Privacy

Preamble

With the following privacy policy, we aim to inform you about the types of personal data (hereinafter referred to as „data“) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and specifically on our websites, mobile applications, and external online presences, such as our social media profiles (hereinafter collectively referred to as „online offer“).

The terms used are not gender-specific.

Date: February 4, 2024

Table of Contents

  • Preamble
  • Data Controller
  • Overview of Processing
  • Relevant Legal Bases
  • Security Measures
  • Provision of the Online Offer and Web Hosting
  • Contact and Inquiry Management
  • Web Analysis, Monitoring, and Optimization
  • Data Controller

Data Controller

Johannes Krüger
Breite Str. 8
16225 Eberswalde
me@johanneskr.de
Phone: 03334-4299583
Imprint

 

Overview of Processing

The following overview summarizes the types of data processed and the purposes of processing, as well as the affected individuals.

Types of Processed Data

  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Affected Persons

  • Communication partners.
  • Users.

Purposes of Processing

  • Contact requests and communication.
  • Security measures.
  • Reach measurement.
  • Management and response to inquiries.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online offer and user-friendliness.
  • IT infrastructure.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations in your or our country of residence may apply. If specific legal bases are relevant in individual cases, we will inform you in the privacy policy.

  • Consent (Art. 6 para. 1 S. 1 lit. a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, do not override those interests.

National data protection regulations in Germany: In addition to the GDPR data protection regulations, national regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making, including profiling. Additionally, state data protection laws of the individual federal states may apply.

Note on the Applicability of GDPR and Swiss DPA: This privacy notice serves both as information under the Swiss Federal Data Protection Act (Swiss DPA) and under the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader geographical scope and clarity, terms from the GDPR are used. Specifically, instead of terms used in the Swiss DPA such as „processing“ of „personal data“, „prevalent interest“ and „particularly sensitive personal data“, terms from the GDPR like „processing“ of „personal data“, „legitimate interest“ and „special categories of data“ are used. However, the legal meaning of the terms will still be determined according to the Swiss DPA.

 

Security Measures

We implement technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying probabilities of occurrence and the severity of risks to the rights and freedoms of natural persons, to ensure an appropriate level of protection.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data through control of physical and electronic access to data, as well as access to, input to, transmission of, securing the availability of, and separation of data. Additionally, we have procedures in place to enable the exercise of data subject rights, data deletion, and responses to data breaches. Furthermore, we consider data protection by design and by default when developing or selecting hardware, software, and procedures, in line with the principle of data protection through technology design and by default settings.

IP Address Truncation: If IP addresses are processed by us or by the service providers and technologies used, and the processing of a full IP address is not necessary, the IP address will be truncated (also known as „IP masking“). In this process, the last two digits, or the last part of the IP address after a dot, are removed or replaced with placeholders. The purpose of IP address truncation is to prevent or significantly impede the identification of a person based on their IP address.

TLS/SSL Encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

 

Provision of the Online Offer and Web Hosting

We process user data to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

 

Processed Data Types:

  • Usage data (e.g., visited websites, interest in content, access times);
  • Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status);
  • Content data (e.g., entries in online forms).

Affected Persons:

  • Users (e.g., website visitors, online service users).

Purposes of Processing:

  • Provision of our online offer and user-friendliness;
  • IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.));
  • Security measures.

Legal Bases:

  • Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

Matomo: Matomo is software that is used for the purposes of web analysis and reach measurement. When Matomo is used, cookies are generated and stored on the user’s device. The user data collected when using Matomo is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Deletion of data: The cookies are stored for a maximum period of 13 months.