Teresa Lea-Marie Kahlenbach
Turmgasse 8
73525 Schwäbisch Gmünd
Germany
E-Mail: hello@teresakahlenbach.com
Imprint:
www.teresakahlenbach.com/info/imprint
Contact Data Protection Officer:
hello@teresakahlenbach.com
Overview of Data Processing:
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.
Types of Data Processed:
Usage data.
Meta, communication, and process data.
Categories of Data Subjects:
Users.
Purposes of Processing:
Security measures.
Reach measurement.
Tracking.
Profiles with user-related information.
Provision of our online offer and user-friendliness.
Information technology infrastructure.
Relevant Legal Bases:Please find below an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, specific legal bases may be relevant in individual cases and will be communicated to you in the privacy policy.
Consent (Art. 6 para. 1 p. 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
In addition to the data protection regulations of the GDPR, national data protection regulations in Germany apply. This includes in particular the Federal Data Protection Act (BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of employment (Section 26 BDSG), in particular with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. In addition, data protection laws of the individual federal states may apply.
Security Measures:
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to data and access, input, transmission, securing availability, and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. We also take the protection of personal data into account during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings.
Transmission of Personal Data:
As part of our processing of personal data, it may be necessary to transfer the data to other entities, companies, legally independent organizational units, or persons or to disclose them to them. Recipients of this data may include, for example, IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
Data Processing in Third Countries:
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies, this will only occur in compliance with legal requirements.Subject to explicit consent or contractual or legal requirements, we process or have data processed in third countries only if the processing takes place in accordance with the legal requirements.
Deletion of Data:
The data processed by us will be deleted or their processing restricted in accordance with legal requirements. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or for which storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.As far as the GDPR is applicable, we will provide users with additional information on data deletion and storage within the framework of our data processing procedures.
Use of Cookies:
Cookies are small text files or other storage technologies that store information on users' devices and can retrieve information from them. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the pages visited, or functions used in an online offer. Cookies can also be used for various purposes, e.g. for the functionality, security, and convenience of online offers, as well as for the creation of user flow analyses.
Information on Consent:
We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless this is not required by law. Consent is not required, in particular, if storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offer) explicitly requested by them. Revocable consent is clearly communicated to users and includes information on the respective cookie usage.
Information on Legal Bases for Data Protection:
The legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the economical operation of our online offer and its usability) or, if the use of cookies is necessary to fulfill our contractual obligations, on the legal basis of contract fulfillment. We will inform users about the purposes for which cookies are processed within the framework of this privacy policy or as part of our consent and processing procedures.
Storage Period:
In terms of storage duration, the following types of cookies are distinguished:Temporary cookies (also: session or session cookies):
Temporary cookies are deleted at the latest after a user leaves an online offer and closes his browser or exits the application.
Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Likewise, data collected using cookies can be used for reach measurement. If we do not provide explicit information on the type and duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.
General Information on Revocation and Objection (Opt-Out):
Users can revoke their consent given at any time and also object to processing in accordance with legal requirements, in particular to processing for direct marketing purposes.
Right to Object to Processing Based on Legitimate Interests: Users may object to the processing of their personal data based on our legitimate interests at any time for reasons arising from their particular situation. Users have the right to object to the processing of their personal data for purposes of direct marketing at any time.
Withdrawal of Consent: Users can revoke their consent at any time with effect for the future. This also applies to the processing of personal data based on the previous consent.
Information on Data Security: We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
Such measures shall include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, safeguarding the availability, and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings.
SSL Encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Integration of Third-Party Services and Content:
Within our online offer, we rely on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit times, and other information about the use of our online offer, as well as be linked to such information from other sources.
Google Analytics:
On the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analysis service of Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer, and to provide us with further services associated with the use of this online offer and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We use Google Analytics only with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about Google's data usage, settings, and opt-out options, please visit Google's websites: https://www.google.com/intl/en/policies/privacy/partners ("How Google uses information from sites or apps that use our services"), https://policies.google.com/technologies/ads ("Use of data for advertising purposes"), and https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertising").
Online presence in social media:
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.Unless otherwise stated in our privacy policy, we process users' data when they communicate with us within social networks and platforms, e.g., write posts on our online presences or send us messages.
Integration of services and contents of third parties:
Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always presupposes that the third-party providers of this content perceive the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the display of this content. We endeavor to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit times, and other information about the use of our online offer, as well as be linked to such information from other sources.
The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on the processing of data and, in part already mentioned here, options for objection (so-called opt-out):
External fonts from Google, LLC., https://www.google.com/fonts ("Google Fonts"). The integration of the Google fonts takes place by a server call at Google (usually in the USA). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://ads