Personal data (usually referred to just as "data" below) will only be processed by me to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation, "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
I. Information about me as controllers of your data
II. Data collection on my website
III. The rights of users and data subjects
IV. Information about the data processing
I. Information about the controllers of your data
As the operator of this website, I’m responsible for protecting your data in a lawful manner.
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
II. Data collection on my website
What type of information do I collect?
I receive, collect and store any information you enter on my website or provide me in any other way. In addition, I collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. I may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. I also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, recommendations, and personal profile.
How do I collect information?
You directly provide me with your data such as your name, address and email address. I collect personal information when you
submit a contact form,
register online and/or place an order for any of my services,
contact me via the contact email address,
voluntarily complete a customer survey or provide feedback on any of my message boards or via email,
use or view my website via your browser's cookies.
When you visit my website, other non-personal data are collected automatically by my IT systems, such as the browser and operating system you are using or when you accessed the page.
Why do I collect such personal information?
I collect such Non-personal and Personal Information for the following purposes:
to provide and operate the Services;
to provide the Users of the website and my Clients with ongoing customer assistance and technical support;
to be able to contact my Visitors and Users with general or personalized service-related notices and promotional messages;
to create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which I may use to provide and improve my respective services;
to comply with any applicable laws and regulations.
III. The rights of users and data subjects
What are the users’ data protection rights?
I would like to make sure you are fully aware of all of your data protection rights. Every User and Client is entitled to the following:
The right to access - You have the right to request me for copies of your personal data.
The right to rectification - You have the right to request that I correct any information you believe is inaccurate. You also have the right to request me to complete the information you believe is incomplete.
The right to erasure - You have the right to request that I erase your personal data, under certain conditions.
The right to restrict processing - You have the right to request that I restrict the processing of your personal data, under certain conditions.
The right to object to processing - You have the right to object to my processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that I transfer the data that I have collected to another organization, or directly to you, under certain conditions.
If you make a request, I have one month to respond to you. If you would like to exercise any of these rights, please contact me at my email: firstname.lastname@example.org Call me at +491703637252
IV. Information about the data processing
How do I store, share and disclose my site visitors' personal information?
My website is hosted on the Wix.com platform. Wix.com provides me with an online platform that allows me to sell my services to you. Your data may be stored through Wix.com’s data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by me adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by my store and its service providers.
I will keep your personal data as long as it’s necessary to complete the service or the package of services. Once this time period has expired, I will delete your data by erasing them from my software.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to me as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to me cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract that requires you to send me your payment information (e.g. account number for direct debits), I will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit, Paypal) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to me cannot be read by third parties.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information.
When you visit my website, I may collect information from you, such as your browser, location data, or IP address, automatically through cookies or similar technology.
When you close your browser, these session cookies are deleted.
Please read third-party information about the collection and processing of data collected by them through cookies.
Third-party cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
For further information, visit allaboutcookies.org.
If you create a customer account with me via my website, I will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wishlist function). I also store your IP address and the date and time of your registration. This data will not be transferred to third parties.
If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.
If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with me or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.
You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform me that you are revoking your consent.
The data previously collected will then be deleted as soon as processing is no longer necessary. However, I must observe any retention periods required under tax and commercial law.
User comments, and ratings
If you post a comment on my website, I will process and publish your post, the date and time you submitted it, and any pseudonym you may have used.
The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform me in a simple email that you are revoking your consent.
In addition, I will also process your IP address and email address. The IP address is processed because I might have a legitimate interest in taking or supporting further action if your post infringes on the rights of third parties and/or is otherwise unlawful.
In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR. my legitimate interest lies in any legal defense I may have to mount.
Privacy policies of other websites
I maintain an online presence on Twitter to present myself as a freelancer and my services and to communicate with customers/prospects. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
I would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. I also do not have access to this user data. Access is only available to Twitter. Twitter Inc. is certified under the Privacy Shield and committed to adhering to European privacy standards.
I maintain an online presence on Pinterest to present myself as a freelancer and my services and to communicate with customers/prospects. Pinterest is a service of Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.
I would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. I also do not have access to this user data. Access is only available to Pinterest. Pinterest Inc. is certified under the Privacy Shield and committed to comply with European privacy standards.
To advertise my products and services as well as to communicate with interested parties or customers, I have a presence on the Facebook platform.
On this social media platform, I am jointly responsible for Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
The data protection officer of Facebook can be reached via this contact form: https://www.facebook.com/help/contact/540977946302970
I have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. My legitimate interest lies in the analysis, communication, sales, and promotion of my products and services.
The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.
When accessing my online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).
This data of the user is used for statistical information on the use of my company's presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access my site, Facebook Ireland Ltd. will also link this data to your user account.
If you contact me via Facebook, the personal data you provide at that time will be used to process the request. I will delete this data once I have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.
Facebook Ireland Ltd. might also set cookies when processing your data.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Facebook may be fully usable.
It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.
Facebook Inc. has submitted to the EU-US Privacy Shield, thereby complying with the data protection requirements of the EU when processing data in the USA.
Social media links via graphics
I also integrate the following social media sites into my website. The integration takes place via a linked graphics of the respective site. The use of these graphics stored on my own servers prevents the automatic connection to the servers of these networks for their display. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network.
Once you click, that network may record information about you and your visit to my site. It cannot be ruled out that such data will be processed in the United States.
Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to my site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored in your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly.
The following social networks are integrated into my site by linked graphics:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
EU-US Privacy Shield https://www.privacyshield.gov/…0000TORzAAO&status=Active
Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.
EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Analytics and third-party tools
To optimize the users’ experience, I use the following third-party tools:
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Google Web Fonts
For a uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
When you call up a page of my website that contains a social plugin, your browser makes a direct connection with Google servers. Google thus becomes aware that my web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of my website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
My website uses Google Maps to display my location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).
Through certification according to the EU-US Privacy Shield
Google guarantees that it will follow the EU's data protection regulations when processing data in the United States.
To enable the display of certain fonts on my website, a connection to the Google server in the USA is established whenever my website is accessed.
If you access the Google Maps components integrated into my website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display my location and create a route description. I cannot prevent Google from using servers in the USA.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. my legitimate interest lies in optimizing the functionality of my website.
By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
Google also offers further information at
My website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.
If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
(Written with the help of Model Data Protection Statement for Anwaltskanzlei Weiß & Partner and my own adaptation)
Last updated: 17.01.2020