Table of Contents
Controller
Monika Boscheinen
Trogerstr. 17
81675 Munich, Germany
Email: [email protected]
Imprint: https://www.monikaboscheinen.com/impressum/
Contact Data Protection Officer
Overview of Data Processing
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected persons.
Types of Processed Data
Categories of Data Subjects
Purposes of Processing
Relevant Legal Bases
The following is an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that national data protection regulations may also apply in your or our country of residence. If specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.
National Data Protection Regulations in Germany
In addition to the GDPR, national regulations on data protection apply in Germany. These include, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases, including profiling. State data protection laws of individual federal states may also apply.
Security Measures
We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with the legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.
These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the related access, input, transfer, availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also take the protection of personal data into account when developing or selecting hardware, software, and procedures in accordance with the principle of data protection through technology design and through privacy-friendly default settings.
TLS/SSL Encryption (https): To protect the data of users transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
Deletion of Data
The data we process will be deleted or restricted in processing in accordance with legal requirements as soon as their permitted consent is revoked or other permissions cease to apply (e.g., if the purpose of the processing of these data no longer applies or they are not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person. Our privacy notices may also contain further details on the retention and deletion of data, which take precedence for the respective processing.
Rights of Data Subjects
As a data subject under the GDPR, you have various rights, which are set out in particular in Art. 15 to 21 GDPR:
Use of Cookies
Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the content accessed, or functions used in an online offer. Cookies can also be used for various purposes, e.g., to ensure the functionality, security, and comfort of online offers, as well as to create analyses of visitor flows.
Business Services
We process data from our contractual and business partners, such as customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and similar legal relationships, as well as related measures and within the framework of communication with the contractual partners (or pre-contractually), e.g., to answer inquiries.
We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and to remedy warranty and other service failures. In addition, we process the data to protect our rights and for the purpose of the associated administrative tasks and business organization. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., participation of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the above-mentioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.
Provision of the Online Offer and Web Hosting
We process the data of users to provide them with our online services. For this purpose, we process the IP address of the user, which is necessaryto deliver the content and features of our online services to the user’s browser or device.
Processed Data Types:
Affected Persons:
Purposes of Processing:
Legal Bases:
Contact and Request Management
When you contact us (e.g., by mail, contact form, email, phone, or social media), as well as in the context of existing user and business relationships, the data of the requesting persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.
Processed Data Types:
Affected Persons:
Purposes of Processing:
Legal Bases:
Newsletter and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described in the context of a subscription, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient for you to provide your email address. We may, however, ask you to provide a name for the purpose of personal address in the newsletter or other information if this is necessary for the purposes of the newsletter.
Double-Opt-In Procedure:
Subscription to our newsletter takes place in a so-called double-opt-in procedure. This means that you will receive an email after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's email addresses. The subscriptions to the newsletter are logged to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. The changes to your data stored with the email service provider are also logged.
Right to Object and Opt-Out:
You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to cancel the newsletter can be found at the end of each newsletter or you can use one of the above-mentioned contact options, preferably email, for this purpose.
Promotional Communication via Email, Post, Fax, or Telephone
We process personal data for purposes of promotional communication, which can be carried out via various channels such as email, phone, post, or fax, in accordance with legal requirements.
The recipients have the right to revoke granted consents at any time or to object to promotional communication at any time.
After revocation or objection, we store the data required to prove the previous authorization for contacting or sending for up to three years after the end of the year of revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest in permanently observing the revocation or objection of users, we also store the data necessary to avoid renewed contact (e.g., depending on the communication channel, the email address, phone number, name).
Social Media Presence
We maintain online presences within social networks and process user data within this framework to communicate with active users there or to offer information about us.
We point out that user data may be processed outside the European Union. This can result in risks for users because, for example, the enforcement of users' rights could be made more difficult.
Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests. These usage profiles can, in turn, be used to place advertisements inside and outside the networks that are presumed to correspond to the users' interests. For these purposes, cookies are usually stored on the users' devices, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.
We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organization, administration, planning, and the provision of our services. In selecting third-party providers and their services, we adhere to legal requirements.
In this context, personal data may be processed and stored on the servers of the third-party providers. This may involve various data, which we process in accordance with this privacy policy. Such data may include, in particular, master data and contact data of users, data relating to transactions, contracts, other processes, and their content.
If users are referred to third-party providers or their software or platforms within the framework of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask that you observe the data protection notices of the respective third-party providers.
Types of Data Processed:
Content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Affected Persons:
Communication partners; users (e.g., website visitors, users of online services).
Purposes of Processing:
Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures.
You have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company's registered office for this purpose:
Bavarian State Office for Data Protection Supervision (BayLDA)
Postal Address:
P.O. Box 1349
91504 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: [email protected]
In this section, you will find an overview of the terminology used in this privacy policy. Where terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.
Personal Data: "Personal data" refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Controller: "Controller" means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Created with the free privacy policy generator by Dr. Thomas Schwenke.