Owner and data controller
I. General remarks on data processing
1. Extent of processing of personal data
This website aims for data minimisation. Personal data are only collected when this is necessary for the nature of my content and services (see below).
2. Legal basis for the processing of personal data
Insofar as I obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPRas legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation, Art. 6 para. 1 lit. c GDPRas legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
If processing is necessary to cover the legitimate interests of my company or a third party, and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.
3. Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is no longer existing. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
Provision of the website, log files, IP-adresses, backups
Each time you visit my website, IP addresses are initially stored temporarily. This is necessary for the delivery of the website to the user’s computer. To do this, the user’s IP address must be kept for the duration of the session.
In my system there are no log files that could provide information about operating systems, browser type, referrer websites.
However, the IP addresses of my webhost company Webhostone.de (server location: Germany) are stored on its server for 10 days.
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
For web analysis, I use a simple statistics tool (Statify) that does not collect IP addresses (only hits are counted, not visitors).
A security plug-in is in use to prevent attackers by locking them out after a number of x attempts (identification by IP address) The IP address is encrypted (hashed) and the hashes are compared.
The backup of the website is stored at a data processor with whom I have a concluded a Data Processing Agreement.
The prevention of security breaches and of data loss is covered by Art. 6 para 1 lt. f GDPR.
Contacting me is possible via the provided e-mail address. In this case, the personal data transmitted by e-mail will be stored.There is no disclosure of the data to third parties. The data is used exclusively for maintaining the conversation.
The legal basis for the processing of the data transmitted in the course of sending a general e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
For a general email, this is the case when the conversation has come to an end. I consider it ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
In the case of the conclusion of a contract, the data from e-mail traffic that have initiated a transaction must be stored in accordance with the legal requirements: Legal basis for this: § 147 para. 1 AO (Abgabenordnung = tax code). Retention period: 6 years
If you revoke your consent to the processing of personal data, which you may do at any time, the conversation can not continue. Here is how it works: Send me an e-mail with the request. You will
then receive a verification email (to prevent someone else from deleting your data by pretending to be you) and afterwards a confirmation email as soon as the data is deleted.
Your Data Protection Rights
If your personal data is processed, you are a data subject in the sense of the GDPR and you have the following rights :
You have the right of access under Article 15 GDPR,
the right to rectification under Article 16 GDPR,
the right to erasure under Article 17 GDPR,
the right to restriction of processing under Article 18 GDPR,
the right of opposition under Article 21 GDPR
and the right to data portability under Article 20 GDPR.
In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG (Bundesdatenschutzgesetz).