This privacy policy applies to data processing on my website, in the member area and during purchase and payment processing via my shop. For a better overview, you will find the individual topics in the table of contents.

Contents

• I. General information
• 1. Data controller
• 2. Definitions
• 3. Categories of data subjects
• 4. Your rights as a data subject
  • 4.1 Right of withdrawal (Art. 7 para. 3 GDPR)
  • 4.2 Right of access (Art. 15 GDPR)
  • 4.3 Right to rectification (Art. 16 GDPR)
  • 4.4 Right to erasure (Art. 17 GDPR)
  • 4.5 Right to restriction of processing (Art. 18 GDPR)
  • 4.6 Right to data portability (Art. 20 GDPR)
  • 4.7 Right to object (Art. 21 GDPR)
  • 4.8 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
• 5. Hosting & server log files
• 6. SSL or TLS encryption
• 7. Legal basis for data processing on this website
• 8. General storage period, deletion of data
• 9. Recipients of personal data
• 10. Data recipients in third countries
• 11. Data processing on this website
  • 11.1 Cookies, web beacons, pixels
  • 11.2 Objection to and deletion of cookies, web beacons, pixels
• 12. Contact
• 13. Social media
  • 13.1 Facebook
  • 13.2 Instagram
  • 13.3 LinkedIn
  • 13.4 TikTok
• 14. Analysis tool Matomo (cloud hosting)
• 15. Plugins and tools
  • 15.1 Newsletter (CleverReach)
  • 15.2 Memberspot learning platform.
  • 15.3 CopeCart shop software (integration in Memberspot)
  • 15.4 Booking appointments with meetergo
  • 15.5 Contact form with Contact Form 7
  • 15.6 Advanced Custom Fields (ACF)
  • 15.7 WordPress Multilingual (WPML)
  • 15.8 Google Web Fonts
  • 15.9 Google reCAPTCHA
  • 15.10 Cookiebot CMP by Usercentrics (Consent Management)
• 16. Changes to the privacy policy

 

I. General information

I take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. In the following, I will inform you about how your personal data is processed when you use my website and when you contact me and what rights you have in this regard.

1. Data controller

The data controller for data processing on this website and the contact person for questions on the subject of data protection is

Dr. Manuela Kummeter, Abendröte 52, 68305 Mannheim, Germany, phone: +49 (0) 621 – 17025576, fax: +49 (0) 621 – 86429740, e-mail: manuela.kummeter@manuela-kummeter.com

 

2. Definitions

So that you really understand the further information in this privacy policy, you will find the most important definitions of terms here:

• “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Restriction of processing” is the marking of stored personal data with the aim of restricting its future processing.
• “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
• “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
• “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• “Personal data breach” means a breach of security which, whether accidental or unlawful, leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
• “Company” means a natural or legal person that carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly carry out an economic activity.

 

3. Categories of data subjects

All data processing explained below concerns the following categories of persons: Customers, clients, interested parties, business partners, visitors and users of this website, visitors and users of social networks, newsletter subscribers, registered members, applicants.

 

4. Your rights as a data subject

To assert your rights, please use the contact details provided in section 1. You are entitled to the following rights with regard to all data processing described below.

4.1 Right of withdrawal (Art. 7 para. 3 GDPR)

You have the right to withdraw any consent you have already given (e.g. for advertising contact) with effect for the future. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

If you have also been asked for consent, e.g. to activate cookies on this website, you can withdraw this consent at any time in the cookie settings and via the cookie consent banner by deactivating the corresponding cookies.

4.2 Right of access (Art. 15 GDPR)

You have the right to request information about your personal data processed by me. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by me, and the existence of automated decision-making.

4.3 Right to rectification (Art. 16 GDPR)

You have the right to rectification and/or completion of your data if the processed personal data concerning you is incorrect or incomplete.

4.4 Right to erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data stored by me, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

4.5 Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data. This right exists in the following cases:

If you dispute the accuracy of your personal data stored by me, I usually need time to check this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.

If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.

If I no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.

If you have lodged an objection in accordance with Art. 21 (1) GDPR, a balance must be struck between your interests and mine. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

4.6 Right to data portability (Art. 20 GDPR)

You have the right to have data that is processed automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4.7 Right to object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) (performance of tasks carried out in the public interest) or (f) (legitimate interests of the controller) GDPR, including profiling based on those provisions.

After your objection, your personal data will no longer be processed unless I can demonstrate compelling legitimate grounds for the necessary processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you as the data subject have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you as the data subject object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

4.8 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for me is Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, phone: 0711/61 55 41-0, fax:  0711/61 55 41-15, e-mail: poststelle@lfdi.bwl.de.

 

5. Hosting & server log files

Provider

This website is hosted by ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, D-02742 Friedersdorf, E-Mail: info@all-inkl.com. For details, please refer to the hosting provider’s privacy policy: https://all-inkl.com/datenschutzinformationen .

Purpose

The website is hosted by an external hosting provider in order to operate this website properly and securely and to make the content available to you.

Type of data

When you access the website, the hosting provider processes information from you in so-called server log files, which your browser automatically transmits to this website, collects and stores. These are

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

For details, please refer to the hosting provider’s privacy policy: https://all-inkl.com/datenschutzinformationen.

Legal basis

The hosting and collection of the above-mentioned data is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to my legitimate interest in the secure, efficient and technically error-free presentation and continuous optimisation of my website, for which the server log files must be recorded.

If your consent has also been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. You can withdraw this consent at any time in the cookie settings.

Storage duration

Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Data processing agreement

A data processing agreement (DPA) has been concluded with the provider for the use of the service. This is a contract prescribed by data protection law, which guarantees that the personal data collected will only be processed in accordance with my instructions and in compliance with the GDPR.

 

6. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to this website. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to this website cannot be read by third parties.

 

7 Legal basis for data processing on this website

If you have consented to data processing, your personal data and your personal data of special categories will be processed on the basis of Art. 6 para. 1 lit. a GDPR and/or Art. 9 para. 2 lit. a GDPR.

In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR.

If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. Consent can be withdrawn at any time. Please read section 8.2 “Revocation and deletion of cookies, web beacons, pixels”.

If the processing of your data is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures, this is done on the basis of Art. 6 para. 1 lit. b GDPR.

If your data is processed to fulfil a legal obligation, this is done on the basis of Art. 6 para. 1 lit. c GDPR.

In addition, data processing may also be carried out on the basis of my legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

You will be informed about the relevant legal bases in each individual case in the following paragraphs of this privacy policy.

 

8 General storage period, deletion of data

Unless a more specific storage period is specified in this data protection declaration, your personal data will be stored until the purpose for data processing no longer applies.

If you assert a justified request for deletion or to withdraw your consent to data processing, your data will be deleted unless the longer storage of your personal data is required due to other legal provisions (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted, i.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, the retention period is 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB for commercial books, business records, accounting vouchers, documents relevant for taxation, etc.) and six years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB for commercial letters and correspondence.

 

9. Recipients of personal data

As part of my work, I co-operate with various external bodies. In some cases, it is also necessary to transfer personal data to these external organisations.

I only pass on personal data to external bodies if this is necessary for the fulfilment of a contract, if there is a legal obligation to do so (e.g. passing on data to tax authorities), if I have a legitimate interest in passing on data in accordance with Art. 6 para. 1 lit. f GDPR or if another legal basis requires the passing on of data.

When using processors, they only receive access to my customers’ personal data – if necessary at all – on the basis of a valid contract for commissioned processing in accordance with Art. 28 GDPR. In the case of joint processing, in which each processor bears its own responsibility for the data, this is only done on the basis of a joint controllership agreement in accordance with Art. 26 GDPR.

 

10. Data recipients in third countries

Services and tools are used on this website, some of whose providers operate their servers in so-called insecure third countries and process the data there. According to decisions by the EU Commission, insecure third countries do not have a level of data protection comparable to that in the EU, which is why data processing there is not as secure as within the EU.

According to the currently valid EU-US Data Privacy Framework (DPF), a new data protection agreement between the EU and the USA, the USA now belongs to the safe third countries that have a high level of data protection comparable to that of the EU. Data may therefore be transferred to service providers in the USA that are certified in accordance with the DPF or have other suitable guarantees, such as the conclusion of so-called standard contractual clauses (model contracts of the EU for the obligation to comply with a level of data protection appropriate to the EU).

 

11. Data processing on this website

11.1 Cookies, web beacons, pixels

So-called “cookies” are used on this website. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies).

Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from this website (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. displaying videos). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. to call up images or videos) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of my legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of these website services in accordance with Art. 6 Para. 1 lit. f GDPR, unless another legal basis exists. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be withdrawn at any time.

In addition to cookies, certain service providers also use so-called web beacons and pixels. These are small pixels or graphics that are also stored on your device and collect information.

11.2 Objection to and deletion of cookies, web beacons, pixels

You can set your browser so that you are informed about the setting of cookies or you allow the setting of cookies only in individual cases or you exclude the acceptance of cookies for certain cases or in general or you activate the automatic deletion of cookies when closing the browser. The same applies to web beacons and pixels. If you deactivate cookies, however, the functionality of this website may be limited.

A general objection to the use of cookies used for online marketing purposes can be declared via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/, especially in the case of tracking.

Furthermore, when you access this website for the first time, you can use the cookie consent banner to decide whether and which cookies you wish to allow. You can change your settings in the cookie consent banner at any time and deactivate all cookies or only individual cookies.

You can find out which cookies, web beacons, pixels and services are used on this website in this privacy policy and the descriptions of the tools used and the respective privacy policies of the providers of these tools, as well as the privacy policy of the hoster of this website: https://all-inkl.com/datenschutzinformationen.

 

12. Contact

If you would like to contact me, you can do so via my contact details by email, telephone, fax, post, social media or via a contact form on this website. I use a plugin for the contact form, which you can find more information about in the “Plugins, Tools” section.

Purpose

You can contact me via email, telephone, post, social media or a contact form. The data you enter here will be processed by me in order to contact you and process your request.

Type of data

If you contact me by e-mail, telephone or post, I will store and process your enquiry, including all personal data resulting from it (name, address, e-mail address, telephone number, content of the enquiry, etc.). This data will not be passed on without your consent.

Legal basis

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that the processing is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on my legitimate interest in the effective processing of the enquiries addressed to me (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been requested; this consent can be withdrawn at any time.

Storage duration

The data sent by you via contact requests will be stored until you request its deletion, withdraw your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – may require a longer storage period.

 

13. Social media

I also operate corresponding profile pages in social media. These inform interested parties and customers about my services and my profile. I can also communicate with you via these channels. The links to social media platforms are integrated in such a way that no data is transferred directly to the social media operator. The integration of social media profiles on this website takes place via direct links. Data is only transferred once you have clicked on the link.

13.1 Facebook

Provider

The Facebook service is integrated on this website. The Facebook service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Purpose

The social media profile is used for the promotional presentation of my company, my competences and services, for communication and for regular information to followers.

Type of data and data processing

If you are a member of the platform and are logged into your account there, the platform can assign the access to the content and functions on my profile to your user profile there.

Please note that, as the provider of this website, I have no knowledge of the content of the data transmitted from this website to the social media profile or its use by the platform operator.

Further information on this can be found in Facebook’s privacy policy: https://www.facebook.com/privacy/policy

Legal basis

If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time.

If no consent has been obtained, the service is used on the basis of my legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. In the case of direct contact with customers or interested parties, processing is carried out on the basis of my contractual relationship or pre-contractual measures with interested parties (Art. 6 para. 1 lit. b GDPR).

Joint controllership

Insofar as personal data is collected on my website with the help of the platform and forwarded to Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and I are jointly responsible for this data processing (Art. 26 GDPR).

The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook.

The processing carried out by Instagram after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/terms/page_controller_addendum.

According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on my website in accordance with data protection law. Meta Platforms Ireland Limited is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Meta Platforms Ireland Limited. If you assert your data subject rights with me, I am obliged to forward them to Meta Platforms Ireland Limited.

If data is transferred to the USA, this is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Further information on this can be found in Facebook’s privacy policy: https://www.facebook.com/privacy/policy/. You can contact Facebook’s data protection officer here: https://www.facebook.com/help/contact/540977946302970

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). You can find more information on this here: https://www.facebook.com/privacy/policies/data_privacy_framework

The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active 

13.2 Instagram

Provider

The Instagram service is integrated on this website. The Instagram service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Purpose

The social media profile is used for the promotional presentation of my company, my competences and services, for communication and for regular information to followers.

Type of data and data processing

If you are a member of the platform and are logged into your account there, the platform can assign the access to the content and functions on my profile to your user profile there.

Please note that, as the provider of this website, I have no knowledge of the content of the data transmitted from this website to the social media profile or its use by the platform operator.

Further information on this can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.

Legal basis

If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time.

If no consent has been obtained, the service is used on the basis of my legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. In the case of direct contact with clients or interested parties, processing is carried out on the basis of my contractual relationship or pre-contractual measures with interested parties (Art. 6 para. 1 lit. b GDPR).

Joint controllership

Insofar as personal data is collected on my website with the help of the platform and forwarded to Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and I are jointly responsible for this data processing (Art. 26 GDPR).

The joint responsibility is limited exclusively to the collection of data and its transfer to Instagram.

The processing carried out by Instagram after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/terms/page_controller_addendum.

According to this agreement, we are responsible for providing the data protection information when using the Instagram tool and for the secure implementation of the tool on my website in accordance with data protection law. Meta Platforms Ireland Limited is responsible for the data security of Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Instagram directly with Meta Platforms Ireland Limited. If you assert your data subject rights with me, I am obliged to forward them to Meta Platforms Ireland Limited.

If data is transferred to the USA, this is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Further information on this can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy and in the Privacy Centre: https://privacycenter.instagram.com/

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF): https://privacycenter.instagram.com/policies/data_privacy_framework/. The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active 

13.3 LinkedIn

Provider

On this website I link to the LinkedIn platform. The functions of this service are offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Purpose

The social media profile is used for the promotional presentation of my company, my competences and services, for communication and for regular information to contacts and followers.

Type of data and data processing

If you are a member of the platform and are logged into your account there, LinkedIn can assign the content and functions on my LinkedIn profile to your user profile there.

I would like to point out that, as the provider of the website, I have no knowledge of the content of the transmitted data or its use by LinkedIn.

For further information, please refer to LinkedIn Ireland’s data protection information at:

https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy 

Legal basis

If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time.

If no consent has been obtained, the service is used on the basis of my legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. In the case of direct contact with customers or interested parties, processing is carried out on the basis of my contractual relationship or pre-contractual measures with interested parties (Art. 6 para. 1 lit. b GDPR).

Joint controllership

Insofar as personal data is collected on my website with the help of the platform and forwarded to LinkedIn, LinkedIn Ireland Unlimited Company and I are jointly responsible for this data processing (Art. 26 GDPR).

The joint responsibility is limited exclusively to the collection of data and its transfer to LinkedIn.

The processing carried out by LinkedIn after forwarding is not part of the joint responsibility.

If data is transferred to the USA, this is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.linkedin.com/legal/l/dpa

Further information on this can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

13.4 TikTok

Provider

On this website I link to the TikTok platform. The functions of this service are offered by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

Purpose

The social media profile is used for the promotional presentation of my company, my competences and services, for communication and for regular information to contacts and followers.

Type of data and data processing

If you are a member of the platform and logged into your account there, TikTok can assign the access to the content and functions on my TikTok profile to your user profile there.

I would like to point out that, as the provider of the website, I have no knowledge of the content of the transmitted data or its use by TikTok.

For further information, please refer to the data protection information of TikTok Technology Limited at: https://www.tiktok.com/legal/page/eea/privacy-policy/de

Legal basis

If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be withdrawn at any time.

If no consent has been obtained, the service is used on the basis of my legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the widest possible visibility in social media. In the case of direct contact with customers or interested parties, processing is carried out on the basis of my contractual relationship or pre-contractual measures with interested parties (Art. 6 para. 1 lit. b GDPR).

Joint controllership

Insofar as personal data is collected on my website with the help of the platform and forwarded to TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok Ireland”), TikTok Information Technologies UK Limited WeWork, 125 Kingsway, London, WC2B 6NH (“TikTok UK”) and I are each responsible for data processing within the meaning of the General Data Protection Regulation (GDPR).

If I process data jointly with TikTok, I am jointly responsible with TikTok within the meaning of Art. 26 GDPR. In this regard, a joint controllership agreement has been concluded with TikTok in accordance with Art. 26 para. 2 GDPR, which regulates the details of joint controllership and which you can find here (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms, Part B 1, sections 3 and 4).

The joint responsibility is limited exclusively to the collection of data and its transfer to TikTok.

The processing carried out by TikTok after forwarding is not part of the joint responsibility. For further information, please refer to TikTok’s data protection information at: https://www.tiktok.com/legal/page/eea/privacy-policy/de

You can contact TikTok’s data protection officer via the online contact form provided by TikTok at: https://www.tiktok.com/legal/report/DPO. Further information on data protection and the use of cookies can be found here:

• TikTok privacy policy for all websites, applications, software and services: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
• Cookie policy for TikTok websites: https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=en
• Cookie policy for the TikTok platform: https://www.tiktok.com/legal/page/global/cookie-policy/de-DE
• Information on the available personalisation and data protection setting options can be found here (with further links):
• https://support.tiktok.com/de/account-and-privacy/account-privacy-settings
• You also have the option of requesting information via the TikTok data protection form or the archive requests:
• https://www.tiktok.com/legal/report/privacy?lang=de
• Change your settings for personalised advertising | TikTok Help Centre: https://support.tiktok.com/de/account-and-privacy/personalized-ads-and-data

 

14. Analysis tool Matomo (cloud hosting)

Provider

This website uses the open source web analysis service “Matomo”. The service provider is InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Matomo’s privacy policy can be found here: https://matomo.org/privacy-policy/, further information on the use of Matomo can be found here: https://matomo.org/privacy/

You can find Matomo Cloud’s privacy policy here: https://matomo.org/matomo-cloud-privacy-policy/. Questions regarding data protection can be sent here: privacy@innocraft.com.

Purpose

The use of Matomo and its processing of users’ personal data enables me to analyse the surfing behaviour of users. This enables me to compile information about the use of the individual components of this website and to constantly improve the website and its user-friendliness. By anonymising the IP address, the users’ interest in protecting their personal data is adequately taken into account.

Type of data

Matomo is deactivated when the website is accessed and can only be activated with your consent via the cookie consent banner. As part of the analyses with Matomo, the IP addresses of website visitors are collected and anonymised. The data is not passed on to third parties.

If you consent to web analysis using Matomo, the following data will be collected when you access individual pages of this website:

• 2 bytes of the IP address of the user’s calling system
• The website called up
• Search terms used
• The website from which the user accessed the website (referrer)
• The subpages that are accessed from the accessed website
• The time spent on the website
• The frequency of visits to the website

IP anonymisation

This website uses “Matomo” with the “AnonymiseIP” extension. This means that IP addresses are further processed in abbreviated form, so that they cannot be directly linked to individuals. The IP address transmitted by your browser using “Matomo” is not merged with other data collected by me.

Cookies

Matomo uses cookies to create user profiles. For this purpose, permanent cookies are stored on your end device and read out. In this way, returning visitors can be recognised and counted.

This website also uses the Heatmap & Session Recording modules. Matomo’s heatmap service shows the areas of this website where the mouse is moved most frequently or which are clicked on most often. The session recording service records individual user sessions, which can be played back and used to analyse the use of this website. Data entered in forms is not recorded and is not visible at any time.

You can find out how you can delete cookies in general in section 8.2 of this privacy policy “Objection, deletion of cookies”.

You can also deactivate Matomo cookies via the settings in the cookie consent banner.

Opt-out from Matomo

Matomo also provides an opt-out option that you can use below to prevent actions you take here from being analysed and linked. This will protect your privacy, but will also prevent me from learning from your actions and improving usability for you and other users.

☐        Your visit to this website is currently being recorded by Matomo web analytics. Deselect this checkbox to opt-out.

Legal basis

The use of an analysis tool is based on my legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the statistical analysis of user behaviour and the optimisation of my website and improvement of my offer based on this.

Your user data is stored and analysed on the basis of your consent in accordance with Section 25 (1) TTDSG, Art. 6 (1) (a) GDPR, provided that you have given your consent via the cookie consent banner. You can withdraw your consent at any time by deactivating the use of Matomo cookies in the consent banner.

Storage duration

The data will be deleted as soon as it is no longer required for recording purposes. Section 6 “General storage period, deletion of data” also applies.

The data in the Matomo Cloud is stored for as long as the business purpose with Matomo requires.

Hosting

Matomo is hosted in the Matomo Cloud. The data collected above is stored and processed on Matomo servers. According to Matomo, their servers are located in Europe. The privacy policy of Matomo Cloud can be found here: https://matomo.org/matomo-cloud-privacy-policy/. Questions regarding data protection can be sent here: privacy@innocraft.com.

Data processing agreement

A data processing agreement (DPA) has been concluded with the provider for the use of the service. This is a contract prescribed by data protection law, which guarantees that the personal data collected will only be processed in accordance with my instructions and in compliance with the GDPR.

 

15. Plugins and tools

15.1 Newsletter (CleverReach)

15.1.1 General information on newsletter registration

Purpose

In order to provide useful information and to advertise my offers and services, I provide a newsletter that is published regularly and sent by e-mail.

Type of data

To register for and send the newsletter, requires your email address, which is collected and stored. The provision of further data is voluntary and is used to be able to address you personally. When you register for the newsletter, your IP address and the date and time of registration are also stored in order to be able to trace any possible misuse of your email address at a later date.

Double opt-in procedure

The so-called double opt-in procedure is used to send the newsletter. This means that you will only receive an e-mail newsletter if you have expressly confirmed in advance that you consent to receiving the newsletter. For this purpose, you will receive a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link. By activating the confirmation link, you give your consent to the use of your personal data for sending the newsletter in accordance with Art. 6 para. 1 lit. a GDPR.

Legal basis

The provision of a newsletter is based on my legitimate interest in the promotional presentation of my offers and services in accordance with Art. 6 para. 1 lit. f GDPR. The legal basis for the use of your data is your consent given by double opt-in in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time by unsubscribing from the newsletter using the unsubscribe link contained in every newsletter. Your data will then be deleted from the newsletter database.

Storage duration

Your data will be processed until you unsubscribe from the newsletter using the unsubscribe link or otherwise inform us that you wish your data to be deleted. Your data will then be deleted from the newsletter database. If there are statutory retention obligations that require a longer storage period, the data will also be stored for longer in order to fulfil these purposes.

 

15.1.2 Sending newsletters with CleverReach

Provider

The newsletter is sent via the CleverReach software. The provider of this software is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede. The data is stored on CleverReach servers in Germany and Ireland. Further information can be found in the privacy policy: https://www.cleverreach.com/de/datenschutz

Purpose

The software is used to provide an advertising-effective, secure and user-friendly newsletter via an automated system. Furthermore, the tracking functions are used to statistically analyse newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

Type of data

The software collects all the data required to subscribe to the newsletter, in particular your email address. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally. When you register for the newsletter, your IP address and the date and time of registration are also stored in order to be able to trace any possible misuse of your e-mail address at a later date.

Tracking and analysis by CleverReach

I use the analysis functions of CleverReach to continuously improve my newsletter. For this purpose, the software uses the data collected during registration to send and statistically analyse the newsletter. For the analysis, the newsletters sent by email contain so-called web beacons or tracking pixels, which are one-pixel image files that are stored on this website. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked on. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product or commissioning of a service on this website) has taken place after clicking on such links. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively in pseudonymised form and is not linked to your other personal data; direct personal identification is excluded.

If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter as described above.

You can find more information about CleverReach’s data analysis here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking

Legal basis

The use of the software is based on my legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the use of an effective, secure and user-friendly newsletter system.

Data processing agreement

A data processing agreement (DPA) has been concluded with the provider for the use of the service. This is a contract prescribed by data protection law, which guarantees that the personal data collected will only be processed in accordance with my instructions and in compliance with the GDPR.

 

15.2 Memberspot learning platform

Provider

I provide a learning and community platform with training and online courses for registered members via Memberspot as Software-as-a-Service (SaaS). “Memberspot” is a software of Memberspot GmbH, Rilkestr. 26, D-71642 Ludwigsburg, Germany, privacy policy: https://www.memberspot.de/datenschutz.

Purpose

The software is used to provide a member area and the learning content stored there.

Type of data

The software collects all data required for registration and login to the member area, in particular your name, password and e-mail address.

Legal basis

The use is based on my legitimate interest in the use of a learning platform and a member area. If you have booked courses and seminars with me, your data will be processed in accordance with Art. 6 para. 1 lit. b GDPR for the fulfilment of pre-contractual or contractual measures. Otherwise, the use of Memberspot takes place with your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. You can withdraw this consent at any time and delete your account yourself or have it deleted by me. Once the account has been deleted, access is no longer possible.

Storage duration

Your data will be deleted as soon as your Memberspot account is deleted. In addition, however, the data may be stored by me or Memberspot for a longer period of time in order to fulfil statutory retention obligations.

Data processing agreement

A data processing agreement (DPA) has been concluded with the provider for the use of the service. This is a contract prescribed by data protection law, which guarantees that the personal data collected will only be processed in accordance with my instructions and in compliance with the GDPR.

 

15.3 CopeCart shop software (integration in Memberspot)

In the members’ area via Memberspot, I offer online courses that can be purchased via the CopeCart shop software. The software handles the entire sales and payment process.

Provider

The provider of the software is CopeCart GmbH, Ufnaustraße 10, 10553 Berlin, Germany. You can find the privacy policy here: https://copecart.com/de/datenschutz.

Purpose

The software is used to automatically process the purchase and payment of digital products and services, e.g. online courses. Purchases are also analysed in order to continuously improve your purchase and the offer.

Type of data

The software collects all data required to complete a purchase and make a payment: in particular your names, addresses, e-mail addresses, bank account details, credit card details and telephone numbers. The data is collected via CopeCart and processed on its platform.

In addition, data is also collected and processed for analysis purposes, in particular IP address, browser, URL, referrer URL, duration of visit, call statistics.

Legal basis

The use and integration of the shop software is based on my legitimate interest in the use of effective, convenient purchase and payment processing in accordance with Art. 6 para. 1 lit. f GDPR.

The use of your data for the purchase and payment processing is based on Art. 6 para. 1 lit. b GDPR to fulfil my contractual obligations from the purchase contract.

The use of your data for analysis purposes takes place with your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG, provided you have activated this in the cookie consent banner. You can withdraw this consent at any time by deactivating it in the consent banner.

Storage duration

Your data for the purpose of purchase and payment processing will be deleted as soon as your member account in Memberspot is deleted. In addition, however, the data may be stored by me or CopeCart for a longer period of time in order to fulfil statutory retention obligations.

The analysis data at CopeCort will be deleted after the end of the business purpose between CopeCart and my company.

Data processing agreement

A data processing agreement (DPA) has been concluded with the provider for the use of the service. This is a contract prescribed by data protection law, which guarantees that the personal data collected will only be processed in accordance with my instructions and in compliance with the GDPR.

 

15.4 Booking appointments with meetergo

Provider

Appointments can be booked on this website using the online appointment booking tool meetergo. The provider of this software-as-a-service is meetergo GmbH, Hansaring 61, 50670 Cologne. You can find meetergo’s privacy policy and security regulations at: https://meetergo.com/datenschutz/ and https://meetergo.com/sicherheit/

Purpose

The software is used as a tool for simplified scheduling, project coordination and communication.

Type of data

The software collects all data necessary for booking appointments, in particular personal master data such as first name, surname, communication data such as e-mail address, telephone number and content data of the appointment booking (topic, enquiry, etc.).

The personal data originates from the data subject, i.e. the user of the software. The personal data is collected with the use of meetergo and is essential for the use of the software.

Personal data is passed on by the provider to third-party companies as required in order to ensure that the service runs smoothly. The cooperation with these subcontractors has been concretised under data protection law with an data processing agreement. The provider does not transfer data to a third country.

Legal basis

The use of this software is based on my legitimate interest in a simple and fast appointment scheduling tool in accordance with Art. 6 para. 1 lit. f GDPR. Your data is used in accordance with Art. 6 para. 1 lit. b GDPR to fulfil pre-contractual and contractual measures or, if you have given your consent, in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time.

Storage duration

The data will be stored by me for as long as required for the purpose of the pre-contractual or contractual basis between you and my company. If a longer storage period is necessary, please refer to section 6 “General storage period, deletion of data” above.

The data processed by the service provider will be deleted after the end of the business purpose between the service provider and my company.

Data processing agreement

A data processing agreement (DPA) has been concluded with the provider for the use of the service. This is a contract prescribed by data protection law, which guarantees that the personal data collected will only be processed in accordance with my instructions and in compliance with the GDPR.

 

15.5 Contact form with Contact Form 7

Provider

This website uses the Contact Form 7 plugin offered by WordPress to create contact forms. This is open source software from Takayuki Miyoshi. Further information, including on data protection, can be found here: https://de.wordpress.org/plugins/contact-form-7/.

Purpose

The plugin is used to forward entered form data to my company’s e-mail address.

Type of data

The plugin itself does not collect any personal data. However, I also use Google reCAPTCHA with the plugin, which is why all data entered in the contact form, such as name, email address, content of the enquiry, but also your IP address, can be forwarded to Google via reCAPTCHA. Further information on this can be found in section 15.9 “Google reCAPTCHA”.

Legal basis

The use is based on my legitimate interest in the use of a contact form on my website in accordance with Art. 6 para. 1 lit. f GDPR.

Storage duration

The data sent by you via the contact form will be stored until you request its deletion, withdraw your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – may require a longer storage period.

 

15.6 Advanced Custom Fields (ACF)

Provider

This website uses the Advanced Custom Fields plugin to create text and other data fields as part of the content management system for this website. The provider is WP Engine Inc, Irongate House, 22-30 Duke’s Place, London, EC3A 7LP, United Kingdom. Privacy policy of the provider WP Engine Inc: https://wpengine.com/legal/privacy/. Further information can be found at: https://de.wordpress.org/plugins/advanced-custom-fields/

Purpose

The plugin is used to integrate text and data fields for easy handling of the website as a content management system. It is used to create and manage user-defined fields in the backend of this website.

Type of data

The plugin originates from the provider’s server. In order to be able to use the functions of the plugin, the IP addresses of website visitors are collected and sent to the provider’s server.

Legal basis

The use is based on my legitimate interest in the use of a plugin for the creation and management of data fields in the backend in accordance with Art. 6 para. 1 lit. f GDPR.

Standard contractual clauses

The data is processed in England. According to the EU Commission’s adequacy decision, England is a safe third country. The provider provides a data protection agreement (“Data Privacy Addendum”) to regulate data protection obligations, which includes the standard contractual clauses of the EU Commission. Link to the DPA: https://wpengine.com/legal/dpa/.

 

15.7 WordPress Multilingual (WPML)

Provider

This website uses the WordPress Multilingual (“WPML”) plugin from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong. WPML is a multilingual plugin for WordPress. Further information on the collection and storage of data by WPML can be found here: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance

Purpose

The plugin is used to display this website in different languages and to create analyses about the use of the language settings and the access to certain pages.

Use of cookies

When you visit this website, WPML stores a cookie on your end device in order to save the language setting you have selected. This allows personal data to be stored and analysed, in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular the IP address and operating system).

The following cookies are stored by WPML:

• wp-wpml_current_language – saves the current language selection. This cookie is activated by default on websites that use the language filtering function for AJAX operations.
• wp-wpml_current_admin_language_{hash} – saves the current language of the WordPress administration area.
• _icl_visitor_lang_js – stores the redirected language. This cookie is activated for all visitors to the website if you use the browser language redirection function.
• wpml_browser_redirect_test – tests whether cookies are enabled. This cookie is activated for all visitors to the website if you use the browser language redirection function.

You can find more information here: https://wpml.org/documentation/support/browser-cookies-stored-wpml/

Type of data

The plugin collects the selected language setting, device and browser information, IP address and operating system.

Legal basis

The use is based on my legitimate interest in addressing visitors to this website in their native language in accordance with Art. 6 para. 1 lit. f GDPR.

 

15.8 Google Web Fonts

Provider

This website uses so-called Google Web Fonts, which are provided by Google, for the standardised display of fonts. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Purpose

I use Google Web Fonts for the purpose of a uniform presentation of fonts and a visually high-quality and vivid web presence.

Type of data and data processing

When you call up a page on my website, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google’s servers, which are usually located in the USA. This informs Google that this website has been accessed via your IP address.

If your browser does not support Google Web Fonts, a standard font will be used by your computer.

Legal basis

The use of Google Fonts is based on my legitimate interest in the uniform presentation of the typeface on my website in accordance with Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Data protection agreement

Google does not yet offer a data protection agreement (DPA) for free services.

However, the company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

 

15.9 Google reCAPTCHA

Provider

The free Google reCAPTCHA service is used on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find the privacy policy here: https://policies.google.com/privacy?hl=de.

Purpose

The service is used to prevent misuse by verifying whether a request is made by a natural person or by a computer programme before a request is sent via the service.

Type of data

The service sets a cookie in your browser and collects the following data, among others:

• Page that integrates reCAPTCHA,
• Referrer URL (page from which the user comes),
• IP address of the user,
• Settings of the end device (language, browser, location),
• Dwell time,
• Mouse movements and keyboard strokes,
• Screen and window resolution,
• Time zone and
• Installation of browser plugins.

Legal basis

The use of Google reCAPTCHA is based on your consent, which you may have given in the cookie consent banner. The legal basis is Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. You can withdraw this consent at any time by cancelling your consent in the consent banner.

Storage duration

Unfortunately, the specific storage period of the processed data cannot be specified, as this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

Data protection agreement

Google does not yet offer a data protection agreement (DPA) for free services.

However, the company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

15.10 Cookiebot CMP by Usercentrics (Consent Management)

Provider

The cookie consent banner “Cookiebot CMP by Usercentrics” is used on the website. The provider is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. You can find the privacy policy here: https://www.cookiebot.com/de/privacy-policy/.

Purpose

The service is used to manage the consent of website visitors (users) to activate cookies.

Type of data

When a website visitor (user) gives consent via this website, the following data is automatically logged by Cookiebot CMP:

• IP number of the user in anonymised form (by removing the last 16 bits of IPv4 addresses and the last 96 bits of IPv6 addresses)
• Date and time of consent
• User agent of the user’s browser
• URL via which the consent was given
• an anonymous, arbitrary and encrypted key value
• Consent status of the user, which serves as proof of consent

The above-mentioned key serves as proof of consent and offers the possibility to check the consent status stored in the user’s browser.

Legal basis

The use of the consent banner is based on my legitimate interests in the use of a tool for the automated and GDPR-compliant management of consents to cookies in accordance with Art. 6 para. 1 lit. f GDPR.

Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG, which you may have given in the cookie consent banner. You can withdraw this consent at any time by cancelling your consent in the consent banner.

Storage duration

According to Usercentrics, the data will be deleted after one year.

Data processing agreement

A data processing agreement (DPA) has been concluded with the provider for the use of the service. This is a contract prescribed by data protection law, which guarantees that the personal data collected will only be processed in accordance with my instructions and in compliance with the GDPR.

 

16. Changes to the privacy policy

This privacy policy is subject to change if legal provisions or the way in which data is processed change. Therefore, in your own interest, please keep yourself informed of any changes on this page. You can access the latest version of the privacy policy at www.manula-kummeter.com/datenschutz. The previous versions are made available as pdf files.

 

Status: January 2024