As of: September 28, 2019
Susanne Rohland, Am Treptower Park 24, 12435 Berlin/ Germany
E-mail address: email@example.com
Contact Data Protection Officer
Overview of the processing
The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.
Types of processed data
- Content data (e.g., text input, photographs, videos).
- Contact information (e.g., e-mail, phone numbers).
- Meta / communication data (e.g., device information, IP addresses).
- Usage data (e.g., websites visited, interest in content, access times).
- Categories of affected persons
- Users (e.g., website visitors, online service users).
- Purposes of processing
- Providing our online offer and user-friendliness.
- Feedback (e.g., collecting feedback via online form).
- Contractual services and service.
Relevant legal bases
In the following, we share the legal basis of the General Data Protection Regulation (DSGVO), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations may apply in your home or country of residence.
- Consent (Article 6 (1) (1) (a) GDPR) – The data subject has consented to the processing of personal data relating to him for a specific purpose or several specific purposes.
- Legitimate interests (Article 6 (1) (1) (f) of the GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject protecting personal security Data require, outweigh.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Bundesdatenschutzgesetz – BDSG). In particular, the BDSG contains special rules on the right of access, the right of cancellation, the right to object, the processing of special categories of personal data, processing for other purposes and for transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.
We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different likelihoods of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through privacy-friendly presettings.
SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You will recognize such encrypted connections with the prefix https: // in the address bar of your browser.
„Cookies“ are small files that are stored on users‘ devices Cookies can be used to store various information, such as the language settings on a website, the login status, a shopping cart or the location where a video is viewed was, belong.
Cookies are generally also used when the interests of a user or his behavior (for example, viewing specific content, use of functions, etc.) are stored on individual websites in a user profile. Such profiles serve to provide users with e.g. View content that matches your potential interests. This method is also referred to as „tracking,“ that is, tracking the potential interests of users. The term „cookies“ also includes other technologies that perform the same functions as cookies (for example, when user information is stored using pseudonymous online identifiers, also known as „user IDs“).
Withdrawal and opposition (opt-out): Regardless of whether the processing is based on a consent or legal permission, you have at any time the possibility to revoke a given consent or to object to the processing of your data by cookie technologies (collectively referred to as “ Opt-out „).
- Types of data processed: usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
- Affected Persons: Users (e.g., website visitors, online service users).
- Legal basis: Consent (Article 6 (1) (1) (a) GDPR), Legitimate interests (Article 6 (1) (1) (f) of the GDPR).
Provision of the online offer and web hosting
To provide our online offer safely and efficiently, we use the services of one or more web hosting providers whose servers (or servers managed by them) can access the online offer. For these purposes, we may use infrastructure and platform services, computing capacity, storage and database services, as well as security and technical maintenance services.
The data processed in the provision of the hosting offer may include all information relating to the use and communication of the users of our online offer. This includes, on a regular basis, the IP address necessary to deliver the content of online content to browsers, and all submissions made within our online offer or web pages.
E-Mail-Delivery and -Hosting: The Webhosting services we rely on also include sending, receiving and storing e-mails. For these purposes the addresses of the recipients as well as sender as well as further information concerning the e-mail dispatch (for example the participating providers) as well as the contents of the respective e-mails are processed. The aforementioned data may also be processed for purposes of SPAM detection. We ask you to note that e-mails on the Internet are generally not encrypted. As a rule, e-mails are encrypted on the transport route, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore take no responsibility for the transmission of emails between the sender and the reception on our server.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The server logfiles can contain the address and name of the retrieved web pages and files, the date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses. Addresses and the requesting provider belong.
The server log files can be used for security purposes, for example, to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and second, to ensure the utilization of the servers and their stability.
Processed data types: content data (e.g., text input, photographs, videos), usage data (e.g., visited web pages, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
Affected Persons: Users (e.g., website visitors, online service users).
Legal basis: legitimate interests (Article 6 (1) sentence 1 (f) of the DSGVO).
Plugins and embedded functions
We incorporate functionality and content into our online offering sourced from their respective vendors‘ servers (hereafter referred to as „third party vendors“), such as graphics, videos, social media buttons, and posts (hereafter referred to as „third party“) uniformly referred to as „content“).
The integration always requires that the third-party providers of this content process the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We endeavor to use only those content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as „web beacons“) for statistical or marketing purposes. The „pixel tags“ can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and the operating system, websites to be referenced, time of visit, and other information regarding the use of our online offer.
- Processed data types: usage data (eg visited websites, interest in content, access times), meta / communication data (eg device information, IP addresses), contact data (eg e-mail, telephone numbers), content data (eg text input, photographs, videos) ,
- Affected Persons: Users (e.g., website visitors, online service users).
- Legal basis: legitimate interests (Article 6 (1) sentence 1 lit. DSGVO), consent (Article 6 (1) sentence 1 (a) GDPR).
Deployed services and service providers:
Deletion of data
The data processed by us will be deleted in accordance with legal requirements as soon as their consent for processing is revoked or other authorizations cease to exist (for example, if the purpose of the processing of this data has ceased to apply or if they are not necessary for the purpose).
Unless the data is deleted because it is necessary for other and legitimate purposes, its processing is limited to these purposes. That is, the data is locked and not processed for other purposes. This applies, for example for data that must be retained for commercial or tax law reasons or that is required to be stored in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Rights of data subjects
As GDPR affected party, you are entitled to various rights, in particular from Articles 15 to 18 and 21 GDPR:
- Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you which, on the basis of Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
- Withdrawal with consent: You have the right to revoke granted consent at any time.
- Right to information: You have the right to request a confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copying of the data in accordance with legal requirements.
- Right to correction: You have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you in accordance with the legal requirements.
- Right to deletion and limitation of processing: You have the right, in accordance with the statutory provisions, to demand that data relating to you be deleted immediately, or, alternatively, to demand a restriction of the processing of the data in accordance with the statutory provisions.
- Right to data portability: You have the right to access data relating to you which you have provided to us in accordance with the legal requirements of the law to obtain in a structured, common and machine-readable format or to request their transmission to another person in charge.
- Complaint to the supervisory authority: You also have the right, in accordance with the legal requirements, to a supervisory authority, in particular in the Member State of your usual place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
- Personal data: „Personal data“ means any information relating to an identified or identifiable natural person (hereinafter the „data subject“); a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
- Tracking: „Tracking“ is when the behavior of users across multiple online offers can be traced.As a rule, with regard to the online offers used behavior and interest information stored in cookies or servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
- Responsible person: „Responsible person“ means the natural or legal person, public authority, institution or other body which, alone or together with others, decides on the purposes and means of processing personal data.
- Processing: „Processing“ means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term covers a wide range and covers practically every handling of data, be it collection, evaluation, storage, transfer or deletion.
Created with Datenschutz-Generator.de by Dr. med. jur. Thomas Schwenke, translated with Google translate and human brain (Found some mistake? Head over to firstname.lastname@example.org)