Preamble
With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter referred to as “data”) that we process, the purposes and extent of such processing. This privacy policy applies to all processing of personal data conducted by us, both in the provision of our services and notably on our websites, mobile applications, and external online presences, such as our social media profiles (collectively referred to as the “online offering”). The terminology used is gender-neutral.
Date: November 8, 2023
German Version is legally binding.
Table of Contents
Preamble
Controller
Overview of Processing Activities
Relevant Legal Bases
Security Measures
Transfer of Personal Data
International Data Transfers
Data Deletion
Rights of Data Subjects
Use of Cookies
Business Services
Provision of the Online Offering and Web Hosting
Contact and Inquiry Management
Social Media Presence
Plugins and Embedded Features and Content
Amendment and Updating of the Privacy Policy
Definitions
Controller
Justus Szabó
13347
Berlin
Germany
Email Address:
hallo@justusz.de
Imprint
Overview of Processing Activities
The following overview summarizes the types of data processed, the purposes of their processing, and the individuals affected.
Types of Data Processed
Inventory Data
Payment Data
Contact Data
Content Data
Contract Data
Usage Data
Meta, Communication, and Process Data
Categories of Data Subjects
Prospects
Communication Partners
Users
Business and Contractual Partners
Purposes of Processing
Provision of contractual services and fulfillment of contractual obligations
Contact inquiries and communication
Security measures
Office and organizational procedures
Administration and response to inquiries
Feedback
Marketing
Profiles with user-related information
Provision of our online offering and user-friendliness
Information technology infrastructure
Relevant Legal Bases
Relevant legal bases under the General Data Protection Regulation (GDPR): Below, you will find an overview of the legal bases of the GDPR under which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases are applicable in individual cases, we will inform you of them in the privacy policy.
Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures requested by the data subject.
Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require personal data protection.
National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany. This includes the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions concerning the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, the data protection laws of the individual federal states may apply.
Security Measures
In accordance with legal requirements and considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to data and related access, input, disclosure, availability, and separation. We have also established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data breaches. Furthermore, we take data protection into account when developing or selecting hardware, software, and procedures, in accordance with the principles of data protection, through technology design and data protection-friendly default settings.
TLS/SSL Encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
Transfer of Personal Data
In the course of processing personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with data recipients to protect your data.
International Data Transfers
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if data processing occurs in connection with the use of third-party services or the disclosure or transfer of data to other individuals, entities, or companies, this will only take place in compliance with legal requirements. If the level of data protection in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. In all other cases, data transfers will only take place when data protection is otherwise ensured, especially through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49(1) GDPR). Furthermore, we will inform you of the legal bases for third-country transfers with each individual provider from the third country, with adequacy decisions taking precedence as the primary basis. Information on third-country transfers and existing adequacy decisions can be found in the EU Commission’s information resources: (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en)
EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as safe for certain companies in the United States through an adequacy decision dated July 10, 2023. The list of certified companies and further information about the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in our privacy notices which service providers certified under the Data Privacy Framework we use.
Deletion of Data
The data processed by us will be deleted in accordance with legal requirements as soon as the consents allowing their processing are revoked or other permissions are no longer valid (e.g., when the purpose of processing this data has ceased or they are no longer necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. Our privacy policy may also contain further information on the storage and deletion of data that primarily applies to the respective processing.
Rights of Data Subjects
Rights of data subjects under the GDPR: You have various rights as data subjects under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and other specified information.
Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed in accordance with the legal requirements.
Right to erasure and restriction of processing: You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively, the right to restrict the processing of data in accordance with legal requirements.
Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller in accordance with legal requirements.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Use of Cookies
Cookies are small text files or other storage technologies that store information on end-user devices and retrieve information from end-user devices. For example, they may store login status in a user account, the contents of a shopping cart in an e-shop, the accessed contents, or used functions of an online offering. Cookies may also be used for various purposes, such as functionality, security, and convenience of online offerings, as well as for the analysis of visitor flows.
Information on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required. In particular, consent is not necessary when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service they explicitly requested (i.e., our online offering). Cookies that are absolutely necessary typically include cookies with functions that serve the display and functionality of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to the provision of the main and ancillary functions of the online offering requested by users. Revocable consent is clearly communicated to users and includes information about the respective cookie usage.
Notes on data protection legal bases: The legal basis on which we process personal data of users using cookies depends on whether we request user consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in the economically efficient operation of our online offering and improving its usability) or, if cookies are required to fulfill our contractual obligations, the processing is necessary to fulfill our contractual obligations. We provide information about the purposes for which we process cookies during this privacy policy or in the context of our consent and processing procedures.
Storage duration: Regarding the storage duration, the following types of cookies are distinguished:
Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest when a user leaves an online offering and closes their device (e.g., browser or mobile application).
Persistent cookies: Persistent cookies remain stored even after the user has closed their device. For example, the login status can be saved or preferred content can be displayed immediately when the user revisits a website. The data collected using cookies can also be used for audience measurement. Unless we provide specific information about the type and duration of cookies used, please assume that the storage duration may be up to two years.
You can change your cookie settings in your browser to determine how cookies are handled on your device. You can set your browser to notify you when cookies are set, to allow cookies only in specific cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of our online offering may be restricted.
Please note that the individual functions of our online offering may not work correctly if you have deactivated the use of cookies.