Name: Marc Radziwill
Company: marc radziwill.
Postcode, Town, Country: 87437, Kempten (Allgäu), Bavaria
Managing Director: Marc Radziwill
E-Mail address: email@example.com
Data protection officer
Name: Marc Radziwill
Company: marc radziwill.
Postcode, Town, Country: 87437, Kempten (Allgäu), Bavaria
Managing Director: Marc Radziwill
E-Mail address: firstname.lastname@example.org
Types of processed data:
- Inventory data (e.g., names, addresses).
- Contact information (e.g., e-mail, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Contract data (e.g., subject, term, customer category).
- Payment data (e.g. bank details, payment history).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
- Additional data (information from promotional applications such as checklists, quizzes and other marketing measures)
Processing of special categories of data (Article 9 (1) GDPR):
- No particular categories of data are processed.
Categories of data subjects:
- Customers / prospects / suppliers.
- Visitors and users of the online offer.
In the following, we also refer to the affected persons as “users.”
Purpose of processing:
- Provision of the online offer, its contents, and its functions.
- Provision of contractual services, service, and customer care.
- Answering contact requests and communicating with users.
- Marketing, advertising and market research.
As of 13.04.2021
1. Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the answer to inquiries, is Art. 6 para. 1 lit. b GDPG, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) lit. c GDPR and the legal basis for processing to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as a legal basis.
3. Safety measures
- In accordance with Art. 32 GDPR, we shall take into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of individuals; appropriate technical and organizational measures to ensure a level of protection commensurate with the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and segregation. In addition, we have established procedures to ensure the enjoyment of subject data rights, the erasure of data, and the response to data threats. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software, and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings considered (Article 25 GDPR).
- The security measures include, in particular, the encrypted transmission of data between your browser and our server.
4. Cooperation with contract processors and third parties
- If in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this is done only on the basis of a legal permission (eg if a transmission of the data to Third parties, as to payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or on the basis of our legitimate interests (eg the use of agents, web hosts, etc. ).
- If we commission third parties to process data on the basis of a so-called “contract processing contract,” this is done on the basis of Art. 28 GDPR.
4.1.1 Vercel Inc.
The website is hosted by Vercel Inc.. The hoster saves log information about visits to the website. Among other things, the following content is collected: IP address, device information and location information derived from IP addresses. You can find more information on this at https://vercel.com/legal/privacy-policy#customers.
Our e-mail servers (which we use for email@example.com, for example) are operated by Mailbox.org. Mailbox.org has a very good reputation for respecting privacy. Your servers are located in Germany / Berlin. When you send an email to firstname.lastname@example.org, the Mailbox.org servers receive and store a copy of your IP address and name when your name is sent as part of the email log headers.
See 17. Plausible Analytics
See 18. Newsletter
Unless otherwise agreed, part of the programming code is hosted on GitHub.com. You can find more information on this in the data protection provisions from GitHub.
The Debitoor software is used for billing services. Is to a data processing agreement has been concluded with Debitoor. This can be viewed on request. Further information can be found under the Debitoor data protection provisions.
4.1.6 Freelancers and self-employed
Speedcurve is used as software to monitor website speed. No personal data is processed for this purpose. Which data is sent to Speedcurce can be read in the following articles.
See 19. Integration of services and content from third parties, subsection 2
4.1.10 Google Fonts
See 19. Integration of services and content from third parties, subsection 2
5. Transfers to third countries
If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure, or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special requirements of Art. 44 et seq. DSGVO. That the processing is e.g., on the basis of specific guarantees, such as the officially recognized level of data protection (eg, for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
6. Rights of the persons concerned
- You have the right to request confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
- You have accordingly. Art. 16 DSGVO the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
- In accordance with Art. 17 GDPR, they have the right to demand that the data in question be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
- You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.
- You also have according to. Art. 77 GDPR the right to file a complaint with the competent supervisory authority.
7. Right of withdrawal
You have the right to consent according to. Art. 7 para. 3 GDPR with effect for the future.
8. Right of objection
You may at any time object to the future processing of your data in accordance with Art. 21 GDPR. The objection may, in particular, be made against processing for direct marketing purposes.
9. Cookies and Right to Oppose Direct Mail
10 .Deletion of data
- The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose, and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legally permitted purposes, its processing will be restricted. That the data is blocked and not processed for other purposes. This applies, for example, for data that must be kept for commercial or tax reasons.
- According to legal requirements, the storage takes place in particular for 6 years in accordance with § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, records, Management reports, accounting documents, commercial and business letters, tax documents, etc.).
11. Provision of contractual services
- We process inventory data (e.g., names and addresses and contact details of users), contract data (e.g., services used, names of contacts, payment information) to fulfill our contractual obligations and services in accordance with Art. Art. 6 para. 1 lit b. GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.
- Users can optionally create a user account, in particular by viewing their orders. As part of the registration, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account. c GDPR necessary. It is the responsibility of the users to back up their data before termination of the contract if the contract is terminated. We are entitled to irretrievably delete all user data stored during the contract period.
- As part of the registration and renewed registration and use of our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. This data is not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with. Art. 6 para. 1 lit. c GDPR.
- We process usage data (e.g., the visited websites of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile to provide the user with e.g. Show product information based on your previously used services.
- The deletion takes place after expiry of statutory warranty and comparable obligations, the necessity of storing the data is checked every three years; in the case of statutory archiving obligations, deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); Information in the customer account remains until it is deleted.
- When contacting us (via contact form or e-mail), the details of the user to process the contact request and their processing in accordance with. Art. 6 para. 1 lit. b) DSGVO processed.
- User information can be stored in our Customer Relationship Management System (“CRM System”) or similar request organization.
- We delete the requests if these are no longer necessary. We check the requirement every two years; Inquiries from customers who have a customer account, we store permanently and refer to the deletion on the details of the customer account. In the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
13. Comments and posts
- If users leave comments or other contributions, their IP addresses are based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO stored for 7 days.
- This is for our own safety if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we may be sued for the comment or post and are therefore interested in the identity of the author.
14. Survey of access data and logfiles
- We collect based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO Data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider,
- Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes is pending the final clarification of the
15. Online presence in social media
- We maintain on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to be able to inform them there about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
- Unless otherwise stated in our data protection declaration, we process the data of users provided that they communicate with us within social networks and platforms, e.g. Write articles on our online presence or send us messages.
16. Cookies & Reach Measurement
- Cookies are information that is transmitted from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
- We use “session cookies”, which are only stored on our online presence for the duration of the current visit (e.g. to enable us to save your login status or the shopping cart function and thus to use our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot save any other data. Session cookies are deleted when you have finished using our online offer and e.g. log out or close the browser.
- If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
17. Plausible Analytics
- We rely on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit.f.DSGVO) Plausible Analytics. Plausible Analytics is a GDPR, CCPA and cookie-compliant page analysis. The information about the use of the online offer by users is transmitted to a Plausible Analytics server in the EU and stored there.
- Plausible analytics. will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet.
- You can find more information on data usage by Plausible Analytics on the Plausible website Analytics at:
- With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you declare that you agree to the receipt and the procedures described.
- Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the consent of the user. In addition, our newsletters contain information about our products, offers, promotions and our company.
- Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. I.e. you will receive an after registration Email asking you to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
- Dispatch service provider: The newsletter is dispatched by Buttondown LLC, Justin Duke, 819 Northeast 55th Street, Seattle, WA 98105, United States. You can view the data protection regulations of the shipping service provider here: https://buttondown.email/privacy.
- Furthermore, according to its own information, the shipping service provider can use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical Optimizing the dispatch and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to write them down or to pass them on to third parties.
- Registration data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for the purpose of addressing you personally in the newsletter.
- Success measurement - the newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the mailing service provider’s server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading habits based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
- The dispatch of the newsletter and the measurement of success take place on the basis of the consent of the recipient in accordance with Art. 6 Paragraph 1 lit. a, Art. 7 GDPR in conjunction with Section 7 Paragraph 2 No. 3 UWG or on the basis of legal permission in accordance with Art . § 7 Abs. 3 UWG.
- The logging of the registration process is based on our legitimate interests in accordance with Article 6 (1) (f) GDPR and serves as proof of consent to receive the newsletter.
- Cancellation / Revocation - Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. revoke their consent. You can find a link to cancel the newsletter at the end of each newsletter. At the same time, your consent to the performance measurement expires. A separate revocation of the success measurement is unfortunately not possible, in this case the entire newsletter subscription must be canceled. When you unsubscribe from the newsletter, the personal data are deleted, unless their retention is legally required or justified, in which case their processing is limited to these exceptional purposes. In particular, we can save the e-mail addresses that have been deleted for up to three years on the basis of our legitimate interests before we delete them for the purpose of sending the newsletter, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.
19. Integration of services and content of third parties
- Within our online offer, based on our legitimate interests (ie, interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. DSGVO), we make use of content or service offers from third-party providers in order to provide their content and services, such as Include videos or fonts (collectively referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information, such as visitor traffic, on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offer.
- The following presentation provides an overview of third-party providers as well as their contents, as well as links to their privacy statements, which further notes on the processing of data and, for already mentioned here, contradictory possibilities (so-called opt-out) contain:
- If our customers use third-party payment services (e.g. PayPal, or Sofortüberweisung or Stripe), the terms and conditions and data protection notices of the respective third-party providers apply, which can be called up within the respective websites or transaction applications.
- External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). The integration of the Google Fonts is done by calling up a server at Google (usually in the USA). Data protection declaration: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
- Functions of the Instagram service are integrated into our online offer. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our website with your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by Instagram. Data protection declaration: https://instagram.com/about/legal/privacy/.
- We use the marketing functions (so-called “LinkedIn Insight Tag”) of the LinkedIn network within our online offer. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. With the help of the LinkedIn Insight Tag, we can in particular analyze the success of our campaigns within LinkedIn or determine target groups for them based on the interaction of the users with our online offer. If you are registered with LinkedIn, LinkedIn is able to assign your interaction with our online offer to your user account. Even if you click the “Recommend” button from LinkedIn and are logged into your LinkedIn account, LinkedIn is able to make your visit to our website yours and Assign to your user account. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection declaration: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Functions of the service or the platform Twitter can be integrated into our online offer (hereinafter referred to as “Twitter”). Twitter is an offer from Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our posts within Twitter within our online offer, the link to our profile on Twitter as well as the possibility to interact with the posts and the functions of Twitter, as well as to measure whether users use the advertisements we have placed on Twitter access our online offer (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data protection declaration: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.