Menu
Just call!
03322 5078053
03322 5078053
Marian Härtel
Rathenaustr. 58a
14612 Falkensee
E-mail address:
Here is the reworded section in the first person:
The following overview shows the legal basis of the GDPR, on the basis of which I process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may also apply in your or my country of residence or domicile. If more specific legal bases are relevant in individual cases, I will inform you of these in the privacy policy.
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – You have given your consent to the processing of your personal data for a specific purpose or several specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which I am subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by me or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
In addition to the data protection provisions of the GDPR, national data protection provisions apply in Germany. This includes in particular the Federal Data Protection Act (BDSG), which contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. In addition, the data protection laws of the individual federal states may apply.
The following overview summarizes the types of data processed by me and the purposes of their processing and refers to the data subjects.
Inventory data
Payment data
Location data
Contact details
Content data
Contract data
Usage data
Meta, communication and process data
Security measures
I take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, safeguarding of availability and its separation. Furthermore, I have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to data breaches. Furthermore, I already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.”
In the course of processing my personal data, this data may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of my data may include, for example, service providers who are commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, the legal requirements are observed and, in particular, corresponding contracts or agreements are concluded that serve to protect my data.
The processing of my data in third countries (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of the use of third-party services or the disclosure or transfer of my data to other persons, bodies or companies is only carried out in accordance with the legal requirements.
Subject to my express consent or contractually or legally required transfer (see Art. 49 GDPR), my data will only be processed in third countries with a recognized level of data protection (Art. 45 GDPR), in the presence of and compliance with contractual obligations through so-called standard protection clauses of the EU Commission (Art. 46 GDPR) or in the presence of certifications or binding internal data protection regulations (see Art. 49 GDPR). Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Trans-Atlantic Data Privacy Framework (TADPF): As part of the so-called “Trans-Atlantic Data Privacy Framework” (TADPF), the EU Commission has also recognized the level of data protection for certain companies from the USA. The list of certified companies as well as further information on the TADPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. Information in German and other languages can be found on the website of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_de. I will also be informed about the companies I use that are certified under the Trans-Atlantic Data Privacy Framework.
Cookies are small text files or other storage notes that store information on my end devices and read information from my end devices. E.g. to store the login status in my user account, the contents of a shopping cart in an e-shop, the content accessed or the functions of an online service used. Cookies can also be used for various purposes, e.g. to ensure the functionality, security and convenience of online services and to analyze visitor flows.
Notes on consent: Cookies are used in accordance with legal regulations. I therefore obtain prior consent, unless this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide me with a telemedia service (i.e. the online offer) that I have expressly requested. Strictly necessary cookies generally include cookies with functions that serve the display and operability of the online offer, load balancing, security, storage of preferences and selection options or similar purposes related to the provision of the main and secondary functions of the online offer requested by me. The revocable consent is clearly communicated to me and contains the information on the respective use of cookies.
Information on legal bases under data protection law: The legal basis under data protection law on which my personal data is processed with the help of cookies depends on whether I am asked for consent. If I consent, the legal basis for the processing of my data is my declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of legitimate interests (e.g. in the business operation of the online offer and improvement of its usability) or, if this is done in the context of the fulfillment of contractual obligations, if the use of cookies is necessary to fulfill contractual obligations. The purposes for which the cookies are processed will be explained in the course of this privacy policy or in the context of consent and processing procedures.
Storage period: With regard to the storage period, a distinction is made between the following types of cookies:
Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after I have left an online offer and closed my end device (e.g. browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when I visit a website again. The data collected with the help of cookies can also be used to measure reach. Unless I am given explicit information about the type and storage duration of cookies (e.g. when consent is obtained), I should assume that cookies are permanent and that they can be stored for up to two years.
Further information is provided by the cookie banner preceding the page view.
I process data of my contractual and business partners, for example customers and interested parties (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships and related measures and in the context of communication with the contractual partners (or pre-contractual), for example to answer inquiries.
I process this data in order to fulfill my contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, I process the data to safeguard my rights and for the purpose of the administrative tasks associated with these obligations and the company organization. In addition, I process the data on the basis of my legitimate interests in the proper and efficient management of my business and in security measures to protect my contractual partners and my business operations from misuse, threats to their data, secrets, information and rights (e.g. to involve telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of the applicable law, I only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. I will inform the contractual partners about other forms of processing, e.g. for marketing purposes, as part of this privacy policy.
I inform the contractual partners which data is required for the aforementioned purposes before or during data collection, for example in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or personally.
I delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, for example as long as it must be kept for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law as well as for trading books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting records, and six years for commercial and business letters received and reproductions of commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting voucher was created, the record was made or the other documents were created.
Insofar as I use third-party providers or platforms to provide my services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Processed data types: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, telephone numbers); contract data (e.g. subject matter of contract, term, customer category).
Persons concerned: Interested parties; business and contractual partners.
Purposes of Processing: Provision of contractual services and customer support; Contact requests and communication; Office and organizational procedures; Managing and responding to inquiries.
Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
I process users’ data in order to provide them with my online services. For this purpose, I process the user’s IP address, which is necessary to transmit the content and functions of my online services to the user’s browser or end device.
Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of my online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing operations, procedures and services:
Collection of access data and log files: Access to my online offer is recorded in the form of so-called log files.
“Server log files” are logged. The server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
I use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers’ data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between me and the readers or for security reasons. In addition, I refer to the information on the processing of visitors to my publication medium in the context of this data protection notice.
Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Provision of contractual services and customer support; Feedback (e.g. collecting feedback via online form); Provision of my online services and usability; Security measures; Managing and responding to inquiries.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing operations, procedures and services:
Comments and contributions: If users leave comments or other contributions, their IP addresses may be stored on the basis of my legitimate interests. This is done for my safety in case someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, I myself could be prosecuted for the comment or post and am therefore interested in the identity of the author. Furthermore, I reserve the right to process user data for the purpose of spam detection on the basis of my legitimate interests.
On the same legal basis, I reserve the right to store the IP addresses of users for the duration of surveys and to use cookies in order to avoid multiple votes.
The personal information provided as part of the comments and contributions, any contact and website information as well as the content information will be stored permanently by me until the user objects. I also reserve the right to moderate, edit or delete comments if they violate my terms of use or if they are offensive, defamatory, hateful, racist, sexist, homophobic, transphobic, ableist or otherwise discriminatory. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Web analysis, also known as “reach measurement”, is used to evaluate the flow of visitors to my online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, I can, for example, recognize at what time my online offer or its functions or content are most frequently used or invite reuse. I can also see which areas need to be optimized.
In addition to web analysis, I also use test procedures, e.g. to test and optimize different versions of my online offering or its components.
Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in an end device and read out from it. The information collected includes, in particular, websites visited and the elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from me or from the providers of the services I use, location data may also be processed.
I also store the IP addresses of users. However, I use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored for web analysis, A/B testing and optimization, but pseudonyms. This means that neither I nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles).
Security measures: IP masking (pseudonymization of the IP address).
In addition to the procedures mentioned above, I may also use cookies or similar technologies to improve the user experience and to collect more detailed information about the use of my online offer. I may also use third-party services such as Google Analytics to help me analyze the use of my online offering. All these measures are carried out in accordance with the applicable data protection laws and regulations.
I participate in review and evaluation processes to evaluate, optimize and promote my services. If users rate me or otherwise provide feedback via the evaluation platforms or procedures involved, the general terms and conditions or terms of use and the providers’ data protection notices also apply. As a rule, the evaluation also requires registration with the respective provider.
In order to ensure that the persons giving the rating have actually made use of my services, I transmit the necessary data with regard to the customer and the service used to the respective rating platform (including name, e-mail address and order number or item number) with the consent of the customer. This data is used solely to verify the authenticity of the user.
I maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about me.
I would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), please refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, I would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact me.
I incorporate functional and content elements into my online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).
The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. I endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of my online offer, as well as being linked to such information from other sources.
In addition to the procedures mentioned above, I may also use cookies or similar technologies to improve the user experience and to collect more detailed information about the use of my online offer. I may also use third-party services such as Google Maps and YouTube videos to provide certain features and content. All these measures are carried out in accordance with the applicable data protection laws and regulations.
