Privacy policy

Introduction

With the following data protection declaration, we hereby inform you about which types of your personal data (hereinafter also referred to as ‘data’) we process for which purposes, together with the extent of same. The data protection declaration applies to all processing of personal data conducted by us, both in the context of the provision of our services and in particular on our website, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as our ‘online offer’).

The terms used are not gender specific.

Outline

Responsible

Serafina Morrin

E-mail address: info@serafina-morrin.com

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Relevant legal bases

Below you will find an overview of the legal aspects of the German General Data Protection Regulation (GDPR) on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. If, in addition, more specific legal bases are decisive in individual cases, we will inform you of these in the data protection declaration.

In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include especially the law on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of employment relationships (Sec. 26 BDSG) in particular with regard to the establishment, implementation or termination of employment relationships, as well as the consent of employees. Furthermore, state data protection laws of the individual German federal states can be applicable.

Safety and security measures

In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not required, the IP address will be shortened (also referred to as “IP masking”). The last two digits, or the last part of the IP address after a period, are removed or replaced by placeholders. The shortening of the IP address is intended to prevent or make it much more difficult to identify a person based on their IP address.

TLS encryption (https): In order to protect your data transmitted via our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of personal data

As part of our processing of personal data, it happens that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organization: We may transfer personal data to other entities within our organization or grant them access to this data. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate business and business interests or takes place if it is necessary to fulfil our contractual obligations or if there is a consent of the persons concerned or a legal permission.

Changes and updates to the Privacy Policy

We request that you inform yourself regularly about the content of our data protection declaration. We adapt the privacy policy as soon as any changes to the data processing carried out by us make this necessary. We inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

Where we provide addresses and contact information of companies and organisations in this privacy policy, we ask you to note that the addresses may change over time and request you to check the information before contacting us.

Definitions

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined above all in Sec. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to serve the purpose of understanding.

  • Personal data: ‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person
  • Controller: ‘Controller’ means the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: ‘Processing’ means any operation or set of operations performed on personal data, whether or not by automated means. The term is extensive and covers practically every handling of data, be it the collection, evaluation, storage, transmission or deletion of same.

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke

 

 

How long are visitor data stored?

Visitor data are stored for eight weeks.

 

Are visitor data forwarded to third parties?

No, visitor data are not forwarded to third parties.

 

Do transfers of visitor data to third countries outside the EU occur?

No, transfers to third countries do not occur.