We are very pleased that you are interested in our organization. The protection of your
Personal Data is particularly important to our management. As a rule, you can use our
websites without disclosing any Personal Data to us. However, if you wish to use more specific
services via our websites, including our other websites, applications and social media pages,
we may have to process your Personal Data. If we wish to process data about you and we
cannot rely on any other legal basis, we will always ask you for your Consent first (e.g. via a
cookie banner).
We always comply with applicable data protection laws when handling your Personal Data
(such as name, address, email or telephone number). With this Privacy Policy, we inform you
about which data we process. This Privacy Policy also explains to you what rights you have as
a Data Subject.
We have taken various technical and organizational measures to protect your data on our
websites in the best possible way. Nevertheless, there are always risks on the internet and
complete protection is not possible. For this reason, you can also transmit your Personal Data
to us by other means, for example by telephone, if you prefer.
This Privacy Policy is not only intended to fulfill the obligations under GDPR and to comply
with the law of the Member States of the European Union (EU) and the European Economic
Area (EEA). This Privacy Policy is also intended to comply with legislation such as UK data
protection laws (UK-GDPR), Swiss Federal Data Protection Act and Swiss Data Protection
Ordinance (DSG, DSV), California Consumer Privacy Act (CCPA/CPRA), China’s Personal
Information Protection Law (PIPL), Delaware Personal Data Privacy Act (DPDPA), Tennessee
Information Protection Act (TIPA), Minnesota Consumer Data Privacy Act (MCDPA), Iowa Act
Relating to Consumer Data Protection (ICDPA), Maryland Online Data Privacy Act (MODPA),
Nebraska Data Privacy Act (NDPA), New Hampshire Consumer Data Privacy Law (SB255),
New Jersey Data Privacy Law (SB332), South Carolina Consumer Privacy Bill (House Bill
4696) and other global data protection regulations and shall be interpreted accordingly. The
following Privacy Policy shall be interpreted for each country, state or federal state in such a
way that the terms and legal bases used correspond to the terms and legal bases used in the
respective state or federal state.
For reasons of better readability, the simultaneous use of the language forms male, female,
diverse and other gender identities (m/f/d/other) is avoided on our websites, in publications,
in communication and in our Privacy Policy. All formulations used apply equally to all
genders.
If you have any suggestions for improving the texts in this Privacy Policy or if you want to hire
an External Data Protection Officer, please contact the author of the text: Prof. Dr. h.c. Heiko Jonny Maniero, LL.B., LL.M. mult., M.L.E..
In our Privacy Policy, we use special terms from various data protection laws. We want our
statement to be easy to understand and therefore explain these terms in advance.
The following definitions shall be interpreted or expanded, as appropriate, based on the case
law of the General Court of the European Union (EGC), the European Court of Justice (ECJ), the
Swiss Federal Supreme Court (SFSC), the Supreme Court of the United Kingdom (UKSC) or on
national data protection laws or national case law of a state or federal state, including but
not limited to California, including case law, also under common law, if this is necessary for
the application of the law in individual cases.
We use the following terms, among others, in this Privacy Policy:
a) Personal Data
Personal Data means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person, or who must be regarded
as such under national data protection legislation or national jurisdiction of a state or federal
state, including under common law.
b) Data Subject
Data Subject is any identified or identifiable natural person whose Personal Data is processed
by the Controller, a Processor, an international organization or another data recipient, and
persons who must be regarded as such under national data protection laws or national
jurisdiction of a state or federal state, including case law, also under common law.
c) Processing
Processing is any operation or set of operations which is performed on Personal Data or on
sets of Personal Data, whether or not by automated means, such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of Processing is the marking of stored Personal Data with the aim of limiting their
Processing in the future.
e) Profiling
Profiling is any form of automated Processing of Personal Data consisting of the use of
Personal Data to evaluate certain personal aspects relating to a natural person, in particular
to analyse or predict aspects concerning that natural person’s performance at work,
economic situation, health, personal preferences, interests, reliability, behaviour, location or
movements.
f) Pseudonymization
Pseudonymization is the Processing of Personal Data in such a manner that the Personal Data
can no longer be attributed to a specific Data Subject without the use of additional
information, provided that such additional information is kept separately and is subject to
technical and organizational measures to ensure that the Personal Data are not attributed to
an identified or identifiable natural person.
g) Controller
The Controller is the natural or legal person, public authority, agency or other body which,
alone or jointly with others, determines the purposes and means of the Processing of Personal
Data. Where the purposes and means of such Processing are determined by Union or Member
State law, the Controller or the specific criteria for its nomination may be provided for by
Union or Member State law.
h) Processor
A Processor is a natural or legal person, public authority, agency or other body which
processes Personal Data on behalf of the Controller.
i) Recipient
A Recipient is a natural or legal person, public authority, agency or another body, to which
the Personal Data are disclosed, whether a Third Party or not. However, public authorities
which may receive Personal Data in the framework of a particular inquiry in accordance with
Union or Member State law shall not be regarded as recipients.
j) Third Party
A Third Party is a natural or legal person, public authority, agency or body other than the
Data Subject, Controller, Processor and persons who, under the direct authority of the
Controller or Processor, are authorised to process Personal Data.
k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the Data
Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies
agreement to the Processing of Personal Data relating to him or her.
The Controller within the meaning of the General Data Protection Regulation, other data
protection laws applicable in the Member States of the European Union and the European
Economic Area, British data protection laws, Swiss data protection laws (DSG, DSV),
Californian data protection law (CCPA/CPRA), Chinese data protection law (PIPL), as well as
international laws and provisions with a data protection nature is:
Luisa Dethloff – Style Sentiments
Hauptstraße 13
19374 Klinken
Phone: 03872220541
eMail: info@stylesentiments.com
Website: https://stylesentiments.com
Our websites collect a range of general data and information each time the websites are
accessed by a Data Subject or an automated system. This general data and information are
stored in the log files of the respective server. Among other things, the (1) browser types and
versions used, (2) the operating system used by the accessing system, (3) the website from
which an accessing system accesses our websites (so-called referrer), (4) the sub-websites
which are accessed via an accessing system on our websites, (5) the date and time of access to
the website, (6) an internet protocol address (IP address), (7) the internet service provider of
the accessing system and (8) other similar data and information used for security purposes in
the event of attacks on our information technology systems can be recorded.
When using this general data and information, we generally do not draw any conclusions
about the Data Subject. Rather, this information is required to (1) correctly deliver the
content of our websites, (2) optimize the content of our websites and the advertising for them,
(3) ensure the long-term functionality of our information technology systems and the
technology of our websites and (4) provide law enforcement authorities with the information
necessary for criminal prosecution in the event of a cyber-attack. This anonymously collected
data and information is therefore evaluated by us both statistically and with the aim of
increasing data protection and data security in our organisation to ultimately ensure an
optimal level of protection for the Personal Data processed by us. The data of the server log
files are stored separately from all Personal Data provided by a Data Subject.
The purpose of processing is to avert danger and ensure IT security, as well as the
aforementioned purposes. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is the
protection of our information technology systems. The log files are deleted after the stated
purposes have been achieved.
Our website contains information that enables quick electronic contact with our organisation
as well as direct communication with us, which also includes a general address of the socalled electronic mail (email address) and possibly a telephone number. If a Data Subject
contacts us by email, via a contact form, via an input form or in any other way, the Personal
Data transmitted by the Data Subject will be stored automatically. This Personal Data
transmitted to us on a voluntary basis by a Data Subject is processed for the purposes of usage
or contacting the Data Subject.
We obtain your Consent for the transmission, storage and Processing of your contact data and
inquiries and for contacting you in accordance with Art. 6 (1) (a) GDPR and Art. 49 (1) (1) (a)
GDPR as follows:
By transmitting your Personal Data, you voluntarily consent to the Processing of the
Personal Data you have entered or transmitted for the purposes of processing the
inquiry and contacting you. By transmitting your data to us, you also voluntarily give
your explicit Consent in accordance with Art. 49 (1) (1) (a) GDPR to data transfers to
third countries to and by the companies named in this Privacy Policy and for the
purposes stated, in particular for such transfers to third countries for which there is
or is not an adequacy decision by the EU/EEA and to companies or other bodies that
are not subject to an existing adequacy decision on the basis of self-certification or
other accession criteria and in which or for which there are significant risks and no
suitable guarantees for the protection of your Personal Data (e.g. due to Section 702
FISA, Executive Order EO12333 and the CloudAct in the USA). When you gave your
voluntary and explicit Consent, you were aware that there may not be an adequate
level of data protection in third countries and that your data subject rights may not
be enforceable. You can withdraw your Consent under data protection law at any
time with effect for the future. The withdrawal of Consent does not affect the
lawfulness of Processing based on Consent before its withdrawal. With a single
action (entry and transmission), you give several Consents. These are Consents
under EU/EEA data protection law as well as those under the CCPA/CPRA, ePrivacy
and telemedia law, and other international legislation, which are required, among
other things, as a legal basis for any planned further Processing of your Personal
Data. With your action, you also confirm that you have read and taken note of this
Privacy Policy.
We process and store Personal Data for the period required to achieve the purpose of
processing or if this has been provided for by the European legislator or another legislator in
laws or regulations to which we are subject, or if a legal basis for the Processing exists.
If the purpose of processing no longer applies or if a storage period prescribed by the
European legislator or another competent legislator expires, or if the legal basis for the
Processing no longer applies, the Personal Data will be routinely restricted or deleted in
accordance with the statutory provisions.
a) Right to confirmation
Each Data Subject has the right to obtain from the Controller confirmation as to whether or
not Personal Data concerning him or her is being processed.
If a Data Subject wishes to exercise this right, he or she may contact us at any time.
b) Right to information
Each Data Subject has the right to obtain from the Controller free information about the
Personal Data stored about him/her and a copy of this data at any time. Furthermore, the
European legislator has granted the Data Subject access to the following information:
• the purposes of processing,
• the categories of Personal Data that are processed,
• the recipients or categories of recipients to whom the Personal Data have been or will be
disclosed, in particular recipients in third countries or international organizations,
• where possible, the envisaged period for which the Personal Data will be stored, or, if not
possible, the criteria used to determine that period,
• the existence of the right to request from the Controller rectification or erasure of Personal
Data or Restriction of Processing of Personal Data concerning the Data Subject or to object to
such Processing,
• the existence of a right to lodge a complaint with a supervisory authority,
• if the Personal Data is not collected from the Data Subject: All available information about
the origin of the data,
• the existence of automated decision-making, including Profiling, referred to in Art. 22 (1)
and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as
well as the significance and the envisaged consequences of such Processing for the Data
Subject.
Furthermore, the Data Subject has a right to information as to whether Personal Data has
been transferred to a third country or to an international organization.
If this is the case, the Data Subject also has the right to obtain information about the appropriate safeguards in
connection with the transfer.
If a Data Subject wishes to exercise this right, he or she may contact us at any time.
c) Right to rectification
Each Data Subject has the right to demand the immediate correction of incorrect Personal
Data concerning them. Furthermore, the Data Subject has the right to request the completion
of incomplete Personal Data, including by means of a supplementary declaration, taking into
account the purposes of the Processing.
If a Data Subject wishes to exercise this right, he or she may contact us at any time.
d) Right to erasure (right to be forgotten)
Each Data Subject has the right, to obtain from the Controller the erasure of Personal Data
concerning him or her without undue delay, and the Controller shall have the obligation to
erase Personal Data without undue delay where one of the following grounds applies, as long
as the Processing is not necessary:
• Personal Data was collected or otherwise processed for purposes for which it is no longer
necessary.
• The Data Subject withdraws Consent on which the Processing is based according to Art. 6
(1) (a) GDPR, or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the
Processing.
• The Data Subject objects to the Processing pursuant to Art. 21 (1) GDPR and there are no
overriding legitimate grounds for the Processing, or the Data Subject objects to the Processing
pursuant to Art. 21 (2) GDPR.
• Personal Data was processed unlawfully.
• The deletion of Personal Data is necessary to fulfill a legal obligation under Union law or the
law of the Member States to which the Controller is subject.
• The Personal Data was collected in relation to information society services offered in
accordance with Art. 8 (1) GDPR.
If one of the aforementioned reasons applies, and a Data Subject wishes to request the erasure
of Personal Data stored by us, he or she may contact us at any time.
If we have made the Personal Data public and if our organisation is obliged to delete the
Personal Data in accordance with Art. 17 (1) GDPR, we shall take appropriate measures,
including technical measures, taking into account the available technology and the
implementation costs, to inform other data Controllers who process the published Personal
Data that the Data Subject has requested the deletion of all links to this Personal Data or of
copies or replications of this Personal Data from these other data Controllers, insofar as the
Processing is not necessary.
e) Right to Restriction of Processing
Each Data Subject has the right to obtain from the Controller Restriction of Processing where
one of the following applies:
• The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the
Controller to verify the accuracy of the Personal Data.
• The Processing is unlawful, and the Data Subject opposes the erasure of the Personal Data
and requests the restriction of their use instead.
• The Controller no longer needs the Personal Data for the purposes of the Processing, but
they are required by the Data Subject for the establishment, exercise or defense of legal
claims.
• The Data Subject has objected to Processing pursuant to Art. 21 (1) GDPR pending the
verification whether the legitimate grounds of the Controller override those of the Data
Subject.
If one of the aforementioned conditions is met, and a Data Subject wishes to request the
restriction of the Processing of Personal Data stored by us, he or she may contact us at any
time.
f) Right to data portability
Each Data Subject has the right to receive the Personal Data concerning him or her, which he
or she has provided to a Controller, in a structured, commonly used and machine-readable
format. He or she also has the right to transmit those data to another Controller without
hindrance from the Controller to which the Personal Data have been provided, where
Processing is based on Consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a
contract pursuant to Art. 6 (1) (b) GDPR and the Processing is carried out by automated
means, unless the Processing is necessary for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the Controller.
Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) GDPR, the
Data Subject has the right to have the Personal Data transmitted directly from one Controller
to another, where technically feasible and provided that this does not adversely affect the
rights and freedoms of others.
If a Data Subject wishes to exercise this right, he or she may contact us at any time.
g) Right to object
Each Data Subject has the right to object, on grounds relating to his or her particular
situation, at any time, to Processing of Personal Data concerning him or her, which is based
on point (e) or (f) of Article 6(1) of the GDPR. This also applies to Profiling based on these
provisions.
In the event of an objection, we will no longer process the Personal Data unless we can
demonstrate compelling legitimate grounds for the Processing which override the interests,
rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal
claims.
If we process Personal Data for direct marketing purposes, the Data Subject shall have the
right to object at any time to Processing of Personal Data concerning him or her for such
marketing. This also applies to Profiling insofar as it is associated with such direct
advertising. If the Data Subject objects to us to the Processing for direct marketing purposes,
we will no longer process the Personal Data for these purposes.
In addition, the Data Subject has the right, on grounds relating to his or her particular
situation, to object to Processing of Personal Data concerning him or her by us for scientific or
historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR,
unless the Processing is necessary for the performance of a task carried out for reasons of
public interest.
If a Data Subject wishes to exercise this right, he or she may contact us at any time. The Data
Subject is also free, in the context of the use of information society services, and
notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated
means using technical specifications.
h) Automated decisions in individual cases including Profiling
Each Data Subject has the right not to be subject to a decision based solely on automated
Processing, including Profiling, which produces legal effects concerning him or her, or
similarly significantly affects him or her, provided that the decision (1) is not necessary for the
conclusion or performance of a contract between the Data Subject and the Controller, or (2) is
authorized by Union or Member State law to which the Controller is subject and which also
lays down suitable measures to safeguard the Data Subject’s rights and freedoms and
legitimate interests, or (3) is based on the Data Subject’s explicit Consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the
Data Subject and a data Controller, or (2) it is based on the Data Subject’s explicit Consent, we
shall implement suitable measures to safeguard the Data Subject’s rights and freedoms and
legitimate interests, at least the right to obtain human intervention on the part of the
Controller, to express his or her point of view and contest the decision.
If a Data Subject wishes to exercise this right, he or she may contact us at any time.
i) Right to withdraw Consent under data protection law
Each Data Subject has the right to withdraw Consent to the Processing of Personal Data at
any time.
If a Data Subject wishes to exercise this right, he or she may contact us at any time.
The general purpose of processing of Personal Data is the handling of all activities relating to
the Controller, customers, interested parties, business partners or other contractual or precontractual relationships between the aforementioned groups (in the broadest sense) or legal
obligations of the Controller. This general purpose applies if no more specific purposes for
specific Processing are specified.
The categories of Personal Data that we process are customer data, prospective customer
data, employee data (including applicant data) and supplier data. The categories of recipients
of Personal Data are public bodies, external bodies, internal processing, intragroup processing
and other bodies.
A list of our Processors and data recipients in third countries and, if applicable, international
organizations is either published on our website or can be requested from us free of charge.
Art. 6 (1) (a) GDPR serves as the legal basis for Processing operations for which we obtain
Consent for a specific Processing purpose. If the Processing of Personal Data is necessary for
the performance of a contract to which the Data Subject is party, as is the case, for example,
when Processing operations are necessary for the supply of goods or to provide any other
service or consideration, Processing is based on Art. 6 (1) (b) GDPR. The same applies to such
Processing operations that are necessary to carry out pre-contractual measures, for example
in cases of inquiries about our products or services. If we are subject to a legal obligation
which requires the Processing of Personal Data, such as for the fulfillment of tax obligations,
Processing is based on Art. 6 (1) (c) GDPR.
In rare cases, it may be necessary to process Personal Data to protect the vital interests of the
Data Subject or another natural person. This would be the case, for example, if a visitor were
injured in our organisation and their name, age, health insurance data or other vital
information would have to be passed on to a doctor, hospital or other Third Party. The
Processing would then be based on Art. 6 (1) (d) GDPR.
If the Processing is necessary for the performance of a task carried out in the public interest
or in the exercise of official authority vested in the Controller, the legal basis is Art. 6 (1) (e)
GDPR.
Ultimately, Processing operations could be based on Art. 6 (1) (f) GDPR. This legal basis is
used for Processing operations which are not covered by any of the abovementioned legal
grounds, if Processing is necessary for the purposes of the legitimate interests pursued by our
organisation or by a Third Party, except where such interests are overridden by the interests
or fundamental rights and freedoms of the Data Subject which require protection of Personal
Data. We are permitted to carry out such Processing operations in particular because they
have been specifically mentioned by the European legislator. In this respect, it took the view
that a legitimate interest could be assumed, for example, if the Data Subject is a customer of
the Controller (Recital 47 Sentence 2 GDPR).
If the Processing of Personal Data is based on Art. 6 (1) (f) GDPR and no more specific
legitimate interests are stated, our legitimate interest is the performance of our business
activities for the benefit of the well-being of our staff and our shareholders.
We may send you direct advertising about our own goods or services that are similar to the
goods or services you have requested, commissioned or purchased. You may object to direct
advertising at any time (e.g. by email). You will not incur any costs other than the
transmission costs according to the basic rates. The Processing of Personal Data for direct
marketing purposes is based on Art. 6 (1) (f) GDPR. The legitimate interest is direct
marketing.
The criterion for the duration of the storage of Personal Data is the respective statutory
retention period. If there is no statutory retention period, the criterion is the contractual or
internal retention period. After this period has expired, the corresponding data is routinely
deleted if it is no longer required to fulfill or initiate a contract. This applies in particular to
all Processing operations for which no more specific criteria have been defined.
We would like to inform you that the provision of Personal Data is partly required by law (e.g.
tax regulations) or may also result from contractual obligations (e.g. information on the
contractual partner). Sometimes it may be necessary for a contract to be concluded for a Data
Subject to provide us with Personal Data that must subsequently be processed by us. For
example, Data Subjects are obliged to provide us with Personal Data if our organisation
concludes a contract with them. Failure to provide Personal Data would mean that the
contract with the Data Subject could not be concluded. The Data Subject must contact us
before providing Personal Data. We will inform the Data Subject on a case-by-case basis
whether the provision of the Personal Data is required by law or contract or is necessary for
the conclusion of the contract, whether there is an obligation to provide the Personal Data
and what the consequences would be if the Personal Data were not provided.
As a responsible company, we do not normally use automated decision-making or Profiling. If,
in exceptional cases, we carry out automated decision-making or Profiling, we will inform the
Data Subject either separately or via a sub-item in our Privacy Policy (here on our website). In
this case, the following applies:
Automated decision-making, including Profiling, may take place if (1) this is necessary for the
conclusion or performance of a contract between the Data Subject and us, or (2) this is
permissible on the basis of Union or Member State legislation to which we are subject and this
legislation contains appropriate measures to safeguard the rights and freedoms and
legitimate interests of the Data Subject, or (3) this takes place with the explicit Consent of the
Data Subject.
In the cases referred to in Art. 22 (2) (a) and (c) GDPR, we shall implement suitable measures
to safeguard the Data Subject’s rights and freedoms and legitimate interests. In these cases,
you have the right to obtain human intervention on the part of the Controller, to express your
point of view and to contest the decision.
Meaningful information on the logic involved and the scope and intended effects of such
Processing for the Data Subject will be provided in this Privacy Policy where applicable.
According to Art. 46 (1) GDPR, the Controller or Processor may only transfer Personal Data to
a third country if the Controller or Processor has provided appropriate safeguards and if
enforceable rights and effective legal remedies are available to the Data Subjects. Appropriate
safeguards can be provided by standard contractual clauses without the need for special
approval from a supervisory authority, Art. 46 (2) (c) GDPR.
The EU standard contractual clauses or other appropriate safeguards are agreed with all
recipients from third countries prior to the first transfer of Personal Data, or the transfers are
based on adequacy decisions. Consequently, it is ensured that appropriate safeguards,
enforceable rights and effective legal remedies are guaranteed for all Processing of Personal
Data. Any Data Subject can obtain a copy of the standard contractual clauses or adequacy
decisions from us. In addition, the standard contractual clauses and adequacy decisions are
available in the Official Journal of the European Union.
Art. 45 (3) GDPR authorizes the European Commission to decide by means of an implementing
decision that a non-EU country ensures an adequate level of protection. This means a level of
protection for Personal Data that essentially corresponds to the level of protection within the
EU. Adequacy decisions mean that Personal Data can flow from the EU (as well as from
Norway, Liechtenstein and Iceland) to a third country without further obstacles. Similar
regulations apply to the United Kingdom, Switzerland and some other countries.
In all cases where the European Commission, or a government or competent authority of
another country, has decided that a third country ensures an adequate level of protection
and/or a valid framework exists (e.g., EU-U.S. Data Privacy Framework, Swiss-U.S. Data
Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework), all transfers by us
to the members of such frameworks (e.g. self-certified entities) are based solely on the
membership of that entity in the respective framework or on the respective adequacy
decisions. If we or one of our group companies is a member of such a framework, all transfers
to us or our group company are based exclusively on the membership of the respective
company in this framework. If we or one of our group companies is located in a third country
with an adequate level of protection, all transfers to us or our group company are based solely
on the respective adequacy decisions.
Any Data Subject can obtain a copy of the frameworks from us. In addition, the frameworks
are also available in the Official Journal of the European Union or in the published legal
materials or on the websites of data protection supervisory authorities or other authorities or
institutions.
As the Controller, we are obliged to inform the Data Subject of the existence of the right to
lodge a complaint with a supervisory authority. The right to lodge a complaint is regulated in
Art. 77 (1) GDPR. According to this provision, without prejudice to any other administrative or
judicial remedy, every Data Subject has the right to lodge a complaint with a supervisory
authority, in particular in the Member State of his or her habitual residence, place of work or
place of the alleged infringement if the Data Subject considers that the Processing of Personal
Data relating to him or her infringes the General Data Protection Regulation. The right to
lodge a complaint has been restricted by the EU legislator to the effect that it can only be
exercised with a single supervisory authority (Recital 141 Sentence 1 GDPR). This provision is
intended to avoid duplicate complaints in the same matter by the same Data Subject. If a Data
Subject wishes to complain about us, it is therefore requested that only one supervisory
authority is contacted.
Complianz – GDPR/CCPA Cookie Consent is a WordPress plugin that supports compliance with
data protection regulations (GDPR and CCPA) by providing a user-friendly solution for
managing cookie Consents. This plugin helps website operators to obtain and document
legally required Consents for data Processing and cookie use from website visitors. It
processes and stores information about users’ Consent to cookies and their IP addresses.
The application is installed on our own IT infrastructure. We are the company operating the
service.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of using Complianz – GDPR/CCPA Cookie Consent is to comply with data
protection laws through the use of cookie Consent tools. Processing is based on Art. 6 (1) (c)
GDPR, as the Processing is necessary for compliance with a legal obligation to which our
organisation is subject.
The criteria for determining the duration for which the Personal Data is processed are the
statutory or contractual retention periods. The use of Personal Data is required by law, as it is
necessary to fulfill legal obligations in the area of data protection and Consent management.
Users are required to indicate their cookie preferences or reject cookies, and this information
must be stored to properly document the decision.
Further information about Complianz – GDPR/CCPA Cookie Consent can be found at
https://complianz.io/.
IONOS is a web hosting and domain services company. As a provider in this area, IONOS not
only provides the technical infrastructure for our online presence, but also offers a range of
related services, such as email hosting, SSL certificates and data backup. Through use of
IONOS, various types of data are processed, in particular data generated during the
registration of domains, such as the name of the domain owner, contact details and technical
information about the domain. In addition, IONOS collects data about website traffic to
ensure IT security and ward off attacks such as DDoS attacks. This information may include IP
addresses, timestamps and pages accessed. The purpose of Processing of this data is to
provide and optimize the hosting services, to ensure network and information security and to
improve the user-friendliness of our website.The company that operates the service and thus
the recipient of personal data is: IONOS SE, Elgendorfer Straße 57, 56410 Montabaur,
Germany. The representative under national law in the United Kingdom is: IONOS Cloud
Limited, 2 Cathedral Walk, The Forum, Gloucester, GL1 1AU, United Kingdom.Purposes for
which the Personal Data is to be processed and the legal basis for the Processing: The purpose
of processing is the use of web hosting services and related services. Processing is based on
Art. 6 (1) (f) GDPR. Our legitimate interest lies in the reliable and secure provision of our
website and related services.The criteria for determining the duration for which the Personal
Data is processed are the contractual relationship between us and the company that operates
the serviceor statutory or contractual retention periods. The provision of Personal Data is not
required by law or contract, nor is it necessary for the conclusion of a contract. You are not
obliged to provide us or the company that operates the servicewith Personal Data. However, if
you do not provide it, you may not be able to use our services or those of the company
operating the service.Further information and the applicable data protection provisions of
IONOS SE can be found at https://www.ionos.de.
On our website, we use fonts to improve the design and aesthetics of our web pages. These fonts are hosted locally on our server, which means that no connection to external servers (such as Google servers) is established when you visit our website.
By hosting the fonts locally, no personal data (such as IP addresses or browser information) is transmitted to third-party providers. The fonts are loaded directly from our server, protecting your privacy and ensuring that no data transfer to third parties occurs.
This measure serves to improve the user experience and comply with data protection regulations under the GDPR.
UpdraftPlus is a WordPress plugin for backing up and restoring websites. UpdraftPlus allows
users to easily back up their website data, including files, databases, plugins and themes, and
restore it to the same location or a new location if required. UpdraftPlus also offers
automated backup features and supports cloud storage solutions such as Google Drive,
Dropbox and Amazon S3.
When using UpdraftPlus, Personal Data such as names, email addresses and payment
information (for premium versions or add-ons) are processed. In addition, information on
website configurations and backup data may be collected. This data is necessary to provide
the services, manage user accounts, provide support and improve the functionality of the
plugin.
The company that operates the service and thus the recipient of personal data is: UPDRAFT
WP SOFTWARE LIMITED, Tramshed Tech Griffin Street, High Street, Newport, Wales, NP20
1FX, United Kingdom.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of data processing is to use the backup and restore functions for WordPress
websites. Processing is based on the performance of a contract pursuant to Art. 6 (1) (b)
GDPR, to which the Data Subject is a party, and on legitimate interests pursuant to Art. 6 (1)
(f) GDPR, such as ensuring the integrity and security of user data and websites.
The developer of the application is based in a country that has been recognized by the
European Commission as having an adequate level of data protection. Therefore, no
additional guarantees are required for the transfer of data.
The criteria for determining the duration for which the Personal Data is processed are the
statutory or contractual retention periods. The provision of Personal Data is neither required
by law or contract nor necessary for the conclusion of a contract. You are not obliged to
provide us with Personal Data. However, if you do not provide it, you may not be able to use
the services.
Further information and the applicable data protection provisions of UpdraftPlus can be
found at https://updraftplus.com.
WP Fastest Cache is a caching plugin for WordPress that aims to improve website load times
by generating static HTML pages from dynamic WordPress content. The plugin reduces the
need for PHP requests and database queries on the server by providing pre-built pages, which
speeds up the overall performance of the website. WP Fastest Cache does not store any
personal user data, but it can collect IP addresses and other technical information as part of
cache management and performance optimization.
The application is installed on our own IT infrastructure. We are the company operating the
service.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of using WP Fastest Cache is to optimize website speed through efficient caching.
Processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in improving the user
experience and the efficiency of the website through faster loading times and reduced server
load.
The criteria for determining the duration for which the Personal Data is processed are
internal, statutory or contractual retention periods. The use of Personal Data is not required
by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to
provide us with Personal Data. If you do not provide it, you may not be able to use our
services, functionality or the plugin.
More information about WP Fastest Cache can be found in the WordPress plugin repository at
WordPress.org.
Wordfence is a security plugin for WordPress websites that provides comprehensive
protection against malware, hacking attempts and other threats. It includes features such as
firewall protection, malware scanning, live traffic monitoring and the ability to block IP
addresses to increase the security of WordPress websites. Wordfence helps website owners
protect their sites from attacks and maintain the integrity of their data.
When using Wordfence, Personal Data such as IP addresses, visit data (e.g. pages accessed,
time of visit) and email addresses (when using Wordfence Central or for notification
purposes) are processed. This information is required to identify security threats, ward off
attacks and inform users about security problems.
The company that operates the service and thus the recipient of personal data is: Defiant, Inc.,
1700 Westlake Ave N, Suite 200, Seattle, WA 98109, USA.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of data processing is the use of security services for WordPress websites.
Processing is based on legitimate interests in accordance with Art. 6 (1) (f) GDPR, such as
ensuring the security and integrity of websites and protection against cyber threats.
The company that operates the serviceis located in a third country, namely in the USA.
Transfers to third countries may be based on the conclusion of standard contractual clauses
or other suitable or appropriate safeguards referred to in Art. 46 (2) GDPR. The company that
operates the servicemay have concluded one of the EU standard contractual clauses with us.
You can request a copy of the suitable or appropriate guarantees from us.
The criteria for determining the duration for which the Personal Data is processed are the
contractual relationship between us and the company that operates the serviceor statutory or
contractual retention periods. The provision of Personal Data is not required by law or
contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide us
or the company that operates the servicewith Personal Data. However, if you do not provide it,
you may not be able to use our services or those of the company operating the service.
Further information and the applicable data protection provisions of Wordfence can be found
at https://www.wordfence.com.
Yoast SEO is an SEO plugin for WordPress that helps website owners optimize their content
for search engines. It offers a wide range of features, including analyzing content for SEO
friendliness, creating XML sitemaps, managing meta tags and providing recommendations to
improve visibility in search engines. Yoast SEO aims to improve the ranking of websites and
strengthen the online presence of users.
When using Yoast SEO, no Personal Data of website visitors is usually collected directly by the
plugin. Instead, the plugin focuses on optimizing website content and technical settings to
improve search engine optimization. However, website operators using Yoast SEO may decide
to enable certain features that may collect user data, such as Google Analytics integrations or
social media sharing options.
The developer of the application is: Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen,
Netherlands.
The application is installed on our own IT infrastructure. We are the company operating the
service.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of data processing lies in the use of SEO optimization tools. The Processing of
Personal Data that could take place through the use of the plugin and associated services is
based on the user’s Consent (Art. 6 (1) (a) GDPR) or on our legitimate interest in optimizing
our online presence (Art. 6 (1) (f) GDPR).
The criteria for determining the duration for which the Personal Data is processed are the
statutory or contractual retention periods. The provision of Personal Data is neither required
by law or contract nor necessary for the conclusion of a contract. You are not obliged to
provide us with Personal Data. However, if you do not provide it, you may not be able to use
the services.
Further information and the applicable data protection provisions of Yoast SEO can be found
at https://yoast.com.
Complianz – Terms and Conditions is a WordPress plugin that helps website operators to
generate and manage legally binding terms and conditions. The tool facilitates the creation of
customizable terms and conditions that are specifically tailored to the legal requirements and
individual situation of the website. The plugin does not collect any Personal Data but merely
provides a platform where users can enter their own data to create relevant documents.
However, these documents may contain Personal Data.
The application is installed on our own IT infrastructure. We are the company operating the
service.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of using Complianz – Terms and Conditions is to use a tool to create and manage
legally compliant terms and conditions for websites to comply with legal requirements.
Processing is based on Art. 6 (1) (c) GDPR, as Processing is necessary for compliance with a
legal obligation to which our organisation is subject.
The criteria for determining the duration for which the Personal Data is processed are
internal, statutory or contractual retention periods. The use of Personal Data is required by
law or contract or is necessary for the conclusion of a contract. You are obliged to provide us
with Personal Data for this Processing activity.
Further information about Complianz – Terms and Conditions can be found at WordPress.org.
Duplicator is a WordPress plugin to simplify the migration and backup of websites. It allows
users to create complete copies of their websites, including databases, plugins, themes and
content files. These copies can then be used to restore a website to a new location or can serve
as a backup for emergencies. Duplicator processes Personal Data in the context of copies of
websites.
The application is installed on our own IT infrastructure. We are the company operating the
service.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of using Duplicator is to support the migration, backup and restoration of
WordPress websites. Processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in
the use of an efficient tool for website administrators to ensure business continuity and data
integrity.
The criteria for determining the duration for which the Personal Data is processed are
internal, statutory or contractual retention periods. The use of Personal Data is not required
by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to
provide us with Personal Data. If you do not provide it, you may not be able to use our
services, functionality or the plugin.
Further information about Duplicator can be found at https://snapcreek.com/.
Elementor is a WordPress plugin that allows users to design websites with an intuitive dragand-drop editor. It offers a wide range of design templates, widgets and features that make it
easy to create professional-looking websites without coding knowledge. Elementor is used by
web design professionals and beginners alike to develop responsive, mobile-friendly websites.
When using Elementor, Personal Data such as names, email addresses and usage data are
processed, especially when users create an account to access advanced features or support.
This information is necessary to manage user accounts, make support requests and offer users
personalized services and updates.
The developer of the application is: Elementor Ltd, PO-Box 657, 44 Shlomo ha-Melekh St.,
Ramat Gan 5252165, Israel.
The application is installed on our own IT infrastructure. We are the company operating the
service.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of processing is the use and optimization of the website. Processing is based on
Art. 6 (1) (b) GDPR for the performance of a contract to which the Data Subject is party and
Art. 6 (1) (f) GDPR, whereby our legitimate interest lies in improving the user experience and
providing an efficient and user-friendly website.
The developer of the application is based in a country that has been recognized by the
European Commission as having an adequate level of data protection. Therefore, no
additional guarantees are required for the transfer of data.
The criteria for determining the duration for which the Personal Data is processed are the
statutory or contractual retention periods. The provision of Personal Data is neither required
by law or contract nor necessary for the conclusion of a contract. You are not obliged to
provide us with Personal Data. However, if you do not provide it, you may not be able to use
the services.
Further information and the applicable data protection provisions of Elementor may be
retrieved under https://elementor.com.
YouTube is a video sharing and viewing platform used by individuals, artists, businesses and
media companies to publish a variety of content such as music videos, vlogs, educational
material and much more. YouTube offers users the ability to upload, share, comment and
interact with a broad community.
When using YouTube, Personal Data such as IP addresses, user interactions (e.g. videos
viewed, comments), location data (if enabled for services) and information from linked Google
accounts are processed. This information is required to provide personalized content and
advertising, enable user interactions, keep the platform secure and improve the user
experience.
The company that operates the service and thus the recipient of personal data is: Google LLC,
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For data subjects in the EU and
EEA, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, acts as contact
and representative within the meaning of Art. 27 GDPR. The representative under national
law in the United Kingdom is: Google UK Limited, Belgrave House, 76 Buckingham Palace
Road, London SW1W 9TQ, United Kingdom. The representative under Art. 14 of the Federal
Act on Data Protection (FADP) in Switzerland is: Google Switzerland GmbH,
Brandschenkestrasse 110, 8002 Zurich, Switzerland.
Purposes for which the Personal Data is to be processed and the legal basis for the Processing:
The purpose of data processing lies in the use of the video sharing services. Processing is based
on the performance of a contract pursuant to Art. 6 (1) (b) GDPR, to which the Data Subject is
a party, and on legitimate interests pursuant to Art. 6 (1) (f) GDPR, such as the use of an
efficient video platform, the improvement of the user experience, the use of personalized
advertising and the use of embedded videos on our website.
The company that operates the serviceis based in a third country, namely the USA. Transfers
to third countries may be based on the conclusion of standard contractual clauses or other
suitable or appropriate safeguards referred to in Art. 46 (2) GDPR. The company that
operates the servicemay be a certified member of one or more of the data privacy
frameworks. You can find more information at https://www.dataprivacyframework.gov/list.
You can request a copy of the suitable or appropriate guarantees from us.
The criteria for determining the duration for which the Personal Data is processed are the
contractual relationship between us and the company that operates the serviceor statutory or
contractual retention periods. The provision of Personal Data is not required by law or
contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide us
or the company that operates the servicewith Personal Data. However, if you do not provide it,
you may not be able to use our services or those of the company operating the service.
Further information and the applicable data protection provisions of YouTube can be found
at https://policies.google.com.
On our website, we use share buttons for WhatsApp, Telegram and Facebook to make it easier for users to share our content on social media.
No data is transmitted to these providers when you simply visit our pages. Only when you actively click the respective share button may certain personal data (such as your IP address or technical connection data) be transmitted to the respective operators — WhatsApp Ireland Limited, Telegram Messenger Inc., Meta Platforms Ireland Limited (for Facebook). These providers may process data outside the EU/EEA.
The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR, which you give by clicking the corresponding share button.
For further information on how these services process your personal data, please refer to their privacy policies:
– WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea
– Telegram: https://telegram.org/privacy
– Facebook: https://www.facebook.com/privacy/policy
Our website contains links to our social media profiles on Instagram and Pinterest. These are simple links that do not transmit any data to the respective providers when you visit our website. Only when you click on a link will you be redirected to the corresponding social media platform. The privacy policies of the respective providers then apply.
Further information:
– Instagram: https://privacycenter.instagram.com/policy
– Pinterest: https://policy.pinterest.com/en/privacy-policy
Diese Datenschutzerklärung basiert auf Texten, die mit einem Generator erstellt wurden, den Fachanwälten für Urheberrecht, externen Datenschutzbeauftragten und die ISO 45001
Zertifizierungsstelle gemeinsam entwickelt haben.