Data Privacy Statement

The topic of data protection is governed by the EU General Data Protection Regulation (GDPR).

Since I take privacy very seriously, a use of my online offer is basically possible without personal data. However, a processing of personal data may be required if certain services of my online offer are used on a voluntary basis.

What data is collected in what context and to what extent, how and for what purpose it is processed and how long it is stored, what I do to protect personal data and whom to contact if you have any questions, I describe in this privacy statement. In addition, I inform affected persons about their rights.

The most important recurring terms are explained at the end of this Data Privacy Statement. Other terms are explained at the appropriate location.

Table of contents

1. Responsible person

The responsible person within the means of the EU General Data Protection Regulation (GDPR) is:

Jan Maria Dondeyne
Mudersbacherstrasse 7
35644 Hohenahr-Altenkirchen


2. Types of processed data

Basically, data can be assigned to one or more of the following groups:

Personal data is all information that relates to an identified or allows to identify a natural person (hereinafter the "affected person"). This includes, for example, information such as name, address, e-mail address, telephone number and date of birth. However, IP addresses, location data or other aggregated user data (user behavior) in conjunction or combined with other personal characteristics as expression of a physical, physiological, genetic, mental, economic, cultural or social identity may also identify an affected person.

No personal data, on the other hand, is all information that does not allow to make any connection to the person affected (or would allow this only with disproportionate effort). This can e.g. also be achieved by anonymization and the separate processing and storage of different data.

The processing of personal data always requires a legal basis or consent of the affected person. If the processing of personal data is required and there is no legal basis for it, I generally seek the consent of the affected person.

Processed personal data will be deleted as soon as the purpose of the processing has been achieved and no legally required retention requirements have to be maintained. If this is the case, processing is restricted.

If I process personal data for the provision of certain offers, I inform about the specific processes, the scope and purpose of the data processing, as well as the legal basis for the processing and the respective retention period below:

4. Commissioned processing and transfer to third parties

If I disclose data to third parties or commissioned processors, provide them with or otherwise grant access to the data, this is done only:

In order to realize my online offer, I use the following commissioned processors, which I have carefully selected (also in view of data protection) and with whom I have concluded order commissioned processing contracts:

5. Transfer to third countries

Transmission to third countries (i.e. outside the European Union (EU) or the European Economic Area (EEA)) only takes place in connection with the use of third party services, the transmission of data to third parties in order to fulfill my (pre) contractual obligations, based on your consent, required by a legal obligation or based on my legitimate interests.

Subject to legal or contractual permissions, I process or let the data being processed in a third country only in the presence of the special conditions of Art. 44 et. seq. GDPR. That means the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

6. Integration of third-party services and contents

On the basis of my legitimate interests within the meaning of Art. 6 par. 1 lit. f. GDPR, I may integrate third-party content and services, for example to include videos or fonts in my online offer (hereinafter referred to collectively as "Content").

This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not deliver the content to their browser without the IP address. The IP address is therefore required for the presentation of this content.

I strive to use only content providers who use the IP address solely to deliver the content, since third-parties may also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes which can evaluate the traffic of my online offer. In addition, cookies could be stored on the users' devices, containing technical information, usage data and meta / traffic data that may be read by the third-parties and associated with information from other sources.

The following contents or services can be integrated in my online offer:

7. Safety measures

As the responsible person, I have taken technical and organizational measures to ensure the most complete protection possible for personal data processed via my website. However, I would like to point out that data transmission on the Internet (for example, when communicating via e-mail) generally involves security gaps, so that absolute protection can not be guaranteed. Therefore, every person concerned is free to send personal data to me by alternative means, for example by telephone or mail.

SSL encryption

I use SSL encryption throughout my online offering for security and privacy reasons. According to the state of the art, confidential contents and personal data which an affected person transmits to me via my website can not be read by third parties.

You can recognize an encrypted connection by the fact that "https://" is in front of the Internet address in the address bar of your browser instead of "http://". In addition, a lock symbol is displayed in or next to the address bar in most common browsers.

8. Storage duration, routinely deletion and blocking of data

I only process and store personal data of affected persons for the period required to achieve the purpose of the storage or as provided in the laws or regulations to which I am subject by the European Directives and Regulators or any other legislator.

If the storage purpose is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

9. Rights of affected persons

From the GDPR the following rights arise for each person affected by a data processing, which I am obliged to point out:

10. Right of objection

According to Art. 21 GDPR you have the right to refuse the processing of your personal data, which happens based on legitimate interests according to Art. 6 par. 1 s. 1 lit. f GDPR, and to file an objection if there are reasons for this arising from your particular situation or if the objection is directed against direct mail.

In the case of direct mail, there is a general right for objection, which I implement without statement of a particular situation.

Art. 6 par. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the affected person is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6 par. 1 lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6 par. 1 lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the affected person or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 par. 1 lit. d GDPR. Finally, processing operations could be based on Article 6 par. 1 lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the affected person which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the affected person is a client of the responsible person (Recital 47 Sentence 2 GDPR).

12. Provision of personal data as statutory or contractual requirement

I inform you that the provision of personal data is partly required by law (such as tax regulations) or may result from contractual arrangements (such as details of the contractor). Occasionally it may be necessary for a contract to be concluded that an affected person provides me with personal data that must subsequently be processed by me. For example, the affected person is required to provide me with personally identifiable information when I conclude a contract with her, otherwise it would mean that the contract with the affected person could not be closed.

The affected person must contact me prior to any provision of personal data by the person concerned. I clarify to the individual on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of the non-provision of the personal data.

13. Miscellaneous

Existence of automated decision-making and profiling

I renounce automatic decision making or profiling.

Changes of the data privacy statement

I reserve the right to change this Data Privacy Statement from time to time so that it always complies with the current legal requirements or to implement changes in my services or technical features of my online offer in the Data Privacy Statement (e.g. when introducing new services). Your new visit will be subject to the new Data Privacy Statement.

The current status of this Data Privacy Statement is always available on my website.

Objection to commercial data usage and advertising

The collection, use and transfer of my own contact data published as part of the imprint obligation as well as other personal data mentioned on any of my pages for commercial purposes or the sending of not explicitly requested advertising is hereby contradicted. I reserve the right to take legal action in the event of such use or the unsolicited sending of promotional information, such as spam e-mails.

14. Terms and definitions

Personal data means any information relating to an identified or identifiable natural person (“affected person”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Affected person or data subject is any identified or identifiable natural person, whose personal data is processed by the person responsible for the processing.

Responsible is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data.

Third party is a natural or legal person, public authority, agency or other body which is not, however, the affected person, the person responsible, a commissioned processor or a person who is under the direct responsibility of the responsible person or commissioned processor and allowed to process personal data.

Commissioned processor is a natural or legal person, agency, agency or other body that processes personal data on behalf of the responsible person.

Consent of the affected person is any freely given, specific, informed and unambiguous indication of the affected person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific affected person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

As of: May 2018

Customized by the website owner. This Data Privacy Statement has been generated by the Privacy Policy Generator of the German Association for Data Protection, who acts as external data protection officer in Munich. It was developed in cooperation with the Privacy Lawyer Christian Solmecke.