With this information, the controller named in section 1 ("We")
informs the user of the website ("you" or "user") in accordance
with Art. 13 and 14 of the General Data Protection Regulation
(GDPR) about the collection and processing of personal data. At
the same time, we inform you when we store information on the
end device you use when accessing our websites or when we
access information already stored on your end device.
For the use of websites of other providers, to which reference
is made e.g., via links, the data protection information
provided there applies.
A. General Information
1. Controller and Data Protection Officer
1.1 The responsible data controller for this website is:
Julia Pfaffinger
Waldstr. 7
D-85457 Wörth
pm@juliapfaffinger.de
1.2 We are not required to appoint a Data Protection Officer.
1.3 Our website is hosted by ALL-INKL.COM (www.all-inkl.com), i.e., technically provided on the web servers of this web hoster. The web hoster is a processor obligated by us in accordance with Art. 28 GDPR.
2. Rights of the Data Subject
As a "data subject," you have the following rights when your personal data is collected by us:
2.1 Right of Access
You can request access to your personal data that we process, in accordance with Art. 15 GDPR.
2.2 Right to Object
You have a right to object for special reasons under Art. 21(1) GDPR. We will inform you about this separately from this information under section "B".
2.3 Right to Rectification
If the information concerning you is not (or is no longer) accurate, you can request a rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request its completion.
2.4 Right to Erasure
You can request the erasure of your personal data under the conditions of Art. 17 GDPR.
2.5 Right to Restriction of Processing
In the cases of Art. 18 GDPR, you have the right to request a restriction of the processing of your personal data ("blocking").
2.6 Right to Lodge a Complaint
If you are of the opinion that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice, in accordance with Art. 77(1) GDPR.
2.7 Right to Data Portability
In the event that you have provided us with personal data in accordance with Art. 20(1) GDPR, you have the right to receive the data that we process automatically on the basis of your consent or in fulfillment of a contract, in a structured, commonly used, and machine-readable format, or to have it transmitted to a third party. The collection of data for the provision of the website and the storage of log files (see section 3.1 below) are strictly necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, but are justified under Art. 6(1)(f) GDPR. The conditions of Art. 20(1) GDPR are therefore not met in this respect.
3. Procedure: Provision of the Website and Creation of Log Files
3.1 Which data is processed and for what purpose?
Each time content on the website is accessed, the web server of our web host, where our website is stored, temporarily collects and stores information (data) from the internet browser of the user's calling computer or end device. This data may allow for the identification of the user and is therefore personal data.
-
User's IP address,
-
Date and time of the website access,
-
The protocol, e.g., HTTP,
-
The request method "Get" or "Post",
-
Content of the request or details of the retrieved file transmitted to the user,
-
The access status (successful transmission, error, etc.),
-
The amount of data transferred in bytes,
-
Incoming and outgoing data traffic ("traffic"),
-
A process identification number ("Process ID"),
-
The time it took for the web server to respond to the user's request,
-
The website from which the user's access originated,
-
The browser used by the user, the operating system, the interface, the browser language, and the version of the browser software.
3.2 On what legal basis is this data processed?
The data from section 3.1 is collected and processed by our web host for the mentioned temporary storage purpose and also for the further storage purpose in accordance with Art. 6(1)(f) GDPR. This purpose also constitutes the legitimate interest in data processing. This legitimate interest is the interest of our web host, but also our legitimate interest in a functional website.
3.3 Are there other recipients of the aforementioned data besides the controller?
Our web host, as our processor, has technical access to the data mentioned in 3.1.
3.4 How long is the data stored?
The data from 3.1.1 is deleted as soon as it is no longer required for the purpose of its collection. For the provision of the website, this is the case when the respective session is ended. The log files are kept for a maximum of 7 days, unless a security event requires longer storage.
3.5 Is there an obligation to provide the data?
You must provide the data from 3.1 to our web host. Otherwise, you cannot technically use our website, and our web host cannot ensure secure technical operation.
4. Data Processing Procedures
4.1 Use of Email Addresses
We provide an email address for the purpose of allowing you to contact us. If you transmit personal data to us via email, it will be stored and processed by us for the purpose of responding to your inquiry.
The data from section 4.1.1 is processed on the basis of Art. 6(1)(f) GDPR (our legitimate interest as the controller in communication). If your inquiry aims at the conclusion of a contract, then Art. 6(1)(b) GDPR is an additional legal basis (initiation, conclusion, and execution of a contract).
Our web host, as our processor, has technical access to the data mentioned in 4.1.1.
The data from 4.1.1 is deleted as soon as it is no longer required for the purpose of its collection. For personal data sent to us via email, this is the case when the respective correspondence with the user has ended and storage is no longer necessary for other reasons. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been finally resolved.
You are not obliged to provide us with data from 4.1.1. You do not have to communicate with us via email.
4.2 Use of YouTube Videos (Two-Click Solution)
This website utilizes the YouTube embedding function for the
display and playback of videos from the provider "YouTube,"
which is part of Google Ireland Limited, Gordon House, 4 Barrow
St, Dublin, D04 E5W5, Ireland ("Google").
By default, only preview images of the videos are displayed.
The video is only loaded from YouTube's servers after you click
on the respective preview image. This click constitutes your
consent in accordance with Art. 6(1)(a) GDPR.
When the playback of embedded YouTube videos is started, the
provider "YouTube" deploys cookies to collect information on
user behavior. According to "YouTube," this information is
used, among other things, to compile video statistics, improve
user-friendliness, and prevent abusive practices. If you are
logged into Google, your data will be directly associated with
your account when you click on a video. If you do not wish for
this association with your YouTube profile, you must log out
before activating the video. You have the right to object to
the creation of these user profiles, and you must contact
YouTube directly to exercise this right. As part of using
YouTube, personal data may also be transferred to the servers
of Google LLC. in the USA.
Regardless of whether the embedded videos are played, a
connection to the Google network is established each time this
website is accessed, which can trigger further data processing
operations beyond our control.
All processing described above, particularly the reading of information on the end device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR by clicking on the preview image. Without this consent, YouTube videos will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future by reloading the page or by not clicking on a video preview image again.
Further information on data protection at "YouTube" can be found in YouTube's Terms of Service at https://www.youtube.com/static?template=terms and in Google's Privacy Policy at https://www.google.de/intl/de/policies/privacy
4.3 Web Analysis Services with Matomo
This website uses the web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo"), to collect and temporarily store certain user information. To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses of site usage within a short time frame of up to 24 hours. The site's "config_id" is a randomly generated, time-limited hash of a limited set of the visitor's settings and attributes. The config_id or config hash is a string of characters calculated for a visitor based on their operating system, browser, browser plugins, IP address, and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the site visitor to create the "config_id".
Insofar as the information processed in this way includes personal user data, the processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. To object to the future processing of your visitor data, we provide a separate opt-out option on our website.
The data collected using Matomo's technology is transferred to Matomo's servers in New Zealand and processed for usage analysis purposes. The European Commission has issued an adequacy decision for New Zealand, which certifies compliance with European data protection standards for international data transfers.
5. Processing of Information from Your End Devices
5.1 Insofar as we wish to store information on
the end device you use when visiting our websites and/or access
information already stored on your end device, we will ask for
your consent based on clear and comprehensive information. This
is done via a consent banner used by us. We obtain any required
consent before we access the device. Your consent can be
revoked by you at any time. For certain purposes specified by
law, however, your consent is not necessary, so we do not ask
for it in these cases. Consent is not required, on the one
hand, if the sole purpose of storing information on the end
user's end device or the sole purpose of accessing information
already stored on the end user's end device is to carry out the
transmission of a communication over a public
telecommunications network. On the other hand, consent to the
use of your end device is not required if the storage of
information on the end user's end device or the access to
information already stored on the end user's end device is
strictly necessary for us as a provider of a telemedia service
to provide a telemedia service expressly requested by the
user.
5.2 Such access to end devices is possible via
certain technologies. The best-known technology involves
cookies. Cookies are objects that can be stored in the internet
browser or by the internet browser on the user's end device.
When a user visits a website, the server of the website
operator or a third party can read the cookie stored there via
the user's operating system and consequently the information
stored therein. A cookie may, but does not have to, contain a
characteristic string of characters that allows for a unique
identification of the user's browser when the website is
visited again.
5.3 Removal option: The user can prevent or
restrict the installation of cookies through a corresponding
setting in their browser. Cookies that have already been stored
can also be deleted at any time by the user via their browser.
The settings for this depend on the respective browser.
However, if the user prevents or restricts the installation of
cookies, this may result in not all functions of the website
being fully usable. What applies to cookies also applies to
other technologies that use the user's end device.
5.4 Cookies and similar technologies requiring
consent: Our consent banner on the website provides information
about cookies and similar technologies that require
consent.
5.5 Cookies and similar technologies not
requiring consent: For cookies and similar technologies not
requiring consent, we have internally documented that consent
is not required according to § 25(2) of the German
Telecommunications Telemedia Data Protection Act (TTDSG).
6. Technical Measures
6.1 SSL/TLS
For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, our websites are equipped with active SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and a lock symbol appears in the browser line. As a result of this encryption, data that you transmit to us cannot be read by third parties.
6.2 End-to-End Communication
If you contact us using an email address provided on our websites, the transport of the email content to us is not end-to-end encrypted. This means that while the emails are generally encrypted during transport via the participating email providers, they are present in unencrypted form on their servers.
B. Special Information
Special Right to Object pursuant to Art. 21(1)
GDPR
You have the right to object, on grounds relating to your
particular situation, at any time to the processing of your
personal data which is based on Article 6(1)(f) GDPR
(processing for the purposes of legitimate interests pursued by
us or by a third party), in accordance with Art. 21(1) GDPR.
You can direct the objection to the address in section
1.1.
We will no longer process the personal data unless we can
demonstrate compelling legitimate grounds for the processing
which override the interests, rights, and freedoms of the data
subject, or the processing serves the establishment, exercise,
or defense of legal claims.
In the event of your objection, you must explain in detail any
existing interests you may have (your "particular situation"),
so that we can conduct a new balancing of interests. If our
interests in further storage do not prevail, the personal data
stored in the course of contacting us will be deleted. If they
still prevail, the data processing will be continued by us.