Privacy Policy
This privacy policy explains the type, scope, and purpose of processing personal data within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles. (Hereinafter referred to as "online offering"). The terms used, such as "processing" or "controller," are defined in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Mandy Mann
Richard-Böhm-Str. 14
96528 Frankenblick
Processed Data
Inventory data (names, addresses) Contact data (email, phone numbers) Content data (text entries, photographs, videos) Usage data (visited websites, interest in content, access times) Meta-/communication data (device information, IP addresses)
Affected Persons Visitors and users of the online offering (hereinafter referred to as "users")
Purpose of Processing
Provision of the online offering
Responding to inquiries / communicating with users
Security measures
Range measurement / Marketing
Terms Used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data. The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant Legal Bases
According to Article 13 of the GDPR, we inform you of the legal bases of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR, the legal basis for processing for the performance of our services and performance of contractual measures as well as responding to inquiries is Article 6(1)(b) of the GDPR, the legal basis for processing for compliance with our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing for the protection of our legitimate interests is Article 6(1)(f) of the GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
Collaboration with Processors and Third Parties
If we disclose data to other persons and companies (processors or third parties), transmit them to them or grant them access to the data, this will only be done on the basis of a legal permission (e.g., transmission to payment service providers, pursuant to Article 6(1)(b) GDPR for contract fulfilment), your consent, a legal obligation, or on the basis of our legitimate interests (e.g., when using web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "processing contract", this is done on the basis of Article 28 of the GDPR.
Transfer to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this will only occur if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Article 44 et seq. of the GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of Data Subjects
You have the right under Article 15 of the GDPR to request confirmation as to whether data concerning you are being processed and to obtain information about these data as well as further information and a copy of the data. According to Article 16 of the GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you. According to Article 17 of the GDPR, you have the right to demand that data concerning you be deleted without delay, or alternatively, to demand a restriction on the processing of the data according to Article 18 of the GDPR. According to Article 20 of the GDPR, you have the right to receive the data concerning you that you have provided to us and to request their transmission to other responsible parties. According to Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Right of Withdrawal
You have the right to revoke granted consent pursuant to Article 7(3) of the GDPR with effect for the future.
Right to Object
You can object to future processing of data concerning you in accordance with Article 21 of the GDPR at any time. The objection may in particular be made against processing for the purposes of direct marketing.
Contact
If you contact us (e.g., via contact form, email, telephone or social media), the user's details will be used to process the contact request and its handling pursuant to Article 6(1)(b) of the GDPR.
We delete the inquiries if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.
Cookies and Right to Object to Direct Advertising
This website uses cookies in part. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
A general objection to the use of cookies for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The storage of cookies can be prevented by adjusting your browser settings. However, this may limit the functionality of this website.
Data Deletion
The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal retention obligations to prevent deletion. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
In accordance with legal requirements in Germany, storage takes place in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
Business-related Processing
Additionally, we process
Contract data (subject matter of the contract, duration, customer category)
Payment data (bank details, payment history) from our customers, prospects, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.
Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offering.
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering pursuant to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR.
Collection of Access Data and Log Files
We, or our hosting provider, collects data on each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR. Access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (previously visited page), IP address, and requesting provider.
Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidence purposes is exempted from deletion until final clarification of the incident.
Provision of Contractual Services
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Article 6(1)(b) GDPR. The entries marked as mandatory in online forms are required for contract conclusion.
As part of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Article 6(1)(c) GDPR.
We process usage data (e.g., the websites visited on our online offering, interest in our products) and content data (e.g., entries in contact form or user profile) for advertising purposes in a user profile to display product information to users based on their previous usage.
The deletion of the data takes place after the expiry of statutory warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry. Data in a customer account will remain until it is deleted.
Administration, Financial Accounting, Office Organization, Contact Management
We process data within the scope of administrative tasks, financial accounting, and organization of our business, compliance with legal obligations, archiving of data, and business-related tasks. We process the same data that we process in the context of providing our contractual services. The processing bases are Article 6(1)(c) GDPR, Article 6(1)(f) GDPR. Customers, interested parties, business partners, and website visitors are affected. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, thus tasks that serve to maintain our business activities, perform our tasks, and provide our services. The deletion of data in terms of contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, we store company-related data permanently on the basis of our business interests for the purpose of subsequent contact. We embed the fonts of the platform providers Wix and Canva.