofia 1000, Bulgaria
Website: https://wpx.net/
Privacy Policy: https://wpx.net/page/privacy-policy/
Server log data
Log data is the information recorded via the web servers of our hosting provider WPX about when, how, and which visitors are using our website. WPX’s Litespeed Web servers collect the following information about each visitor:
- IP address and device identifier: This is the unique identifying address broadcasted by the browser or device by which each user is accessing your online platform.
- Browser type: Information about the browser you used to access this website
- Server request date: The date and time when the request was made
- Error types: Information regarding any errors or functionality problems experienced by the user. When a website visitor triggers an error the IP address will be recorded.
Once the log data has been collected, it will be organized so that the web server knows how to use the information. Log data is organized according to its potential usefulness in categorical logs such as error logs and access logs.
How this log data is used?
Our hosting service provider WPX only records this information.
How is this data shared?
Our hosting service provider WPX only shares this information with us on request. If we request this information we will not use it for marketing nor do we rent or sell it to any third party. We would disclose this type of information only in response to a subpoena, court order or other governmental request, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Thweis, third parties or the public at large.
Content Management System (CMS):
We use WordPress (also referred to as “WP”) as our Content Management System. WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes. We use GeneratePress as our main theme which is highly rated, well known and well coded. We also use various plugins for wordpress which add specific features to our website.
Our CMS provider:
Aut O’Mattic A8C Ireland Ltd. (Owner of wordpress.com), Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
Website: https://wordpress.com/de/
Privacy Policy: https://automattic.com/de/privacy/
Bulk E-mail sending:
We use Google Workspace (Gmail) as our bulk e-mail sender and integrated their service into our WordPress CSM via a WP SMTP relay service plugin. Besides the common transactional e-mails we also provide paying members of our trading service with real time alerts. It is crucial for the service that paying members get to see those alerts as quick as possible. In order to ensure that our paying members see the additonal information provided in the real time alerts in time, we will send identical direct alert e-mails to all members (mass sending) to inform them that a new stock idea is published. For this to work we need the service of an e-mail bulk sending service. Alert e-mails and the normal transactional e-mails do not contain any marketing!
Our bulk e-mail sending provider:
Google 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (650) 253-0000
Website: https://workspace.google.com/
Privacy Policy: https://policies.google.com/privacy?hl=en-US
E-mail marketing service
We have a mailing list (hereafter called “newsletter”) for marketing purpose and send infrequent e-mails only with the consent of the recipients via a marketing permission. The content of the mails is specifically described in the context of the registration and is decisive for the consent of therecipient. Otherwise, our newsletter contains information about us and our services.
To subscribe to our mailing list, it is sufficient to provide your e-mail address. However, you have the option to provide us with additional information such as a username (mostly for individualising the e-mails to avoid that the e-mails are marked as spam) or your stock trading preferences. Our Thweis mailing list is not integrated in the site anymore and can be accessed ONLY via the button in the footer of our website. When clicked the user is leaving thweis.com and being directed to a dedicated landing page hosted by mailchimp. The respective privacy consent and US data processing warning is displayed on that page. The data (e-mail addresses and preferences) is only used to send non-recurring information to subscribers of that list, no data from that mailing list is transferred over to thweis.com at all.
The Thweis mailing list data is strictly separated from the registered user base of Thweis.com
You can unsubscribe from our mailing list at any time via the “unsubscribe” link in the footer of our e-mails or at the bottom our dedicated mailing list landing page (https://mailchi.mp/f738fce6e61c/thweissxfx) in the footer of thweis.com. You can also contact us directly via e-mail or our contact form and request us to unsubscribe you.
Deletion and data processing restrictions:
We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to prove consent formerly given. The processing of this data will be limited to the purpose of a possible defence against legal claims. An individual request for deletion is possible via e-mail to privacy(at)thweis.com at any time. E-mails to mailing list subscribers are send on the basis of the recipients’ consent given during the registration process.
Double opt-in process:
The registration for our newsletter is always done in a so-called double opt-in process. For our mailing list subscription process we use the so-called double opt-in process. You will receive an e-mail to confirm your registration. This confirmation e-mail does not contain any marketing information. Subscriptions to the mailing list are logged for future reference. This includes the storage of the registration and confirmation time as well as the IP address.
What data is stored and how can you unsubscribe:
For direct marketing purposes to our e-mail recipients we (or the third party e-mail marketing service provider used by us) process contact and optional additional information such as e-mail address, username and trading preferences; usage data such as content preferences as well as communication data such as device-information and IP addresses. You can unsubscribe from our mailing list at any time via the “unsubscribe” link in the footer of our e-mails or our dedicated mailing list subscription page in the footer of thweis.com. You can also contact us directly via e-mail or our contact form and request us to unsubscribe you.
Opening and click-rates:
The mails to our mailing list subscribers contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from the server of our mailing list service provider. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the mails are opened and when they are opened.
Our mailing list service provider:
Mailchimp – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA;
Website: https://mailchimp.com
Privacy Policy: https://mailchimp.com/legal/privacy/
Data processing outside of the EU: https://mailchimp.com/legal/data-processing-addendum/
Additional Information: https://mailchimp.com/help/Mailchimp-european-data-transfers/
Our mailing list provider Mailchimp processes personal data in the USA. By consenting to the use of the services, you also consent to the processing of your data in the USA in accordance with Art. 6 Abs. 1 S.1 lit. a. GDPR . The USA is considered by the ECJ to be a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes, perhaps without the possibility of a legal recourse.
Social media channels
Data processing via social networks:
We maintain publicly accessible profiles in various social networks. The individual social networks we use are listed below.
Social networks such as Facebook, Instagram, etc. generally have the ability to comprehensively analyze your user behavior when you visit their websites or sites with integrated social media content (e.g. like buttons or banner advertisements). Visiting our social media presences will trigger a number of processes which are relevant to data privacy.
In detail: When you log in to your social media account and visit us on this social media platform, the operator of this social media portal has the ability to associate this visit with your user account. However your personal data can also under certain circumstances be detected even if you are not logged in or do not possess an account with the social media portal in question. In such cases these data can be acquired for example via cookies which are stored on your terminal device, or by acquiring your IP address.
With the aid of data acquired in this way, the social media portal operator can create user profiles in which your preferences and interests are stored. In this way, advertising tailored to your interests can be displayed to you both within and outside of the respective social media presence. If you have an account with the social network in question, advertisements tailored to your interests can be displayed on all devices to which you are or have been logged in.
Please also note that we are unable to replicate all data processing activities on social media portals. Dependent on the provider, it may be that other processes are performed by social media portal operators. For details please refer to the terms of use and data privacy policies of the respective social media portals.
Legal basis:
Our social media appearances are intended to guarantee an Internet presence which is as comprehensive as possible. This constitutes a Legitimate interests in the context of Art. 6 Abs. 1 S. 1 lit. f. GDPR. The analytical processes initiated by the social networks may have deviating bases in law which must be specified by the social network operators (e.g. Consent in the context of Art. 6 Abs. 1 S.1 lit. a. GDPR).
Controllers and the assertion of rights:
When you visit one of our social media appearances (e.g. Twitter), we are jointly responsible as data controllers in the context of GDPR together with the operator of the social media platform for the data processing activities triggered by your visit. You may assert your rights (to information, rectification, erasure, restricted processing, data portability and objection) both against us and against the operator of the social media portal (e.g. against Twitter).
Please note that despite sharing joint responsibility with the social media portal operator, we as a small German company with two employees have no comprehensive influence over the data processing activities conducted by social media “giants” such as Twitter and co. The opportunities open to us are essentially dependent on the corporate policy of the respective social media provider.
Period of storage:
Data acquired directly by us via our social media presence are erased from our systems as soon as the purpose for which they are stored ceases to apply, or when you request us to erase them. Cookies will remain stored on your terminal device until you delete them. Mandatory legal requirements – in particular specified storage periods – remain unaffected.
We have no influence over the duration for which data held by social network operators are stored for their own purposes. For details please refer directly to the social network operators (for example, you may consult their privacy policies, see below).
Our individual social media channel on Twitter.com
We have a public Twitter account with the purpose of providing educational stock market related information and entertainment. We also use that account to share the free stock market related information we provide on thweis.com (free educational trading blog, question and answers and so on). We do not promote our paid membership service(s) in an aggressive manner on Twitter but we do let followers know that they exisit. It can be assumed that most (if not all) Thweis members also follow us on twitter. Therefore we do use this our Twitter feed to inform paying members when a new stock idea is published on thweis.com. Those alert tweets are intended to be purely informative and do not contain direct marketing. However such tweets can have an promotive effect for the paid products and services we provide on thweis.com
Social media service: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Website: https://twitter.com/
Thweis Twitter Account: https://twitter.com/thweissxfx
Privacy Policy: https://twitter.com/de/privacy
You may adjust your Twitter data privacy settings independently via your Twitter user account. To do so, click on this link and log in:
https://twitter.com/personalization
Browser cookies and similar technologies
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Thweis uses cookies to make sure that members-to-be can register and buy subscription plans; that members can log into our website and that real time content is served to them.
We do not use cookies or similar technologies for regular visitors!
To allow registered users to log-in to our system, Thweis uses only strictly necessary technical “Cookies”, similar technologies and services provided by WordPress so that you can log-in to our website after registration in order to use the service you purchased.
We only use strictly necessary technical cookies but no persistent cookies for logged-in users.
Data processing of the strictly technical cookies below does not require any consent from your side as you would not be able to log-in to your registered account and therefore would not be able to have access to the product or service you explicitly bought via our website.
Thweis visitors who do not wish to have any cookies placed on their computers should set their browsers to refuse cookies before using Thweis’s websites, with the drawback that certain features for logged-in users of Thweis’s websites may not function properly without the aid of some cookies. We do set a technical session cookie which does not contain any personal data just to check if your browser allows cookies. If not you can’t use our trading services as you won’t be able to log-in to our member area.
Our use of strictly necessary cookies or similar technologies
These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. We do not use nany cookies for normal users and only strictly necessary technical session cookies for logged in users.
According to GDPR and more specifically the ePrivacy Directive (EPD) aka “the Cookie Law” “…it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user” and “Receive users’ consent before you use any cookies except strictly necessary cookies.”
Feel free to learn more about Cookies under GDPR: https://gdpr.eu/cookies/
We are happy to comply with this request by providing you the following detailed information:
Cookie | Name | Purpose | Retention Period | More information |
---|---|---|---|---|
WordPress login authentication | wordpress_logged_in _[hash] | Indicates when you’re logged in, and who you are, for most interface use | Session | https://codex.wordpress.org/WordPr ess_Cookies#WordPress_.3E_3.0 |
WordPress Browser Cookie Test | wordpress_test_cookie | Test cookie to check if the browser allows cookies. Does not contain any user identifiable information | Session | https://codex.wordpress.org/WordPr ess_Cookies#WordPress_.3E_3.0 |
WordPress loginauthentication | wordpress_sec_[hash] | This cookie is used to store your authentication details. Its use is limited to the admin console area, /wp-admin | Session | https://codex.wordpress.org/WordPr ess_Cookies#WordPress_.3E_3.0 |
Hoster CDN logged in check | wpx_logged | Indicates when you are logged in so that real time content can be served from the global CDN | Session | https://wpx.net/ |
Stripe Fraud Prevention | __stripe_sid __stripe_mid | Set only when paying by credit card. Transmits information about the system and browser to Stripe for risk assessment of the transaction. | 22 days | https://stripe.com/de/cookie-settings |
We don’t use preference (functional), statistics and marketing cookies or similar technologies
- No we really don’t use any of them (We got rid of Google Analytics; Google Fonts; Google reCaptcha; Polyfill.io; Social Share Counts; Twitter embeds; any embeds in general, logged-out comments; Cookie notice; Gravatars…)
By continuing to navigate our website, you hereby acknowledge and agree to Thweis’s use of the above necessary technical session cookies which do not need any consent from your side.
Children’s privacy
This website can easily accessible by anyone who is 13+ or above of age. The website doesn’t contain any pornographic, violent, graphic, casino and gambling links. We don’t have a “remember me” (so-called “quick login”) functionality for the log-in process to the member area of thweis.com. The lack of this feature reduces the chance of access, use, alteration or destruction of the sensitive personal data of parents and/or legal guardians by minors and children, but can’t prevent it completely.
If you’re a parent and/or legal guardian, and you think that your children or any minors have stored any sensitive information on this website in the form of e-mail & other types of data, then do let us know.
Once we are aware that a minor has stored any sensitive data or information in our system, then we’ll look into it and take further steps to remove it from our website. For the removal process, you’ve to share the e-mail address with us, so that we can retrieve data stored in our database using the same e-mail address .
While we don’t have any non-essential services on thweis.com we would nevertheless like to point out the following:
Are you under 16 years old? Then you must reject all non-essential services by law, or you can ask your parents or legal guardians to agree to these non-essential services with you.
Privacy policy changes
Although most changes are likely to be minor, Thweis may change its Privacy Policy from time to time, and in Thweis’s sole discretion.
Thweis encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.
If there is a major change,i.e., the introduction of a new third party service, we will make this public openly on the frontpage of thweis.com and send members an e-mail which requires renewed consent to this Privacy Policy in the context of Art. 6 Abs. 1 S.1 lit. a. GDPR.
Contact information
If you have any questions about this Privacy Policy, please contact us via direct e-mail to: privacy(at)thweis.com