top of page

PRIVACY POLICY

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent. The privacy policy applies to all data processing carried out by us, both as part of our service provision and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online offer").

The terms used are not gender-specific.

As of: July 4, 2024

Table of Contents

  • Preamble

  • Controller

  • Overview of Processing Activities

  • Relevant Legal Bases

  • Security Measures

  • General Information on Data Storage and Deletion

  • Rights of Data Subjects

  • Provision of the Online Offer and Web Hosting

  • Contact and Inquiry Management

  • Plugins and Embedded Functions and Content

Controller

Paula Wisniewski Bachstr. 87 45699 Herten, Germany

Email: hi@paulaandchris.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data

  • Contact data

  • Content data

  • Usage data

  • Meta, communication, and procedural data

  • Log data

Categories of Data Subjects

  • Communication partners

  • Users

Purposes of Processing

  • Communication

  • Security measures

  • Organizational and administrative procedures

  • Feedback

  • Provision of our online offer and user-friendliness

  • Information technology infrastructure

Relevant Legal Bases

Relevant legal bases under the GDPR: The following is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.

  • Contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject's request.

  • Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR) - The processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG). The BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Notice on the applicability of the GDPR and the Swiss DSG: These data protection notices serve both to provide information under the Swiss DSG and the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "particularly sensitive personal data" used in the Swiss DSG, the terms "processing" of "personal data" and "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms is still determined by the Swiss DSG in the context of its applicability.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to the data, input, transmission, securing availability, and separation. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. We also consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and through privacy-friendly default settings.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the consents underlying the processing are revoked or other legal bases cease to apply. This means, for example, if the purpose of the processing of the data ceases to apply, or the data is no longer required for this purpose.

In cases where legal retention periods apply, the data will be blocked for further use and only retained for the legally required period.

Our data protection notices may also contain additional information on the storage and deletion of data, which apply specifically to the respective processing operations.

If multiple specifications for retention periods or deletion deadlines for data exist, the longest period applies.

If a period does not explicitly start on a specific date and lasts at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships, the triggering event is the effective date of termination or other termination of the legal relationship.

Data that is no longer required for the original intended purpose, but needs to be retained due to legal requirements or other reasons, will be processed solely for the reasons justifying its retention.

Further notes on processing activities, procedures, and services:

Storage and deletion of data:

The following general periods apply for storage and archiving under German law:

  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the necessary organizational documents and other records required for their understanding, booking receipts, and invoices (§ 147 Abs. 3 in conjunction with Abs. 1 Nr. 1, 4, and 4a AO, § 14b Abs. 1 UStG, § 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB).

  • 6 years - Other business documents: received trade or business letters, reproductions of sent trade or business letters, other documents relevant to taxation, such as hourly wage slips, operating calculation sheets, calculation documents, price labels, but also payroll documents, as long as they are not already booking receipts and cash strips (§ 147 Abs. 3 in conjunction with Abs. 1 Nr. 2, 3, 5 AO, § 257 Abs. 1 Nr. 2 and 3, Abs. 4 HGB).

  • 3 years - Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights and associated inquiries, based on previous business experiences and common industry practices, will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object, at any time, for reasons arising from your particular situation, to the processing of your personal data, which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling, to the extent that it is related to such direct marketing.

  • Right to withdraw consent: You have the right to withdraw consent given at any time.

  • Right of access: You have the right to request confirmation as to whether the relevant data is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.

  • Right to rectification: You have the right to request the completion or rectification of your data in accordance with the legal requirements.

  • Right to erasure and restriction of processing: You have the right to request that your data be deleted immediately, or alternatively to request a restriction of the processing of the data in accordance with the legal requirements.

  • Right to data portability: You have the right to receive your data, which you have provided to us, in a structured, commonly used, and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.

  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

Provision of the Online Offer and Web Hosting

We process users' data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g., pages visited, interest in content, access times), meta, communication, and procedural data (e.g., IP addresses, time of access).

  • Purposes of processing: Provision of our online offer and user-friendliness, information technology infrastructure.

  • Legal basis: Legitimate interests (Art. 6(1) lit. f GDPR).

Contact and Inquiry Management

When you contact us (e.g., by contact form, email, telephone, or via social media), we process your data to handle the contact inquiry and its processing.

  • Types of data processed: Contact data (e.g., email, telephone numbers), content data (e.g., text input, photographs, videos).

  • Purposes of processing: Communication and handling of inquiries.

  • Legal basis: Legitimate interests (Art. 6(1) lit. f GDPR), performance of a contract and pre-contractual inquiries (Art. 6(1) lit. b GDPR).

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offer, which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content or functions. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other details regarding the use of our online offer, as well as being linked to such information from other sources.

Notes on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for the data processing is consent. Otherwise, the user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to point out the information on the use of cookies in this privacy policy.

Processed Data Types: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers). Content data (e.g., text or image messages and contributions as well as the information relating to them, such as authorship details or time of creation).

Affected Persons: Users (e.g., website visitors, users of online services).

Purposes of Processing: Provision of our online offer and user-friendliness.

Retention and Deletion: Deletion according to the details in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users' devices for a period of two years).

Legal Bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Legitimate Interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further notes on processing procedures, methods, and services:

YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff.

Created with the free privacy policy generator from Dr. Thomas Schwenke

bottom of page