The security and protection of your personal data is very important to me. Therefore, I would like you to be informed about the processing of personal data (referred to as ‘data’ below) within the scope of my internet presence at https://monikadeimling.com There also exist third party websites which are linked to my website to optimize it and improve the user experience. For this reason, I provide you with relevant information about the third-party components which may result in processing the data they collect.
- Information About me as the Data Controller
My website address is: https://monikadeimling.com.
- Affected Parties, Type of Data and the Time and Purpose of Collecting and Processing
When you visit my website at https://monikadeimling.com, the following information is automatically collected and temporarily stored:
- Usage data (e.g. the date and time of access, previously visited website)
- Meta or communication data (e.g. the browser and, if applicable, your computer’s operating system and the name of your access provider, IP addresses)
Furthermore, the data you send me as the user of my website is also affected by the collection and processing, for example, through contacting me using the provided contact options or by filling in the application form. In this context, the following information may be collected and processed:
- User’s inventory data (e.g. name and address)
- User’s contact or communication data (e.g. e-mail address or phone number)
- Further content data (e.g. by using the contact form or by uploading photographs)
I also collect and process your data as part of my business activities, for the provision of my website (by a hosting provider), for administration, financial accounting, office organisation and/or contact management as well as for business management analysis (see also Section 15 of the declaration). In addition to the data listed above, the following data may be collected and processed by me or my hosting provider:
- Contract data (e.g. customer’s name and address, prospect or business partner, contract’s subject matter, portfolio)
- Payment data (e.g. name, bank details, payment history)
- Inventory data, contact data, content data, usage data, metadata, communication data (see above for examples of the individual points)
The purpose of collecting and processing the above-mentioned data is:
- the provision of my website, including its functions and contents as well as the guarantee of a smooth user experience for the website visitors (g. provision of a contact form, infrastructure and platform services, computing capacity, storage space and database services, e-mail transmission, security services and technical maintenance services),
- the guarantee of communication with customers, interested parties or business partners (e.g. by the possibility of answering your contact inquiries or the possibility of a later establishment of contact),
- enabling measures for system security and stability
- implementation of a range measurement/marketing/market research/advertising
- provision of contractual services (e.g. checking your inquiry) and customer care,
- ensuring a functioning business (e.g. through administration, financial accounting, office organization, archiving of data),
- adaptation and optimisation of my Internet presence to the user’s needs (this includes e.g. contractual partners, interested parties, customers or website visitors).
- Relevant Legal Bases
According to Art. 13 GDPR, I am obligated to inform you about the legal basis of my data processing. First of all, the basis of data collection and data processing is my legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. This results from the purpose listed under No. 2. If I obtain your consent for the collection and processing of your personal data, the corresponding legal bases are Art. 6 para. 1 lit. a and Art. 7 GDPR. The processing to fulfil my legal obligations is carried out on the basis of Art. 6 para. 1 lit. c GDPR. In addition, I collect and process data within the scope of my performance, contract execution and processing of inquiries on the basis of Art. 6 Para. 1 lit. b GDPR. The legal basis for the processing of data based on the vital interests of the data subject or another natural person is Art. 6 para. 1 lit. d GDPR. Should the processing be carried out on further legal bases, I will expressly point this out.
- Security of Processing
In accordance with Art. 32 GDPR and with the collaboration of contract processors, I take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity fort he rights and freedoms of natural persons.
Such measures include, inter alia:
- the pseudonymisation and SSL encryption of personal data;
- the ability to ensure the long-term confidentiality, integrity, availability and resilience of the systems and services associated with the processing;
- the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident;
- a procedure for the regular review, testing and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing.
In addition, I take appropriate technical and organisational measures to ensure that only personal data whose processing is necessary for the respective specific processing purpose is processed by default. This obligation applies to the amount of personal data, the scope of its processing, its storage period and its accessibility. The measures also ensure in particular that personal data cannot be made accessible to an indefinite number of natural persons without my intervention (Art. 25 GDPR).
- Data Subject Rights
You have the right:
- to request information from me as to whether or not I process your personal data; if this is the case, you have information rights on this personal data and on further information in accordance with Art. 15 GDPR (e.g. the purpose of the processing, the categories of personal data being processed or, if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration).
- to request the correction or completion of incorrect or incomplete personal data concerning you (Art. 16 GDPR).,
- to request me to erase any personal data relating to you without delay (Art. 17 GDPR). In accordance with Art. 18 GDPR, you may also request me to restrict the processing of your data.,
- to receive the personal data concerning you, which you have previously provided to me, in a structured, commonly used and machine-readable format (Art. 20 GDPR). You also have the right to transfer this data to another controller without my interference in accordance with Art. 20 GDPR,
- to withdraw any consent you may have given at any time (Art. 7 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,
- to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
- Right to Object
You also have the right to object to the future processing of your personal data at any time in accordance with Art. 21 GDPR.
- Cookies and the Right to Object in Direct Advertising
Many Internet browsers automatically accept cookies. However, if you do not want them to be accepted and thus stored on your end device, you can configure your browser settings so that no cookies are stored or a message always appears before a new cookie is created. In addition, cookies that have already been saved can be subsequently deleted in the settings of your browser. However, please note that complete removal and deactivation of cookies may prevent you from using all functions of my website.
- Retention and Erasure of Data
The legal basis for the storage of your data within the scope of my business operations in documents such as books, accounting documents or other records in Germany is §§ 147 para. 1 Fiscal Code of Germany (AO), 257 para. 1 no. 1 and 4, para. 4 German Commercial Code (HGB). This is a retention obligation for 10 years (tax retention obligation). If your data is available to me in the context of commercial letters, it must be kept for 6 years in accordance with § 257 Para. 1 No. 2 and No. 3, Para. 4 HGB (commercial law retention obligation).
If you contact me (e.g. via the contact form, e-mail or telephone), your data will be stored and processed to process and handle the contact request in accordance with Art. 6 Para. 1 lit. b) GDPR. However, I delete the data if it is no longer necessary. The necessity is reviewed every two years; in addition, the statutory archiving obligations apply.
- Integration of Third Party Services and Third Party Content
I use content or service offers from third parties within my webpage on the basis of my legitimate interests (i.e. interest in the analysis, optimisation and economic operation of my webpage pursuant to Art. 6 para. 1 lit. f. GDPR) in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as content).
This always requires that the third party providers of this content perceive the IP address of the user since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. I make every attempt to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate certain information on the website (e.g. visitor traffic on the pages of this website). The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of my webpage, as well as be linked to such information from other sources.
- Customer Account or Registration
- Google Analytics
I use the Google Analytics service, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“), to adapt and optimise my website to the needs of users (this includes e.g. contractual partners, interested parties, customers, visitors to my website).
Google creates and uses pseudonymised user profiles and cookies. The information generated by the cookie about your use of my website is transferred to a Google server in the USA and stored there. The information is used to enable an evaluation of website usage, to document website activities and to provide further services associated with website and internet usage for market research and design purposes. By subjecting Google to the Privacy Shield Agreement, Google guarantees that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
I use Google Analytics within the framework of my website with activated IP anonymisation. Your IP address will be reduced by Google within the EU member states or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases will the full IP address be transmitted to a Google server in the USA, where it will subsequently be reduced. Your IP address will not be combined with other information that may also be available to Google.
- Social Media
On my website, I use the Instagram social network plug-in offered by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (hereinafter referred to as “Instagram”) to improve quality (legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR).
When you visit a Web page that contains the Instagram plug-in, your Internet browser downloads a representation of the plug-in from Instagram’s servers in the United States. Instagram stores and processes the website you visit, your IP address as well as the date and time of your access.
If you are logged in with your Instagram account when using my website, your data can be linked to your Instagram account. This will store the information you share in your Instagram account and may publish it on the Instagram platform. To prevent this, you must log out of your Instagram account before using my website. Alternatively, you can adjust the settings in your Instagram user account so that the data is not linked. For more information about Instagram’s data collection and processing, please visit https://help.instagram.com/155833707900388/.
- Links to External Websites
This website may contain links to external sites. I have no influence on the contents of external linked websites and are therefore not responsible for them, in particular, I do not adopt their contents as my own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or contents on this page, you are welcome to inform me. In this case, I will review the content and respond appropriately (notice and takedown procedure).
- Inclusion, Validity and Updating of the Data Protection Declaration
I need to be able to change my privacy practices and this privacy statement to adapt them to changes in laws and regulations or to better meet your needs (e.g. if my website is further developed). The current version of my data protection declaration is available for review, download and/or print on my website at any time.