Privacy Policy
Table of Contents
- Preamble
- Controller
- Overview of Processing Activities
- Relevant Legal Bases
- Use of Online Platforms for Offer and Sales Purposes
- Newsletters and Electronic Communications
- Customer Reviews and Rating Procedures
- Social Media Presences
Preamble
The following Privacy Policy is intended to inform you about the types of personal data (hereinafter referred to as "data") we process, for what purposes, and to what extent. This Privacy Policy applies to all processing activities involving personal data carried out by us, both in the course of providing our services and, in particular, on our websites, within mobile applications, and across our external online presences, such as our social media profiles (collectively referred to hereinafter as the "online offering").
The terminology used is gender-neutral.
Controller
Leander Rose
c/o Jenbachmedia
Grünthal 109
83064 Raubling
Germany
Email: leanderrose@gmx.net
Overview of Processing Activities
The following overview summarizes the types of data we process, the purposes of processing, and the categories of individuals affected.
Types of Data Processed:
- Inventory data
- Payment data
- Contact data
- Content data
- Contractual data
- Usage data
- Meta, communication, and procedural data
Categories of Data Subjects:
- Service recipients and clients
- Interested parties
- Communication partners
- Users
- Business and contractual partners
Purposes of Processing:
- Fulfillment of contractual services and obligations
- Communication
- Direct marketing
- Conversion tracking
- Feedback
- Marketing
- Provision and optimization of our online offering and user experience
- Public relations
- Business processes and administrative procedures
Relevant Legal Bases
Legal bases under the GDPR: Below is an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or establishment may apply. If more specific legal bases are applicable in individual cases, we will inform you of them in this Privacy Policy.
- Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection regulations in Germany:
In addition to the GDPR, national data protection laws apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions concerning the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated individual decision-making, including profiling. Additionally, the data protection laws of the individual federal states (Länder) may apply.
Legal bases under Swiss data protection law:
If you are located in Switzerland, we process your data on the basis of the Swiss Federal Act on Data Protection (FADP). Unlike the GDPR, the Swiss FADP generally does not require the specification of a legal basis for processing personal data. Instead, data must be processed lawfully, in good faith, and in a proportionate manner (Art. 6(1) and (2) FADP). Furthermore, personal data is only collected for a specific, recognizable purpose and processed only in a manner compatible with that purpose (Art. 6(3) FADP).
Note on applicability of GDPR and Swiss FADP:
These data protection notices are intended to fulfill the information requirements of both the Swiss FADP and the GDPR. Therefore, for broader applicability and easier understanding, the terminology of the GDPR is used throughout. Specifically, instead of the terms used in the Swiss FADP such as "processing" of "personal data," "overriding interest," and "sensitive personal data," we use the corresponding GDPR terms "processing" of "personal data," "legitimate interest," and "special categories of personal data." However, the legal meaning of these terms is interpreted according to the Swiss FADP when applicable.
Use of Online Platforms for Offer and Sales Purposes
We offer our services via online platforms operated by other service providers. In this context, the privacy policies of the respective platforms apply in addition to our own. This is especially relevant for payment processing and procedures implemented on the platforms for reach measurement and interest-based marketing.
Types of data processed:
- Inventory data (e.g. full name, residential address, contact information, customer number, etc.)
- Payment data (e.g. bank details, invoices, payment history)
- Contact data (e.g. postal and email addresses or telephone numbers)
- Contract data (e.g. subject matter of the contract, duration, customer category)
- Usage data (e.g. page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions)
- Meta, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved)
Data subjects:
- Service recipients and clients
- Business and contractual partners
- Prospective customers
Purposes of processing:
- Fulfillment of contractual services and contractual obligations
- Marketing
- Business processes and organizational procedures
- Conversion measurement (evaluating the effectiveness of marketing activities)
- Provision of our online services and user-friendliness
Storage and deletion: Deletion is carried out in accordance with the details provided in the section "General Information on Data Retention and Deletion."
Legal bases:
- Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR)
- Legitimate interests (Art. 6(1)(f) GDPR)
Further information on processing activities, procedures, and services:
Amazon: Online marketplace for e-commerce; Service provider: Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.amazon.de; Privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010; Third-country transfer basis: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF)
Newsletter and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") only with the consent of the recipients or based on a legal basis. If the content of the newsletter is specified during the registration process, it is decisive for the users' consent. Normally, providing your email address is sufficient to subscribe to our newsletter. However, to offer a personalized service, we may ask for your name for personal salutation or for additional information if necessary for the newsletter's purpose.