Privacy Policy

Table of Contents

• Preamble
• Controller
• Overview of processing
• Legal bases
• Security measures
• Transmission of personal data
• International data transfers
• Data retention and deletion
• Rights of data subjects
• Hosting
• Use of cookies
• Contact management
• Web analytics – Google Analytics
• Social media presence
• Changes and updates
• Definitions

Preamble

With the following privacy policy we would like to inform you about the types of your personal data we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites and within external online presences, such as our social media profiles.

The terms used are not gender-specific.

Controller

Sandra Hotupan
Düserweg 2
26180 Rastede, Germany

Email: info@sandrahotupan.de

Overview of processing

Types of data processed

• Master data
• Contact data
• Content data
• Usage data
• Meta, communication and process data
• Log data

Categories of data subjects

• Communication partners
• Users

Purposes of processing

• Communication
• Security measures
• Reach measurement
• Provision of our online services
• IT infrastructure
• Public relations

Legal bases

• Consent (Art. 6 para. 1 s. 1 lit. a GDPR) – The data subject has given consent to processing.
• Contract performance (Art. 6 para. 1 s. 1 lit. b GDPR) – Processing is necessary for the performance of a contract.
• Legal obligation (Art. 6 para. 1 s. 1 lit. c GDPR) – Processing is necessary to comply with a legal obligation.
• Legitimate interests (Art. 6 para. 1 s. 1 lit. f GDPR) – Processing is necessary for the purposes of legitimate interests.

In addition, national data protection regulations apply, in particular the German Federal Data Protection Act (BDSG).

Security measures

We implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. This includes in particular the use of TLS/SSL encryption technology (HTTPS).

Transmission of personal data

In the course of our processing, data may be transferred to other parties. In such cases we comply with the legal requirements and conclude appropriate contracts to protect your data.

International data transfers

Where we transfer data to a third country, this is always done in accordance with the legal requirements. For data transfers to the USA we rely primarily on the Data Privacy Framework (DPF). Further information at dataprivacyframework.gov.

Data retention and deletion

We delete personal data as soon as the underlying consents are revoked or no further legal basis exists.

Standard retention periods under German law

• 10 years – Books, records, annual financial statements (§ 147 AO, § 257 HGB)
• 8 years – Accounting vouchers such as invoices and cost documents
• 6 years – Other business documents, commercial correspondence
• 3 years – Data for warranty and damages claims (§§ 195, 199 BGB)

Rights of data subjects

• Right to object – Right to object to processing on grounds relating to a particular situation
• Right to withdraw consent – Right to withdraw consent given at any time
• Right of access – Right to obtain confirmation and information about processed data
• Right to rectification – Right to have incomplete or incorrect data corrected
• Right to erasure – Right to have data erased without undue delay
• Right to data portability – Right to receive data in a structured, machine-readable format
• Right to lodge a complaint – Right to lodge a complaint with a supervisory authority

Hosting

We process users' data to provide our online services, including IP addresses, log files and access data.

Hosting provider: ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. Privacy policy

Use of cookies

We use cookies in accordance with legal requirements. Where required, we obtain users' consent. Consent can be withdrawn at any time.

Types of cookies

• Temporary cookies (session cookies) – deleted when the browser is closed
• Permanent cookies – stored after closing for up to 2 years

Contact management

When you contact us via our contact form, we process the submitted personal data (name, email, message) solely for the purpose of responding to your enquiry.

Legal bases: Contract performance (Art. 6 para. 1 s. 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 s. 1 lit. f GDPR).

Web analytics – Google Analytics

We use Google Analytics to measure and analyse the use of our online services based on pseudonymous user identification. Analytics is only activated after explicit consent via our cookie banner.

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Privacy policy: policies.google.com/privacy
• Opt-out: Google Analytics Opt-Out Plugin
• Legal basis: Consent (Art. 6 para. 1 s. 1 lit. a GDPR)

Social media presence

We maintain online presences on social networks (LinkedIn). User data may be processed outside the EU.

• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2. Privacy policy

Changes and updates

We ask you to regularly check the content of this privacy policy. We will update the privacy policy as soon as changes in the data processing activities we carry out make this necessary.

Definitions

• Personal data – any information relating to an identified or identifiable natural person
• Processing – any operation performed on personal data
• Controller – the natural or legal person that determines the purposes and means of processing
• Consent – any freely given, specific, informed and unambiguous indication of the data subject's wishes
• Cookies – functions that store and retrieve information on end devices