Privacy policy
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
IMH Group Inc.
(Address TBD)
United States
Phone: (Phone TBD)
Further contact options: Legal notice on imh-group.us
2. General
We process personal data only to the extent necessary to provide a functional website and our content and services. The following information gives a simple overview of what happens to your personal data when you visit this site.
3. Hosting and server log files
When you access these pages, the hosting provider or web server typically stores information in server log files (e.g. IP address, date and time of the request, browser type, referrer URL). Processing serves to ensure security (e.g. defence against attacks) and service stability on the basis of Art. 6(1)(f) GDPR. If your hosting agreement provides for processing under Art. 28 GDPR, an appropriate agreement is in place.
4. This application and YouTube
This service may display public metadata and preview images from YouTube channels and contain links to videos on youtube.com. When preview images are displayed, your browser may technically connect to Google/YouTube servers (e.g. i.ytimg.com), which may transmit your IP address and technical metadata to Google. For more information, see Google's privacy policy: https://policies.google.com/privacy.
If you follow a link to YouTube and play a video there, YouTube/Google's data processing applies; we have no influence over it.
5. Google APIs (YouTube Data API, YouTube Analytics API)
To technically provide channel information and, where applicable, aggregated statistics, the system may use the YouTube Data API and YouTube Analytics API on the server side. This includes channel and video metadata and, after authorisation by the channel owner, aggregated analytics data. The legal basis depends on the case: Art. 6(1)(b) or (f) GDPR, or consent (Art. 6(1)(a)). Transfers to third countries (e.g. the USA) are subject to Google's standard contractual clauses and, where applicable, the EU-US Data Privacy Framework; see Google's privacy information.
6. Database (internal)
Cached data (e.g. video titles, view statistics in aggregated form) is processed in an internal database where required to operate the service. Only authorised persons within the company have access. Technical sync and admin endpoints are protected by an internal secret (token); OAuth refresh tokens may optionally be stored encrypted in the database (key in server configuration).
7. Cookies and local storage
Where this application does not set non-essential cookies, no consent under the German TTDSG is required. Technically necessary session cookies may be used for login or OAuth flows. Consents or settings may be stored locally in the browser (e.g. local storage); this usually does not transmit personal data to us.
8. Your rights
Where the law provides, you have the right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection to processing (Art. 21). If processing is based on consent, you may withdraw it with effect for the future (Art. 7(3)).
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), for example with the authority responsible for us in Rhineland-Palatinate: The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate, www.datenschutz.rlp.de.
9. Changes
We may update this privacy policy so that it always reflects current legal requirements.