Data privacy policy
1. Overview of Data Protection
General Information
The following information provides a concise overview of what happens to your personal data when you visit this website. Personal data are all information that can be used to personally identify you. For more detailed information on data protection, please refer to our full privacy policy below.
Data Collection on This Website
Who is responsible for data processing on this website?
The data processing on this website is carried out by the website operator, who acts as the Data Controller. You can find their contact details in the section “Data Controller” below.
How do we collect your data?
Your data is collected in part directly from you, e.g., when you enter information into a contact form.
Other data is collected automatically or after your consent when you visit the website via our IT systems. This primarily includes technical data (e.g., web browser type, operating system, date and time of access). These data are collected automatically as soon as you access this website.
For what purposes do we process your data?
Some data is collected to ensure the website functions correctly. Other data may be used to analyze user behavior on the website.
What rights do you have regarding your data?
As a data subject, you have the right to obtain information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have provided consent to data processing, you can revoke it at any time. Additionally, you have the right to request the restriction of processing under certain circumstances and the right to lodge a complaint with the competent supervisory authority.
For any questions regarding data protection, you can contact the Data Controller at any time.
2. Hosting
We host the content of our website with the following providers:
All-Inkl
Provider: ALL-INKL.COM - Neue Medien Munich, Owner: René Munich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter “All-Inkl”). Details are available in All-Inkl's privacy policy: https://all-inkl.com/datenschutzinformationen/.
The use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the reliable presentation of our website. If consent has been obtained (e.g., for cookies or device fingerprinting), processing is based on Art. 6(1)(a) GDPR and §25(1) TTDSG. Consent can be revoked at any time.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with this provider. This contract ensures that the provider acts only on our instructions and in compliance with GDPR.
Squarespace
Provider: Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter “Squarespace”).
Squarespace provides website creation and hosting services. When you visit our website, your data is processed on Squarespace’s servers. This may include transferring personal data to Squarespace’s parent company, Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies necessary for site functionality and security (necessary cookies).
The use of Squarespace is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the reliable presentation of our website. Where consent has been obtained, processing is based on Art. 6(1)(a) GDPR and §25(1) TTDSG. Consent can be revoked at any time.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. More information: https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace.
Squarespace is certified under the EU-US Data Privacy Framework (DPF). This ensures compliance with EU data protection standards when processing personal data in the USA. More information: https://www.dataprivacyframework.gov/participant/4774.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with Squarespace. This ensures that the provider processes personal data only according to our instructions and in compliance with GDPR.
3. General Information and Mandatory Information
Data Protection
The operators of this website take the protection of your personal data very seriously. We process your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When using this website, various personal data may be collected. This privacy policy explains which data we collect, how we use them, and the purpose of processing.
Please note: data transmission over the internet (e.g., via email) may have security vulnerabilities. Complete protection against access by third parties is not possible.
Data Controller
The Data Controller for this website is:
[Fields are blank on website, most certainly need to be filled in]
The Data Controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses).
Storage Duration
Unless otherwise specified, personal data will be stored until the purpose of processing no longer applies. If you request deletion or revoke your consent, your data will be deleted unless other legal obligations require storage (e.g., tax or commercial law retention periods). In such cases, deletion occurs once these obligations expire.
Legal Basis for Data Processing
If you have given consent, we process your personal data under Art. 6(1)(a) GDPR (or Art. 9(2)(a) GDPR for special categories of data).
If processing is required for contract performance, it is based on Art. 6(1)(b) GDPR.
Legal obligations require processing under Art. 6(1)(c) GDPR.
Processing based on legitimate interests is under Art. 6(1)(f) GDPR.
The relevant legal basis for each processing purpose is detailed in the respective sections of this privacy policy.
Recipients of Personal Data
We may share personal data with third-party service providers when necessary for contractual performance, legal obligations, or our legitimate interests. We ensure that all processors are bound by a Data Processing Agreement (DPA) and comply with GDPR requirements.
Revocation of Consent
If processing is based on consent, you may revoke your consent at any time. Processing carried out before revocation remains lawful.
If processing has been restricted, personal data may only be processed with your consent or for the assertion, exercise, or defense of legal claims, or to protect the rights of another person or important public interest.
SSL/TLS Encryption
This website uses SSL/TLS encryption for security. You can identify encrypted connections by the "https://" prefix and the lock icon in the browser address bar.
Cookies
You can configure your browser to manage cookies, including deletion upon closing the browser. Disabling cookies may limit website functionality.
Cookies and services used on this website are described in the relevant sections below.
Plugins and Tools
Google Fonts (Local Hosting)
We use Google Fonts installed locally to ensure consistent font display. No connection to Google servers occurs.
More information: https://developers.google.com/fonts/faq
Privacy policy: https://policies.google.com/privacy?hl=en
Use of Google Maps
This page utilizes the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service enables us to integrate map content into our website.
To use the functions of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a server operated by Google in the United States and stored there. The provider of this website has no influence over this data transmission. If Google Maps is activated, Google may use Google Fonts for the uniform presentation of typefaces. When accessing Google Maps, your browser loads the required web fonts into its cache to correctly display text and fonts.
The use of Google Maps is in the interest of presenting our online offerings in an appealing manner and facilitating the easy location of places specified on our website. This constitutes a legitimate interest pursuant to Article 6(1)(f) of the General Data Protection Regulation (GDPR). If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data transmission to the United States is based on the European Commission’s Standard Contractual Clauses. Details can be found here:
Further information on the handling of user data can be found in Google’s privacy policy:
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards during data processing in the United States. Each company certified under the DPF commits to adhering to these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780