Introduction

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter referred to as “data”) we process for which purposes and to what extent. The privacy policy applies to all personal data processing carried out by us, both within the scope of our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Last updated: September 20, 2021

Table of Contents

  • Introduction
  • Controller
  • Overview of Data Processing
  • Legal Bases
  • Security Measures
  • Data Processing in Third Countries
  • Deletion of Data
  • Use of Cookies
  • Provision of Online Services and Web Hosting
  • Blogs and Publication Media
  • Contact and Request Management
  • Web Analysis, Monitoring, and Optimization
  • Presence in Social Networks (Social Media)
  • Plugins and Embedded Functions as well as Content
  • Changes and Updates to the Privacy Policy
  • Rights of Data Subjects
  • Definitions of Terms

Controller

Constance Landsberg
eselva UG (limited liability)
Schellingstraße 109a
80798 Munich
Email: datenschutz@constance-landsberg.com
Impressum: https://www.constance-landsberg.de/impressum

Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing, and it refers to the affected individuals.

Types of Data Processed

  • Inventory data (e.g., names, addresses)
  • Content data (e.g., entries in online forms)
  • Contact data (e.g., email, telephone numbers)
  • Meta/communication data (e.g., device information, IP addresses)
  • Usage data (e.g., visited websites, interest in content, access times)

Categories of Affected Persons

  • Communication partners
  • Users (e.g., website visitors, users of online services)

Purposes of Processing

  • Provision of our online offering and user-friendliness
  • Direct marketing (e.g., via email or postal mail)
  • Feedback (e.g., collecting feedback via online forms)
  • Marketing
  • Contact inquiries and communication
  • User-related profiles (creating user profiles)
  • Audience measurement (e.g., access statistics, identification of returning visitors)
  • Fulfillment of contractual services and customer support

Legal Bases

The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that national data protection regulations in your or our country of residence may apply in addition to the GDPR. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) Sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data for one or more specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are taken at the request of the data subject.
  • Legitimate interests (Art. 6(1) Sentence 1 lit. f GDPR) – Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

National data protection regulations in Germany: In addition to the provisions of the General Data Protection Regulation (GDPR), national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG), which contains specific provisions regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, and processing for other purposes. Moreover, the data processing for employment purposes is regulated by Section 26 BDSG, especially regarding the establishment, execution, or termination of employment relationships and the consent of employees. Furthermore, the data protection laws of the individual federal states may apply.

Security Measures

In accordance with the legal requirements and taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood of occurrence and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data through control of physical and electronic access to the data, as well as access, input, transfer, availability, and separation of data related to them. We also have procedures in place to ensure the exercise of data subject rights, the deletion of data, and responses to data compromise. Furthermore, we consider the protection of personal data during the development and selection of hardware, software, and procedures, according to the principle of data protection by design and by default.

SSL Encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), European Economic Area (EEA)), or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other individuals, entities, or companies, this will only occur in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligations under so-called EU standard protection clauses, certifications, or binding internal data protection regulations (Art. 44-49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data

The data we process will be deleted in accordance with the legal requirements once the consents permitted for processing are withdrawn or other legal permissions no longer apply (e.g., if the purpose of the processing has ceased or the data is no longer necessary for the purpose). If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted to these purposes. This means the data will be locked and not processed for other purposes. For example, this applies to data that must be retained for commercial or tax law reasons, or that is necessary for asserting, exercising, or defending legal claims or for protecting the rights of another natural or legal person.

Our privacy notices may also include further information on the retention and deletion of data that take precedence for the respective processing operations.

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. The primary purpose of a cookie is to store information about a user during or after their visit within an online offering. Stored information may include, for example, language settings on a website, login status, a shopping cart, or the location where a video was viewed. The term “cookies” also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).

The following types and functions of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits the website again. Likewise, the interests of users used for audience measurement or marketing purposes can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by ourselves.
  • Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or strictly necessary) cookies: Cookies may be essential for the operation of a website (e.g., to save logins or other user inputs or for security reasons).
  • Statistical, marketing, and personalization cookies: Cookies are also generally used for audience measurement and when a user’s interests or behavior (e.g., viewing specific content, using certain functions, etc.) are stored in a user profile. Such profiles are used to display content to users that matches their potential interests. This process is also referred to as “tracking,” i.e., the tracking of the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or as part of obtaining consent.

Provision of the Online Offering and Web Hosting

To securely and efficiently provide our online offering, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online offering can be accessed. To these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services.

The data processed as part of the provision of the hosting offering may include all information related to users of our online offering that is collected as part of usage and communication. This regularly includes the IP address, which is necessary to deliver the contents of online offerings to browsers, and all entries made within our online offering or on websites.

Changes and Updates to the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to verify the information before contacting them.

Rights of Data Subjects

As a data subject, you have the following rights under the GDPR, in particular Articles 15 to 21:

  • Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is based on Article 6(1) lit. e or f GDPR, including profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent it is related to such direct marketing.
  • Right of withdrawal for consents: You have the right to withdraw consents granted at any time.
  • Right of access: You have the right to request confirmation as to whether relevant data is being processed and to obtain information about this data, as well as further information and a copy of the data, in accordance with the legal requirements.
  • Right to rectification: You have the right, in accordance with the legal requirements, to request the completion or correction of the data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to demand the immediate deletion of the data concerning you, or alternatively, to request the restriction of the processing of the data in accordance with the legal requirements.
  • Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, in accordance with the legal requirements, or to request that it be transmitted to another controller.
  • Right to complain to a supervisory authority: You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the provisions of the GDPR.

Generated with the free privacy policy generator by Dr. Thomas Schwenke

Scroll to Top