Comic and illustration
Data protection
introduction
With the following data protection declaration we would like to explain to you which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender specific.
As of November 17, 2020
Contents overview
introduction
Responsible person
Overview of the processing
Relevant legal bases
Safety measures
Commercial and business services
Use of online marketplaces for e-commerce
Provision of the online offer and web hosting
Online marketing
Presence in social networks (social media)
Responsible person
Desiree Kunstmann
Deutschherrnstr. 31
90429 Nuremberg
Email address: desiree.kunstmann@gmx.de
Overview of the processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
Inventory data (e.g. names, addresses).
Content data (e.g. entries in online forms).
Contact details (e.g. e-mail, telephone numbers).
Meta / communication data (e.g. device information, IP addresses).
Usage data (e.g. websites visited, interest in content, access times).
Contract data (e.g. subject of the contract, duration, customer category).
Payment data (e.g. bank details, invoices, payment history).
Categories of data subjects
Business and contractual partners.
Interested persons.
Customers.
Users (e.g. website visitors, users of online services).
Purposes of processing
Conversion measurement (measurement of the effectiveness of marketing measures).
Office and organizational procedures.
Interest-based and behavioral marketing.
Contact requests and communication.
Profiling (creation of user profiles).
Remarketing.
Range measurement (e.g. access statistics, recognition of returning visitors).
Safety measures.
Tracking (e.g. interest / behavioral profiling, use of cookies).
Provision of contractual services and customer service.
Management and answering of inquiries.
Relevant legal bases
In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.
Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) - The person concerned has given their consent to the processing of the personal data concerning them for a specific purpose or for several specific purposes.
Fulfillment of contracts and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. take place.
Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) - The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) - Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal data Data require, predominate.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.
Safety measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing of availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
Commercial and business services
We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries respond.
We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the business organization. We only pass on the data of the contractual partners to third parties within the framework of the applicable law to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the persons concerned (e.g. to telecommunications, transport and other auxiliary services involved as well Subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.
We inform the contracting partners before or as part of the data collection, e.g. in online forms, by special labeling (e.g. colors) or symbols (e.g. asterisks or similar), or personally, which data are required for the aforementioned purposes.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e. basically after 4 years, unless the data is stored in a customer account, e.g. as long as it has to be kept for archiving reasons for legal reasons (e.g. for Tax purposes usually 10 years). We delete data that has been disclosed to us by the contractual partner in the context of an order in accordance with the specifications of the order, generally after the end of the order.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Shop and e-commerce: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The information required is marked as such in the context of the order or comparable purchase process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultation.
Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract, term, customer category), usage data (e.g. websites visited, interest in content , Access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: interested parties, business and contractual partners, customers.
Purposes of processing: Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures, administration and answering of inquiries, security measures.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legal obligation (Art. 6 Par. 1 S. 1 lit. 1 S. 1 lit.f. GDPR).
Use of online marketplaces for e-commerce
We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data protection notices of the respective platforms apply. This applies in particular with regard to the methods used on the platforms for range measurement and interest-based marketing.
Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract, term, customer category), usage data (e.g. websites visited, interest in content , Access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: customers.
Purposes of processing: Provision of contractual services and customer service.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Par. 1 S. 1 lit. f. GDPR).
Used services and service providers:
Etsy: Online Marketplace for E-Commerce; Service provider: Etsy, Inc., 55 Washington Street, Suite 712, Brooklyn, NY 11201, USA; Website: https://www.etsy.com/de ; Data protection declaration: https://www.etsy.com/de/legal/privacy/?ref=ftr .
Provision of the online offer and web hosting
In order to be able to provide our online offer safely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in the context of the provision of the hosting offer can include all information relating to the users of our online offer that is generated in the context of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.
E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for the purpose of detecting SPAM. Please note that emails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted on the transport route, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We cannot therefore accept any responsibility for the transmission path of the e-mails between the sender and the receipt on our server.
Processed data types: content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: Provision of contractual services and customer service.
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
Wix: website hosting platform; Service provider: Wix.com ltd., Tel Aviv, 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA; Website: https://www.wix.com ; Data protection declaration: https://de.wix.com/about/privacy .
Online marketing
We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is saved. This information can include content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed.
The IP addresses of the users are also saved. However, we use available IP masking procedures (ie, pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) are stored in the online marketing process, but pseudonyms. This means that we, as well as the providers of online marketing processes, do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read out on other websites that use the same online marketing process, analyzed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing process provider.
As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent during registration.
In principle, we only have access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (ie interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.
Processed data types: usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: users (e.g. website visitors, users of online services), interested parties.
Purposes of processing: Tracking (e.g. interest / behavior-related profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavior-related marketing, profiling (creation of user profiles), range measurement (e.g. access statistics, recognition of returning visitors) .
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Opposition possibility (opt-out): We refer to the data protection information of the respective provider and the possibilities of objection given to the provider (so-called "opt-out"). Unless an explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this can restrict the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu . b) Canada: https://www.youradchoices.ca/choices . c) USA: https://www.aboutads.info/choices . d) Cross-regional: https://optout.aboutads.info .
Used services and service providers:
Google Analytics: online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/ ; Data protection declaration: https://policies.google.com/privacy ; Opposition option (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de , settings for displaying advertisements: https://adssettings.google.com/authenticated .
Presence in social networks (social media)
We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because it could make it more difficult to enforce the users' rights, for example.
Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, usage profiles can be created on the basis of user behavior and the interests of the users resulting therefrom. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Facebook: We are together with Facebook Ireland Ltd. responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy: https: // www.facebook.com/policy ), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook data policy declaration: https://www.facebook.com/policy ). As explained in the Facebook data policy under "How do we use this information?", Facebook also collects and uses information to provide analysis services, so-called "page insights", for website operators so that they can obtain information on how people use their pages and interact with the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum ), which regulates in particular which security measures Facebook must observe and which Facebook itself has agreed to fulfill the rights of the data subject (ie users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" ( https://www.facebook.com/legal/terms/information_about_page_insights_data ).
Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device Information, IP addresses).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: contact inquiries and communication, tracking (e.g. interest / behavior-related profiling, use of cookies), remarketing, range measurement (e.g. access statistics, recognition of returning visitors).
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com ; Data protection declaration: https://instagram.com/about/legal/privacy .
Facebook: social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com ; Data protection declaration: https://www.facebook.com/about/privacy ; Opposition option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads .
Twitter: social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Data protection declaration: https://twitter.com/de/privacy , (Settings) https://twitter.com/personalization .
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke