Privacy Policy
Introduction
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services"). Although "Jörg Panten - a.pertura Fotografie" is a sole proprietorship, the "we" form is used below. The terms used are not gender-specific.
As of September 1, 2022
Table of Contents
- Introduction
- Responsible
- Overview of processing activities
- Relevant legal bases
- Security measures
- Transfer of personal data
- Data processing in third countries
- Deletion of data
- Use of cookies
- Business services
- Provision of the online service and web hosting
- Contact and inquiry management
- Web analytics, monitoring and optimization
- Plugins and embedded functions as well as content
- Changes and updates to the privacy policy
- Rights of data subjects
- Definitions of terms
Responsible
Jörg Panten as sole proprietor/owner of "a.pertura Fotografie"
Fasanenweg 11 a
22926 Ahrensburg
E-mail address:
Imprint:
https://www.a-pertura.de/impressum
Overview of processing activities
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.
Types of data processed
- Inventory data.
- Payment details.
- Contact details.
- Content data.
- Contract details.
- Usage data.
- Metadata/communication data.
- Interested parties.
- Communication partner.
- Users.
- Business and contractual partners.
- Provision of contractual services and customer service.
- Contact requests and communication.
- Range measurement.
- Tracking.
- Office and organizational procedures.
- Managing and responding to inquiries.
- Feedback.
- Marketing.
- Profiles containing user-related information.
- Provision of our online services and user-friendliness.
- Information technology infrastructure.
- Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
- Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
- Persistent cookies: Persistent cookies remain stored even after the user closes their device. This allows, for example, login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for audience measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.
- Usercentrics: Cookie consent management; Service provider: Hosted locally on our server, no data is shared with third parties; Website:
https://usercentrics.com/de/Further information: An individual user ID, language, types of consent and the time of their submission are stored server-side and in the cookie on the user's device.
Business services
We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners") within the framework of contractual and similar legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g. to answer inquiries.
We process this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations, and remedying warranty claims and other service disruptions. Furthermore, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations, as well as for company organization. We also process the data based on our legitimate interests in proper and efficient business management and security measures to protect our contractual partners and our business operations from misuse, compromise of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose contractual partner data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.
We will inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colors) or symbols (e.g. stars or similar), or personally.
We delete data after the expiry of statutory warranty periods and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, for example, as long as it must be retained for legal archiving purposes. The statutory retention period is ten years for tax-relevant documents, as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions necessary for understanding these documents, and other organizational documents and accounting records. For received commercial and business correspondence and copies of sent commercial and business correspondence, the retention period is six years. This period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance sheet, annual financial statement, or management report was prepared, the commercial or business correspondence was received or sent, the accounting record was created, the record was made, or the other documents were created.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply to the relationship between users and the providers.
- Types of data processed: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category).
- Affected persons: prospective customers; business and contractual partners.
- Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organizational procedures; administration and answering of inquiries.
- Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Craft services: We process the data of our customers and clients (hereinafter referred to collectively as "customers") to enable them to select, purchase, or commission the chosen services or works, as well as related activities, and to facilitate payment, delivery, execution, or performance. The required information is marked as such during the order, purchase, or similar contract conclusion process and includes the information necessary for delivery and invoicing, as well as contact information to allow for any necessary follow-up. Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
- Artistic and literary services: We process our clients' data to enable them to select, purchase, or commission the chosen services or works, as well as related activities, and to facilitate payment, delivery, execution, or performance. The required information is marked as such during the order, purchase, or similar contract process and includes the data necessary for delivery and invoicing, as well as contact information to allow for any necessary follow-up. Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
- Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Provision of contractual services and customer service.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Provision of online services on rented storage space: For the provision of our online services, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called "web host") or otherwise obtain; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.
- Content Delivery Network: We use a Content Delivery Network (CDN). A CDN is a service that enables faster and more secure delivery of online content, especially large media files such as graphics or program scripts, using regionally distributed servers connected via the internet; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.ionos.dePrivacy Policy: https://www.ionos.de/terms-gtc/terms-privacy; Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/?utm_source=search&utm_medium=global&utm_term=Auft&utm_campaign=HELP_CENTER&utm_content=/hilfe/.
- Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Communication partners.
- Purposes of processing: Provision of contractual services and customer service; contact requests and communication; administration and response to inquiries; feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness.
- Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle their request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment, and otherwise based on our legitimate interests and the interests of our communication partners in responding to requests, as well as our legal retention obligations; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Web analytics, monitoring and optimization
Web analytics (also known as "reach measurement") is used to evaluate visitor traffic to our online services and can include pseudonymous data on visitor behavior, interests, or demographic information such as age or gender. Reach analysis allows us, for example, to identify when our online services, their features, or content are most frequently used or encourage repeat visits. It also helps us understand which areas require optimization.
In addition to web analytics, we can also use testing procedures to test and optimize different versions of our online offering or its components.
Unless otherwise stated below, profiles—that is, data aggregated from a usage session—may be created for these purposes, and information may be stored in and retrieved from a browser or device. The data collected includes, in particular, visited websites and elements used therein, as well as technical information such as the browser and operating system used, and usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.
User IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored for web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g., interest-/behavior-related profiling, use of cookies); provision of our online services and user-friendliness.
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
- We use the "1&1 WebAnalytics" service from IONOS, which shows how this website is used. The data is collected via a pixel. To protect personal data, 1&1 WebAnalytics does not use cookies. The visitor's IP address is transmitted when a page request is submitted, anonymized immediately after transmission, and processed without reference to any individual. 1&1 WebAnalytics does not store any personal data of website visitors, so no conclusions can be drawn about individual visitors. The following data is collected:
- Referrer (previously visited website)
- Requested website or file
- Browser type and browser version
- Operating system used
- Device type used
- Time of access
- IP address in anonymized form (used only to determine the location of access)
1&1 WebAnalytics collects data solely for statistical analysis and technical optimization of the website. No data is shared with third parties.
You can find more information here:https://www.ionos.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-11-ionos-produktes/webanalytics/
- Google Analytics: Web analytics, reach measurement, and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website:
https://marketingplatform.google.com/intl/de/about/analytics/Privacy Policy:
https://policies.google.com/privacy; Data processing agreement:
https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries):
https://business.safety.google/adsprocessorterms; Opt-out option: Opt-out plugin:
https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements:
https://adssettings.google.com/authenticatedFurther information:
https://privacy.google.com/businesses/adsservices (Types of processing and processed data).
- //www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.comPrivacy Policy: https://www.facebook.com/about/privacy; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendumFurther information: Joint responsibility agreement: https://www.facebook.com/legal/terms/information_about_page_insights_dataJoint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transfer of data to its parent company, Meta Platforms, Inc., in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- Twitter: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online service and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Google Fonts (provided on our own server): Fonts ("Google Fonts") for the purpose of a user-friendly presentation of our online services; Service provider: The Google Fonts are hosted on our server; no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Management, organization and support tools
We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and delivering our services. We comply with legal requirements when selecting third-party providers and their services.
Within this framework, personal data may be processed and stored on the servers of third-party providers. This may involve various types of data, which we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data relating to transactions, contracts, other processes, and their content.
If users are referred to third-party providers or their software or platforms in the course of communication, business, or other relationships with us, these third-party providers may process usage data and metadata for security, service optimization, or marketing purposes. We therefore ask you to review the privacy policies of the respective third-party providers.
Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
Affected persons: Communication partners; users (e.g., website visitors, users of online services).
Purposes of processing: Contact requests and communication; provision of contractual services and customer service; office and organizational procedures.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
WeTransfer: File transfer via the internet; Service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam 1019 BW, Netherlands; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wetransfer.comPrivacy Policy: https://wetransfer.com/legal/privacy.
Changes and updates to the privacy policy
We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require action on your part (e.g., consent) or any other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the Addresses may change over time, so please check the details before contacting us.
Rights of data subjects
As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Right of withdrawal for consents: You have the right to withdraw any consent you have given at any time.
- Right to information: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data as well as further information and a copy of the data in accordance with legal requirements.
- Right to rectification: In accordance with legal requirements, you have the right to request the completion of your personal data or the correction of inaccurate personal data concerning you.
- Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, in accordance with the legal requirements.
- Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
- Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Profiles with user-related information: The processing of "profiles with user-related information," or simply "profiles," encompasses any type of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this can include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.). Examples of such profiling include interests in specific content or products, click behavior on a website, or location. Cookies and web beacons are frequently used for profiling purposes.
- Audience measurement: Audience measurement (also known as web analytics) is used to analyze visitor traffic to an online service and can include visitors' behavior or interests in specific information, such as website content. With the help of audience analysis, website owners can, for example, determine when visitors access their website and which content they are interested in. This allows them to better tailor the website content to their visitors' needs. Pseudonymous cookies and web beacons are frequently used for audience analysis to recognize returning visitors and thus obtain more accurate analyses of online service usage.
- Tracking: "Tracking" refers to the process of observing user behavior across multiple online services. Typically, behavioral and interest information related to the online services used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to match their interests.
- Controller: The term "controller" refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, be it collection, analysis, storage, transmission, or erasure.
Definitions of terms
This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Article 4 of the GDPR. The legal definitions are binding. The following explanations, however, are intended primarily to aid understanding. The terms are listed alphabetically.
Plugins and embedded functions as well as content
We integrate functional and content elements into our online services that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").
The integration of third-party content always requires that these providers process users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content from providers who use IP addresses solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow for the analysis of information such as visitor traffic on the pages of this website. The pseudonymized information can also be stored in cookies on users' devices and may include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and other information about the use of our online services, as well as be combined with such information from other sources.
Further information on processing procedures, methods and services:
- Google Analytics: Web analytics, reach measurement, and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website:
https://marketingplatform.google.com/intl/de/about/analytics/Privacy Policy:
https://policies.google.com/privacy; Data processing agreement:
https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries):
https://business.safety.google/adsprocessorterms; Opt-out option: Opt-out plugin:
https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements:
https://adssettings.google.com/authenticatedFurther information:
https://privacy.google.com/businesses/adsservices (Types of processing and processed data).
Further information on processing procedures, methods and services:
Further information on processing procedures, methods and services:
Provision of the online service and web hosting
To ensure the secure and efficient provision of our online services, we utilize the services of one or more web hosting providers, from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.
The data processed in connection with providing our hosting services may include all information relating to users of our online services that is generated during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online services to browsers, and all entries made within our online services or on websites.
Further information on processing procedures, methods and services:
Contact and inquiry management
When you contact us (e.g. via contact form, email, telephone or social media) and within the framework of existing user and business relationships, the information provided by the requesting persons is processed to the extent necessary to answer the contact requests and any requested measures.
The processing of contact requests and the management of contact and request data within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre-)contractual requests and otherwise on the basis of the legitimate interests in answering requests and maintaining user or business relationships.
Further information on processing procedures, methods and services:
Categories of affected persons
Purposes of processing
Relevant legal bases
Below you will find an overview of the GDPR legal bases on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our country of residence or establishment. Furthermore, should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.
In addition to the data protection regulations of the General Data Protection Regulation (GDPR), national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment-related purposes (§ 26 BDSG), especially with regard to the establishment, execution, or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may also apply.
Security measures
In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.
SSL encryption (https): To protect the data you transmit via our online service, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser's address bar.
Transfer of personal data
As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies, this will only be done in accordance with legal requirements.
Subject to explicit consent or where transfer is required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Deletion of data
The data we process will be deleted in accordance with legal requirements as soon as the consent to process it is withdrawn or other legal grounds for processing cease to apply (e.g., if the purpose for processing this data no longer exists or it is no longer necessary for that purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for any other purpose. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.
Our privacy policy may also contain further information on the storage and deletion of data, which takes precedence for the respective processing activities.
Use of cookies
Cookies are small text files or other storage markers that store information on and read information from end devices. For example, they can be used to save login status in a user account, shopping cart contents in an online store, accessed content, or used functions of an online service. Cookies can also be used for various other purposes, such as improving the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic.
Information regarding consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless legally required. In particular, consent is not necessary if the storage and reading of information, including cookies, is absolutely essential to provide users with a telemedia service (i.e., our online service) that they have expressly requested. The revocable consent is clearly communicated to users and includes information on the respective cookie usage.
Information on the legal basis for data protection:
The legal basis under data protection law for processing users' personal data using cookies depends on whether we request user consent. If users consent, the legal basis for processing their data is their explicit consent. Otherwise, data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation of our online services and improving their usability) or, if this is necessary for fulfilling our contractual obligations, if the use of cookies is required to meet those obligations. We explain the purposes for which we process cookies in this privacy policy or within the framework of our consent and processing procedures.
Storage duration
With regard to storage duration, the following types of cookies are distinguished:
General information on revocation and objection (opt-out):
Users can withdraw their consent at any time and also object to processing in accordance with the legal requirements of Article 21 GDPR. Users can also declare their objection via their browser settings, e.g., by deactivating the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be made via the websites. https://optout.aboutads.info and https://www.youronlinechoices.com/ will be explained.
Further information on processing procedures, methods and services:
Processing of cookie data based on consent: We use a cookie consent management process to obtain, manage, and revoke user consent for the use of cookies and the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid having to request it again and to be able to demonstrate consent in accordance with legal requirements. Storage can be server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or their device. Subject to individual information regarding the providers of cookie management services, the following applies: The storage period for consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, operating system, and device used.
Privacy Policy
Introduction
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services"). Although "Jörg Panten - a.pertura Fotografie" is a sole proprietorship, the "we" form is used below. The terms used are not gender-specific.
As of September 1, 2022/M
Table of Contents
- Introduction
- Responsible
- Overview of processing activities
- Relevant legal bases
- Security measures
- Transfer of personal data
- Data processing in third countries
- Deletion of data
- Use of cookies
- Business services
- Provision of the online service and web hosting
- Contact and inquiry management
- Web analytics, monitoring and optimization
- Presences in social networks (social media)
- Plugins and embedded functions as well as content
- Changes and updates to the privacy policy
- Rights of data subjects
- Definitions of terms
Responsible
Jörg Panten as sole proprietor/owner of "a.pertura Fotografie"
Viljandiring 46
22926 Ahrensburg
E-mail address:
Imprint:
https://www.a-pertura.de/impressum
Overview of processing activities
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.
Types of data processed
- Inventory data.
- Payment details.
- Contact details.
- Content data.
- Contract details.
- Usage data.
- Metadata/communication data.
Categories of affected persons
- Interested parties.
- Communication partner.
- Users.
- Business and contractual partners.
Purposes of processing
- Provision of contractual services and customer service.
- Contact requests and communication.
- Range measurement.
- Tracking.
- Office and organizational procedures.
- Managing and responding to inquiries.
- Feedback.
- Marketing.
- Profiles containing user-related information.
- Provision of our online services and user-friendliness.
- Information technology infrastructure.
Relevant legal bases
Below you will find an overview of the GDPR legal bases on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our country of residence or establishment. Furthermore, should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.
- Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
In addition to the data protection regulations of the General Data Protection Regulation (GDPR), national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment-related purposes (§ 26 BDSG), especially with regard to the establishment, execution, or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may also apply.
Security measures
In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.
SSL encryption (https): To protect the data you transmit via our online service, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser's address bar.
Transfer of personal data
As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies, this will only be done in accordance with legal requirements.
Subject to explicit consent or where transfer is required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Deletion of data
The data we process will be deleted in accordance with legal requirements as soon as the consent to process it is withdrawn or other legal grounds for processing cease to apply (e.g., if the purpose for processing this data no longer exists or it is no longer necessary for that purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for any other purpose. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.
Our privacy policy may also contain further information on the storage and deletion of data, which takes precedence for the respective processing activities.
Use of cookies
Cookies are small text files or other storage markers that store information on and read information from end devices. For example, they can be used to save login status in a user account, shopping cart contents in an online store, accessed content, or used functions of an online service. Cookies can also be used for various other purposes, such as improving the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic.
Information regarding consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless legally required. In particular, consent is not necessary if the storage and reading of information, including cookies, is absolutely essential to provide users with a telemedia service (i.e., our online service) that they have expressly requested. The revocable consent is clearly communicated to users and includes information on the respective cookie usage.
Information on the legal basis for data protection:
The legal basis under data protection law for processing users' personal data using cookies depends on whether we request user consent. If users consent, the legal basis for processing their data is their explicit consent. Otherwise, data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation of our online services and improving their usability) or, if this is necessary for fulfilling our contractual obligations, if the use of cookies is required to meet those obligations. We explain the purposes for which we process cookies in this privacy policy or within the framework of our consent and processing procedures.
Storage duration
With regard to storage duration, the following types of cookies are distinguished:
- Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
- Persistent cookies: Persistent cookies remain stored even after the user closes their device. This allows, for example, login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for audience measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.
General information on revocation and objection (opt-out):
Users can withdraw their consent at any time and also object to processing in accordance with the legal requirements of Article 21 GDPR. Users can also declare their objection via their browser settings, e.g., by deactivating the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be made via the websites. https://optout.aboutads.info and https://www.youronlinechoices.com/ will be explained.
Further information on processing procedures, methods and services:
Processing of cookie data based on consent: We use a cookie consent management process to obtain, manage, and revoke user consent for the use of cookies and the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid having to request it again and to be able to demonstrate consent in accordance with legal requirements. Storage can be server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or their device. Subject to individual information regarding the providers of cookie management services, the following applies: The storage period for consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, operating system, and device used.
- Usercentrics: Cookie consent management; Service provider: Hosted locally on our server, no data is shared with third parties; Website: https://usercentrics.com/de/Further information: An individual user ID, language, types of consent and the time of their submission are stored server-side and in the cookie on the user's device.
Business services
We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners") within the framework of contractual and similar legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g. to answer inquiries.
We process this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations, and remedying warranty claims and other service disruptions. Furthermore, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations, as well as for company organization. We also process the data based on our legitimate interests in proper and efficient business management and security measures to protect our contractual partners and our business operations from misuse, compromise of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose contractual partner data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.
We will inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colors) or symbols (e.g. stars or similar), or personally.
We delete data after the expiry of statutory warranty periods and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, for example, as long as it must be retained for legal archiving purposes. The statutory retention period is ten years for tax-relevant documents, as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions necessary for understanding these documents, and other organizational documents and accounting records. For received commercial and business correspondence and copies of sent commercial and business correspondence, the retention period is six years. This period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance sheet, annual financial statement, or management report was prepared, the commercial or business correspondence was received or sent, the accounting record was created, the record was made, or the other documents were created.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply to the relationship between users and the providers.
- Types of data processed: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category).
- Affected persons: prospective customers; business and contractual partners.
- Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organizational procedures; administration and answering of inquiries.
- Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
- Craft services: We process the data of our customers and clients (hereinafter referred to collectively as "customers") to enable them to select, purchase, or commission the chosen services or works, as well as related activities, and to facilitate payment, delivery, execution, or performance. The required information is marked as such during the order, purchase, or similar contract conclusion process and includes the information necessary for delivery and invoicing, as well as contact information to allow for any necessary follow-up. Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
- Artistic and literary services: We process our clients' data to enable them to select, purchase, or commission the chosen services or works, as well as related activities, and to facilitate payment, delivery, execution, or performance. The required information is marked as such during the order, purchase, or similar contract process and includes the data necessary for delivery and invoicing, as well as contact information to allow for any necessary follow-up. Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Provision of the online service and web hosting
To ensure the secure and efficient provision of our online services, we utilize the services of one or more web hosting providers, from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.
The data processed in connection with providing our hosting services may include all information relating to users of our online services that is generated during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online services to browsers, and all entries made within our online services or on websites.
- Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Provision of contractual services and customer service.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
- Provision of online services on rented storage space: For the provision of our online services, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called "web host") or otherwise obtain; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.
- Content Delivery Network: We use a Content Delivery Network (CDN). A CDN is a service that enables faster and more secure delivery of online content, especially large media files such as graphics or program scripts, using regionally distributed servers connected via the internet; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.ionos.dePrivacy Policy: https://www.ionos.de/terms-gtc/terms-privacy; Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/?utm_source=search&utm_medium=global&utm_term=Auft&utm_campaign=HELP_CENTER&utm_content=/hilfe/.
Contact and inquiry management
When you contact us (e.g. via contact form, email, telephone or social media) and within the framework of existing user and business relationships, the information provided by the requesting persons is processed to the extent necessary to answer the contact requests and any requested measures.
The processing of contact requests and the management of contact and request data within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre-)contractual requests and otherwise on the basis of the legitimate interests in answering requests and maintaining user or business relationships.
- Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Communication partners.
- Purposes of processing: Provision of contractual services and customer service; contact requests and communication; administration and response to inquiries; feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness.
- Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
- Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle their request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment, and otherwise based on our legitimate interests and the interests of our communication partners in responding to requests, as well as our legal retention obligations; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Web analytics, monitoring and optimization
Web analytics (also known as "reach measurement") is used to evaluate visitor traffic to our online services and can include pseudonymous data on visitor behavior, interests, or demographic information such as age or gender. Reach analysis allows us, for example, to identify when our online services, their features, or content are most frequently used or encourage repeat visits. It also helps us understand which areas require optimization.
In addition to web analytics, we can also use testing procedures to test and optimize different versions of our online offering or its components.
Unless otherwise stated below, profiles—that is, data aggregated from a usage session—may be created for these purposes, and information may be stored in and retrieved from a browser or device. The data collected includes, in particular, visited websites and elements used therein, as well as technical information such as the browser and operating system used, and usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.
User IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored for web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g., interest-/behavior-related profiling, use of cookies); provision of our online services and user-friendliness.
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further information on processing procedures, methods and services:
- We use the "1&1 WebAnalytics" service from IONOS, which shows how this website is used. The data is collected via a pixel. To protect personal data, 1&1 WebAnalytics does not use cookies. The visitor's IP address is transmitted when a page request is submitted, anonymized immediately after transmission, and processed without reference to any individual. 1&1 WebAnalytics does not store any personal data of website visitors, so no conclusions can be drawn about individual visitors. The following data is collected:
- Referrer (previously visited website)
- Requested website or file
- Browser type and browser version
- Operating system used
- Device type used
- Time of access
- IP address in anonymized form (used only to determine the location of access)
1&1 WebAnalytics collects data solely for statistical analysis and technical optimization of the website. No data is shared with third parties.
You can find more information here:https://www.ionos.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-11-ionos-produktes/webanalytics/
- Google Analytics: Web analytics, reach measurement, and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website:
https://marketingplatform.google.com/intl/de/about/analytics/Privacy Policy:
https://policies.google.com/privacy; Data processing agreement:
https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries):
https://business.safety.google/adsprocessorterms; Opt-out option: Opt-out plugin:
https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements:
https://adssettings.google.com/authenticatedFurther information:
https://privacy.google.com/businesses/adsservices
(Types of processing and processed data).
Presences in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about ourselves.
Please note that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These user profiles can then be used to display advertisements both within and outside the networks that are presumably tailored to the users' interests. For these purposes, cookies are typically stored on users' computers, recording their usage patterns and interests. Additionally, user profiles can also store data independent of the devices used by the users (especially if the users are members of the respective platforms and are logged in).
For a detailed description of the respective processing methods and the options for objecting (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.
Regarding requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively addressed directly with the service providers. Only the providers have access to user data and can take appropriate action and provide information directly. However, should you require assistance, you can contact us.
- Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
- Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.instagram.comPrivacy Policy:https://instagram.com/about/legal/privacy.
- Facebook Pages: Profiles within the Facebook social network - We, together with Meta Platforms Ireland Limited, are responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy). https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policyAs explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights," to page administrators so they can gain insights into how people interact with their pages and the content associated with them. We have a specific agreement with Facebook ("Information about Page Insights"). https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to Facebook). The rights of users (in particular, the rights to information, deletion, objection, and lodging a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.comPrivacy Policy: https://www.facebook.com/about/privacy; Standard contractual clauses (guaranteeing a level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendumFurther information: Joint responsibility agreement: https://www.facebook.com/legal/terms/information_about_page_insights_dataJoint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transfer of data to its parent company, Meta Platforms, Inc., in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- Twitter: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).
Plugins and embedded functions as well as content
We integrate functional and content elements into our online services that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").
The integration of third-party content always requires that these providers process users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content from providers who use IP addresses solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow for the analysis of information such as visitor traffic on the pages of this website. The pseudonymized information can also be stored in cookies on users' devices and may include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and other information about the use of our online services, as well as be combined with such information from other sources.
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online service and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
- Google Fonts (provided on our own server): Fonts ("Google Fonts") for the purpose of a user-friendly presentation of our online services; Service provider: The Google Fonts are hosted on our server; no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Management, organization and support tools
We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and delivering our services. We comply with legal requirements when selecting third-party providers and their services.
Within this framework, personal data may be processed and stored on the servers of third-party providers. This may involve various types of data, which we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data relating to transactions, contracts, other processes, and their content.
If users are referred to third-party providers or their software or platforms in the course of communication, business, or other relationships with us, these third-party providers may process usage data and metadata for security, service optimization, or marketing purposes. We therefore ask you to review the privacy policies of the respective third-party providers.
Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
Affected persons: Communication partners; users (e.g., website visitors, users of online services).
Purposes of processing: Contact requests and communication; provision of contractual services and customer service; office and organizational procedures.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
WeTransfer: File transfer via the internet; Service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam 1019 BW, Netherlands; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wetransfer.comPrivacy Policy: https://wetransfer.com/legal/privacy.
Changes and updates to the privacy policy
We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require action on your part (e.g., consent) or any other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the Addresses may change over time, so please check the details before contacting us.
Rights of data subjects
As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Right of withdrawal for consents: You have the right to withdraw any consent you have given at any time.
- Right to information: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data as well as further information and a copy of the data in accordance with legal requirements.
- Right to rectification: In accordance with legal requirements, you have the right to request the completion of your personal data or the correction of inaccurate personal data concerning you.
- Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, in accordance with the legal requirements.
- Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
Definitions of terms
This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Article 4 of the GDPR. The legal definitions are binding. The following explanations, however, are intended primarily to aid understanding. The terms are listed alphabetically.
- Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Profiles with user-related information: The processing of "profiles with user-related information," or simply "profiles," encompasses any type of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this can include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.). Examples of such profiling include interests in specific content or products, click behavior on a website, or location. Cookies and web beacons are frequently used for profiling purposes.
- Audience measurement: Audience measurement (also known as web analytics) is used to analyze visitor traffic to an online service and can include visitors' behavior or interests in specific information, such as website content. With the help of audience analysis, website owners can, for example, determine when visitors access their website and which content they are interested in. This allows them to better tailor the website content to their visitors' needs. Pseudonymous cookies and web beacons are frequently used for audience analysis to recognize returning visitors and thus obtain more accurate analyses of online service usage.
- Tracking: "Tracking" refers to the process of observing user behavior across multiple online services. Typically, behavioral and interest information related to the online services used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to match their interests.
- Controller: The term "controller" refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, be it collection, analysis, storage, transmission, or erasure.
Created with https://datenschutz-generator.de/
