Skip to main content

Privacy

Table of Contents

Responsible person:
Tim Semmelrogge
Wellerstädter Hauptstr. 49
91083 Baiersdorf, Germany

E-Mail: [email protected]

Legal Notice: https://semmel.xyz/legal-notice

Types of Processed Data

Inventory data, contact data, content data, usage data, meta/communication data

Categories of Affected Persons

Communication partners, users

Purposes of Processing

Provision of contractual services and customer support, handling contact inquiries and communication, security measures, reach measurement, conversion measurement, administration and response to inquiries, feedback, marketing, profiles with user-related information, provision of our online services, and user-friendliness

Relevant Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection provisions may apply in your or our country of residence. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6(1) sentence 1 lit. a GDPR):
The data subject has given their consent to the processing of personal data concerning them for one or more specific purposes.

Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR):
The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.

Legal obligation (Art. 6(1) sentence 1 lit. c GDPR):
The processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR):
The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Additional National Data Protection Regulations

In addition to the GDPR, national data protection regulations in Germany apply. This includes the Federal Data Protection Act (BDSG), which contains specific provisions on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for employment purposes (§ 26 BDSG), particularly concerning the establishment, performance, or termination of employment relationships and the consent of employees. Additionally, data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, securing availability, and separation of the data. We also have procedures in place to ensure the exercise of data subject rights, deletion of data, and response to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures according to the principle of data protection by design and by default.

SSL Encryption (https):
To protect your data transmitted via our online offering, we use SSL encryption. You can recognize encrypted connections by the prefix https:// in your browser’s address bar.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that the data is transmitted to other entities, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include service providers tasked with IT duties or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements with the recipients of your data to protect it.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons, entities, or companies, this is done only in accordance with legal requirements.

Subject to express consent or contractual or legal requirements, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, existing certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as their permitted consent is revoked or other permissions no longer apply (e.g., if the purpose of the processing of this data no longer applies or they are not necessary for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person.

Our privacy notices may also include further information on the retention and deletion of data that take precedence for the respective processing.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content, or used functions of an online offer. Cookies can also be used for different purposes, e.g., to ensure the functionality, security, and comfort of online offerings and to create analyses of visitor flows.

Notes on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, except where this is not legally required. Consent is particularly not necessary if the storage and reading of the information, including cookies, is absolutely necessary to provide the users with a telemedia service (i.e., our online offering) that they expressly request. The revocable consent will be clearly communicated to the users and contain information about the respective cookie use.

Notes on Data Protection Legal Bases: The legal basis on which we process the personal data of users using cookies depends on whether we ask users for consent. If users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the commercial operation of our online offering and its improvement) or if this is necessary to fulfill our contractual obligations if the use of cookies is necessary for this purpose. We inform about the purposes for which the cookies are processed in the course of this privacy policy or within the framework of our consent and processing procedures.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

Temporary cookies (also: session or session cookies):
Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).

Permanent cookies:
Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected using cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General Information on Withdrawal and Objection (Opt-Out)

Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements in Art. 21 GDPR (further information on the objection is provided in this privacy policy). Users can also declare their objection through the settings of their browser.

Further Information on Processing Procedures, Procedures, and Services

Processing of Cookie Data on the Basis of Consent:
We use a cookie consent management procedure in which user consent for the use of cookies or the processing and providers mentioned in the cookie consent management procedure can be obtained and managed and revoked by users. The consent declaration is stored so that the query does not have to be repeated and to be able to prove the consent according to the legal obligation. The storage can be server-side and/or in a cookie (so-called opt-in cookie or using comparable technologies) to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following notes apply: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is formed and stored with the time of the consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and end device used.

Provision of the Online Offering and Web Hosting:
To securely and efficiently provide our online offering, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online offering can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space, and database services as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting offer can include all information about the users of our online offering that accrues in the course of use and communication. This regularly includes the IP address, which is necessary to deliver the contents of online offers to browsers, and all entries made within

our online offering or from websites.

Processed Data Types:
Content data (e.g., entries in online forms); usage data (e.g., visited web pages, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

Affected Persons:
Users (e.g., website visitors, users of online services).

Purposes of Processing:
Provision of our online offering and user-friendliness.

Legal Bases:
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Email Sending and Hosting:
The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information regarding the email dispatch (e.g., the involved providers) and the contents of the respective emails are processed. The aforementioned data can also be processed for the purpose of detecting SPAM. Please note that emails on the Internet are generally not sent encrypted. As a rule (not guaranteed), emails are encrypted during transport, but (unless an end-to-end encryption procedure is used) not on the servers from which they are sent and received. We cannot take responsibility for the transmission path of the emails between the sender and the receipt on our server.

Collection of Access Data and Log Files:
We (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files can include the address and name of the retrieved web pages and files, date and time of retrieval, transmitted data volumes, report on successful retrieval, browser type along with version, the user’s operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers, especially in the case of misuse attacks (such as DDoS attacks), and to ensure the stability and performance of the servers.

Deletion of Data:
Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that requires further retention for evidence purposes is excluded from deletion until the respective incident is finally clarified.

Content-Delivery-Network:
We use a “Content-Delivery-Network” (CDN). A CDN is a service that helps to deliver content of an online offering, especially large media files such as graphics or program scripts, more quickly and securely through regionally distributed and internet-connected servers.

CloudFlare:
To secure our website and optimize loading times, we use the service CloudFlare as a so-called CDN (Content-Delivery-Network). This is a service provided by Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA, hereafter referred to as “CloudFlare”.

Legal Basis:
Art. 6(1) lit. f) GDPR. Our legitimate interest lies in the secure operation of our website as well as its optimization.

If you access our website, your requests will be routed through the server of CloudFlare. Here, statistical access data about the visit to our website is collected, and a cookie is stored on your device via your internet browser by CloudFlare. The access data includes your IP address, the internet page(s) of our website you accessed, the type and version of the internet browser you used, the operating system you used, the website from which you switched to our website (referrer URL), your stay on our website, and the frequency of accessing our internet pages.

The data is used by CloudFlare for the purpose of statistical analysis of access as well as for security and optimization of the offering.

If you do not agree with this processing, you have the option to prevent the installation of cookies by making the appropriate settings in your internet browser. Details can be found above under the point “Cookies”.

CloudFlare offers further information on data collection and usage as well as your rights and options for protecting your privacy at cloudflare.com/privacypolicy.

Contact and Request Management:
When contacting us (e.g., via contact form, email, telephone, or social media) and within the scope of existing user and business relationships, the information of the requesting persons is processed to the extent necessary to answer the contact inquiries and any requested measures.

The answering of contact inquiries and the management of contact and request data within the scope of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre)contractual inquiries and otherwise on the basis of legitimate interests in answering the inquiries and maintaining user or business relationships.

Processed Data Types:
Inventory data (e.g., names, addresses); contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms).

Affected Persons:
Communication partners

Purposes of Processing:
Contact inquiries and communication; provision of contractual services and customer service.

Legal Bases:
Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); legal obligation (Art. 6(1) sentence 1 lit. c GDPR).

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your participation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.

Rights of the Affected Persons

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to Object:
You have the right to object at any time to the processing of personal data concerning you, which is carried out based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

Right to Withdraw Consent:
You have the right to withdraw consents given at any time.

Right of Access:
You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.

Right to Rectification:
You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with legal requirements.

Right to Erasure and Restriction of Processing:
You have the right, in accordance with legal requirements, to request that data concerning you be deleted immediately, or alternatively, in accordance with legal requirements, to request restriction of the processing of the data.

Right to Data Portability:
You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller in accordance with legal requirements.

Complaint to Supervisory Authority:
You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data concerning you infringes the GDPR.

Last Updated: 2024-05-21

Source: datenschutz-generator.de (German original)