Privacy Policy

I. General Information

Here we inform you about the processing of personal data when using our online services. This privacy policy applies to our website apps.kajomat.eu/screensaver.

Personal data is all data that references you personally, e.g., name, address, email, IP address, or user behavior.

Regarding the terms used, such as "processing," "controller," or "data subject," reference is made to the definitions in Art. 4 GDPR.

II. Who is the Responsible Body?

We are responsible for the processing of your data:

Kajetan Jozefowski
c/o Online-Impressum.de #6169
Europaring 90
53757 Sankt Augustin
Germany
E-Mail: info@kajomat.eu
Mobile: +49 152 2536 0553

III. Data Protection Officer

We are not legally obliged to appoint a Data Protection Officer. For questions regarding the processing of your data, you can contact us at any time (see details above).

IV. Who is Affected by Data Processing?

When you visit our website as an interested party, customer, or visitor, your personal data is processed within the framework of legal regulations. All visitors to our website are summarized under the term "users."

V. What Data Do We Collect and Why?

1. Server Log Data

When you visit our website, only the personal data that your browser transmits to our server is processed (e.g., IP address, date/time, browser type). This is technically necessary for stability and security.

2. User Account Data

If you register for our service ("Screensaver Dashboard"), we collect and process:

Credentials: Username/Email and Password (stored in hashed, secure format).
Configuration Data: The RSS feed URLs you enter, custom text messages, and display settings.
Uploaded Content: Background images you upload are stored on our server linked to your account.

3. RSS Feed Proxy

When the screensaver displays news from the RSS feeds you configured, these requests are performed by our server on your behalf. We fetch the content and deliver it to your browser. Your IP address and potential browser fingerprint are not transmitted to the external RSS feed provider; they only see our server's IP.

4. Contact Form

If you use our contact form, we process your name, sender email, message content, and timestamp (for spam prevention/CAPTCHA verification).

Legal Basis: Art. 6 Para. 1 lit. b GDPR (Contract Performance) for account services; Art. 6 Para. 1 lit. f GDPR (Legitimate Interests) for security/logs.

VI. Recipients of Data

We do not sell your data. Recipients only include:

Web Hosting Provider: Our infrastructure provider (All-Inkl) processes data on our behalf to host the site.
Email Service: For sending system notifications or contact form messages.

VII. Data Transfer to Third Countries

We host our services in Germany/EU. We do not transfer data to third countries (non-EU) unless you configure an RSS feed from a non-EU source (in which case only our server connects to it, not you directly).

VIII. Data Retention

User account data is stored as long as your account exists. Logs are deleted regularly according to legal requirements.

IX. Your Rights

You have the right to:

Request information about your stored data (Art. 15 GDPR)
Request correction of incorrect data (Art. 16 GDPR)
Request deletion of your account and data (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Complain to a supervisory authority (Art. 77 GDPR)

X. Right to Object

If your personal data is processed on the basis of legitimate interests (Art. 6 Para. 1 lit. f GDPR), you have the right to object to the processing at any time.

XI. Withdrawal of Consent

You can delete your account or specific data (e.g., custom text) at any time via the dashboard.

XII. Supervisory Authority

You have the right to complain to a data protection authoriy. In Germany, this includes the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen.

XIII. Authenticated Features (Profiling)

We do not use automated decision-making or profiling.

XIV. Security

We use SSL/TLS encryption to protect the transmission of confidential content (login, data entry). Passwords are always stored using strong cryptographic hashing (Argon2 or Bcrypt).

XV. Cookies & Local Storage

We use technologies to store your session status:

Session Cookies (PHPSESSID): Temporary cookies to manage your active session with our server. Deleted when you close the browser.
Local Storage: We allow your browser to store your unique "User ID" locally. This enables the "Auto-Login" feature so your screensaver can start immediately without entering a password every time.
Cookie Consent: We store your preference regarding cookies locally.

We DO NOT use third-party tracking cookies (like Google Analytics or Facebook Pixel).

XVI. Social Media

We do not integrate social media plugins. Any links to social media platforms are simple hyperlinks. No data is transferred to these networks until you click on the link.