This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and its associated websites, functions and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). Regarding the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Patrick Weber
Tondi 18-8
11316 Tallinn
Estonia
Tel. +49 151 20482111
E-mail: Patrick _ Weber (at) gmx dot de
Types of processed data:
- Inventory data (e.g., names, addresses)
- Contact data (e.g., email, phone numbers)
- Content data (e.g., text entries, photographs, videos)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of affected persons
Visitors and users of the online offering (Hereinafter, we collectively refer to the affected persons as “users”).
Purpose of Processing
- Provision of the online offering, its functions and content
- Response to contact inquiries and communication with users
- Security measures
- Reach measurement/Marketing
Terms Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Legal Bases
In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing activities. Unless the legal basis is mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing to fulfill our services and implement contractual measures as well as respond to inquiries is Art. 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
Security Measures
In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, availability assurance and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and response to data compromise. We also consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of privacy by design and privacy by default (Art. 25 GDPR).
The connection to our website offering is only possible through a TSL-secured connection. Unsecured connections are blocked by our server.
Cooperation with Processors and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit data to them, or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if transmission of data to third parties, such as payment service providers, is necessary for contract fulfillment pursuant to Art. 6(1)(b) GDPR), if you have consented, if a legal obligation requires this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Art. 28 GDPR.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “Standard Contractual Clauses”).
Rights of Data Subjects
You have the right to request confirmation as to whether relevant data is being processed and to receive information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
You have the right, in accordance with Art. 16 GDPR, to request the completion of data concerning you or the correction of incorrect data concerning you.
You have the right, in accordance with Art. 17 GDPR, to demand that relevant data be deleted immediately, or alternatively, to demand restriction of the processing of the data in accordance with Art. 18 GDPR.
You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transmission to other controllers.
You also have the right to file a complaint with the responsible supervisory authority in accordance with Art. 77 GDPR.
Right of Withdrawal
You have the right to withdraw consent given in accordance with Art. 7(3) GDPR with effect for the future
Right to Object
You may object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection may be made in particular against processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
“Cookies” refers to small files that are stored on users’ computers. Different types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie may store, for example, the contents of a shopping cart in an online shop or a login status. “Permanent” or “persistent” cookies are cookies that remain stored even after closing the browser. For example, the login status can be saved when users access it after several days. Similarly, such cookies can store users’ interests, which are used for reach measurement or marketing purposes. “Third-party cookies” refer to cookies offered by providers other than the controller operating the online service (otherwise, if they are only their cookies, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and provide clarification about this within our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online service.
A general objection to the use of cookies for online marketing purposes can be declared for many services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case, not all functions of this online service may be used.
Deletion of Data
The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, storage is maintained particularly for 10 years in accordance with §§ 147 Para. 1 AO, 257 Para. 1 No. 1 and 4, Para. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 Para. 1 No. 2 and 3, Para. 4 HGB (commercial letters).
According to legal requirements in Austria, storage is maintained particularly for 7 years in accordance with § 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, vouchers, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.
Amazon Partner Program
Based on our legitimate interests (i.e., interest in the economic operation of our online offering pursuant to Art. 6(1)(f) GDPR), we are participants in the Amazon EU Partner Program, which is designed to provide a medium for websites through which advertising cost reimbursement can be earned by placing advertisements and links to Amazon.de (known as an affiliate system). This means that as an Amazon Partner, we earn from qualifying purchases.
Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognize that you clicked on the partner link on this website and subsequently purchased a product from Amazon.
For more information about Amazon’s data usage and opt-out options, please refer to the company’s privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.
Comments and Posts
When users leave comments or other contributions, their IP addresses may be stored for 7 days based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. This is done for our security in case someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves may be held liable for the comment or post and are therefore interested in the identity of the author.
Furthermore, we reserve the right, based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, to process user information for spam detection purposes.
The data provided in the context of comments and posts will be stored by us permanently until users object.
Collection of Access Data and Log Files
We, or our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Log file information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum period of 7 days and then deleted. Data whose further storage is necessary for evidential purposes is exempt from deletion until the respective incident has been finally clarified.
Reach Measurement with Matomo
As part of Matomo’s reach analysis, the following data is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering pursuant to Art. 6(1)(f) GDPR): the browser type and version you use, the operating system you use, your country of origin, date and time of the server request, number of visits, your duration of stay on the website, and the external links you click. The IP address of users is anonymized before it is stored.
Matomo uses cookies that are stored on users’ computers and enable an analysis of their use of our online offering. Pseudonymous user profiles can be created from the processed data. The cookies have a storage duration of one week. The information generated by the cookie about your use of this website is stored only on our server and is not shared with third parties.
If you activate the “I do not want to be tracked” (Do-not-Track) functionality in your browser settings, your visits will not be recorded.
Users can also object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie will be stored in their browser, which results in Matomo no longer collecting any session data. However, if users delete their cookies, this will result in the opt-out cookie also being deleted and therefore needing to be reactivated by users.
The logs containing user data are deleted after 6 months at the latest.
Within our online offering, we use content or service offerings from third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering pursuant to Art. 6(1)(f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content perceive the IP address of users, as they could not send the content to their browsers without the IP address. The IP address is therefore required for the display of this content. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through these “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offering, as well as being combined with such information from other sources.
Vimeo
We can embed videos from the “Vimeo” platform of provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy: https://vimeo.com/privacy. We note that Vimeo may use Google Analytics and refer to the Privacy Policy (https://www.google.com/policies/privacy) as well as opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or Google’s settings for data usage for marketing purposes ([https://adssettings.google.com/.](https://adssettings.google.com/)).
Youtube
We embed videos from the “YouTube” platform of provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Shariff Sharing Functions
We use the privacy-compliant “Shariff” buttons. “Shariff” was developed to enable more privacy on the internet and to replace the usual social network “Share” buttons. In this case, it is not the user’s browser but the server on which this online offering is hosted that establishes a connection with the server of the respective social media platforms and queries, for example, the number of likes, etc. The user remains anonymous in this process. More information about the Shariff project can be found at the developers from c’t magazine: www.ct.de.