IMPRINT & PRIVACY
Imprint
Vera Hanke
Heinr.-Vormbr.-Str. 33d
32313 Lübbecke
Tel.: +49 (0) 171 7088880 | +44 (0) 7449121810
E-Mail: v.hanke.uk@gmail.com
VAT identification number according to § 27 a UStG (German Value Added Tax Act): DE315460283
Privacy Notice
The protection of your personal rights and data is very important to us. We protect your data with appropriate technical and organizational measures and take the legal provisions concerning data protection very seriously, in particular the EU General Data Protection Regulation(GDPR) and the German Federal Data Protection Act (BDSG). This Privacy Policy explains which data we collect as well as the purposes for which we use this data.
1. The responsible person for the data processing via this website is
Vera Hanke
Heinr.-Vormbr.-Str. 33d
32313 Lübbecke
Tel.: +49 (0) 171 7088880 | +44 (0) 7449121810
E-Mail: v.hanke.uk@gmail.com
2. Fundamentals of our Data Processing
2.1 Legal basis for the data processing
In accordance with Article 13 GDPR, the legal basis for the data processing should be communicated to you. Unless the legal basis is specifically and separately mentioned in this Privacy Policy, the following applies:
The legal basis for data processing on the basis of a consent is Article 6 (1) (a) GDPR) and Art. 7 GDPR. The legal basis for the processing of data for the performance of our services and the execution of contractual measures, as well as the answering of service related requests is Article 6 (1) (b) GDPR. The legal basis for data processing in order to fulfill our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing based on our legitimate interests is Article 6 (1) (f) GDPR. Should vital interests of a data subject or another natural person require the processing of personal data, we base this data processing on Article 6 (1) (d) GDPR.
2.2 Disclosure of Data to Third Parties and Third Party Providers
We will only share your information with third parties (other persons or companies) if you consent thereto, or if we are otherwise permitted to by law. This may be the case, for example, where this is necessary in the context of the initiation of a contract or in order to fulfill a contractual obligation, Article 6 (1) (b) GDPR), or where it is necessary to fulfill a legal obligation under Article 6 (1) (c) GDPR) or if the transfer serves to ensure our legitimate interests in the efficient and effective operation of our business in accordance with Article 6 (1) (f) GDPR). If we involve subcontractors in the processing of your data, we will ensure that your data is protected and that the relevant legal provisions are adhered to by means of legal precautions and appropriate technical and organizational measures. Insofar as we commission third parties to process data on the basis of a so-called Data Processing Agreement, this is carried out on the basis of Article 28 GDPR. Should a subcontractor undertake data processing outside of the European Union or the European Economic Area on our behalf, this shall only take place where an adequate level of data protection has been ensured, if you have expressly consented thereto or where statutory authorization permits such a transfer.
2.3 Data Transfers to Third Countries
In some cases, data is processed by our service providers in so-called third countries. These are states located outside the European Union (EU) or the European Economic Area (EEA). This processing is carried out either to fulfill our (pre-) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. However, such processing only takes place if the specific conditions of Article 44 GDPR are fulfilled. Furthermore, in such cases an adequate level of data protection is ensured. In these third countries, either adequate guarantees are present, which confirm that EU-comparable levels of data protection exist (eg for the US through the "EU-US Privacy Shield"), or we engage and bind our service providers via special contractual clauses and obligations, so as to ensure an adequate level of data protection (so-called "EU Standard Contractual Clauses").
2.4 Deletion of Data
The data processed by us are deleted or limited in their processing in accordance with Article 17 and Article 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements and / or there is no legitimate interest in the re-storage on our part. Where the data cannot be deleted because it is required for another, legitimate purposes, its processing shall be restricted accordingly. The data shall be blocked and not processed for any other purposes. This applies, for example to data that must be kept for commercial or tax reasons. According to legal requirements in Germany, the retention takes place in particular for 6 years pursuant to § 257 Para. 1 of the Handelsgesetzbuch (German Commercial Code) (pertaining to trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Para. 1 Abgabenordnung (The Fiscal Code of Germany) (pertaining to books, records, Management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.). Where we explicitly inform you in this privacy policy, as to when data shall be deleted, then this specific statement shall of course apply at the time of deletion.
2.5 SSL – encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from "https://" to "https://" and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
3. Automatically Collected Data
Personal data is all data that can be assigned to an identified or identifiable person. Generally you can visit our website without informing us as to who you are. However, for technical reasons, your IP address will always be processed when you visit a website. Only then can the respective website be delivered to your browser.
3.1 Access data / server log files
We – or rather our hosting service provider on our behalf – automatically collects and stores information in so-called server log files, which your browser automatically sends to us when you visit our websites. These are: the name of the retrieved website, file, date and time of retrieval, amount of data transferred, message regarding successful retrieval, browser type and version, user's operating system, referrer URL (previously visited page), IP address and the requesting one provider.
This data processing is based on our legitimate interests (Article 6 (1) (f) GDPR). This data is collected for IT security reasons and in order to protect against unauthorized use. In this respect, we reserve the right to examine this data retrospectively if we become aware of any concrete indications of unlawful use. This data is not be merged with any other data. This data will be deleted within a maximum of 14 days after data collection, unless its continued storage is required in order to resolve a specific incident.
3.2 Data Collection via Cookies
On our website we use so-called cookies. Cookies are small text files that are stored on your computer and stored by your browser. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our online offer more user-friendly, effective and secure. We use so-called session cookies. The use of these cookies is technically necessary in order to e.g. allow you to set your language. However, no further data collection takes place. The cookies are usually deleted as soon as you close your browser. In addition, we use "persistent" cookies on our websites; or "permanent" cookies. These cookies remain stored until their expiration date or until you delete them. These cookies enable us to recognize your browser when you revisit our website. You can set your web browser in such a way that cookies are generally prevented from being saved to your device and/or that you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser's help function. Please note that generally deactivating cookies may lead to functional restrictions of our website.
4. Data that you Intentionally Provide to us
If you contact us (for example via email or by phone), your details will be processed by us in order to process your contact request and of course, in order to address it. If you are interested in our services or you provide us with your data for the establishment, creation of, or modification of a contractual relationship between you and us, we shall necessarily process your data for the fulfillment and preparation of this contract Article 6 (1) (b) GDPR). If you approach us regarding any other matter, we will conduct the associated data processing on the basis of our legitimate interest in effective external contact (Article 6 (1) (f) GDPR). The personal data transmitted to us during the establishment of contact will be stored, processed and subsequently deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements and / or there is no legitimate interest in the re-storage based on legitimate interest, on our part.
5. Hosting
We use the services of Heroku for the hosting of our website. The operator of this service is Salesforce Inc, The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105 USA. The hosting services we use are designed to provide the following services: website operations, computing capacity, disk space and database services; Security and technical maintenance. Our hosting provider processes contact data, inventory and content data, usage data, meta and communication data of customers, prospects and visitors to our website, on our behalf. This processing is carried out on the basis of our legitimate interests in the efficient and secure provision of our websites in accordance with. Article 6 (1) (f) GDPR as compared to Article 28 GDPR (Data Processing Agreement). The Heroku servers are also located outside the EU or EEA. However, Salesforce Inc. has the necessary contractual basis in order to guarantee an appropriate level of data protection. Specifically, Salesforce Inc. has privacy shield certification under the "EU-U.S. Privacy Shield "and also enforces so-called binding internal data protection regulations in accordance with Article 47 GDPR.
6. Google Services
6.1 Google Fonts
This website uses external fonts, specifically Web Fonts provided by Google to ensure the uniform use of fonts on this site. When you visit the Web site, your browser downloads the required fonts in your browser cache, so that the texts and fonts of this website can be displayed correctly. The integration of Google fonts takes place via a server call with Google (usually in the USA). In order to do this, technically Google has to process your IP address: Google collects statistics on which fonts are loaded in your browser for statistical purposes, but it does not set a cookie that would store personal data. If your browser does not support web fonts, a standard font will be used by your computer instead. For further information regarding Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google's Privacy Policy: https://www.google.com/policies/privacy/
Incidentally, you may opt out of Google for advertising purposes via issuing an opt-out at https://www.google.com/settings/ads. Google also processes your personal information in the United States, but is certified under the EU-US Privacy Shield Framework: https://www.privacyshield.gov/EU-US
6.2 YouTube Videos
We also play and display YouTube videos on our website (YouTube LLC 901 Cherry Ave. San Bruno, CA 94066 USA). YouTube is a subsidiary of Google Inc. We use YouTube videos to make our website effective and commercially viable. We therefore carry out the associated data processing on the basis of our legitimate interest (Article 6 (1) (f) GDPR). The YouTube videos are integrated in "advanced privacy" mode. This means that initially only some data are transmitted to Google and their subsidiaries and no cookies are set. However, if you watch the video, your IP address will be sent to YouTube and cookies will be set. YouTube then learns that you have viewed this video and which page you have visited on our website. If you are logged in to YouTube, this information will also be assigned to your user account. Depending on your settings in your user account, various cookies will also be set (including cookies for promotional purposes). We have no influence on how this data is processed by YouTube. The purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights in this respect and settings options for the protection of your privacy can be found in the privacy policy of YouTube: https://policies.google.com/technologies/ads?hl=en-GB
7. Your Rights
7.1 The Rights to Information and Access, Blocking and Deletion of Data
You have the right to request information as to whether and how data relating to you are processed by us. You also have the right to request further information and a copy of that data in accordance with Article 15 GDPR. In accordance with Article 16 GDPR you have the right to demand the completion of the data concerning you or the correction of incorrect data concerning you. In accordance with Article 17 GDPR, you have the right to demand that data relating to you be deleted without delay, or, alternatively, to request a restriction of the processing of data pertaining to you in accordance with Article 18 GDPR.
7.2 Right to Data Portability
In accordance with Article 20 GDPR, you have the right to have data, that we automatically process on the basis of your consent or in order to fulfill a contract, transferred to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible person in charge, this will only be done to the extent that it is technically feasible.
7.3 Right to Lodge a Complaint with a Relevant Supervisory Authority
If you are of the opinion that the processing of your personal data has not occurred in accordance with the provisions of the GDPR, you are free to lodge a complaint with the appropriate regulatory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
7.4 Right to Revoke your Consent to Data Processing
You have the right to revoke your consent to the processing of your data at any time,with effect for the future, via sending us a simple email to that effect. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
7.5 Right to Object to the Collection of Data
You have the option to object to the processing of your data at any time in accordance with the applicable statutory provisions. The objection may in particular be expressed against processing for direct marketing purposes. Insofar as we provide you with an opt-in Out option via this Privacy Policy, you can easily exercise your right of objection via this option.
8. Changes to this Privacy Policy
This Privacy Policy informs you as to the current data processing that takes place via our Websites. If changes are made, for example to the services we use, or the data processing we carry out, or in the event that the legal situation should change, we shall adapt this privacy policy accordingly. Of course, this only applies to the information contained in this Privacy Policy. In cases where your consent was required or where components of this Privacy Policy affect our contractual relationship with you, we will naturally not make any changes without your prior consent. We encourage you to keep yourself updated regarding the contents of this Privacy Policy, via reviewing it on a regular basis.