Viktoria Rei Bauer
Altacher Straße 7
Types of data processed
Visitors and users of our website ( collectively referred to below as „users“ ).
“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which are performed upon personal data, whether or not by automated means. The term is broad and includes virtually any handling of data.
“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional data is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
In accordance with article 13 DSGVO, we hereby inform you of the legal basis for our data processing. For users from the area of application of the Basic Data Protection Regulation (DSGVO), i.e. the European Union and the European Economic Community (EEC), the following applies, unless the legal basis is stated in the data protection declaration:
The legal basis for obtaining consent is Article 6(1)(a) and Article 7 DSGVO;
The legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Article 6 (1) lit. b DSGVO;
The legal basis for processing for the fulfilment of our legal obligations is article 6 paragraph 1 lit. c DSGVO;
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, article 6 (1) (d) DSGVO serves as the legal basis.
The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is article 6(1)(e) DSGVO.
The legal basis for processing to protect our legitimate interests is article 6 paragraph 1 lit. f DSGVO.
The processing of data for purposes other than those for which they were collected is determined by the requirements of article 6 (4) DSGVO.
The processing of special categories of data (in accordance with Article 9(1) of the GDPR) is governed by the provisions of Article 9(2) of the GDPR.
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection‐friendly default settings.
If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this occurs in the context of using third‐party services or disclosing or transferring data to other persons or companies, this will only occur if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow data to be processed in a third country if the legal requirements are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations.
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain information about it and a copy of it in accordance with the law.
You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be corrected.
You have the right, in accordance with the law, to request that data concerning you be deleted immediately or, alternatively, to request restriction of the processing of the data in accordance with the law.
You have the right to demand that the data concerning you that you have provided to us be received in accordance with the legal requirements and to demand that it be transferred to other persons responsible.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with the law.
You have the right to revoke any consent you have given with effect for the future.
You may object at any time to the future processing of data relating to you in accordance with the statutory provisions. In particular, you may object to processing for direct marketing purposes.
Cookies are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an website. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. In such a cookie, i. e. the content of a shopping basket in an online shop or a login status can be stored. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third‐party cookies” are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as “first‐party cookies”).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this website.
The data processed by us will be removed or restricted in its processing in accordance with the legal requirements. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
If the data is not being deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. I.e. the data is locked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
When users leave comments or other posts, their IP addresses may be stored for 7 days on the basis of our legitimate interests as defined in Art. 6 Paragraph 1 lit. f. DSGVO are stored for 7 days. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we can be prosecuted ourselves for the comment or post and are therefore interested in the author’s identity.
Furthermore, we reserve the right, based on our legitimate interests pursuant to article 6 paragraph 1 lit. f. DSGVO, to process the user’s details for the purpose of spam detection.
The personal information provided in the context of comments and posts, any contact and website information as well as the content‐related information will be permanently stored by us until the user objects.
We use the service Gravatar of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, within our online offer and in particular in the blog.
Gravatar is a service where users can register and store profile pictures and their email addresses. If a user leaves posts or comments on other websites (especially blogs) with the respective email address, their profile pictures can be displayed next to the posts or comments. For this purpose, the email address provided by the users is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile is stored for it. This is the sole purpose of the transmission of the email address and it will not be used for any other purpose, but deleted afterwards.
Gravatar is used on the basis of our legitimate interests within the meaning of Article 6 paragraph 1 lit. f) DSGVO, as we use Gravatar to offer post and comment authors the opportunity to personalise their posts with a profile picture.
If users do not want a custom image associated with their Gravatar email address to appear in the comments, they should use an email address that is not on record with Gravatar to comment. We also point out that it is also possible to use an anonymous email address or no email address at all if users do not want their email address to be sent to Gravatar. Users can prevent the transmission of data completely by not using our commenting system.
When contacting us (e.g. by contact form, e‑mail, telephone or via social media), the user’s details are used to process the contact enquiry and handle it in accordance with Article 6 Paragraph 1 lit. b. (in the context of contractual/pre‐contractual relations), Article 6 Paragraph 1 lit. f. (other enquiries) DSGVO. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
We delete the enquiries provided they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply.
We, or our hosting provider, collect data on every request to the server on which this service is located (so‐called server log files) on the basis of our legitimate interests within the meaning of Article 6 Paragraph 1 lit. f. DSGVO. Access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the investigation of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Within the scope of the range analysis of Matomo, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Article 6 Paragraph 1 lit. f. DSGVO), the following data is processed: the type and version of browser you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click. The user’s IP address is anonymised before it is stored.
Users can object to the anonymised data collection by the Matomo programme at any time with future effect by clicking on the link below. In this case, a so‐called opt‐out cookie is stored in their browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, this also results in the opt‐out cookie being deleted and must therefore be reactivated by the users.
The logs with the users’ data are deleted after 6 months at the latest.
We use content or service providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Article 6 Paragraph 1 lit. f. DSGVO) to integrate content or services offered by third‐party providers, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third‐party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We make every effort to only use content whose respective providers only use the IP address to deliver the content. Third‐party providers may also use so‐called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.