Skip to content

Privacy policy

The controller responsible for data processing in connection with the website railslts.com is makandra GmbH, Melli-Beese-Straße 5, 86159 Augsburg, Germany, e-mail: info@makandra.de. You can contact our data protection officer at the above address ("Attn: Data Protection Officer") or by email at datenschutz@makandra.de

1. Automatically collected data when visiting the website

We collect the data regularly transmitted automatically by your browser to our web server when you use the Internet, such as the date and time the website was accessed, your browser type and version as well as the browser settings, the name and version of your operating system, the website from which you visit our website (referrer URL), your IP address and the URL you requested. The data is stored for a period of 7 days and then automatically deleted, unless an attack or threat by the user has been detected. The legal basis for the processing of this data is our legitimate interest in accordance with Art. 6 para. 1f GDPR, which follows from the purposes listed below. We use this information to 

  • enable the website to be accessed and visited,
  • continuously improve the websites and offers and further adapt them to the needs of our users 
  • carry out internal quality controls, 
  • recognize, eliminate and prevent errors, malfunctions and possible misuse, 
  • to compile statistics on access channels and the use of the websites.

2. Contact and communication

2.1 Contact forms

You can contact us by providing personal data (e.g. name, company, e-mail address, telephone number). The personal data that you transmit to us in the process can be found in the corresponding contact form on the website. The personal data transmitted to us will only be processed for the purpose of processing your contact request. 

The legal basis for data processing is Art. 6 para. 1b GDPR, insofar as your details are required to answer your inquiry or to initiate or execute a contract, otherwise Art. 6 para. 1f GDPR your and our legitimate interest in answering your inquiry.

The data collected by us will generally be deleted by us after your inquiry has been fully processed, unless it is required for other purposes (e.g. to implement the contractual relationship if a contract is concluded). Insofar as these are business letters within the meaning of commercial or tax law, we retain the correspondence for the periods specified by law (generally six years).


2.2 Subscription to Rails LTS

You can subscribe to Rails LTS via the website. To do so, you must create a user account and enter your name, e-mail address and a password. If you choose a paid subscription, you must also provide us with your billing address and payment information for billing purposes. The personal data transmitted to makandra in this context will only be collected, stored and processed for the purpose of managing your subscription to Rails LTS and for invoicing.

After deletion of your user account and complete processing of your subscription, your data will be deleted after expiry of the retention periods under tax and commercial law. The deletion of your user account is possible at any time and can be done by sending a message to the contact option described in this privacy policy.

The legal basis for the processing of this personal data is Article 6(1b) GDPR, as the processing is necessary for the performance of a contract between makandra and the data subject or for the implementation of pre-contractual measures.


2.3 Notification of new versions of Rails LTS

By signing up for Rails LTS and opting in to receive email notifications about new versions of Rails LTS, we will use your email address to send you these notifications.You can deactivate the email notifications at any time.

The legal basis for the processing of this personal data is Article 6(1b) GDPR, as the processing is necessary for the performance of a contract between makandra and the data subject or for the implementation of pre-contractual measures.


3. Cookies, analysis and tracking

We use cookies, web beacons or similar procedures when you visit our websites or use our offers. 

Cookies are small text files that are stored on your computer or mobile device by your browser and that enable your computer or device to be recognized across different websites. The cookies do not contain any personal data. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our service providers to recognize your browser on your next visit (persistent cookies).

You can prevent the use of cookies by selecting the appropriate settings in your browser software. However, it is possible that certain areas of the websites or offers may then not function as intended. 

Web beacons are small graphic files ("pixels") that can be integrated into our website and that can be used to record user behavior. Similar procedures are e.g. HTML5 cookies or other local (browser or device) storage procedures in which - comparable to cookies - data can be stored in your browser or end device in order to recognize your browser or device on your next visit or during a session.

Service providers used by us may use cookies, in particular for web analysis (see below). This is done on the basis of your consent, provided you have given it via the cookie banner.

3.1 Legal bases

We use tools and cookies necessary for website operation (Section 3.2) on the basis of your and our legitimate interest pursuant to Art. 6 (1f) GDPR in the operation of the website and pursuant to Section 25 (2) No. 2 GDPR.

We use other tools, in particular for analysis and marketing purposes (Section 3.3), on the basis of your consent in accordance with Art. 6 (1a) GDPR and Section 25 (1) TDDDG, which is obtained via the consent management tool (cookie banner) (see below). 

Where other legal bases apply to individual tools or procedures, this is expressly stated below.

You can revoke or adjust your consent at any time by clicking on the cookie notice at the bottom left of the window.

You can find more information on the cookies used (e.g. also their storage duration) here and in the consent management tool (section 3.2.1).

3.2 Necessary tools and cookies

3.2.1 Cookie banner / consent management

For the purpose of consent management, we use a consent management tool ("CMT", the cookie banner). You can access the CMT at any time here: https://www.cookiebot.com/de/

When you visit our website, our CMT sets a cookie that can be used to store the consents given for the individual services and to control the corresponding activation or deactivation of the respective functionalities.

The CMT is used to obtain the necessary consent and to document it in accordance with our obligation to provide evidence. The legal basis for this is Art. 6 para. 1c GDPR.

The data collected is stored until you delete the cookie. 

3.2.2 Google Tag Manager

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager is used to manage tracking tools and other services, so-called website tags. The Google Tag Manager does not require the use of cookies. The legal basis is our legitimate interest in integrating and managing several tags on our website in an uncomplicated manner in accordance with Art. 6 para. 1f GDPR.

3.2.3 Necessary cookies for the use of the service

If you use our service as a customer, we use the following cookies for session management purposes and for the functionality of the contact form:

  • makandra_cms_session (session cookie: yes, storage duration: during the session, purpose: session management)
  • no_cache (session cookie: yes, storage duration: during the session, intended use: cache control of the load balancer)
  • CSRF-TOKEN type (session cookie: yes, storage duration: during the session, intended use: security mechanism against CSRF attacks).

3.3 Analysis and marketing tools

3.3.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. Google will process the information obtained for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. By analyzing which features our visitors use, how often they use them and which pages they visit, we can better understand what our visitors find useful. With this information, we can design more relevant experiences and guide business decisions. Details about the technologies used by our visitors (e.g. app, operating system or browser version) can help us to identify and solve technical problems. The data collected in this context may be transferred by Google to a server in the USA for analysis and stored there.

We have concluded an order processing contract with Google for the use of Google Analytics.

In particular, the following data is processed by Google Analytics Anonymized IP address; Referrer URL (previously visited page); Pages accessed (date, time, URL, title, duration of visit); Links to other websites clicked on; If applicable, achievement of certain goals (conversions); Technical information: Operating system; browser type, version and language; device type, brand, model and resolution; approximate location (country and, if applicable, city, based on anonymized IP address), device information (e.g. also advertising ID), location information (e.g. city). If you have consented to this and are logged into your Google account when you visit our site and have activated personalized advertising, Google may also compile anonymized statistics for us based on your account data ("Google signals").

You can find more information on this in Google's data protection information

3.3.2 Matomo

We use the open source tool "Matomo" to collect statistics on the use of the website. Matomo is hosted on our own servers. No data is passed on to third parties and all data is anonymized, in particular the user's IP address. No cookies are used. The legal basis for the use of Matomo is our legitimate interest in the creation of anonymous visitor statistics, including the evaluation of user numbers and the analysis of the use of the website, in order to improve the website, the user-friendliness of the website and the offers of makandra and to make them more interesting for the user in accordance with Art. 6 para. 1f GDPR.

4. data recipients

We host our website on our own servers in Germany.

In addition to the data recipients mentioned in section 3, we may also use other external service providers and, if necessary, make personal data available to them to fulfill their activities. 

We use technical service providers in particular to send the newsletter. Of course, we also comply with all data protection regulations and oblige our service providers to do so where necessary. The service providers may only process the personal data on our behalf and not for their own purposes and must treat the data confidentially. To this end, we have concluded data processing agreements in accordance with Art. 28 GDPR.

Insofar as we use services whose providers are partly located in third countries outside the European Economic Area or process personal data there and the EU Commission has not issued an adequacy decision for these countries in accordance with Art. 45 GDPR, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations. Where this is not possible, we base the transfer of data on your express consent.

4.1 Payment service provider

In order to process your payments for the subscription to Rails LTS, we will transmit your personal data required for payment (organization, billing address, credit card information, payment amount) to the following payment service provider:

Stripe, Inc, 185 Berry Street, Suite 550, San Francisco, CA 94107, USA.

Stripe, Inc. is certified in accordance with the EU-US Data Privacy Framework (see https://www.dataprivacyframework.gov/) and thus fulfills the legal requirements to ensure an adequate level of data protection.

5. rights of data subjects, right to lodge a complaint, right to object

In addition to the right to withdraw your consent given to us, you have the right to information in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to object in accordance with Art. 21 GDPR and the right to data portability in accordance with Art. 20 GDPR if the respective legal requirements are met.

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1f) GDPR (Art. 21 (1) GDPR). If we process your personal data for direct marketing purposes in accordance with Art. 6 (1f) GDPR, you have the right to object to this at any time without stating reasons (Art. 21 (2) GDPR).

You also have the right to lodge a complaint with the data protection supervisory authorities in accordance with Art. 77 GDPR. 

Status: 10/2024