Ladies and gentlemen,
this website is based in Germany and, as such, must must must comply with the General Data Protection Regulation 2016/679, which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. That rocks because knowing what is happening with our data is great.
While saying “us” and “we” is cute, it’s important to step up and own your stuff. The person responsible would be me, Anaïs (pronounced Ah-nah-ees). Here are the specs:
Let’s Work Magic
(I love hand-written cards.)
In the following section I’ll be referring to myself as the Owner, with a capital “O” because it’s what makes you feel almighty on your own website. Just kidding. It’s what my legal admin support provided me with and I ain’t touching the copy because #coveryourass(ets).
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
Inventory data (as names, addresses)
Contact data (as e-mail, phone numbers, mailings)
Content data (as text input, videos, photos)
Meta data (as IP-addresses, Device Information)
The basis for data processing is Art. 6 (1) (f) DSGVO (hereafter referred to as GDPR because that’s what you folks call in in english), which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
WHY WE COLLECT PERSONAL INFORMATION
To Provide our service online
To respond to your requests and communicate with you
Ratings measurement/marketing: when in line with the preferences you have shared with us, provide you with information or advertising relating to our services.
According to Art. 13 GDPR we inform you about our data processing.
Legal basis of obtaining of permits is Art. 6 Sect. 1 lit. a and Art. 7 GDPR.
According to Art. 6 Sect. 1 lit. b GDPR we process data and personal information
Legal basis of our legal obligations is Art. 6 Sect. 1 lit. c GDPR and Art. 6 Sect. 1 lit. f GDPR.
The Owner may process Personal Data relating to Users if one of the following applies:
Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
Processing is necessary for compliance with a legal obligation to which the Owner is subject;
Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. However, we only do this after you accepted the sharing of your personal data.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights. #beagoodkitten
TRANSFER OF PERSONAL DATA OUT OF THE EEA
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:
Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third countries.
For transfers to third parties in the United States, ensuring they participate in the EU-US Privacy Shield Framework.
DATA SUBJECT’S RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information above.
Additionally, if you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you, or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
Most data processing operations are only possible with your express consent. You may revoke your consent at any time.
Your rights in short:
Request access to your personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you.
Request erasure of your personal data.
Object to processing of your personal data, for example, to a third party
Request the restriction of processing of your personal data.
Request the transfer of your personal data to another party (right to data portability).
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by online service providers in order to (for example) make their websites or services work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner or service provider are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website or service you are using (such as advertising, interactive content and analytics). The third parties that set these third-party cookies can recognize your computer both when it visits the website or service in question and also when it visits certain other websites or services.
You can configure your browser to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
DELETION OF DATA
ether we have a legal or contractual need to retain the data.
Whether the data is necessary to provide our Services.
Whether our Members have the ability to access and delete the data within their Mailchimp accounts.
Whether our Members would reasonably expect that we would retain the data until they remove it or until their Mailchimp accounts are closed or terminated.
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.
The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.
You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.
NEWSLETTER VIA MAILCHIMP
Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To view the certificate, visit the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
The Personal Information that MailChimp may collect or receive about you broadly falls into the following categories:
(i) Information Mailchimp receive about Contacts from us: We may provide Personal Information about you to through the Services. For example, when we upload our Distribution List or integrate the Services with another website or service, or when you sign up for our Distribution List (Newsletter) on a Mailchimp signup form, we may provide Mailchimp with certain contact information or other Personal Information about you such as your name, email address, address or telephone number. You may have the opportunity to update some of this information by electing to update or manage your preferences via an email you receive from us.
MAILGUN TECHNOLOGIES INC.
Mailgun Technologies participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To view the certificate, visit the following link: https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active
Mailgun may collect, store und use your data in pseudofile form in order to provide, improve and support its service.
HOSTING AND LOGFILES
This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application (website). Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
GoDaddy participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To view the certificate, visit the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TN9xAAG&status=Active
GoDaddy collect various types of personal Data:
Browser type and browser version
Operating system used
Host name of the accessing computer
Time of the server request
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
We may interact with you via social media channels. This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
View the following list for detailed information and the opportunity to opt out.
DISPLAYING CONTENT FROM EXTERNAL PLATFORMS
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
This service collects Cookies and Usage Data.
LinkedIn participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To view the certificate, visit the following link: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
We use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
For more information about our privacy practices, if you have questions, if you would like your information removed or if have a concern, please contact us by e-mail at email@example.com.
Have a wonderful joy-drenched day!
<--- My facial expression when i first found out about gdpr.Really, it’s not that bad.
To transparency and openness!