Last Update: 8-November-2022
I have written this policy to inform you about the nature, scope, and purpose of Personal data we (that is me and the third parties acting on my behalf) process when you use my website and services.
General information and mandatory disclosures
What is personal data?
Personal data in this sense is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
The person responsible for processing pursuant to the UK`s Data Protection Act (“DPA”) and the General Data Protection Regulation (“GDPR”) is:
27 Old Gloucester Street
London, United Kingdom
Scope of the processing of personal data
As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the United Kingdom (“UK”) and the European Union („EU”) and the European Economic Area („EEA”). Where we transfer data outside the UK, EU, EEA, I have described it below.
Further, and in regard to the transfer of data into the USA, there is no adequacy decision of the EU Commission for transfers to the USA. However, where we use third party providers in the USA, we have made sure that an adequate level of data protection is guaranteed and that the relevant agreements are entered into.
Relevant legal basis
In accordance with the GDPR, the following legal basis, apply to the processing of your personal data:
- the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR,
- the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR,
- the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR, and
- the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR.
You have the following rights with regard to personal data concerning you, which you can assert against me:
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR).
- Right to withdraw your consent (Art. 7(3) GDPR),
- Right to receive the data in a structured, common, machine-readable format („data portability”) as well as the right to have the data transferred to another controller if the conditions of Art. 20 (1) lit. a, b GDPR apply (Art. 20 GDPR).
You can assert your rights and withdraw your consents given by notifying me using the contact details provided.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data carried out by me (Art. 77 GDPR). The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.
Automatic collection of general data and information
The hosting services used for the purpose of operating my website is Mxhost. In doing so Mxhost, processes all data and communication data of my customers, interested parties and visitors of our website and services that is provided through the website. I use Mxhost, on the basis of my legitimate interests (Art. 6 (1) f) GDPR) in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for my services.
2. Content Management System (CMS)
We also use the Content Management System (CMS) of WordPress a service provided by Automattic Inc (USA), to publish and maintain the created and edited content and texts on my website. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. The legal basis for this processing is our legitimate interest (Art. 6 (1) f) GDPR).
Each time you visit my website, a number of general data and information is transmitted – even if you use my website for purely informational purposes. Mxhost collects the general data and information that your browser transmits to my website`s server. This data and information collected are technically necessary for the display my website to you and that serve the stability, security and danger or threat prevention in the event of attacks on my website, such as:
- IP address
- date and time of an access to the website
- type and version of browser used
- operating system used and its interface
- the website from which an accessing system arrives at my website (so-called referrer)
- sub-websites that are accessed via an accessing system on my website,
- Internet service provider of the accessing system.
This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest (Art. 6 (1) f) GDPR). When analysing these general data and information, I do not draw any conclusions about you as a data subject.
5. Google Fonts
I integrate the fonts of the provider Google Inc, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on my legitimate interest (Art. 6 (1) f) GDPR) in a technically secure, maintenance-free and efficient use of fonts, their uniform display and taking into account possible licensing restrictions for their integration.
The use of our contact form is done with the consent of the user to store personal data is your consent and my legitimate interest (Art. 6 (1) f) GDPR).
7. Google Tag Manager
We use Google Tag Manager, a web analytics service provided by Google, Inc. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal information is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html. The legal basis for this data processing is my legitimate interest (Art. 6 (1) f) GDPR).
8. Cookie Consent manager
9. Google AdSense
10. Google reCAPTCHA
We also use Google`s reCAPTCHA from Google Inc. to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website.
Collection of personal data and information when provided
1. Contact options via the website
Contacting me is made possible by e-mail, contact form or social media. If you contact me, your transmitted personal data will be automatically stored for the purpose of processing the request or contacting you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent (Art. 6 (1) a) GDPR) or, in the case of a (pre-)contractual relationship with me, the initiation of a contractual service (Art. 6 (1) b) GDPR). I delete the data accruing in this context after the storage is no longer necessary for the processing of your request or restrict the processing if there are legal retention obligations.
2. Purchase based processing
We collect, store, and process your data for the entire processing of your purchase, (Art. 6 (1) b) GDPR). Your personal data will only be passed on to third parties or otherwise transferred if this is necessary for the purpose of contract processing or billing or if you have given your prior consent. In the context of order processing, for example, the service providers I use (such as carriers, logistic companies) payment service providers receive the necessary data for order and order processing. The data passed on in this way may only be used by our service providers to fulfil their task within the framework of a contract processing agreement in accordance with the DPA and GDPR. Any other use of the information is not permitted and does not take place with any of the service providers entrusted by me.
3. Membership Administration and contact management
I process data within the scope of administrative tasks as well as organisation of the membership, my business, financial accounting (Art. 6 (1) f) GDPR), and compliance with legal obligations, such as archiving (Art. 6 (1) c) GDPR). In doing so, I process the same data that I process in the context of providing my contractual services to members. The purpose and my interest in the processing thus lies in the administration, financial accounting, archiving of data, i.e., tasks that serve the maintenance of my business activities, performance of my tasks and provision of my services. In this context, I disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.
4. My Newsletter
If you have registered for the newsletter, I will process your First name or full name and E-mail address for the purpose of sending the newsletter. The processing is carried out voluntarily on the basis of your consent (Art. 6 (1) a) GDPR). You can revoke this consent at any time by clicking on the unsubscribe link at the end of the newsletter and notification. Of course, you can also contact me by any other means and revoke your consent. Processing will continue until you withdraw your consent. The lawfulness of the processing carried out until the withdrawal of consent is not affected by this. After revocation of consent, the personal information will be kept for another 6 months for the purpose of legal defence. The legal basis for this is my legitimate interest (Art. 6 (1) f) GDPR.
Disclosure of data to third parties, Security and Storage
1. Disclosure of data to third parties
I will only share your personal data with third parties if:
- you have given your express consent to do so (Art. 6 (1) a) GDPR),
- the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 (1) f) GDPR),
- in the event that there is a legal obligation for disclosure (Art. 6 (1) c) GDPR), as well as
- this is legally permissible and necessary for the processing of contractual relationships with you (Art. 6 (1) b) GDPR).
2. General technical organisational measures (Security)
In addition, where I use third parties to carry out processing only those who need the information to perform a specific job are granted access to personal data. If this is the case these companies act on my behalf by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, I`m legally responsible for appropriate data protection measures at the companies I commission. I therefore agree on specific data security measures with these companies and monitor them regularly.
If I use service providers in third countries, I take additional measures to ensure an adequate level of data protection for the transfer of personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organisational measures such as encryption or anonymisation).
Finally, I may need to disclose your data to authorities or government agencies if I`m legally obliged to do so, for example, due to official or court orders, or because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of my rights and claims.
3. Duration of storage
I store your personal data for as long as necessary to achieve the respective storage purpose. Afterwards, your data will be deleted, unless I am obliged to store it for a longer period of time (Art. 6 (1) c) GDPR) due to tax, commercial or other legal storage or documentation obligations, or you have agreed to a storage beyond this period (Art. 6 (1) a) GDPR).
Miscellaneous and closing
1. Links to others
My website contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from my website directly to the website of the other provider. You will recognise this by the change of URL, among other things. I cannot accept any responsibility for the confidential handling of your data on these third-party websites, as I have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.
2. Social Media
I`m present on Instagram Facebook, TikTok, YouTube to communicate with my users, interested parties and users registered there and to be able to inform them about my offers there. I would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). The processing of users’ personal data is based on my legitimate interests in providing users with effective information and communicating with users (Art. 6 (1) f) GDPR).
3. Accuracy and updating your information
It is important that the data I hold about you is accurate and current, therefore please keep me informed of any changes to your personal data. If you believe that the information, I hold about you is inaccurate or that I am no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting me.
For your protection and the protection of all of users, I may ask you to provide proof of identity before I can answer your requests. Also please keep in mind, that I may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Lastly, I may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow me to provide my service to you anymore.
4. Withdrawing your consent
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us in writing. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
5. Data Breaches/Notification
Databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, I will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
6. Personal data and children
My services are aimed at people aged 18 and over. I will not knowingly collect, use, or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
7. Affiliate Disclosure
Questions or Comments