Privacy policy

Introduction

With the following data protection declaration, I would like to inform you about the types of personal data (hereinafter also referred to as „data“) I process, for what purposes, and to what extent in the context of providing this web-application.

The terms used are not gender-specific.

Status: 25 September 2020

Table of contents
Introduction
Person responsible
Overview of processing of personal data
Relevant legal bases
Security measures
Use of cookies
Commercial and business services
Provision of online offers and web hosting
Deletion of data
Amendment and update of privacy policy
Definitions of terms

Person responsible
Regina Werner
Vionvillestr. 15
12167 Berlin
E-mail address: info@regina-werner.com
Legal notice: www.regina-werner.com

Overview of processing of personal data
The following summarises the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed
Inventory data (eg names, addresses)
Content data (eg text entries, photographs, videos)
Contact details (eg e-mail, telephone numbers)
Meta/communication data (eg device information, IP addresses)
Usage data (eg websites visited, interest in content, access times)
Contract data (eg subject matter of contract, duration, customer category)
Payment data (eg bank details, invoices, payment history)
Categories of persons affected
Business and contractual partners
Interested parties
Users (eg website visitors, users of online services)
Purposes of processing
Office and organisational procedures
Contact requests and communication
Contractual services and service
Management and response to enquiries

Relevant legal bases
In the following, I provide the legal basis for the Basic Data Protection Regulation (DSGVO), on the basis of which personal data is processed. Please note that in addition to the regulations of the DSGVO, national data protection regulations may apply in your or my country of residence and domicile.  Should more specific legal provisions apply in individual cases, I will inform you of these in the data protection declaration.

Consent (Art. 6 para. 1 sentence 1 letter a DSGVO) – The data subject has given his or her consent to the processing of personal data relating to him or her for one or more specific purposes.

Fulfilment of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 letter b. FADP) – Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.

Legal obligation (Art. 6 para. 1 sentence 1 letter c. DSGVO) – The processing is necessary for the performance of a legal obligation to which the person responsible is subject to.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO) – The processing is necessary to safeguard the legitimate interests of the person responsible or of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data outweigh the data subject’s own interests or fundamental rights and freedoms.

National data protection regulations in Germany: In addition to the data protection regulations of the Basic Data Protection Regulation, national regulations on data protection apply in Germany. These include in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation, or termination of employment relationships, and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security measures
I take appropriate technical and organisational measures in accordance with legal requirements, taking into account technology’s state-of-art, implementation costs, and the nature, scope, circumstances, and purposes of data processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection commensurate with the risk.
These measures include, in particular, safeguarding confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, security of availability, and separation of data relating to them. Procedures have also been put in place to ensure that data subjects‘ rights are respected, that data is deleted and that responses to data breaches are made. Furthermore, I take protection of personal data into account as early as the development or selection of hardware, software, and procedures in accordance with the principle of data protection, by using technology which is protective, and data protection-friendly default settings.

Use of cookies
Cookies are text files which contain data from websites visited or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after his visit within an online offer. The information stored can include, for example, language settings on a website, login status, a shopping basket, or the place where a video was viewed. The term „cookies“ also includes other technologies which perform the same functions as cookies (eg when user information is stored using pseudonymous online identifiers, also known as „user IDs“).

The following cookie types and functions are distinguished
Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest once a user has left an online offer and closed his browser.
Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, a login status can be saved or preferred content can be displayed directly when the user re-visits a website. Likewise, such cookies can store the interests of users to measure reach and for marketing purposes.
First-party cookies: First-party cookies are set by myself.
Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (eg to store logins or other user entries, or for security reasons).
Statistical, marketing and personalisation cookies: Furthermore, cookies are generally also used to measure reach and when the interests of a user or his behaviour (eg viewing certain content, using functions, etc.) are stored in a user profile on individual web pages. Such profiles are used to show users content which corresponds to their potential interests. This procedure is also known as „tracking“, ie following the potential interests of users. If cookies or „tracking“ technologies are used, you will be informed separately in my privacy policy or when you give your consent.

Information on legal bases
The legal basis on which your personal data using cookies is processed depends on whether you are asked you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the aid of cookies will be processed on the basis of legitimate interests (eg in the commercial operation of my online offer and its improvement) or, if the use of cookies is necessary to fulfil contractual obligations.

Storage duration
Unless provided with explicit information on the storage duration of permanent cookies (eg within the framework of a so-called cookie opt-in), please assume that the storage duration can be up to two years.

General information on revocation and objection (opt-out): Depending on whether processing is based on consent or legal permission, you have the opportunity to revoke any consent given, or to object to the processing of your data by cookie technologies (collectively referred to as „opt-out“) at any time. You can initially declare your objection by means of your browser settings, eg by deactivating the use of cookies (although this may also restrict the functionality of my online service). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, such as via https://optout.aboutads.info https://optout.aboutads.info and https://www.youronlinechoices.com/ https://www.youronlinechoices.com/. In addition, you can receive further notices of objection provided in the information of service providers and cookies used.

Processing of cookie data based on consent: Before data is processed by using cookies, users will be asked for their consent which can be revoked at any time. Before consent has been given, only those cookies will be used which are absolutely necessary for the operation of my online service.

Processed types of data
Usage data (eg websites visited, interest in content, access times), meta/communication data (eg device information, IP addresses).

Persons affected
Users (eg website visitors, users of online services)

Legal basis
Consent (Art. 6 para. 1 sentence 1 letter a DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 letter f. DSGVO).

Commercial and business services
Data of contractual and business partners, eg customers and interested parties (collectively referred to as „contractual partners“) is processed within the framework of contractual and comparable legal relationships and associated measures, and during communication with contractual partners (or pre-contractual), eg to answer enquiries.
This data is processed for the purpose of fulfilling contractual obligations, securing rights, and for administrative tasks associated with this data, as well as for business organisation. Within the framework of the law applicable, data of contractual partners is only passed on to third parties to the extent that this is necessary for the aforementioned purposes, or to fulfil legal obligations, or with the consent of the persons concerned (eg to telecommunication, transport, and other auxiliary services as well as subcontractors, banks, tax, and legal advisors, payment service providers, or tax authorities). Contractual partners will be informed about other forms of processing, eg for marketing purposes, within the scope of this data protection declaration.
Contractual partners will be informed which data is required for above purposes before or within the scope of data collection, eg in online forms, by means of special marking (eg colours) or symbols (eg asterisks or similar), or personally.

Data is deleted after the expiry of legal warranty and comparable obligations, ie, in principle after four years, unless the data is stored in a customer account, eg as long as it must be kept for legal archiving reasons (eg for tax purposes usually ten years). Data which has been disclosed to me by the contractual partner within the scope of an order in accordance with the specifications of the order, will generally be deleted after the order has been completed.
If third-party providers or platforms to provide my services are used, the terms and conditions and data protection information of the respective third-party providers or platforms apply between users and providers.

Artistic and literary services: Data of clients is processed in order to enable them to select, acquire, or commission the selected services or works as well as associated activities, and to enable them to pay for and deliver them, or to execute or provide them.
The information required is marked as such in the context of the order, contract, or comparable contract conclusion and includes the information required for delivery and invoicing as well as contact information to be able to make any necessary arrangements.

Processed data types: inventory data (eg names, addresses), payment data (eg bank details, invoices, payment history), contact data (eg email, telephone numbers), contract data (eg subject matter of the contract, duration, customer category).

Persons concerned
Interested parties, business and contractual partners.

Purposes of processing: Contractual performance and services, contact enquiries and communication, office and organisational procedures, administration and answering enquiries.

Legal basis: Fulfilment of contract and pre-contractual enquiries (Art. 6 Paragraph 1 S. 1 lit. b. DSGVO), Legal obligation (Art. 6 Paragraph 1 S. 1 lit. c. DSGVO), Legitimate interests (Art. 6 Paragraph 1 S. 1 lit. f. DSGVO).

Provision of online offer and web hosting
For me to be able to provide my online offer securely and efficiently, I use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, I may use infrastructure and platform services, computing capacity, storage space, and database services as well as security and technical maintenance services.

The data processed within the provision of this hosting offer may include all data relating to users of my online offers which are generated within the framework of use and communication. This regularly includes the IP address, which is necessary to deliver the contents of online offers to browsers, and all entries made within my online offer, or from websites.

Collection of access data and log files: I myself (or my web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of web pages and files accessed, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

Server log files can be used for security purposes, eg to avoid overloading servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure capacity utilisation of servers and their stability.

Processed data types
Content data (eg text entries, photographs, videos), usage data (eg websites visited, interest in content, access times), meta/communication data (eg device information, IP addresses).

Persons concerned
Users (eg website visitors, users of online services). Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Deletion of data
Data processed by me will be deleted in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other permissions cease to apply (eg if the purpose for which the data was processed ceases to apply or if they are not necessary for the purpose).

Unless data is deleted because that is required for other and legally permissible purposes, their processing is limited to these purposes. This means that data will be blocked and not processed for other purposes. This applies, for example, to data which must be retained for reasons of commercial or tax law or which are required to be retained for the assertion, exercise or defence of legal claims, or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be provided in the individual data protection notes of this data protection declaration.

Amendment and updating of this data protection declaration
Please inform yourself regularly about the content of this data protection declaration. It will be adapted as soon as changes in the data processing carried out makes this necessary. You will be informed as soon as changes make it necessary for you to take action to cooperate (eg to give your consent), or to receive other individual notifications.

If addresses and contact information of companies and organisations are provided in this data protection declaration, please note that the addresses may change over time and please check their information before contacting me.

Definitions of terms
This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined first and foremost in Art. 4 DSGVO. Legal definitions are binding. The following explanations, on the other hand, are primarily intended to help you understand them. The terms are sorted alphabetically.

Personal data
„Personal data“ shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as „data subject“); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (eg a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person „Person responsible“: the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. „Processing“: „Processing“ means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all processing of data, whether it be collection, analysis, storage, communication, or deletion.

https://datenschutz-generator

Legal texts by Dr Schwenke
Created with free Datenschutz-Generator.de by Dr Thomas Schwenke