Anja Gebauer Negri (she/her)
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within the framework of providing our services, as well as within our online offering and the websites, functions, and content associated with it, including external online presences such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
⸻
Controller
Anja Gebauer Negri
Senftlstr. 4
81541 Munich
Germany
anjamariegebauer@gmx.de
⸻
Types of Data Processed
• Inventory data (e.g. personal master data, names, or addresses)
• Contact data (e.g. email addresses, phone numbers)
• Content data (e.g. text entries, photographs, videos)
• Usage data (e.g. websites visited, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)
⸻
Categories of Data Subjects
Visitors and users of the online offering (hereinafter collectively referred to as “users”).
⸻
Purpose of Processing
• Provision of the online offering, its functions, and content
• Responding to contact inquiries and communicating with users
• Security measures
• Reach measurement / marketing
⸻
Definitions of Terms
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
“Pseudonymization” means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
“Controller” means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
⸻
Relevant Legal Bases
In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing. For users within the scope of the GDPR (i.e. the EU and the EEA), the following applies unless otherwise stated in this privacy policy:
• Consent: Art. 6(1)(a) and Art. 7 GDPR
• Performance of contracts and pre-contractual measures: Art. 6(1)(b) GDPR
• Compliance with legal obligations: Art. 6(1)(c) GDPR
• Protection of vital interests: Art. 6(1)(d) GDPR
• Tasks carried out in the public interest or in the exercise of official authority: Art. 6(1)(e) GDPR
• Legitimate interests: Art. 6(1)(f) GDPR
Processing for purposes other than those for which the data were collected is determined by Art. 6(4) GDPR.
Processing of special categories of personal data (Art. 9(1) GDPR) is determined by Art. 9(2) GDPR.
⸻
Security Measures
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access, access to data, data input, disclosure, availability protection, and data separation. We have also established procedures to ensure the exercise of data subject rights, data deletion, and responses to data breaches. Furthermore, we take data protection into account already during the development or selection of hardware, software, and procedures in accordance with the principles of data protection by design and by default.
⸻
Cooperation with Processors, Joint Controllers, and Third Parties
If we disclose data to other persons or companies (processors, joint controllers, or third parties), transfer data to them, or otherwise grant access to data, this occurs only on the basis of legal permission (e.g. where transfer to third parties such as payment service providers is necessary for contract performance), user consent, a legal obligation, or our legitimate interests (e.g. when using agents, web hosts, etc.).
If data are disclosed within our corporate group, this is done in particular for administrative purposes based on legitimate interests and in compliance with legal requirements.
⸻
Transfers to Third Countries
If we process data in a third country (i.e. outside the EU, the EEA, or Switzerland), or this occurs in the context of using third-party services or disclosing or transferring data to other persons or companies, this only takes place where necessary to fulfill (pre-)contractual obligations, based on consent, due to a legal obligation, or based on our legitimate interests.
Subject to legal or contractual permissions, data are processed in third countries only if the legal requirements are met, such as recognized adequate data protection levels or standard contractual clauses.
⸻
Rights of Data Subjects
You have the right to request confirmation as to whether personal data concerning you are being processed and to obtain access to such data, as well as further information and a copy of the data in accordance with legal requirements.
You have the right to request the rectification or completion of inaccurate personal data concerning you.
You have the right to request the erasure of personal data concerning you without undue delay or, alternatively, restriction of processing in accordance with legal requirements.
You have the right to receive the personal data you have provided to us in accordance with legal requirements and to request transmission to another controller.
You also have the right to lodge a complaint with the competent supervisory authority.
⸻
Right of Withdrawal
You have the right to withdraw consent at any time with effect for the future.
⸻
Right to Object
You may object at any time to the future processing of your personal data in accordance with legal requirements, in particular to processing for direct marketing purposes.
⸻
Cookies and Right to Object to Direct Advertising
Cookies are small files stored on users’ devices. Cookies may store various types of information. A cookie primarily serves to store information about a user (or the device on which it is stored) during or after a visit to an online offering.
Temporary cookies (“session cookies”) are deleted when a user leaves the online offering and closes the browser. Persistent cookies remain stored after closing the browser.
Users can disable cookies via their browser settings. Stored cookies can be deleted in browser settings. Excluding cookies may result in functional limitations of this online offering.
Users may generally object to the use of cookies for online marketing purposes via
http://www.aboutads.info/choices/ (US) or
http://www.youronlinechoices.com/ (EU).
⸻
Deletion of Data
Data processed by us are deleted or restricted in accordance with legal requirements. Unless expressly stated otherwise, stored data are deleted once they are no longer required for their purpose and no legal retention obligations apply.
If data must be retained for legally permissible purposes, processing is restricted accordingly.
⸻
Changes to This Privacy Policy
We ask that you regularly inform yourself about the content of our privacy policy. We adapt it as soon as changes to our data processing make this necessary. We will inform you if your cooperation (e.g. consent) or individual notification is required.
⸻
Contact
When contacting us (e.g. via contact form, email, phone, or social media), user information is processed to handle the inquiry in accordance with Art. 6(1)(b) GDPR (contractual/pre-contractual) or Art. 6(1)(f) GDPR (other inquiries). Data may be stored in a CRM system or comparable inquiry management system.
Inquiries are deleted once no longer required; necessity is reviewed every two years. Statutory retention obligations apply.
⸻
Newsletter
By subscribing to our newsletter, you agree to receive it and to the described procedures.
Newsletter content includes information about our services and activities. Registration follows a double opt-in procedure. Registrations are logged to verify consent.
Legal basis: Art. 6(1)(a), Art. 7 GDPR, or legitimate interests under Art. 6(1)(f) GDPR in conjunction with §7 UWG.
You may unsubscribe at any time. Unsubscribed email addresses may be stored for up to three years to document prior consent.
⸻
Hosting and Email Delivery
Hosting services provide infrastructure, storage, databases, email delivery, security, and maintenance. Data are processed on the basis of legitimate interests under Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR.
⸻
Social Media Presences
We maintain online presences on social networks to communicate with users and inform them about our services. Data may be processed outside the EU. Providers certified under Privacy Shield (where applicable) commit to EU data protection standards.
User data may be processed for market research and advertising purposes, including the creation of usage profiles.
Legal basis: Art. 6(1)(f) GDPR or consent under Art. 6(1)(a) GDPR.
For details and opt-out options, see providers’ privacy policies.
⸻
Integration of Third-Party Services and Content
We integrate third-party content (e.g. videos, fonts) based on legitimate interests under Art. 6(1)(f) GDPR. This requires that third parties process users’ IP addresses.
⸻
Social Plugins and Platforms
Details follow for Facebook, Twitter, Instagram, Pinterest, LinkedIn, Xing, Wakelet, SoundCloud, and Google/YouTube, including privacy policies and opt-out links, consistent with GDPR requirements.
⸻
Created using Datenschutz-Generator.de by Attorney Dr. Thomas Schwenke