Privacy policy

Preamble

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and, in particular, on our websites, in mobile applications, as well as in external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

16. October 2023

Contents Overview.

Controller

Sebastian Wolff
Klosterberg 2
06577 An der Schmücke

Email Address:

kontakt@bastian-wolff.de

Phone:

017664370553

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Processed Data

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Data Subjects

  • Communication partners.
  • Users.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Direct marketing.
  • Management and response to inquiries.
  • Feedback.
  • Provision of our online offering and user-friendliness.

Applicable Legal Bases

Applicable legal bases under the GDPR: Below, you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or establishment may apply. Furthermore, if specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contractual Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) Processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures at the request of the data subject.
  • Legitimate Interests (Art. 6(1)(f) GDPR) Processing is necessary to protect the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, there are national data protection regulations in Germany. This includes, in particular, the Law for the Protection against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz - BDSG). The BDSG contains specific provisions regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making on an individual basis, including profiling. Furthermore, state data protection laws of individual federal states may also apply.

Reference to the Applicability of GDPR and Swiss Data Protection Act: These data protection notices serve both to provide information in accordance with the Swiss Federal Act on Data Protection (Schweizer DSG) and the General Data Protection Regulation (GDPR). For this reason, please note that, for the sake of broader spatial applicability and understanding, the terms of the GDPR are used. In particular, the terms "processing" of "personal data," "legitimate interest," and "special categories of data" as used in the GDPR are used instead of the terms used in the Swiss DSG. However, the legal meaning of these terms is determined within the scope of the Swiss DSG's applicability in accordance with the Swiss DSG.

Security Measures

According to legal requirements and considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement suitable technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as related access, input, disclosure, availability, and separation. Additionally, we have established procedures to ensure the exercise of data subject rights, data deletion, and responses to data breaches. Furthermore, we consider data protection during the development or selection of hardware, software, and processes, following the principles of data protection by design and by default.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs within the use of third-party services or the disclosure or transmission of data to other individuals, entities, or companies, it is done in accordance with legal requirements. If the data protection level in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfers. Otherwise, data transfers only occur when the data protection level is otherwise ensured, especially through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49(1) GDPR). Additionally, we will inform you about the foundations of third-country transfers with individual providers from the third country, with adequacy decisions being the primary basis. Information about third-country transfers and existing adequacy decisions can be found in the offering of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.

EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level as safe for certain companies in the USA through an adequacy decision dated July 10, 2023. The list of certified companies and further information about the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in the data protection notices about which service providers certified under the Data Privacy Framework are used by us.

Rights of Data Subjects

Rights of Data Subjects under the GDPR: You, as data subjects, have various rights under the GDPR, particularly arising from Articles 15 to 21 of the GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Information: You have the right to request confirmation of whether data concerning you is being processed, as well as information about this data and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with legal requirements.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to request the erasure of data concerning you without undue delay or alternatively, the restriction of processing in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in accordance with legal requirements in a structured, commonly used, and machine-readable format, as well as the right to transmit that data to another controller.
  • Complaint to a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you violates the provisions of the GDPR.

Registration, Login, and User Account

Users can create a user account. During the registration process, users are provided with the necessary mandatory information and it is processed for the purpose of providing the user account based on the fulfillment of contractual obligations. The processed data includes, in particular, login information (username, password, and an email address).

As part of using our registration and login features and the user account, we store the IP address and the time of each user's action. This storage is based on our legitimate interests as well as the interests of users in protection against misuse and other unauthorized use. In general, this data is not shared with third parties unless it is necessary for pursuing our claims or there is a legal obligation to do so.

Users can be informed via email about actions relevant to their user account, such as technical changes.

  • Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Content Data (e.g., inputs in online forms); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Concerned Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Management and response to inquiries; Providing our online services and user-friendliness.
  • Legal Bases: Contractual fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Additional Notes on Processing Procedures, Procedures, and Services:

  • Registration with Pseudonyms: Users are allowed to use pseudonyms as usernames instead of real names; Legal Bases: Contractual fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • User Profiles Are Public: User profiles are publicly visible and accessible.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within existing user and business relationships, the information provided by the inquiring individuals is processed as necessary for responding to the contact inquiries and any requested actions.

  • Processed Data Types: Contact Data (e.g., email, phone numbers); Content Data (e.g., inputs in online forms); Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Concerned Persons: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online forms); Providing our online services and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "Newsletters") only with the consent of recipients or a legal permission. If the contents of the Newsletter are specifically described during the registration for the Newsletter, they are decisive for the user's consent. In addition, our Newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you for a name for personal addressing in the newsletter or other information if it is required for the purposes of the newsletter.

Double-Opt-In Procedure: Registration for our newsletter is generally carried out in a so-called double-opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with third-party email addresses. Newsletter registrations are logged to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the email service provider are also logged.

Deletion and Restriction of Processing: We can store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove that consent was given in the past. The processing of this data is limited to the purpose of possible defense of claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe contradictions, we reserve the right to store the email address solely for this purpose in a blocking list.

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure email delivery system.

Contents:

Information about us, our services, actions, and offers.

  • Processed Data Types: Master Data (e.g., names, addresses); Contact Data (e.g., email, phone numbers); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage Data (e.g., visited websites, interest in content, access times).
  • Concerned Persons: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or postal).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR).
  • Opt-Out Option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or use one of the contact options provided above, preferably via email.

Additional Information on Processing Procedures, Procedures, and Services:

  • Measurement of Open and Click Rates: The newsletters contain a so-called "web beacon," which is a pixel-sized file that is retrieved from our server, or, if we use a delivery service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as browser and system information, as well as your IP address and the time of retrieval, is collected.

    This information is used for the technical improvement of our newsletter based on technical data or the target audience and their reading behavior, based on their retrieval locations (determinable by IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is associated with individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users.

Plugins and Embedded Features and Content

We embed functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include graphics, videos, or maps (hereinafter uniformly referred to as "content").

The embedding always presupposes that the third-party providers of this content process the IP address of users because they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We make an effort to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on users' devices, and may include technical information about the browser and operating system, referring websites, visit times, and other information about the use of our online offering, as well as being linked with such information from other sources.

  • Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times); Meta, Communication, and Process Data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Concerned Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Providing our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Procedures, and Services:

  • Google Fonts (Retrieved from Google Server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to currency and loading times, their uniform presentation, and consideration of possible licensing restrictions. The user's IP address is shared with the provider of the fonts, so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. When users visit our online offering, their browsers send HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, describing the browser and operating system versions of website visitors, as well as the referrer URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and tightly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a specific font family is requested. The Google Fonts Web API must adapt the user agent to the font that is generated for the respective browser type. The user agent is primarily logged for debugging purposes and used to generate aggregated usage statistics, measuring the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and to generate an aggregated report on top integrations based on the number of font requests. According to Google's own information, none of the information collected by Google Fonts is used to create user profiles or display targeted ads; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Legal Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF). More Information: https://developers.google.com/fonts/faq/privacy?hl=de.

Change and Update of the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time, and we kindly ask you to verify the information before contacting them.

Created with a free privacy policy generator by Dr. Thomas Schwenke