Privacy Policy

As of: 23 November 2024

Responsible
Benjamin Stühler
Crevennastr. 2
97072 Würzburg

Email address:
bennystuehler@gmail.com

Applicable Legal Bases

Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please be aware that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or purposes.

Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection in Germany apply. This includes in particular the Federal Data Protection Act (BDSG), which contains specific provisions regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes, and the transfer as well as automated decision-making in individual cases, including profiling. Moreover, state data protection laws of the individual federal states may apply.

Notice on the Applicability of GDPR and Swiss DPA: These data protection notices serve to inform you under both the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). For this reason, please note that, due to the broader geographical application and comprehensibility, the terms of the GDPR will be used. Specifically, instead of the terms used in the Swiss DPA "processing" of "personal data" and "overriding interest," the terms used in the GDPR "processing" of "personal data" and "legitimate interest" will be employed. However, the legal significance of the terms will continue to be determined under the Swiss DPA.

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected individuals.

Types of processed data
Usage data.
Meta, communication, and procedural data.
Categories of affected persons
Users.
Purposes of processing
Security measures.
Providing our online services and user-friendliness.
Information technology infrastructure.

Security Measures

We take appropriate technical and organizational measures based on the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, availability assurance, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and reactions to data threats. Additionally, we consider the protection of personal data from the outset during the development or selection of hardware, software, and processes according to the principle of data protection by design and by default.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that the data is transferred to other locations, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include service providers commissioned with IT tasks or suppliers of services and content that are integrated into a website. In such cases, we adhere to the legal requirements and, in particular, conclude relevant contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or the processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this occurs only in accordance with the legal requirements.

Subject to explicit consent or required transfer by contract or law (see Art. 49 GDPR), we process or permit the data to be processed only in third countries with an adequate level of data protection (Art. 45 GDPR), where contractual obligations are in place and comply with the so-called standard contractual clauses of the EU Commission (Art. 46 GDPR) or where certifications or binding internal data protection regulations exist (see Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Trans-Atlantic Data Privacy Framework (TADPF): In the context of the so-called "Trans-Atlantic Data Privacy Framework" (TADPF), the EU Commission has also recognized the level of data protection for certain companies from the USA. You can find the list of certified companies as well as further information about the TADPF on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). Information in German and other languages can be found on the website of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en. We will also inform you about the companies we use that are certified under the Trans-Atlantic Data Privacy Framework.

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the content viewed, or functions used of an online offer. Cookies can also be used for various purposes, such as for the functionality, security, and comfort of online offers as well as for creating analyses of visitor flows.

Notes on Consent: We use cookies in accordance with the legal requirements. Therefore, we obtain prior consent from users, unless this is not legally required. Consent is particularly not necessary when the storage and reading of the information, including cookies, is absolutely necessary to provide users with a telemedia service that they explicitly request (i.e., our online offer). Absolutely necessary cookies typically include cookies with functions necessary for displaying and operating the online offer, load balancing, security, storing user preferences and options, or similar purposes related to providing the main and ancillary functions of the online offer requested by users. The revocable consent is clearly communicated to users and includes information about the respective cookie use.

Notes on Data Protection Legal Bases: The legal basis for processing the personal data of users using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the expressed consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the commercial operation of our online offer and improving its usability) or, if this is necessary for fulfilling our contractual obligations, when the use of cookies is required to meet our contractual obligations. We will clarify what purposes the cookies are processed for during this privacy policy or in the context of our consent and processing procedures.

Storage Duration: With respect to the storage duration, the following types of cookies are distinguished:

Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).

Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, login status can be stored, or preferred content can be displayed directly when the user visits a website again. The data collected via cookies can also be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of the cookies (e.g., during the consent process), users should assume that cookies are permanent and the storage duration can last up to two years.

General Notes on Revocation and Opposition (so-called "Opt-Out"): Users can withdraw any consent they have given at any time and oppose the processing in accordance with legal requirements. For this, users can, among other things, restrict the use of cookies in their browser settings (which may affect the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further notes on processing procedures, processes, and services:

Processing of Cookie Data Based on Consent: We implement a cookie consent management procedure in which the consents of users to the use of cookies, as well as the processing and providers mentioned in the cookie consent management procedure, can be obtained, managed, and revoked by users. Here, the consent declaration is stored to prevent repeated requests and to demonstrate compliance with legal obligations. Storage can take place on the server side and/or in a cookie (so-called Opt-In cookie, or using comparable technologies) to be able to assign the consent to a user or their device. Subject to individual statements regarding the providers of cookie management services, the following notes apply: The duration of storage for consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers) as well as the browser, system, and used end device; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Provision of Online Offer and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).

Affected Persons: Users (e.g., website visitors, online service users).

Purpose of Processing: Providing our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.

Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

Collection of Access Data and Logfiles: Access to our online offer is logged in the form of so-called "server logfiles." Server logfiles can include the address and name of the retrieved websites and files, date and time of retrieval, data volumes transmitted, report of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the querying provider. Server logfiles can be used for security purposes, e.g., to prevent server overload (especially in case of abusive attacks, so-called DDoS attacks), and also to ensure the load of servers and their stability; Legal bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of Data: Logfile information is stored for a maximum duration of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidential purposes is exempt from deletion until the final clarification of the respective incident.

Plugins and Embedded Functions as well as Content

We incorporate functional and content elements into our online offer that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (hereinafter referred to collectively as "content").

The integration always requires that the third-party providers of these contents process the users' IP addresses, as they cannot send the content to the users' browsers without the IP address. The IP address is thus required for the display of these contents or functions. We strive to use only those contents whose respective providers use the IP address solely for delivering the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users' devices and may include technical information about the browser and operating system, referring websites, visit time, and further usage details of our online offer and may also be combined with such information from other sources.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).

Affected Persons: Users (e.g., website visitors, online service users).

Purpose of Processing: Providing our online offer and user-friendliness.

Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

Google Fonts (sourced from the Google server): Sourcing fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols regarding currency and loading times, their uniform display, and taking possible licensing restrictions into account. The font provider is provided with the user's IP address so that the fonts can be made available to the user's browser. Additionally, technical data (language settings, screen resolution, operating system, used hardware) are transmitted, which are necessary for providing the fonts depending on the devices and the technical environment used. This data may be processed on a server of the font provider in the USA - When visiting our online offer, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the cascading style sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the webpage where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. These data are logged to allow Google to determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must adjust the font generated for the respective browser type. The user agent is primarily logged for debugging and is used to generate aggregated usage statistics, which measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for maintaining production and generating an aggregated report on top integrations based on the number of font requests. According to its own information, Google does not use any of the information collected by Google Fonts to create user profiles or serve targeted advertisements; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Further Information: https://developers.google.com/fonts/faq/privacy?hl=en.

Created using free data protection generator from Dr. Thomas Schwenke