Privacy Policy
Privacy Policy
We are delighted by your interest in our company. Data protection is of particular importance to the management of Katharina Freitag. Use of the Katharina Freitag website is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the data subject’s consent. The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Katharina Freitag. This privacy policy aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects about their rights.
As the data controller, Katharina Freitag has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can fundamentally have security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.
1. Definitions
The privacy policy of Katharina Freitag is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the general public and our customers and business partners. To ensure this, we would like to explain the terminology used beforehand.
In this privacy policy, we use, among others, the following terms:
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller
The controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
h) Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
(i) Recipient
A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
(j) Third party
A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:
Katharina Freitag
Geranienstrasse 3
82031 Grünwald
Germany
Tel.: +49 176 26134717
Email: info@katharinafreitag.com
Website: www.katharinafreitag.com
3. Collection of general data and information
The Katharina Freitag website collects a range of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the server’s log files. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reached our website (known as the referrer), (4) the sub-pages accessed on our website by an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serves to prevent attacks on our IT systems.
Katharina Freitag does not draw any conclusions about the data subject when using this general data and information. This information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and its advertising, (3) ensure the long-term functionality of our IT systems and the technology of our website, and (4) provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack. Katharina Freitag therefore uses this anonymously collected data and information for statistical analysis and to improve data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
4. Routine Erasure and Blocking of Personal Data
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as provided for by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the purpose of storage ceases to apply, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data shall be routinely blocked or erased in accordance with legal requirements.
5. Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact an employee of the controller.
b) Right of access
Every person whose personal data is being processed has the right, granted by the European legislator, to obtain from the controller, at any time and free of charge, information about the personal data stored about him or her and a copy of this information. Furthermore, the European legislator has granted the data subject the right to information regarding the following:
the purposes of the processing
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the right to lodge a complaint with a supervisory authority
where the personal data are not collected from the data subject, any available information as to their source
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right of access, they may contact an employee of the controller at any time.
c) Right to rectification
Every data subject has the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may contact an employee of the controller at any time.
d) Right to erasure (right to be forgotten)
Every data subject has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies, and where the processing is not necessary:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
The personal data have been unlawfully processed.
The erasure of personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data were collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
If one of the aforementioned grounds applies and a data subject wishes to have their personal data stored by Katharina Freitag erased, they may contact an employee of the data controller at any time. The employee of Katharina Freitag will ensure that the erasure request is complied with immediately.
If Katharina Freitag has made the personal data public and our company, as the controller, is obligated to erase the personal data pursuant to Article 17(1) GDPR, Katharina Freitag, taking into account available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other data controllers processing the published personal data that the data subject has requested the erasure of all links to, or copies or replications of, such personal data from those other data controllers, insofar as processing is not necessary. The employee of Katharina Freitag will take the necessary steps in each individual case.
e) Right to restriction of processing
Every data subject has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met and a data subject wishes to restrict the processing of their personal data stored by Katharina Freitag, they may contact an employee of the data controller at any time. The employee of Katharina Freitag will then arrange for the restriction of processing.
f) Right to data portability
Every data subject has the right, granted by the European legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. She also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising her right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
Furthermore, when exercising her right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject can contact an employee of Katharina Freitag at any time.
g) Right to object
Every data subject has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
In the event of such an objection, Katharina Freitag will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims.
Where Katharina Freitag processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of their personal data by Katharina Freitag for direct marketing purposes, Katharina Freitag will no longer process the personal data for these purposes.
Furthermore, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out by Katharina Freitag for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may contact any employee of Katharina Freitag directly or another designated contact person. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise their right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or performing, a contract between the data subject and a data controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
… If the decision (1) is necessary for entering into, or performing, a contract between the data subject and the controller, or (2) is based on the data subject’s explicit consent, Katharina Freitag shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.
If the data subject wishes to exercise rights relating to automated decision-making, he or she may contact an employee of the controller at any time.
i) Right to withdraw consent under data protection law
Every data subject has the right granted by the European legislator to withdraw his or her consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact an employee of the controller at any time.
6. Data Protection Provisions Regarding the Use of Flattr
The data controller has integrated components of the company Flattr into this website. Flattr is a social payment service from Sweden that allows users to distribute donations to online media providers by depositing funds into a credit account and setting a monthly budget. Users can instruct Flattr to distribute their set monthly budget to a media provider by clicking a Flattr button integrated into the provider’s website.
The operating company of Flattr is Flattr AB, Box 4111, 203 12 Malmö, Sweden.
Each time a user accesses one of the individual pages of this website, which is operated by the data controller and on which a Flattr component has been integrated, the respective Flattr component automatically prompts the web browser on the user’s information technology system to download a representation of the corresponding Flattr component from Flattr. As part of this technical process, Flattr receives information about which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into Flattr, Flattr recognizes, with each visit to our website and for the entire duration of the visit, which specific subpage of our website the data subject is viewing. This information is collected by the Flattr component and assigned by Flattr to the respective Flattr account of the data subject. If the data subject clicks the Flattr button integrated on our website, this information is transmitted to Flattr for billing purposes. The data subject has already consented to the transmission of such information to Flattr.
Further information and Flattr’s applicable privacy policy can be found at https://flattr.com/privacy.
7. Data Protection Provisions Regarding the Use of Amazon Affiliate Program Features
As a participant in the Amazon Affiliate Program, the data controller has integrated Amazon components into this website. These Amazon components were designed by Amazon to direct customers to various websites within the Amazon Group, specifically Amazon.co.uk, Local.Amazon.co.uk, Amazon.de, BuyVIP.com, Amazon.fr, Amazon.it, and Amazon.es, via advertisements, in exchange for a commission. The data controller can generate advertising revenue through the use of these Amazon components.
The operating company of these Amazon components is Amazon EU S.à.r.l., 5 Rue Plaetis, L-2338 Luxembourg, Luxembourg.
Amazon places a cookie on the data subject’s information technology system. Cookies were explained above. Each time a user accesses one of the individual pages of this website, which is operated by the data controller and on which an Amazon component is integrated, the respective Amazon component automatically prompts the web browser on the user’s computer system to transmit data to Amazon for the purposes of online advertising and commission billing. As part of this technical process, Amazon receives personal data that allows Amazon to track the origin of orders placed on Amazon and subsequently to process commission payments. Among other things, Amazon can track whether the user clicked on an affiliate link on our website.
As described above, the user can prevent the setting of cookies by our website at any time by adjusting the settings of their web browser and thus permanently object to the setting of cookies. Such a browser setting would also prevent Amazon from setting a cookie on the user’s computer system. Furthermore, cookies already set by Amazon can be deleted at any time via a web browser or other software programs.
Further information and Amazon’s applicable privacy policy can be found at https://www.amazon.de/gp/help/customer/display.html?nodeId=3312401.
8. Data Protection Provisions Regarding the Use of Functions of the Collecting Society WORT (VG WORT)
The data controller has integrated tracking pixels on this website. A tracking pixel is a miniature graphic embedded in web pages to enable log file recording and analysis, allowing for statistical evaluation. The integrated tracking pixels are used for the Scalable Central Measurement (SZM) system of the Collecting Society WORT (VG WORT).
The Scalable Central Measurement system is operated by INFOnline GmbH, Forum Bonn Nord, Brühler Str. 9, 53119 Bonn, Germany.
The Scalable Central Measurement system is used to determine statistical indicators for calculating the probability of texts being copied. The embedded tracking pixel enables the Collecting Society WORT to identify whether, when, and by how many users (including the data subject) our website was accessed and which content was viewed.
The data obtained through the Scalable Central Measurement method is collected anonymously. To record access statistics and recognize users of a website, either a so-called session cookie is set—that is, a signature is created which is composed of various automatically transmitted pieces of information—or alternative methods are used. The IP address of the internet connection used by the data subject is collected and processed only in anonymized form. The data subject is never identified.
As described above, the data subject can prevent the setting of cookies by our website at any time by adjusting the settings of their internet browser and thus permanently object to the setting of cookies. Such a browser setting would also prevent INFOnline from setting a cookie on the data subject’s information technology system. Furthermore, cookies already set by INFOnline can be deleted at any time via an internet browser or other software programs.
Furthermore, the data subject has the option to object to and prevent the collection and processing of data generated by INFOnline relating to their use of this website. To do so, the data subject must click the opt-out button at the following link: http://optout.ioam.de, which sets an opt-out cookie. The opt-out cookie set in response to the objection is stored on the data subject’s information technology system. If the cookies on the data subject’s system are deleted after an objection, the data subject must access the link again and set a new opt-out cookie.
However, setting the opt-out cookie may result in the data subject no longer being able to fully use the data controller’s website.
INFOnline’s applicable data protection regulations can be found at https://www.infonline.de/datenschutz/.
9. Data Protection Provisions Regarding the Use of LiveZilla
The data controller has integrated the LiveZilla component into this website. LiveZilla is live support helpdesk software that enables direct, real-time communication (so-called live chat) with visitors to the website.
The developer of the LiveZilla component is LiveZilla GmbH, Byk-Gulden-Straße 18, 78224 Singen, Germany.
Each time our website, which includes a LiveZilla component, is accessed, this component collects data for the purpose of operating the live chat system and analyzing its performance. Further information about LiveZilla can be found at http://www.livezilla.net/home/de/.
The LiveZilla component places a cookie on the data subject’s information technology system. Cookies were explained above. Pseudonymized user profiles can be created using the LiveZilla cookie. Such pseudonymized user profiles can be used by the data controller to analyze visitor behavior and to analyze and maintain the proper functioning of the live chat system. This analysis also serves to improve our services. The data collected via the LiveZilla component will not be used to identify the data subject without first obtaining their separate, explicit consent. This data will not be combined with personal data or with other data containing the same pseudonym.
As described above, the data subject can prevent the setting of cookies by our website at any time by adjusting the settings of their web browser and thus permanently object to the setting of cookies. Such a browser setting would also prevent the LiveZilla component from setting a cookie on the data subject’s information technology system. Furthermore, a cookie already set by the LiveZilla component can be deleted at any time via the web browser or other software programs.
The data subject can prevent the setting of cookies by our website at any time by adjusting the settings of their web browser accordingly. The applicable data protection regulations of LiveZilla GmbH can be accessed at https://www.livezilla.net/disclaimer/de/.
10. Data Protection Provisions Regarding the Use of WiredMinds
The data controller has integrated components from WiredMinds into this website. These WiredMinds components automatically recognize and qualify companies that visit the website. The WiredMinds component enables the website operator using the component to generate leads, i.e., to qualify potential new customers.
The operating company of WiredMinds is WiredMinds GmbH, Lindenspürstraße 32, 70176 Stuttgart, Germany.
We use a WiredMinds tracking pixel. A tracking pixel is a miniature graphic embedded in a website to enable log file recording and analysis for subsequent statistical evaluation.
WiredMinds also places a cookie on the data subject’s information technology system. Cookies were explained above. The placement of the cookie allows us to analyze the use of our website.
Pseudonymized user profiles are created using the collected data. These pseudonymized user profiles are used to analyze visitor behavior and enable us to improve our website. The data collected via the WiredMinds component will not be used to identify the data subject without first obtaining their separate and explicit consent. This data will not be combined with personal data or with other data containing the same pseudonym.
Each time a user accesses one of the individual pages of this website, the WiredMinds component automatically prompts the web browser on the user’s computer system to transmit data for online analysis. As part of this technical process, WiredMinds receives personal data, such as the IP address, which is used, among other things, to track the origin of visitors and clicks.
The cookie stores personal information, such as the access time, the location from which access originated, and the frequency of visits to our website. Each time you visit our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to the WiredMinds server. This personal data is stored by WiredMinds but is not shared with third parties.
The data subject can prevent the setting of cookies by our website at any time, as described above, by adjusting the settings of their internet browser accordingly, and thus permanently object to the setting of cookies. Such a browser setting would also prevent WiredMinds from setting a cookie on the data subject’s information technology system. Furthermore, a cookie already set by WiredMinds can be deleted at any time via an internet browser or other software programs.
The data subject also has the option to object to and prevent the collection of data generated by WiredMinds relating to their use of this website. To do so, the data subject must click the “Don’t Track My Visits” button at the following link: https://wm.wiredminds.de/track/cookie_mgr.php?mode=dont_track_ask&websitesel If the data processing system of the data subject is subsequently deleted, formatted, or reinstalled, the data subject must set an opt-out cookie again.
Further information and WiredMinds’ applicable data protection regulations can be found at https://www.wiredminds.de/produkt/datenschutz-gutachten/.
11. Data Protection Provisions Regarding the Use of Lotame
The data controller has integrated components from Lotame into this website. Lotame is a data management platform into which data from third-party sources is fed across devices in order to subsequently personalize content, advertising, and offers. Lotame is therefore also an analytics service. An analytics service collects, gathers, and analyzes data. It is primarily used to optimize a website and to plan the cost-benefit ratio of advertising activities.
The operating company of Lotame is Lotame Solutions, Inc., Suite 2000, 8850 Stanford Blvd., Columbia, Maryland, 21045, USA.
The purpose of Lotame is to enable cross-device communication with our customers and prospects. Cross-device communication refers to communication with customers on both standard computer systems and mobile devices such as laptops, tablets, and mobile phones. Lotame uses so-called Unique Identifiers (UIDs) for this purpose. A unique identifier is a technology that allows us to determine which different technological systems a specific individual uses.
Lotame places a cookie on the data subject’s information technology system. Cookies were explained above. Each time a user accesses one of the individual pages of this website, which is operated by the data controller and on which a Lotame component is integrated, the Lotame component automatically prompts the web browser on the data subject’s information technology system to transmit data to Lotame for optimization purposes. As part of this technical process, Lotame receives data that is subsequently used to create user profiles. These user profiles serve to determine which different information technology devices the respective user uses, in order to subsequently optimize our advertising activities.
As described above, the data subject can prevent the setting of cookies by our website at any time by adjusting the settings of their web browser accordingly, thus permanently objecting to the setting of cookies. Such a setting in the internet browser used would also prevent Lotame from placing a cookie on the data subject’s information technology system. Furthermore, cookies already placed by Lotame can be deleted at any time via an internet browser or other software programs.
Furthermore, you have the option to object to and prevent the collection and processing of data generated by the Lotame cookie relating to your use of this website. To do so, you must click the opt-out button at https://www.lotame.com/opt-out-preference-manager/, which will set an opt-out cookie. This opt-out cookie will be stored on your computer system. If cookies are deleted from your system after you have objected, you will need to click the link again and set a new opt-out cookie.
However, setting the opt-out cookie may mean that you can no longer fully use the data controller’s website.
Lotame’s applicable data protection regulations can be found at https://www.lotame.com/legal/.
12. Data Protection Provisions Regarding the Use of Bloglovin
The data controller has integrated components of Bloglovin into this website. Bloglovin is an online platform that allows users to organize their favorite blogs. A blog is a website-based, generally publicly accessible portal where one or more people, called bloggers or webloggers, can post articles or write down their thoughts in so-called blog posts.
The operating company of Bloglovin is Bloglovin Inc., 25 Broadway, New York, NY 10004, USA.
Each time a user accesses one of the individual pages of this website, which is operated by the data controller and on which a Bloglovin component has been integrated, the respective Bloglovin component automatically prompts the web browser on the user’s information technology system to download a representation of the corresponding Bloglovin component from Bloglovin. As part of this technical process, Bloglovin receives information about which specific subpage of our website the user is visiting.
If the data subject is logged into Bloglovin at the same time, Bloglovin recognizes which specific subpage of our website the data subject visits each time they access our website and for the entire duration of their visit. This information is collected by the Bloglovin component and assigned to the data subject’s respective Bloglovin account. If the data subject clicks the Bloglovin button integrated into our website, this information is transmitted to Bloglovin. The data subject has already consented to the transmission of such information to Bloglovin.
Further information and Bloglovin’s applicable data protection regulations can be found at https://www.bloglovin.com/tos.
13. Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information had to be shared with a doctor, hospital, or other third party. In that case, the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. The legislator took the view that a legitimate interest could be assumed where the data subject is a client of the controller (Recital 47, second sentence, GDPR).
14. Legitimate interests pursued by the controller or a third party in the processing
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and shareholders.
15. Duration for which the personal data will be stored
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data is routinely deleted, provided it is no longer required for the performance of a contract or for taking steps prior to entering into a contract.
16. Legal or contractual requirements for providing personal data
Necessity for entering into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also arise from contractual provisions (e.g., information about the contracting party). In some cases, concluding a contract may require a data subject to provide us with personal data, which we then need to process. For example, the data subject is obligated to provide us with personal data if our company enters into a contract with them. Failure to provide this personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will explain to the data subject, on a case-by-case basis, whether the provision of personal data is required by law or contract, or necessary for entering into the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
17. Automated Decision-Making
As a responsible company, we do not use automated decision-making or profiling.
This privacy policy was created using the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the external data protection officer for Dortmund, in cooperation with Cologne-based data protection lawyer Christian Solmecke.
External Hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact information, names, website access data, and other data generated via a website.
The host is used for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hosting provider will only process your data to the extent necessary to fulfill its contractual obligations and will follow our instructions regarding this data.
We use the following hosting provider:
Data Processing Agreement
To ensure data processing in compliance with data protection regulations, we have concluded a data processing agreement with our hosting provider.
Cookies
Our website uses so-called “cookies.” Cookies are small text files that do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after you leave our website. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These allow us or you to use certain services provided by the third-party company (e.g., cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or to display advertising.
Cookies that are necessary for the electronic communication process (essential cookies), for providing certain functions you have requested (functional cookies, e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring website traffic) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically flawless and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant cookies are stored exclusively on the basis of this consent (Article 6(1)(a) GDPR); this consent can be revoked at any time.
You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to block cookies in certain cases or entirely, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.
If cookies from third-party companies or for analysis purposes are used, we will inform you separately about this within the framework of this privacy policy and, if necessary, request your consent.
Cookie Consent with Borlabs Cookie
Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this consent in accordance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter referred to as Borlabs).
When you visit our website, a Borlabs cookie is stored in your browser, which saves the consents you have given or withdrawn. This data is not shared with the provider of Borlabs Cookie.
The collected data is stored until you request its deletion, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details regarding data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
The Borlabs Cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.