INTRODUCTION AND TERMS
In operating the website https://simonebrecht.de (hereinafter referred to as “website”), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws – in particular the German Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG-neu). With our data protection regulations, we want to inform you which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data protection.
Our data protection provisions contain technical terms that are in the DSGVO and the BDSG-neu. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
“Personal data” means any information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus finding out who it is. A person can be identified, for example, by providing his or her address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
Article 4 No. 2 GDPR understands “processing” to mean any operation in connection with personal data. This applies in particular to the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.
3. RESPONSIBLE PARTY
The person responsible for data processing is:
4. PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website with the URL https://simonebrecht.de, we process the personal data from you listed in detail below under points 6-14. We only process data from you that you actively provide on our website (e.g. by filling in forms) or that you provide automatically when using our offer.
Your data will only be processed by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. For the operation of our website, we use external service providers for hosting, as well as for maintenance, care and further development. If further external service providers are used for individual processing operations listed in sections 6-14, they will be named there.
Data transfer to third countries does not take place and is not planned. We will provide information on exceptions to this principle in the processing operations described below.
THE PROCESSING OPERATIONS IN DETAIL
5. PROVISION OF THE WEBSITE AND SERVER LOG FILES
5.1 Description of the processing
Each time you access the website, we automatically collect information that your browser transmits to our server. This information is also stored in the so-called log files of our system. This involves the following data:
Your IP address
the browser software you use, as well as its version and language
the operating system you use
the website from which you came to our website (so-called referrer)
the sub-pages you have accessed on our website
the date and time of your visit to our website
your internet service provider
The amount of data transferred
Country and place from which you visited our website
Your length of stay on our website
The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to a user’s terminal device. For this purpose, the user’s IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.
The processing is carried out to enable the website to be called up and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
5.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 6.2.
5.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 30 days.
6.1 Description of processing
6.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6(1)(f) DSGVO). Our legitimate interest lies in the purpose named in section 8.2.
6.4 Storage period
7. GOOGLE ANALYTICS
7.1 Description of the processing
The processing takes place in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.
7.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) DSGVO). Our legitimate interest lies in the purpose named in section 14.2.
7.4 Storage period and right of objection
We have explained the storage period and your control and setting options for cookies in section 8. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you have the option of accessing the Google Analytics website. Alternatively, you have the option of clicking on the following link. This will set an opt-out cookie on your terminal device, which will prevent the collection of your data during future visits to this website. The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months.
7.5 Recipients and transmission to third countries
Google Analytics acts as a service provider for us within the framework of order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
8. SECURITY MEASURES
To protect your personal data from unauthorised access, we have provided our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s end device. You can recognise active SSL or TLS encryption by a small lock logo displayed on the far left of the browser’s address bar.
9. DATA SUBJECT RIGHTS
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
9.1 Information (Art. 15 DSGVO).
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the further information listed in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
9.2 Correction (Art. 16 DSGVO)
You have the right to demand that we correct any inaccurate personal data relating to you without undue delay and, if necessary, to complete any incomplete personal data.
9.3 Deletion (Art. 17 DSGVO)
You have the right to request that we delete personal data relating to you without undue delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes pursued by us.
9.4 Restriction of data processing (Art. 18 DSGVO)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
9.5 Data portability (Art. 20 DSGVO)
You have the right, under the conditions set out in Art. 20 DSGVO, to request that the data relating to you be handed over in a structured, common and machine-readable format.
9.6 Revocation of consent (Art. 7 (3) DSGVO)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. The processing therefore does not become unlawful retroactively as a result of the withdrawal of consent.
9.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU member state of your place of residence, place of work or place of the alleged infringement.
9.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data – including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
9.9 Objection (Art. 21 DSGVO)
If we process personal data of yours on the basis of Art. 6(1)(f) DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case – also irrespective of a specific situation – you have the right to object at any time to the processing of your personal data for direct marketing.
Status: July 2021