Date: 22 August 2019
23560 Luebeck, Germany
I collect data about access to the website based on my legitimate interest (cf. Art. 6(1)f GDPR) and save this as “server logfiles” on the website’s server. The following data is recorded:
- Visited website
- Time of access
- Volume of the data transmitted in bytes
- Source/reference from where you have reached the website
- Browser used
- Operating system used
- IP address used
The server logfiles are stored for a maximum of 7 days and then erased. Data is stored for security reasons in order to be able to explain instances of misuse. If data has to be collected for reasons of evidence, it shall not be erased until the matter has been finally resolved.
Overview of processing
The following overview summarises the types of processed data and the purposes for which it is processed and refers to the data subjects.
Types of processed data
- Inventory data (e.g. names, addresses)
- Content data (e.g. text entries, photographs, videos)
- Contact data (e.g. email addresses, telephone numbers)
- Meta/communication data (e.g. device information, IP addresses)
- Usage data (e.g. visited websites, interests in the content, access times)
- Contract data (e.g. object of the contract, term, customer category)
- Payment data (e.g. bank details, invoices, payment history)
Categories of data subjects
- Business and contractual partners
- Interested parties
- Users (e.g. website visitors, user of online services)
Purposes of processing
- Provision of the online offer and user-friendliness
- Office and organisational processes
- Contact enquiries and communication
- Contractual performance and service
- Managing and responding to enquiries
Relevant legal bases
I am notifying you of the legal basis of the General Data Protection Regulation (GDPR) in the following, on the basis of which I am processing the personal data. Please take care that the national data protection requirements in your and my place of residence may apply in addition to the regulations of GDPR.
- Consent (Art. 6(1) subsection 1 lit. a. GDPR): The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Contract fulfilment and pre-contractual enquiries (Art. 6(1) subsection 1 b. GDPR): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6 (1) subsection 1 c. GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 (1) subsection 1 f. GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data privacy regulations in Germany: National regulations for data privacy in Germany apply in addition to the data protection regulations of the General Data Protection Regulation. This particularly includes the law on protection against misuse of personal data for data processing (German Federal Data Protection Act [BDSG]). The BDSG particularly includes special rules on the right of information, on the right of erasure, on the right of objection, on processing special categories of personal data, on processing for other purposes and on transmission and automated decision-making in the individual case, including profiling. It further regulates data processing for the purposes of the employment relationship (Article 26 Federal Data Protection Act [BDSG]), in particular with respect to the justification, implementation and termination of the employment relationships and consent of the employees. Furthermore, state data privacy laws of the individual federal states may apply.
I am taking suitable technical and organisational measures to guarantee a level of protection appropriate to the risk based on the statutory requirements, taking into account state-of-the-art technology, implementation costs and the nature and scope, circumstances and the purpose of processing, and the various likelihoods of occurrence, and the extent of the threat to rights and freedoms of natural persons to guarantee a level of protection appropriate to the risk.
The measures particularly include ensuring confidentiality, integrity, and availability of data by controlling physical and electronic access to data, and the access, entry, forwarding, security of availability relating to it and its separation. Furthermore, I have set up processes that guarantee exercising the rights of data subjects, erasing data and reactions to posing a risk to data. I already further consider the protection of personal data when developing and selecting hardware, software and processes based on the principle of data protection, through designing technology and through data-privacy friendly settings.
SSL encryption (https): I use SSL encryption to protect your data transmitted via my online offer. You will recognise such encrypted links by the prefix https:// in your browser’s address line.
Measurement of scope & cookies
You can object to the use of these files here if you do not want cookies to be stored on your end device to measure scope:
- Cookie deactivation page of the network advertising initiative: http://optout.networkadvertising.org/?c=1#!/
- Cookie deactivation for US American website visitors: http://optout.aboutads.info/?c=2#!/
- Cookie deactivation for European website visitors: http://optout.networkadvertising.org/?c=1#!/
Common browsers offer the setting option of not permitting cookies.
Note: There is no guarantee that you will have access to all functions of this website without restriction if you make the above-mentioned settings.
Embedded content of other websites
Articles on this website may have embedded content (e.g. videos, images and articles). Embedded content from other websites behave exactly as if the visitors had visited the other website.
Recording and processing personal data
I will only collect, use and forward your personal data if this is permitted within the statutory framework, or you have given your consent for the data to be collected.
All information that serves to identify you personally and that can be traced back to you is considered personal data, e.g. your name, your email address and telephone number.
You can visit this website without providing any personal details. To improve the online offer, I will, however, store your access data to this website (without any personal reference). This access data includes, for example, a file requested by you or the name of your internet provider. Due to the anonymisation the data it is not possible to draw any conclusions about you.
- I process personal data, such as first name, second name, IP address, email address, country and details of content from any emails sent to me.
- I only process personal data following the explicit consent of the relevant users and by observing the relevant data privacy requirements. You grant me this permission, e.g. by sending an enquiry.
- Personal data will be processed based on my legitimate interest to meet my contractually agreed services and to optimise my online offer.
Provision of the online offer and webhosting
To be able to provide my online offer securely and efficiently, I use the services of one or more webhosting providers, from whose servers (or from the servers managed by them) the online offer can be accessed. I can use infrastructure and platform services, computer capacity, storage capacity, database services, security services and technical maintenance services for these purposes.
All information concerning the users of my online offer, which occurs as part of the usage and communication, can form part of the data processed as part of supplying the hosting offer. This periodically concerns the IP address that is necessary to be able to supply content of the online offers to browsers, and all entries made within my online offer and from websites.
Email dispatch and hosting: The webhosting services used by me also include the dispatch, receipt and storage of emails. The addresses of the recipients and the senders and further information relating to the email dispatch (e.g. the providers involved) and the contents of each email are processed. The aforesaid data may further be processed for the purpose of identifying SPAM. I would like you to consider that emails on the Internet are generally not encrypted. Emails are generally encrypted in transit, but (if no end-to-end encryption process is used) not on servers from where they are sent and received. I am therefore unable to accept any responsibility for emails between the sender and the receipt on the server of my hosting provider.
Collecting access data and logfiles: I, myself (or my webhosting provider) collect data on every access on the server (so-called server log files). The server logfiles may include the address and name of the websites and files called, data and time they were called, transmitted data volumes, report about successful call, browser type and version, the user’s operating system, referrer URL (the page previously visited), and in general, the IP addresses and the requesting provider.
The server logfiles may be used, on the one hand, for the purposes of security, e.g. to avoid overloading the server (in particular, in the case of abusive attacks, so-called DDoS attacks), and to ensure capacity utilisation of the servers and their stability.
- Processed types of data: Content data (e.g. text entries, photography, videos), usage data (e.g. websites visited, interests in content, access times), meta/communications data (e.g. device information, IP addresses)
- Data subjects: Users (e.g. website visitors, user of online services)
- Legal bases: Legitimate interests (Art. 6 (1) subsection 1 f. GDPR):
Plug-ins and embedded functions and content:
I attach in my online offer function and content elements that are taken from the servers of their respective providers (hereinafter referred to consistently as “third-party providers”). For example, these can be graphics, videos or social media buttons and articles (hereinafter referred to jointly as “Contents”).
The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the contents to their browser without the IP address. The IP address is therefore necessary to present this content or functions. I make every effort only to use such content, whose respective providers only use the IP address to deliver the contents. Third-party providers may further use pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Thanks to the “pixel tags” information, such as visitor traffic, can be analysed on the pages of this website. The pseudonymised information may be saved in cookies on the user’s device and may contain amongst other things technical information about the browser and the operating system, information about linking websites and about the visiting time and further information on the usage of my online offer, and may be combined with such information from other sources.
- Processed types of data: Usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses)
- Data subjects: Users (e.g. website visitors, user of online services)
- Purposes of processing: Provision of my online offer, user friendliness, contractual services and service
- Legal bases: Legitimate interests (Art. 6 (1) subsection 1 f. GDPR)
Services used and service providers:
Erasure of data
The data processed by me shall be erased based on the statutory requirements, as soon as the consents granted for processing are rejected or other permissions lapse (e.g. if the purpose of processing this data has ceased, or it is not required for the purpose).
If the data is not erased because it is required for other statutorily permitted purposes, its processing will be restricted to these purposes. This means that the data is locked and is not processed for other purposes. That applies, for example, to data that has to be stored for commercial or tax law reasons and whose storage is necessary for claiming, exercising or defending legal claims or to protect the rights of another natural or legal person.
Rights of users
As a user, you have the right to apply for free-of-charge information about what personal information we have stored about you. You also have the right to correct false data and to restrict processing and to erase your personal data. If applicable, you can claim your right to data portability. Should you suppose that your data has been processed unlawfully, you can make a complaint with the relevant supervisory authority.
Erasure of data
Provided your wish does not collide with a statutory duty to retain data (e.g. data retention), you have the right to have your data erased. Any data stored by me will be erased, provided it is no longer required for your intended purpose and there are no statutory storage periods. If no erasure can be carried out, as the data is required for permitted, statutory purposes, data processing will be restricted. In this case, data shall be blocked and not processed for other purposes.
Right to object
Users of this website are able to make use of their right to object, and may object to their personal data being processed at any time.
If you require any of your personal data to be corrected, blocked, erased or accessed, or have any questions about the collection, processing or use of your personal data or would like to object to any of the approvals given, please contact the following address: sylvia(at)scheibe-translations.com