PRIVACY POLICY

​

With the following privacy policy, we inform you about the processing of personal data (hereinafter referred to as “personal data” or “data”) in accordance with the General Data Protection Regulation (GDPR), including the purposes, scope, and legal basis of such processing in connection with the provision of our application.

The terms used are gender-neutral.

Last updated: 26 February 2024

​

Controller

Isa Johannsen
Graphic Design, Painting
Ottenser Hauptstrasse 32
22765 Hamburg
Germany

Email address: johannsen.isa@t-online.de
Phone: +49 170 4174300

​

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

​

Types of Data Processed

• Inventory data (e.g. names, addresses).

• Content data (e.g. entries in online forms).

• Contact data (e.g. email addresses, telephone numbers).

• Meta/communication data (e.g. device information, IP addresses).

• Usage data (e.g. visited websites, interest in content, access times).

​

Categories of Data Subjects

• Communication partners.

• Users (e.g. website visitors, users of online services).

​

Purposes of Processing

• Provision of our online services and user-friendliness.

• Direct marketing (e.g. via email or post).

• Contact requests and communication.

• Profiles with user-related information (creation of user profiles).

• Reach measurement (e.g. access statistics, recognition of returning visitors).

• Provision of contractual services and customer service.

​

Security Measures
In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data threats. In addition, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

​

Provision of Online Services and Web Hosting
In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers whose servers (or servers managed by them) are used to retrieve the online services. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, database services, as well as security and technical maintenance services.

The data processed in the context of providing hosting services may include all information relating to users of our online services that arises in the course of use and communication. This regularly includes the IP address, which is necessary to deliver the content of online services to browsers, and all entries made within our online services or websites.

Collection of Access Data and Log Files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, date and time of access, amounts of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider.

Server log files may be used for security purposes, e.g. to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure server utilization and stability.

• Types of data processed: Content data (e.g. entries in online forms), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. website visitors, users of online services).

• Purposes of processing: Provision of our online services and user-friendliness.

• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
   

Newsletters and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or on the basis of a legal permission. If the content of the newsletter is specifically described during registration, it is decisive for the users’ consent. Otherwise, our newsletters contain information about us and our services.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter or further information if required for the purposes of the newsletter.

Double Opt-In Procedure: Registration for our newsletter is carried out using a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent registrations with third-party email addresses. Newsletter registrations are logged in order to be able to demonstrate the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove previously given consent. Processing of these data is restricted to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is simultaneously confirmed. In the event of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called “blocklist”).

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Information on Legal Bases: The sending of newsletters is based on the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing, insofar as and to the extent that this is legally permitted, e.g. in the case of existing customer advertising. If we commission a service provider to send emails, this is done on the basis of our legitimate interests. The registration procedure is recorded on the basis of our legitimate interests in order to demonstrate compliance with legal requirements.

Content: Information about us, our services, promotions, and offers.

Requirement for the Use of Free Services: Consent to receive mailings may be made a prerequisite for the use of free services (e.g. access to certain content or participation in certain promotions). If users wish to use the free service without subscribing to the newsletter, we ask you to contact us.

• Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses).

• Data subjects: Communication partners, users (e.g. website visitors, users of online services).

• Purposes of processing: Direct marketing (e.g. via email or post), provision of contractual services and customer service.

• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

• Right to Object (Opt-Out): You may cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. A link to unsubscribe can be found at the end of each newsletter, or you may use one of the contact options listed above, preferably email.

• Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email addresses, telephone numbers).

• Data subjects: Communication partners.

• Purposes of processing: Direct marketing (e.g. via email or post).

• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
   

Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as “reach measurement”) serves to evaluate visitor flows to our online services and may include behavioral, interest-based, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify when our online services or their functions or content are most frequently used or invite reuse. We can also determine which areas require optimization.

In addition to web analysis, we may also use testing procedures, for example to test and optimize different versions of our online services or their components.

For these purposes, so-called user profiles may be created and stored in a file (so-called “cookie”) or similar procedures with the same purpose may be used. This information may include viewed content, visited websites and elements used there, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed depending on the provider.

Users’ IP addresses are also stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the respective purposes.

Information on Legal Bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data are processed on the basis of our legitimate interests (i.e. interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

• Types of data processed: Usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. website visitors, users of online services).

• Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors), profiles with user-related information (creation of user profiles).

• Security measures: IP masking (pseudonymization of the IP address).

• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
   

Services and Service Providers Used
Google Analytics: Reach measurement and web analysis; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy policy: https://policies.google.com/privacy; types of processing and processed data: https://privacy.google.com/businesses/adsservices; data processing terms for Google advertising products and standard contractual clauses for third-country data transfers: https://business.safety.google/adsprocessorterms.