Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online offer").

The terms used are not gender-specific.

Last updated: 5 June 2024

Table of Contents

Controller

Christopher Richter
Carionweg 2
10709 Berlin, Germany

Email: chrissy.richter2710@gmail.com

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of data processed

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of data subjects

  • Communication partners.
  • Users.

Purposes of processing

  • Communication.
  • Security measures.
  • Organisational and administrative procedures.
  • Feedback.
  • Provision of our online offer and user-friendliness.
  • Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require protection of personal data, do not override such interests.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as on automated decision-making in individual cases, including profiling. State data protection laws of the individual federal states may also apply.

Security Measures

We take appropriate technical and organisational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances and purposes of processing, as well as the different likelihoods and severities of risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access to, input of, disclosure of, safeguarding of availability of, and separation of the data. We have also established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data breaches. Furthermore, we take the protection of personal data into account already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections via TLS/SSL encryption technology (HTTPS): To protect users' data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information that is transmitted between the website or app and the user's browser, thereby protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is transmitted securely and in encrypted form.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are withdrawn or no further legal bases exist for the processing. This applies to cases where the original purpose of the processing ceases to apply or the data is no longer needed. Exceptions to this rule exist if legal obligations or particular interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for the enforcement of legal claims or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing operations.

Where there are multiple statements regarding the retention period or deletion deadlines for a given piece of data, the longest period shall always prevail.

If a deadline does not expressly begin on a specific date and is at least one year in duration, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in the context of which data is stored, the triggering event is the point in time at which the termination or other end of the legal relationship takes effect.

Data that is no longer retained for its originally intended purpose but due to statutory requirements or other reasons is processed exclusively for the reasons that justify its retention.

Further information on processing operations, procedures and services:

  • Retention and deletion of data: The following general deadlines apply to retention and archiving under German law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organisational documents necessary for their understanding, accounting vouchers and invoices (§ 147 para. 3 in conjunction with para. 1 nos. 1, 4 and 4a AO, § 14b para. 1 UStG, § 257 para. 1 nos. 1 and 4, para. 4 HGB).
    • 6 years – Other business documents: received commercial or business letters, copies of dispatched commercial or business letters, other documents insofar as they are of relevance for taxation, such as timesheets, cost accounting sheets, calculation documents, price markings, as well as payroll documents, insofar as they are not already accounting vouchers, and till receipts (§ 147 para. 3 in conjunction with para. 1 nos. 2, 3, 5 AO, § 257 para. 1 nos. 2 and 3, para. 4 HGB).
    • 3 years – Data necessary to consider potential warranty and damages claims or similar contractual claims and rights, as well as to process related inquiries based on previous business experience and customary industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. Where personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent given at any time.
  • Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request the immediate deletion of data concerning you, or alternatively, in accordance with legal requirements, to request the restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you which you have provided to us, in accordance with legal requirements, in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
  • Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.

Provision of the Online Offer and Web Hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved); log data (e.g. log files relating to logins or retrieval of data or access times).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
  • Retention and deletion: Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).

Further information on processing operations, procedures and services:

  • Provision of online offer on rented server space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web host"); Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).
  • Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server log files may be used, on the one hand, for security purposes, e.g. to prevent server overloading (in particular in the case of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure the utilisation of the servers and their stability; Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymised. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until final clarification of the respective incident.

Contact and Inquiry Management

When contacting us (e.g. by post, contact form, email, telephone or via social media), as well as in the context of existing user and business relationships, we process the information of the inquiring persons insofar as this is necessary to respond to the contact requests and any measures requested.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions, as well as information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organisational and administrative procedures; feedback (e.g. collecting feedback via online form); provision of our online offer and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR); performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b GDPR).

Further information on processing operations, procedures and services:

  • Contact form: When you contact us via our contact form, by email, or through other means of communication, we process the personal data transmitted to us in order to respond to and handle the respective inquiry. This usually includes information such as name, contact information and, where applicable, further information that is communicated to us and is necessary for appropriate handling. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b GDPR); legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).

Amendments and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as changes require any cooperation on your part (e.g. consent) or any other individual notification.

Insofar as we provide addresses and contact information of companies and organisations in this privacy policy, please note that addresses may change over time, and we ask you to check the information before making contact.

Definitions of Terms

This section provides an overview of the terms used in this privacy policy. Where the terms are legally defined, their legal definitions apply. The following explanations, however, are primarily intended to aid understanding.

  • Inventory data: Inventory data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments. This data may include, among other things, personal and demographic information such as names, contact information (addresses, telephone numbers, email addresses), dates of birth and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between persons and services, institutions or systems by enabling clear assignment and communication.
  • Content data: Content data includes information generated in the course of creating, editing and publishing content of any kind. This category of data may include texts, images, videos, audio files and other multimedia content that is published on various platforms and media. Content data is not limited to the actual content itself, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information and publication dates.
  • Contact data: Contact data is essential information that enables communication with persons or organisations. It includes, among other things, telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
  • Meta, communication and procedural data: Meta, communication and procedural data are categories that contain information about how data is processed, transmitted and managed. Metadata, also known as data about data, includes information that describes the context, origin and structure of other data. It may include information on file size, creation date, the author of a document and change histories. Communication data captures the exchange of information between users via various channels, such as email traffic, call logs, messages on social networks and chat histories, including the persons involved, timestamps and transmission paths. Procedural data describes the processes and sequences within systems or organisations, including workflow documentation, logs of transactions and activities, as well as audit logs used for tracking and reviewing operations.
  • Usage data: Usage data relates to information that records how users interact with digital products, services or platforms. This data includes a wide range of information that reveals how users utilise applications, which functions they prefer, how long they spend on particular pages, and which paths they take when navigating through an application. Usage data can also include the frequency of use, timestamps of activities, IP addresses, device information and location data. It is particularly valuable for analysing user behaviour, optimising user experiences, personalising content and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences and possible problem areas within digital offerings.
  • Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Log data: Log data is information about events or activities that have been logged in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages and other details about the use or operation of a system. Log data is often used to analyse system problems, for security monitoring or to create performance reports.
  • Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether it is the collection, evaluation, storage, transmission or deletion.

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke