Privacy Policy

 

Personal data (usually referred to just as "data" below) will only be processed by me to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation, "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under my own control or in conjunction with others. I also inform you below about the third-party components I use to optimize my website and improve the user experience which may result in said third parties also processing data they collect and control.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

 

My privacy policy is structured as follows:

I. Information about me as controllers of your data

II. Data collection on my website

III. The rights of users and data subjects

IV. Information about the data processing

I. Information about the controllers of your data

As the operator of this website, I’m responsible for protecting your data in a lawful manner.

Maria Lupandina

Erich-Weinert-Str. 4

10439 Berlin

Germany

Telephone: 01703637252

Email: contact@marialupandina.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

 

II. Data collection on my website

What type of information do I collect?

I receive, collect and store any information you enter on my website or provide me in any other way. In addition, I collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. I may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. I also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, recommendations, and personal profile.

How do I collect information?

You directly provide me with your data such as your name, address and email address. I collect personal information when you

  • submit a contact form,

  • register online and/or place an order for any of my services,

  • contact me via the contact email address,

  • voluntarily complete a customer survey or provide feedback on any of my message boards or via email, 

  • use or view my website via your browser's cookies. 

When you visit my website, other non-personal data are collected automatically by my IT systems, such as the browser and operating system you are using or when you accessed the page.

Why do I collect such personal information?

I collect such Non-personal and Personal Information for the following purposes:

  • to provide and operate the Services;

  • to provide the Users of the website and my Clients with ongoing customer assistance and technical support;

  • to be able to contact my Visitors and Users with general or personalized service-related notices and promotional messages;

  • to create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which I may use to provide and improve my respective services; 

  • to comply with any applicable laws and regulations.

III. The rights of users and data subjects

What are the users’ data protection rights?

I would like to make sure you are fully aware of all of your data protection rights. Every User and Client is entitled to the following: 

  • The right to access - You have the right to request me for copies of your personal data. 

  • The right to rectification - You have the right to request that I correct any information you believe is inaccurate. You also have the right to request me to complete the information you believe is incomplete. 

  • The right to erasure - You have the right to request that I erase your personal data, under certain conditions. 

  • The right to restrict processing - You have the right to request that I restrict the processing of your personal data, under certain conditions. 

  • The right to object to processing - You have the right to object to my processing of your personal data, under certain conditions. 

  • The right to data portability - You have the right to request that I transfer the data that I have collected to another organization, or directly to you, under certain conditions. 

If you make a request, I have one month to respond to you. If you would like to exercise any of these rights, please contact me at my email: contact@marialupandina.com Call me at +491703637252

 

IV. Information about the data processing

How do I store, share and disclose my site visitors' personal information?

Wix.com

My website is hosted on the Wix.com platform. Wix.com provides me with an online platform that allows me to sell my services to you. Your data may be stored through Wix.com’s data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by Wix.com and used by me adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by my store and its service providers.

I will keep your personal data as long as it’s necessary to complete the service or the package of services. Once this time period has expired, I will delete your data by erasing them from my software.

 

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to me as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to me cannot be read by third parties.

 

Encrypted payments on this website

If you enter into a contract that requires you to send me your payment information (e.g. account number for direct debits), I will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit, Paypal) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to me cannot be read by third parties.

 

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information.

 

Session Cookies

When you visit my website, I may collect information from you, such as your browser, location data, or IP address,  automatically through cookies or similar technology. 

When you close your browser, these session cookies are deleted.

 

Third-party cookies

If necessary, my website may also use cookies from companies with whose tools I use for the purpose of advertising, analyzing, or improving the features of my website.

Please read third-party information about the collection and processing of data collected by them through cookies.

Third-party cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary to allow electronic communications or to provide certain functions you wish to use (such as a shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

 

For further information, visit allaboutcookies.org

 

Customer account/registration

If you create a customer account with me via my website, I will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wishlist function). I also store your IP address and the date and time of your registration. This data will not be transferred to third parties.

During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by me will be used exclusively to provide your customer account. 

If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.

If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with me or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.

You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform me that you are revoking your consent.

The data previously collected will then be deleted as soon as processing is no longer necessary. However, I must observe any retention periods required under tax and commercial law.

 

User comments, and ratings

If you post a comment on my website, I will process and publish your post, the date and time you submitted it, and any pseudonym you may have used.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform me in a simple email that you are revoking your consent.

In addition, I will also process your IP address and email address. The IP address is processed because I might have a legitimate interest in taking or supporting further action if your post infringes on the rights of third parties and/or is otherwise unlawful.

In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR. my legitimate interest lies in any legal defense I may have to mount.

 

Privacy policies of other websites

My website contains links to other websites. My privacy policy applies only to my website, so if you click on a link to another website, you should read their privacy policy. 

 

Twitter

I maintain an online presence on Twitter to present myself as a freelancer and my services and to communicate with customers/prospects. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

I would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. I also do not have access to this user data. Access is only available to Twitter. Twitter Inc. is certified under the Privacy Shield and committed to adhering to European privacy standards.

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

The privacy policy of Twitter can be found at https://twitter.com/privacy

 

Pinterest

I maintain an online presence on Pinterest to present myself as a freelancer and my services and to communicate with customers/prospects. Pinterest is a service of Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

I would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. I also do not have access to this user data. Access is only available to Pinterest. Pinterest Inc. is certified under the Privacy Shield and committed to comply with European privacy standards.

https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active

The Pinterest privacy policy can be found here:

https://policy.pinterest.com/de/privacy-policy

 

Facebook

To advertise my products and services as well as to communicate with interested parties or customers, I have a presence on the Facebook platform.

On this social media platform, I am jointly responsible for Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

The data protection officer of Facebook can be reached via this contact form: https://www.facebook.com/help/contact/540977946302970

I have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. My legitimate interest lies in the analysis, communication, sales, and promotion of my products and services.

The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.

When accessing my online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).

This data of the user is used for statistical information on the use of my company's presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access my site, Facebook Ireland Ltd. will also link this data to your user account.

If you contact me via Facebook, the personal data you provide at that time will be used to process the request. I will delete this data once I have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.

Facebook Ireland Ltd. might also set cookies when processing your data.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Facebook may be fully usable.

Details on the processing activities, their suppression, and the deletion of the data processed by Facebook can be found in its privacy policy: https://www.facebook.com/privacy/explanation

It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.

Facebook Inc. has submitted to the EU-US Privacy Shield, thereby complying with the data protection requirements of the EU when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

 

Social media links via graphics

I also integrate the following social media sites into my website. The integration takes place via a linked graphics of the respective site. The use of these graphics stored on my own servers prevents the automatic connection to the servers of these networks for their display. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network.

Once you click, that network may record information about you and your visit to my site. It cannot be ruled out that such data will be processed in the United States.

Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to my site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored in your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly.

The following social networks are integrated into my site by linked graphics:

 

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Privacy Policy: https://www.facebook.com/policy.php

EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

 

Twitter

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Privacy Policy: https://twitter.com/privacy

EU-US Privacy Shield https://www.privacyshield.gov/…0000TORzAAO&status=Active

 

Pinterest

Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

Privacy Policy: https://policy.pinterest.com/de/privacy-policy

EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active

 

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

 

Analytics and third-party tools

To optimize the users’ experience, I use the following third-party tools: 

 

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

 

Google Web Fonts

For a uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

When you call up a page of my website that contains a social plugin, your browser makes a direct connection with Google servers. Google thus becomes aware that my web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of my website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

 

Google-Maps

My website uses Google Maps to display my location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google guarantees that it will follow the EU's data protection regulations when processing data in the United States.

To enable the display of certain fonts on my website, a connection to the Google server in the USA is established whenever my website is accessed.

If you access the Google Maps components integrated into my website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display my location and create a route description.  I cannot prevent Google from using servers in the USA.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. my legitimate interest lies in optimizing the functionality of my website.

By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=en and the Terms and Conditions for Google Mapshttps://www.google.com/intl/de_de/help/terms_maps.html.

Google also offers further information at

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

 

PayPal

My website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

(Written with the help of Model Data Protection Statement for Anwaltskanzlei Weiß & Partner and my own adaptation)

Last updated: 17.01.2020