Privacy Policy
Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
This privacy policy informs you about the type, scope, purpose, duration, and legal basis for the processing of such data under our control or in conjunction with others. Additionally, we inform you about the third-party components we use to optimize our website and improve the user experience, which may result in third parties processing data they collect and control.
I. Information About Us as Controllers of Your Data
The party responsible for this website (the "controller") for purposes of data protection law is:
Carolyn Brand
Muehlen str 5
14532 Stahnsdorf, Germany
Email: brand.caro@gmx.de
The controller's data protection officer is:
Carolyn Brand
Muehlen str 5
14532 Stahnsdorf, Germany
Email: brand.caro@gmx.de
II. Types of Data Collected
Personal Information
We collect personal information that you provide directly to us, including:
- Name: Collected to personalize interactions and ensure accurate record-keeping.
- Email Address: Used for communication purposes, including responding to inquiries, providing updates, and delivering newsletters.
- Phone Number: Collected to facilitate direct contact when necessary, such as for customer support or service notifications.
Usage Data
We automatically collect certain data about your device and how you interact with our website, including:
- IP Address: Collected to help identify and protect against unauthorized access or usage of our website.
- Browser Type and Version: Used to ensure our website is optimized for different browser technologies.
- Pages Visited: We track which pages are visited and for how long, to better understand user interests and improve the website's content and structure.
- Other Device Information: Such as operating system and referral URLs, collected to enhance user experience and security.
III. Purpose of Data Collection
- To Respond to Inquiries and Provide Customer Support: Your personal information allows us to respond to your inquiries, offer tailored support, and provide answers to any questions or issues you may have.
- To Send Newsletters and Promotional Materials: With your consent, we use your email address to send newsletters, marketing, and promotional materials that may interest you.
- To Process Orders and Manage Customer Accounts: We use personal information to manage your account, process transactions, and ensure accurate fulfillment and billing.
- To Analyze Website Usage for Improvements: Usage data helps us analyze how visitors interact with our website, improving content and optimizing the website’s functionality.
IV. Legal Basis for Processing
- Consent (Art. 6 Abs. 1 lit. a GDPR): We process personal data based on your explicit consent, which you can withdraw at any time without affecting the lawfulness of the prior processing.
- Contract Performance (Art. 6 Abs. 1 lit. b GDPR): Data processing is necessary to fulfill the terms of a contract, such as managing orders or responding to inquiries.
- Legitimate Interests (Art. 6 Abs. 1 lit. f GDPR): In some cases, we process data to pursue legitimate interests, such as ensuring website security, analyzing usage, and improving services.
V. Use of Third-Party Services
We utilize third-party services to enhance website functionality and facilitate certain processes:
- Google Analytics: For website analytics and traffic analysis.
- Payment Processing Service: To securely process orders and payments.
- Namecheap: For website hosting and ensuring availability.
- Typeform: For creating and managing online forms and surveys.
- Calendly: For scheduling and managing appointments and meetings.
These services may collect personal and usage data as outlined in their respective privacy policies.
VI. Data Transfer to Third Countries
In some cases, your data may be transferred to countries outside the EU/EEA, based on Standard Contractual Clauses (SCCs) or other legal safeguards to ensure data protection.
For example, data required to fulfill orders may be shared with relevant shipping companies and payment processors and retained as necessary to meet legal requirements, such as for tax and commercial laws.
VII. Newsletter/Blog/Handbooks
When you subscribe, we collect your email address and any optional information you provide to send relevant content. You can unsubscribe at any time by following the link in each communication. The legal basis for processing is your consent (Art. 6(1)(a) GDPR).
VIII. Contact
If you contact us via email or through a form, your data will be used solely to respond to your inquiry. The legal basis is contract performance (Art. 6(1)(b) GDPR), and your data will be deleted after your inquiry has been addressed unless legal obligations require otherwise.
IX. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or to comply with legal requirements. For instance:
- Customer accounts: Data is retained while your account remains active.
- Legal/regulatory obligations: We may retain data longer if required by law.
After the retention period, data is securely deleted or anonymized.
X. Rights of the Data Subject
As a data subject, you have the following rights under applicable data protection laws:
- Right to Access: Request access to the personal data we hold about you.
- Right to Rectify: Request correction of inaccurate data.
- Right to Erasure: Request deletion of personal data when no longer necessary.
- Right to Object: Object to data processing under certain circumstances.
- Right to Data Portability: Request a copy of your data in a structured, commonly used format.
To exercise these rights, contact us using the details provided above.
XI. Data Security Measures
We are committed to ensuring the security of your personal data. To protect your information, we implement the following measures:
- Encryption: Data is encrypted in transit and at rest.
- Access Controls: Restricted access to personal data through role-based controls and multi-factor authentication.
- Regular Security Audits: We conduct security audits to identify vulnerabilities.
- Anonymization/Pseudonymization: Where applicable, personal data is anonymized or pseudonymized.
XII. Automated Decision-Making
We do not use any form of automated decision-making or profiling on this website. All decisions regarding data processing are made by human oversight.
XIII. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.
XIV. Changes to this Privacy Policy
We reserve the right to update or modify this privacy policy at any time. Any changes will be reflected on this page, with the latest revision date indicated. We recommend reviewing this policy periodically to stay informed about how we protect your personal data.