Privacy Policy

Introduction

With the following Privacy Policy we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This Privacy Policy applies to all personal data processing carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Last updated: 17 April 2020

Controller

Carsten Czichos
Königsweg 220
14129 Berlin

Authorised representative: Carsten Czichos

E-mail address: carsten@czichos.net

Imprint: www.czichos.net

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed

• Master data (e.g. names, addresses)
• Content data (e.g. text input, photographs, videos)
• Contact data (e.g. email, telephone numbers)
• Meta/communication data (e.g. device information, IP addresses)
• Usage data (e.g. websites visited, interest in content, access times)
• Location data (data indicating the location of an end user's device)
• Contract data (e.g. subject matter of contract, term, customer category)
• Payment data (e.g. bank details, invoices, payment history)

Categories of data subjects

• Business and contractual partners
• Prospective customers
• Users (e.g. website visitors, users of online services)

Purposes of processing

• Provision of our online offer and user-friendliness
• Office and organisational procedures
• Contact requests and communication
• Contractual services and support
• Administration and response to enquiries

Applicable Legal Bases

The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions may apply in your or our country of residence.

• Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG). The BDSG contains specific provisions on the right to access, the right to erasure, the right to object, and the processing of special categories of personal data, as well as data processing for employment purposes (Section 26 BDSG).

Security Measures

We implement appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons.

These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing of availability and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. We also take the protection of personal data into account when developing and selecting hardware, software and processes in accordance with the principle of data protection by design and by default.

SSL/TLS encryption (https): To protect your data transmitted via our online offer, we use SSL/TLS encryption. You can recognise encrypted connections by the prefix https:// in the address bar of your browser.

Commercial and Business Services

We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractually).

We process this data to fulfil our contractual obligations, to safeguard our rights and for the purposes of administrative tasks associated with this data and for business organisation. We only disclose the data of contractual partners to third parties within the scope of applicable law to the extent necessary for the aforementioned purposes or to fulfil legal obligations, or with the consent of the contractual partners.

We delete the data after expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data must be retained for legal archiving purposes (e.g. for tax purposes, generally 10 years).

Types of data processed: Master data, payment data, contact data, contract data, location data.
Data subjects: Prospective customers, business and contractual partners.
Legal bases: Art. 6(1)(b), (c), (f) GDPR.

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the user, as without the IP address they would not be able to send the content to their browser. Third-party providers may also use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services).

Types of data processed: Usage data, meta/communication data, location data.
Data subjects: Users (e.g. website visitors, users of online services).
Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Services and service providers used:

• Font Awesome: Display of fonts and symbols; Service provider: Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, MA 02140, USA; Website: https://fontawesome.com/; Privacy Policy: https://fontawesome.com/privacy.
• Google Fonts: We integrate fonts ("Google Fonts") provided by Google, where the users' data is used solely for the purpose of displaying the fonts in the users' browsers. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.
• Google Maps: We integrate maps from the "Google Maps" service provided by Google. Data processed may include in particular IP addresses and location data of users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website: https://cloud.google.com/maps-platform; Privacy Policy: https://policies.google.com/privacy.

Definitions

This section provides an overview of the terms used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The statutory definitions are binding. The following explanations are intended primarily to aid understanding.

• Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Controller: The "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, including collecting, analysing, storing, transmitting or deleting.