Privacy Notice

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also briefly referred to as „data“) we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as „online offering“).

The terms used are not gender-specific.

Status: January 15, 2024

Table of Contents

Controller

Tina Paulus
Saargemünderstr. 167a
66130 Saarbrücken

Email: tina@tinapaulus.de
Phone: 0151 10659265
Imprint: https://tinapaulus.de/impressum

Overview of Processing

The following overview summarizes the types of data processed, the purposes of processing, and the individuals concerned.

Types of Processed Data

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Data Subjects

  • Communication partners.
  • Users.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact requests and communication.
  • Security measures.
  • Direct marketing.
  • Management and response to inquiries.
  • Feedback.
  • Marketing.
  • Provision of our online service and user-friendliness.
  • Information technology infrastructure.

Legal Basis

Relevant legal basis under the GDPR: Below is an overview of the GDPR legal bases on which we process personal data. Please note that in addition to the GDPR, national data protection regulations in your or our country of residence or establishment may apply. If more specific legal bases apply in individual cases, we will indicate these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of personal data for one or more specific purposes.
  • Contractual necessity and pre-contractual measures (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the GDPR, national regulations such as the Federal Data Protection Act (BDSG) apply. The BDSG contains special rules on the right of access, right to deletion, right to object, processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making including profiling. Furthermore, state data protection laws may apply.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, type, scope, circumstances, and purposes of processing, as well as the likelihood and severity of risks to ensure an appropriate level of protection.

Measures include safeguarding confidentiality, integrity, and availability of data through control of physical and electronic access, input, transmission, backup, availability, and segregation. We have procedures to uphold data subject rights, deletion, and responses to threats to data. Data protection is also considered when designing or selecting hardware, software, and procedures according to the principles of privacy by design and default.

TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing Internet connections. Transport Layer Security (TLS) is an updated and more secure version of SSL. HTTPS is displayed in the URL when a website is secured by an SSL/TLS certificate.

Data Deletion

Data we process is deleted in accordance with legal requirements once consent is withdrawn or other legal bases no longer exist (e.g., if the purpose of processing no longer applies). If data is not deleted because it is needed for other lawful purposes, processing is restricted to those purposes. Data may be blocked, e.g., for commercial or tax law reasons, or to assert, exercise, or defend legal claims. Our privacy notices may include additional details on retention and deletion.

Rights of Data Subjects

Rights under the GDPR: Data subjects have the following rights, particularly under Articles 15–21 GDPR:

  • Right to object: You may object at any time to processing of your personal data for reasons related to your situation under Art. 6(1)(e) or (f), including profiling for such purposes. If data is processed for direct marketing, you may object at any time; this includes related profiling.
  • Right to withdraw consent: You may withdraw previously given consent at any time.
  • Right of access: You may request confirmation of processing and access to your data, along with additional information and a copy of the data.
  • Right to rectification: You may request completion or correction of inaccurate data.
  • Right to erasure and restriction: You may request deletion or restriction of your data in accordance with legal requirements.
  • Right to data portability: You may receive your data in a structured, commonly used, machine-readable format or request transmission to another controller.
  • Right to complain to a supervisory authority: You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, workplace, or place of the alleged infringement.

Provision of the Online Service and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Types of data processed: Usage data (e.g., visited pages, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Content data (e.g., input in online forms).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online service and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices, e.g., computers, servers); Security measures.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing, procedures, and services:

  • Provision of online service on rented hosting: We use storage space, computing power, and software rented from a server provider (also called „web host“) to provide our online service; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of access data and log files: Access to our online service is logged in so-called „server log files.“ Server log files may include the address and name of requested websites and files, date and time of access, transmitted data volume, successful access message, browser type and version, user’s operating system, referrer URL, and usually IP addresses and requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (including DDoS attacks), and to monitor server performance and stability; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data required for legal evidence is exempt from deletion until final resolution.
  • Email sending and hosting: Our web hosting services also include sending, receiving, and storing emails. To this end, recipient and sender addresses, as well as other information regarding email transmission (e.g., involved providers), and the content of emails are processed. Data may also be used to detect spam. Emails on the Internet are generally not encrypted; they may be encrypted in transit but not on sending/receiving servers (unless end-to-end encryption is used). We cannot assume responsibility for transmission between sender and recipient via our server; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • netcup: Services for IT infrastructure and related services (e.g., storage or computing capacity); Service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, Germany; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.netcup.de/; Privacy Policy: https://www.netcup.de/kontakt/datenschutzerklaerung.php; Data processing agreement: https://helpcenter.netcup.com/de/wiki/general/avv/.

Blogs and Publication Media

We use blogs or comparable online communication and publication tools (hereinafter „publication media“). Reader data is processed only as required for the publication or communication between authors and readers or for security reasons. Otherwise, we refer to the privacy information regarding visitors to our publication media as described in this notice.

  • Types of data processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., input in online forms); Usage data (e.g., visited pages, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collected via online form); Provision of online service and user-friendliness; Security measures.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing, procedures, and services:

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, phone, or social media) or within existing user and business relationships, the data of the contacting persons is processed as necessary to answer inquiries and take requested actions.

  • Types of data processed: Contact data (e.g., email, phone numbers); Content data (e.g., input in online forms); Usage data (e.g., visited pages, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact requests and communication; Management and response to inquiries; Feedback (e.g., collected via online form); Provision of online service and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Contractual necessity and pre-contractual measures (Art. 6(1)(b) GDPR).

Further information on processing, procedures, and services:

  • Contact form: When users contact us via the contact form, email, or other communication channels, we process the data provided to handle the request; Legal basis: Contractual necessity and pre-contractual measures (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the recipients’ consent or a legal permission. If specific content is described during newsletter registration, it forms the basis of user consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may request a name for personal addressing or additional information if required for the newsletter purposes.

Double opt-in procedure: Newsletter registration is generally carried out via a double opt-in process. That means you receive an email after registration requesting confirmation. This confirmation ensures no one registers using another person’s email. Registration timestamps and IP addresses are recorded, as well as any changes in the data stored by the newsletter service provider.

Deletion and restriction of processing: Unsubscribed email addresses may be stored for up to three years based on our legitimate interests to prove previous consent before deletion. Data processing is restricted to potential defense against claims. Individual deletion requests are possible at any time, provided that previous consent existence is confirmed. In case of obligations to respect permanent objections, we may store email addresses in a blocklist for this purpose.

Logging of the registration process is based on our legitimate interests to prove its correct procedure. If a service provider sends emails on our behalf, it is based on our legitimate interest in an efficient and secure delivery system. Contents:

Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data (e.g., names, addresses); Contact data (e.g., emails, phone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, consent status).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or post).
  • Legal basis: Consent (Art. 6(1)(a) GDPR).
  • Opt-out option: You may unsubscribe from our newsletters at any time, i.e., revoke consent or object to further receipt. Links to unsubscribe are provided at the end of each newsletter or via the contact options above, preferably by email.

Social Media Presence

We maintain online profiles within social networks and process user data to communicate with active users or provide information about us.

Please note that user data may be processed outside the European Union, which could involve risks, e.g., enforcement of users’ rights may be more difficult.

Further, user data within social networks is generally processed for market research and advertising purposes. For instance, usage profiles can be created based on user behavior and interests to display targeted ads within and outside the networks. Cookies may be stored on users’ devices, and data may also be stored independently of the devices (especially if users are logged into the platforms).

For detailed information on processing types and opt-out options, see the privacy policies of the respective networks. Requests for information or exercise of user rights are most effectively addressed directly with the providers, as only they have access to user data and can take action. Assistance can be requested from us if needed.

  • Types of data processed: Contact data (e.g., emails, phone numbers); Content data (e.g., form inputs); Usage data (e.g., visited pages, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, consent status).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; Feedback (e.g., via online forms); Marketing.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing and services:

  • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
  • Facebook Pages: Profiles on Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Third-country transfer basis: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum); More info: We are jointly responsible with Meta Platforms Ireland Limited for data collection (not further processing) of visitors to our Facebook page (“fanpage”). Only Meta Platforms Ireland Limited controls further processing including transfer to its US parent company.
  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Privacy policy: https://policies.google.com/privacy; Third-country transfer basis: EU-US Data Privacy Framework (DPF); Opt-out: https://myadcenter.google.com/personalizationoff.

Amendments and Updates to the Privacy Policy

We ask you to regularly review the contents of our privacy policy. We update the privacy policy whenever changes to our data processing activities make it necessary. We will inform you if these changes require your action (e.g., consent) or any other individual notification.

If this privacy policy contains addresses and contact details of companies and organizations, please note that addresses may change over time. We recommend verifying the information before contacting them.

Definitions

This section provides an overview of the terms used in this privacy policy. Where legally defined, the legal definitions apply. The following explanations are primarily for understanding purposes.

  • Personal data: “Personal data” means all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Controller: A “controller” is the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.
  • Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term covers practically any handling of data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.