Privacy Notice
Introduction
We are committed to safeguarding your personal data. We treat your personal data confidentially and in compliance with applicable data protection legislation such as the General Data Protection Regulation (GDPR), and with this privacy policy. You can generally use this website without indication of any personal information. If the processing of personal data is necessary and there is no statutory basis for such processing, we obtain your consent. This privacy policy informs you of the nature, scope, and purpose of the personal data we collect and process, and of your rights in relation to your personal data. It applies where we act as a data controller with respect your personal data, i.e. where we determine the purposes and means for processing your personal data. For more information about the terminology used, for example ‘processing’, ‘processor’, or ‘controller’, please consult the definitions provided in article 4 of the GDPR. Internet-based data transmissions (for example when communicating via email) may have security gaps and comprehensive protection against third-party access can therefore not be guaranteed.
Our details
Nicole Shephard
How we use your personal data
We may process usage data (for example browser type, referral source, page views), contact information (for example name, email), and enquiry or correspondence data (for example information contained in communications between you and us). We may process this data for the purposes of operating this website, providing our services, ensuring the security of this website and our services, communicating with you, analysing the usage of this website and our services, managing our customer relationships, keeping record, and marketing our services.
Legal basis
In accordance with article 13 of the GDPR, this section explains the legal basis for our data processing. Where the legal basis is not specifically addressed throughout this privacy policy, the following applies: The legal basis for obtaining consent is article 6(1a) and article 7 GDPR. The legal basis for processing data to perform our contracts and respond to inquiries is article 6(1b) GDPR. The legal basis for data processing in order to fulfil our legal obligations is article 6(1c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is article 6(1f) GDPR. In the unlikely event that your (or another natural person’s) vital interests require the processing of personal data, article 6(1d) GDPR serves as legal basis.
Processors and third parties
Where we disclose data to other persons and companies (processors or third parties), transmit data or otherwise grant them access to data, we do so based on your consent, a legal obligation, a legal permission (for example transmitting data to a payment service provider to fulfil a contract, pursuant to article 6(1b) GDPR), or our legitimate interests pursuant to article 6(1f) GDPR (for example the use of agents or hosting services). Where we commission third parties to process data by the means of a so-called ‘data processing agreement’, this is based on article 28 GDPR.
Processing in third countries
We may process data in a third country (outside the European Union (EU) or the European Economic Area (EEA)), use third party services, or disclose or transmit data to third parties that do so. We will only do this to fulfil our (pre)contractual obligations, based on your consent, based on legal obligations, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only under the conditions detailed in articles 44 ff GDPR. Data processing in third countries may for example be based on specific guarantees, such as an officially recognised level of data protection equivalent to the EU (such as the Privacy Shield framework for the US) or compliance with officially recognised contractual obligations (so-called ‘standard contractual clauses’).
Your rights as a ‘data subject’
You have the right to obtain a confirmation as to whether or not your personal data is being processed, to information about this data as well as to a copy of the data based on article 15 GDPR. You have the right to demand the completion or rectification of incomplete or inaccurate personal data about you based on article 16 GDPR. You have the right to demand that personal data about you be erased (the so-called ‘right to be forgotten’) based on article 17 GDPR. Alternatively, you have the right to require a restriction on the processing of your personal data based on article 18 GDPR. You have the right to obtain your personal data provided to us and to transmit that data to another controller based on article 20 GDPR. Should you consider our processing of your personal data to infringe on data protection laws, you have the right to lodge a complaint with the relevant supervisory authority based on article 77 GDPR. To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw consent to future processing at any time based on article 7(3) GDPR. Please note that your withdrawal of consent will not affect the lawfulness of past data processing. You can object to the future processing of your personal data based on article 21 GDPR at any time (including against processing for direct marketing purposes).
Cookies
Cookies are small text files containing an identifier that your browser receives from a web server and stores locally. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies serve to make our offer more user-friendly, effective and secure. Most of the cookies we use are so-called ‘session cookies’ that expire automatically at the end of the user session, when the web browser is closed. Other cookies remain stored on your device until you delete them and allow us to recognise your browser the next time you visit. You can set your browser so that you are informed about the setting of cookies, allow cookies only in particular cases, generally deactivate cookies, or activate the automatic deletion of cookies upon closing your browser. Disabling cookies may limit the functionality of this website. You can generally opt out of the use of cookies devised for online marketing purposes (particularly in the case of tracking) via a variety of providers, see for example the US website YourAdChoices or the EU website Your Online Choices.
Deletion of personal data
We delete or restrict the processing of your personal data based on articles 17 and 18 GDPR. Personal data that we process for any purpose will not be stored for longer than necessary for that purpose. We may retain personal data longer where the deletion would conflict with any statutory storage requirements or such retention is required for compliance with legal obligations to which we are subject.
Server logfiles
We (respectively our hosting provider) collects data on every access to the server on which this website is hosted (so-called server logfiles) based on article 6(1f) GDPR. This data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of retrieval, browser type and version, operating system, referrer URL (previously visited page), IP address and the requesting provider. This data cannot be assigned to specific persons and we don’t merge this data with other data sources. We may check this data retrospectively if we have indication of unlawful access. Logfile information is stored for security purposes (for example to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data required as evidence of an infringement is exempted from deletion until final clarification of the incident.
Hosting
The hosting facilities this website uses are located in Germany. We use hosting services for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services required to operate this website. We, respectively our hosting provider, may processes contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our services based on article 6(1f) GDPR in conjunction with article 28 GDPR.
Provision of contractual services
We process contact details (such as names, addresses) and other contractual data (such as services used and communications related to contractual services) for the purpose of fulfilling our contractual obligations and providing our services in accordance with article 6(1b) GDPR. Storage of this data is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorised use. A transfer of this data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with article 6(1c) GDPR. We delete this data after expiration of any legal warranty and comparable obligations; the necessity of storing this data is reviewed every three years. In case of legal obligations to archive, deletion takes place after its expiration.
Legal obligations and business management
To comply with legal obligations and manage our business we process contact details (such as names, addresses, email, phone numbers) and other contractual data (such as services provided) based on article 6(1c) and 6(1f) GDPR. This processing affects customers, prospective customers and business partners. The purpose and interest in processing lies in administrative tasks, accounting, and business organisation. That is, in tasks that serve the maintenance of our business, the fulfilment of our duties and the provision of our services. We disclose or transmit data to the relevant financial authorities, consultants such as tax accountants or auditors, and payment service providers. Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, for example for the purpose of later contact. This primarily business-related data may be stored permanently.
Contact
When you contact us (for example by contact form, e-mail, telephone or via social media), your user information may be processed for the purpose of handling your request based on article 6(1b) GDPR. User information may furthermore be stored in a Customer Relationship Management System or comparable tool. We delete such requests, if they are no longer necessary and we review their necessity every two years. All legal archiving obligations apply.
Analytics with Matomo
We use Matomo for our web analytics. For this purpose, the following data is processed on the basis of our legitimate interests (i.e. the analysis, optimisation and operation of our website) as defined in article 6(1f) GDPR: the type of browser you use and the browser version, the operating system you are using, your country of origin, the date and time of the server request, the number of visits, how long you have spent on the site, and the external links you have clicked. Your IP address is anonymised before saving. Matomo uses cookies stored on users’ computers that allow us to analyse how users use the website. The information generated by the cookie about your use of this website is only stored on our server and not disclosed to third parties. You can object to the anonymised data collection by Matomo at any time (with effect for the future) by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser, with the result that Matomo no longer collects session data. If users delete their cookies, however, this opt-out cookie is also deleted and will have to be reactivated by the user. The logs with the usage data will be deleted after 6 months at the latest.
[matomo_opt_out font_color=666666 font_size=20px font_family=Lora width=100% ]Online presence on social media
We maintain an online presence on social networks and platforms in order to communicate with customers, prospective customers and users who are active there and to inform them about our services. When visiting those networks and platforms, the terms and conditions and the data processing guidelines of the respective platform operators apply. Unless stated otherwise in this privacy policy, we process users’ data as long as they communicate with us on social networks and platforms, for example write posts on our online presence or send us messages.
Embedded content from other websites
Based on our legitimate interests (i.e. the analysis, optimisation and operation of our website) as defined in article 6(1f) GDPR, we use third-party content or service provisions in order to embed content such as videos or fonts on our website (collectively referred to as ‚content‘). For such content to be displayed in your browser, the third-party content provider requires your IP address. Third parties may use so-called pixel tags (invisible graphics, also referred to as ‚web beacons‘) for statistical or marketing purposes. Pseudonymous information may also be stored in cookies on your device and can include technical information about the browser and operating system, referring web pages, time of the visit and other information regarding the use of our website. This section details which third-party content or service providers we may use and how you can control their use of users‘ data.
Vimeo
To illustrate our website, we may embed videos from Vimeo, a platform operated by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. When you watch these videos, Vimeo may set cookies. We do not control the placement of these cookies; for more information please refer to Vimeo’s privacy policy. Vimeo may use Google Analytics, please refer to Google’s privacy policy for this, opt out of Google Analytics here, or control Google’s ad settings here.
Youtube
To illustrate our website, we may embed videos from YouTube, a platform operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you watch these videos, YouTube may set cookies. We do not control the placement of these cookies; for more information please refer to YouTube’s privacy policy for more information or opt out here. Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection legislation.
Google Fonts
We may embed Google Fonts offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Please refer to Google’s privacy policy for more information. Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection legislation.
To illustrate our website, we may embed content from Twitter, a platform operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Please refer to Twitter’s privacy policy for more information. Twitter is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection legislation.