Privacy Policy
This privacy policy informs you about the nature, scope, and purpose of processing personal data (hereinafter referred to as “data”) in the provision of our services and within our online offering and the associated websites, features, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Owner:
Marc Geppert
Kaiserstraße 124
44135 Dortmund
Germany
marc@webdesign-geppert.com
Types of Processed Data
- Inventory data (e.g., personal master data, names, or addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of Data Subjects Visitors and users of the online offering (hereinafter also referred to as “users”).
Purpose of Processing
- Provision of the online offering, its features, and content.
- Responding to contact inquiries and communication with users.
- Security measures.
- Reach measurement/marketing.
Terms Used “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” is any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.
“Pseudonymization” means processing personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
The “controller” is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Legal Bases for Processing In accordance with Article 13 of the GDPR, we inform you about the legal bases for our data processing activities. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the European Economic Area (EEA), the following applies when the legal basis is not mentioned in this privacy policy:
The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR. The legal basis for processing for the performance of our services and the execution of contractual measures, as well as for answering inquiries, is Article 6(1)(b) of the GDPR. The legal basis for processing for the fulfillment of our legal obligations is Article 6(1)(c) of the GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis. The legal basis for processing to carry out a task in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) of the GDPR. The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. Processing data for purposes other than those for which the data was collected is determined by the provisions of Article 6(4) of the GDPR. The processing of special categories of data (in accordance with Article 9(1) of the GDPR) is governed by the provisions of Article 9(2) of the GDPR.
Security Measures In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also take data protection into account in the development, or selection, of hardware, software, and procedures, according to the principle of data protection by design and by default.
Collaboration with Data Processors, Joint Controllers, and Third Parties If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers, or third parties), transmit it to them, or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g., if a transmission of data to third parties, such as payment service providers, is required for the performance of a contract), user consent, a legal obligation, or our legitimate interests (e.g., when using agents, web hosts, etc.).
If we disclose, transmit or otherwise grant access to data to other companies within our group of companies, this is done for administrative purposes as a legitimate interest and, beyond that, on a basis consistent with legal requirements.
Transfers to Third Countries If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to other persons or companies, this only takes place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, processing is based on specific guarantees, such as the officially recognized level of data protection (e.g., for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations.
Rights of Data Subjects You have the right to request confirmation as to whether the data in question is being processed and to receive information about this data and additional information and a copy of the data in accordance with legal requirements.
You have the right, in accordance with the legal requirements, to request the completion of the data concerning you or the rectification of incorrect data concerning you.
You have the right, in accordance with the legal requirements, to request that the data in question be deleted without delay or, alternatively, to require a restriction of the processing of data in accordance with the legal requirements.
You have the right to receive the data concerning you that you have provided to us and to request that it be transmitted to other responsible parties in accordance with legal requirements.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with legal requirements.
Right to Withdraw You have the right to withdraw any consent you have given with future effect.
Right to Object You can object to the future processing of your data in accordance with legal requirements at any time. In particular, you can object to the processing of your data for direct marketing purposes.
Cookies and Right to Object to Direct Marketing Cookies are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online service. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online service and closes his or her browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. Similarly, such a cookie can be stored to save the user’s interests or used for range measurement or marketing purposes. A “third-party cookie” refers to cookies offered by providers other than the person responsible for the online service (otherwise, if they are only its cookies, this is referred to as “first-party cookies”).
We may use temporary and permanent cookies and inform you about this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offering.
A general objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case not all functions of this online offering can be used.
Deletion of Data The data processed by us is deleted or its processing is restricted in accordance with legal requirements. Unless expressly stated in this privacy policy, the data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
Changes and Updates to the Privacy Policy We ask that you regularly inform yourself about the contents of our privacy policy. We will adjust the privacy policy as changes to our data processing make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.
Definitions This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined above all in Article 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended, above all, to aid understanding. The terms are sorted alphabetically.
Personal Data “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Controller “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Profiling “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization “Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
File Downloads We strive to offer the option to download files from our website. When you download files, the following information will be logged and stored:
Name of the file downloaded Date and time of the download Amount of data transferred Confirmation of success or failure of the download Referring URL (the previously visited page) Browser used for downloading IP address of the downloading computer
This data is collected for security purposes, in particular to prevent abuse. The data will be anonymized and cannot be linked to specific individuals. The data is stored for a duration of seven days, after which it is automatically deleted.
Contact When you contact us (e.g., via a contact form or email), your personal information is processed for the purpose of handling the contact request and its processing.
User Data and Registration Users have the option to create a user account on our website. During registration, we collect the required data and inform users about the nature, scope, and purpose of the data processing.
Basic data for registration: Email address Password
Optional information: First name Last name
During registration, we will obtain your consent to process this data.
Data Transfer to Third Parties Data will only be transferred to third parties within the framework of legal requirements. We will only pass on user data to third parties if this is necessary for contractual purposes or based on legitimate interests in accordance with Article 6(1)(f) of the GDPR, or for the purpose of complying with our legal obligations in accordance with Article 6(1)(c) of the GDPR.
As part of the registration and log-in processes and the use of our services, we use the website and databases of third-party providers. The terms and conditions and data protection regulations of the respective providers apply in this regard.
Online Marketing and Affiliate Programs We work together with various online marketing partners who help us to make our website and online presence more interesting for you. Therefore, when you visit our website, cookies from partner companies are also stored on your hard drive. These are cookies that are automatically deleted after the specified time.
The affiliate partners are responsible for their cookies and the processing of data collected through them.
Privacy Policy for the Use of Google Analytics On our website, we use Google Analytics, a web analysis service from Google Inc. (https://www.google.com), hereinafter referred to as “Google.” Google Analytics uses cookies that allow you to analyze the use of the website.
The information generated by the cookie about your use of this website, such as
Browser type/version, Operating system used, Referrer URL (the previously visited page), Host name of the accessing computer (IP address), Time of the server request,
is usually transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities, and to provide further services associated with the use of the website and the internet for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent.
In addition, you can prevent the data generated by the cookie and related to your use of the website (including your IP address) from being recorded and processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from recording data by clicking on this link. An opt-out cookie is set to prevent future recording of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data usage by Google, possible settings, and objections can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use websites or apps from our partners”), http://www.google.com/policies/technologies/ads (“Data usage for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).
Privacy Policy for the Use of Google AdSense This website uses Google AdSense, a service for integrating advertisements from Google Inc. (“Google”). Google AdSense uses so-called “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. Google AdSense also uses web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on these pages.
The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information can be passed on by Google to Google’s contractual partners. However, Google will not merge your IP address with other data stored by you.
You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Privacy Policy for the Use of Facebook Social Plugins Our website uses so-called social plugins (“plugins”) from the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social Plugin from Facebook” or “Facebook Social Plugin.” An overview of Facebook plugins and their appearance can be found here: http://developers.facebook.com/plugins.
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can immediately assign the visit to our website to your Facebook account. If you interact with the plugins, for example, by clicking the “Like” button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research, and the tailor-made design of Facebook pages. For this purpose, Facebook creates usage, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide further services associated with the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.
The purpose and scope of data collection, further processing and use of data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s data protection information: http://www.facebook.com/policy.php.
Privacy Policy for the Use of Twitter Functions of the Twitter service are integrated on our sites. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. This data is also transmitted to Twitter.
We would like to point out that we, as the provider of the website, have no knowledge of the content of the data transmitted or of how it is used by Twitter. Further information can be found in Twitter’s data privacy statement at http://twitter.com/privacy.
You can change your privacy settings on Twitter in your account settings at http://twitter.com/account/settings. If you have any questions, please contact privacy@twitter.com.
Information/Cancellation/Deletion You can contact us free of charge for questions regarding the collection, processing, or use of your personal data and their correction, blocking, deletion, or revocation of a given consent. We would like to point out that you have the right to correct incorrect data or delete personal data if this claim does not conflict with any legal obligation to retain data.
Sample Privacy Policy for Google Maps This website uses the Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes, and uses data about the use of map functions by visitors. You can find more information about data processing by Google in the Google data protection information. There, you can also change your personal data protection settings in the Data Protection Center.
Comprehensive information on the subject of data protection in connection with Google Maps can be found on the Google website (“Google Privacy Policy”): http://www.google.de/intl/de/policies/privacy/.
Privacy Policy for the Use of YouTube Our website uses plugins from the Google-operated YouTube site. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our sites equipped with a YouTube plugin, a connection is established to the YouTube servers. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
For more information on how user data is handled, see YouTube’s privacy policy at: https://www.google.com/intl/en/policies/privacy
Newsletter With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to the receipt and the described procedures.
Content of the newsletter: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the content of a newsletter is specifically described in the context of registration, it is decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us.
Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with external email addresses. Registrations for the newsletter are logged in order to be able to prove the registration process according to legal requirements. This includes storing the login and confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.
Credentials: To subscribe to the newsletter, simply enter your email address. Optionally, we ask you to provide a name for personal contact in the newsletter.
The dispatch of the newsletter and the associated performance measurement are based on consent from the recipient in accordance with Art. 6(1)(a), Art. 7 of the GDPR in conjunction with § 107(2) TKG or on the basis of legal permission in accordance with § 107(2) and (3) TKG.
The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6(1)(f) of the GDPR. Our interest is in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide evidence of consent.
Cancellation/Revocation – You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the previous consent is confirmed at the same time.