Patrick Riedl
Consultant

Privacy Policy

Revision: 01.01.2024

With the following privacy policy, I would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that I process, for what purposes and to what extent. The Privacy Policy applies to all processing of personal data carried out by me in the context of this website as well as within external online presences, such as my social media profiles (hereinafter collectively referred to as “Online Offerings”).

Responsible

𝗅𝖽𝖾𝗂𝖱 𝗄𝖼𝗂𝗋𝗍𝖺𝖯
𝟩𝟣 .π—‹π—π—Œπ—‡π—‚π–Ύπ—π–²
π—‡π–Ύπ—Œπ—Œπ–€ πŸͺ𝟀𝟣𝟧𝟦
π–½π—‡π–Ίπ—…π—π–Όπ—Œπ—π—Žπ–Ύπ–£

Mail β†’ [email protected]

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Processed Data

Categories of Data Subjects

Purposes of Processing

In the following, you will receive an overview of the legal bases of the GDPR, on the basis of which I process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or my country of residence. If more specific legal bases are relevant in individual cases, I will inform you of them in the privacy policy.

In addition to the GDPR data protection regulations, national data protection regulations apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. It also regulates data processing for employment purposes (Β§ 26 BDSG), in particular with regard to the establishment, performance, or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

In accordance with legal requirements, taking into account the state of the art, the cost of implementation, and the nature, scope, circumstances, and purposes of processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, I take appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, transfer, ensuring availability, and its separation. Furthermore, I have established procedures to ensure the exercise of data subjects’ rights, data deletion, and response to data exposure. Additionally, I consider the protection of personal data already in the development or selection of hardware, software, and procedures according to the principle of data protection, through technology design and data protection-friendly default settings.

TLS encryption (https): To protect the data you transmit via my online offer, I use TLS encryption. You can recognize encrypted connections by the prefix “https://” in the address line of your browser.

Deletion of Data

The data processed by me will be deleted in accordance with legal requirements as soon as their consents allowed for processing are revoked or other permissions no longer apply (e.g., if the purpose of processing these data has ceased or they are not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. This means the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.

My privacy notices may also contain further information on the retention and deletion of data, which primarily apply to the respective processing operations.

Provision of Online Offer and Web Hosting

I process the data of users to be able to provide them with my online services. For this purpose, I process the user’s IP address, which is necessary to transmit the contents and functions of my online services to the user’s browser or device.

Further Information on Processing Processes, Procedures, and Services

Blogs and Publishing Media

I use blogs or comparable means of online communication and publication (hereinafter “publishing medium”). The data of the readers are processed for the purposes of the publishing medium only to the extent necessary for its presentation and the communication between authors and readers or for reasons of security. Otherwise, I refer to the information on the processing of visitors to my publishing medium within these privacy notices.

Contact and Inquiry Management

When contacting me (e.g., by mail, contact form, email, telephone, or via social media) and in the context of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

Newsletter and Electronic Notifications

I send newsletters, emails, and other electronic notifications (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described within the scope of a subscription to the newsletter, they are decisive for the user’s consent. Otherwise, my newsletters contain information about my services and me.

To subscribe to my newsletters, it is generally sufficient to provide your email address. However, I may ask you to enter a name for the purpose of personal address in the newsletter or other information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: The registration for my newsletter is generally done in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.

Deletion and restriction of processing: I may store unsubscribed email addresses for up to three years based on my legitimate interests before deleting them to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, I reserve the right to store the email address for this purpose alone in a blocklist (so-called “blacklist”).

The logging of the registration procedure is carried out on the basis of my legitimate interests for the purpose of proving its proper course. If I commission a service provider to send emails, this is done based on my legitimate interests in an efficient and secure sending system.

Contents: Information about and from me, my services, actions, and offers.

Presence in Social Networks (Social Media)

I maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about me.

I point out that user data may be processed outside the European Union. This may pose risks for users because, for example, the enforcement of users’ rights could be made more difficult.

Furthermore, user data within social networks are usually processed for market research and advertising purposes. For example, user behavior and resulting interests of users may be used to create usage profiles. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that are presumed to correspond to the interests of users. For these purposes, cookies are usually stored on the users’ computers, in which the users’ behavior and interests are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective processing forms and the opt-out options, I refer to the data protection declarations and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, I point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact me.

Further Information on Processing Processes, Procedures, and Services

Changes and Updates to the Privacy Policy

I ask you to regularly inform yourself about the content of my privacy policy. I will adjust the privacy policy as soon as the changes in the data processing carried out by me make this necessary. I will inform you as soon as the changes require your participation (e.g., consent) or other individual notification.

If I provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time

Rights of the Data Subjects

According to the GDPR, as a data subject, you are entitled to various rights, especially those arising from Articles 15 to 21 of the GDPR: