Privacy Policy

This privacy policy explains how we collect, process and use personal data (hereinafter also referred to as ‘data’) through our website and associated webpages, functions and contents, as well as any other external online presence, such as our social media pages (hereinafter collectively referred to as our ‘sites’). With regard to other terms used in this policy, such as, ‘processing’ and ‘controller’, we refer to the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).

Controller

Heike Rudloff-Hilbig
Am Bergacker 11
84184 Tiefenbach, Germany
h.rudloff@web.de

What information do we process?

– User-related data (e.g. names, addresses).
– Contact details (e.g. email addresses, telephone numbers).
– Content data (e.g. text input, photographs, videos).
– Usage data (e.g. pages visited, time spent on sites, interest in contents).
– Metadata/browser and communication data (e.g. device information, IP addresses).

Whose data do we process?

Data of visitors and users of our sites (hereinafter collectively referred to as ‘Users’).

Why do we process data?

– To make our sites available, including its functions and contents.
– To respond to contact requests and to communicate with Users.
– For security reasons.
– To measure reach/marketing

Terms used

‘Personal data’ is any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one that can be identified, directly or indirectly, in particular by reference to an identifier, such as name, an identification number, location data, an online identifier (such as a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

‘Processing’ is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. The term has a broad meaning and covers practically all use of data.

‘Pseudonymization’ refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such information is kept separately and is subject to technical and organizational safeguards to ensure that the personal data are not attributed to an identified or identifiable natural person.

‘Profiling’ refers to a form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

‘Controller’ is the natural or legal person, public authority, agency or other body, which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Applicable lawful bases

Pursuant to Art. 13 GDPR we inform you of the lawful bases of our data processing. Unless the legal basis is mentioned in this Privacy Policy, the following applies:

the lawful basis for obtaining consent is Art. 6 (1)(a) and Art. 7 GDPR;

the lawful basis for the processing of data necessary for the performance of a contract or in order to respond to requests is Art. 6 (1)(b) GDPR;

the lawful basis for the processing of data necessary for compliance with legal obligations is Art. 6 (1)(c) GDPR;

the lawful basis for the processing of data necessary to protect our legitimate interests is Art. 6 (1)(f) GDPR.

the lawful basis for the processing of data necessary to protect the vital interests of the data subject or of another natural person is Art. 6 (1) (d) GDPR.

Security measures

We shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, pursuant to Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

Such measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to such data, as well as their access, input, transmission, availability and separation. We have also set up procedures to ensure the exercise of data subject rights, deletion of data and response to data risks. Furthermore, the protection of personal data is something we take into consideration early on in the development and selection of hardware, software and procedures, all of which are carried out according to the principle of data protection through technology design and data protection-friendly default settings (Art. 25, GDPR).

Collaboration with processors and third parties

In the event that we, in the context of our processing, disclose data to other persons and companies (contracted processors and/or other third parties), transmit data to them or otherwise grant them access to data, we shall do this only on the basis of a legal permission (for example, when the transmission of data to third parties, such as payment service providers, is necessary for the performance of a contract as laid down in Art. 6 (1)(b) GDPR); if you have given your consent; in order to comply with a legal obligation, or to protect our legitimate interests (for example, when collaborating with contractors, agents, web hosts, etc.)

Should we contract third parties to process data, this collaboration shall be based on a so-called processing contract, and in accordance with the provisions of Art. 28 GDPR.

Transfers of data to third countries

Should we process data in a third country (outside the European Union (EU) or the European economic Area (EEA)), or when processing in third countries occurs in the context of our use of third-party services, or in the event of disclosure or transmission of data to third parties, this shall take place only if necessary to perform our (pre)contractual obligations, if you have provided your consent, to comply with a legal obligation, or to protect our legitimate interests.

Subject to legal or contractual permissions, we process data or have data processed in a third country only if the special conditions laid down in Art. 44 ff. GDPR are complied with. This means that data shall be processed only if specific safeguards, which have been officially determined to provide an adequate level of data protection as required by the EU (the ‘Privacy Shield’ in the USA, for example) are in place, or if these safeguards comply with special contractual obligations that have been officially recognized (the EU Commission’s ‘standard contractual clauses’).

Rights of the data subject

As laid down in Art. 15 GDPR, you have the right to request confirmation as to whether data concerning you are being processed, and, to obtain information regarding this data as well as additional information and a copy of the personal data undergoing processing.

As laid down in Art. 16 GDPR you have the right to have incomplete personal data completed or demand that inaccurate personal data that concerns you is rectified.

As laid down in Art. 17 GDPR, you have the right to demand the erasure of personal data that concerns you without undue delay, or, alternatively to demand a restriction of processing of your personal data pursuant to Art. 18 GDPR.

As laid down in Art. 20 GDPR, you have the right to obtain the personal data you made available to us and demand that the data be transmitted to another controller.

As laid down in Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority.

Right to withdraw consent

Art. 7 (3) GDPR gives you the you the right to withdraw your consent at any time with future effect.

Right to object

Art. 21 GDPR gives you the right to object to the future processing of any personal data that concerns you at any time. In particular, you may object to the processing of your personal data for direct marketing purposes.

Cookies and the right to opt out from online advertising and tracking

Cookies are small files that are stored on a User’s computer. Cookies can hold a variety of data. Cookies are primarily used as a way of storing information about a User (or, information on the device on which the cookies are stored) during or even after a User visits a website. Session cookies (also called transient cookies) are temporary cookies that are deleted once the User leaves the website and closes his or her browser. This kind of cookie is used, for example, to store the contents of a shopping cart in an online shop or a User’s login status. A permanent or persistent cookie is one that is stored on a User’s hard drive even after the browser has been closed. This kind of cookie, for example, stores a User’s login status allowing him or her to access the site several days later without having to log in again. Such a cookie can also store a User’s interests, which are used for marketing purposes and to track performance. A third-party cookie is a cookie that is set by a website with a domain name other than the one the User is visiting (cookies set by the website the User is visiting are referred to as first-party cookies).

We may use both temporary and permanent cookies; relevant information is provided in our Privacy Policy.

If a User does not want their browser to accept cookies and use them in the ways described above it is possible for them to change their browser privacy settings. It is also possible to delete existing cookies from the browser. However, blocking all cookies will affect the User’s web experience and may result in some parts of this site not functioning properly.

A general objection to the use of cookies for online advertising purposes can be raised for a large number of services, in particular in the case of tracking, via the US site http://www.aboutads.info/choices/ and the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case you will not be able to use all functions offered by this site.

Erasure of data

The data we process will be deleted or the processing of data will be restricted in compliance with Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data we store will be deleted as soon as the data is no longer required for their intended purpose and provided their erasure does not violate legal retention and recordkeeping requirements. Should data not be deleted because they are required for other and legally permitted purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies to data, for example, that must be retained for commercial or tax purposes.

The legal retention period in Germany makes it necessary to store certain data (bookkeeping records, minutes, financial reports, accounting vouchers, account books, tax-relevant documents, etc.) for 10 years (pursuant to section 147 (1) German Fiscal Code and section 257 (1) nos. 1 and 4 and (4) German Commercial Code); the retention period for commercial correspondence is 6 years (pursuant to section 257 (1) nos. 2 and 3, and (4) German Commercial Code).

In Austria the legal retention period is 7 years for documents such as accounting documents, receipts, invoices, accounts, accounting vouchers, business documents, profit and loss statements; 22 years for documentation related to real estate; and 10 years for documents related to electronically supplied services, telecommunication services, as well as radio and television broadcasting services provided to consumers (non-taxable persons) within the EU for which the Mini-One-Stop-Shop (MOSS-Scheme) is used (according to section 132 (1) BAO/Federal Fiscal System).

Contractual obligations

We process the data of our contractual partners and interested parties as well as the data of other contracting entities, customers, clients and contracting parties (collectively referred to as ‘contractual partners’) pursuant to Art. 6 (1)(b) GDPR, to comply with our pre-contractual and contractual obligations. The data processed, the nature, the extent and purpose, as well as the necessity of processing are determined by the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g. names and addresses), contact information (e.g. email addresses and telephone numbers) as well as contractual data (e.g. services received, contract details, contract-related communication, names of contacts) and payment information (e.g. bank details, payment history).

In general, we do not process special categories of personal data, unless processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

We process data as required to perform and fulfil contractual obligations and we point out the need for the required data to be communicated to us should this not be evident to our contractual partners. We only disclose data to third parties or companies to the extent necessary within the context of a contract. When processing data communicated to us within the scope of an order, we act in accordance with the instructions of the client as well as the legal requirements.

When a User visits our sites, we may store their IP address and the time and date of their visit. This data is stored on the basis of our legitimate interests, as well as for the User’s protection against misuse and any other unauthorized use. This data shall not be made available to third parties unless such an action is necessary to pursue our claims as laid down in Art. 6 (1)(f) GDPR, or to comply with a legal obligation to which we are subject pursuant to Art. 6 (1)(c) GDPR.

The data will be deleted as soon as it is no longer required for the performance and fulfilment of contractual and legal duties of care or for the processing of potential guarantee obligations or comparable obligations, whereby the need to store the data will be reviewed every three years; in addition, legal retention requirements shall also apply.

Social media presence

We maintain an online presence on social media and platforms to be able to interact and communicate with active customers, interested parties and Users, and inform them of our services.

When accessing these networks and platforms, the terms and conditions and the data processing guidelines of the respective operators apply.

Unless otherwise stated in our Privacy Policy, we process the data of Users who communicate and interact with us on social networks and platforms, for example, by posting on our sites or by sending us messages.

Created using Datenschutz-Generator.de by Dr. Thomas Schwenke (Attorney at Law)

The privacy policy generator is a service provided by Dr. jur. Thomas Schwenke, LL.M. (Master of Commercial Law, University of Auckland), holder of a degree in Financial Administration (FH) and owner of the Berlin-based Dr. Schwenke law firm.

Dr. Thomas Schwenke is a certified privacy policy representative and a legal expert for IT products certified by the Independent Center for Privacy Protection (ULD).

Website: https://drschwenke.de.
datenschutz-generator.de

Legal notice

Privacy policy


Tools

GOOGLE WEB FONTS

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

When you open one of our web pages, your browser directly connects with Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1)(f) GDPR. If your browser does not support web fonts, a standard font is used by your computer. For further information on Google web fonts, see https://developers.google.com/fonts/faq and Google’s privacy policy at https://www.google.com/policies/privacy/.

In the event of breaches of data protection law, the data subject has the right to appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the federal state commissioner for data protection of the federal state in which our company is headquartered. The following link provides a list of federal state commissioners for data protection as well as their contact details:

https://www.bfdi.bund.de/DE/Datenschutz/Ueberblick/MeineRechte/Artikel/BeschwerdeBeiDatenschutzbehoereden.html?cms_submit=Senden&cms_templateQueryString=anschriften+links

Data Controller as defined by the Data Protection Act:

Heike Rudloff-Hilbig
Am Bergacker 11
84184 Tiefenbach
Germany

+49 171 9365042
www.heike-rudloff.com
h.rudloff@web.de