PRIVACE POLICY
PREAMBLE
With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific.
As of: April 29, 2023
Responsible
Eugen Schott
Haid 1
84439 Steinkirchen
E-Mail-Adresse:
Impressum:
https://haid-creative.de/impressum/
Overview of processing
**The following overview summarizes the types of processed data, the purposes of their processing, and references the affected persons.**
**Types of Processed Data**
- Contact data.
- Content data.
- Usage data.
- Meta, communication, and procedural data.
**Categories of Affected Persons**
- Communication partners.
- Users.
**Purposes of Processing**
- Handling contact requests and communication.
- Security measures.
- Measuring reach.
- Conversion measurement.
- Administration and response to inquiries.
- Feedback.
- Profiles with user-related information.
- Providing our online offering and user-friendliness.
- Information technology infrastructure.
**Relevant Legal Bases**
Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations in your or our country of residence or establishment may apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.
- **Consent (Art. 6(1)(a) GDPR)** – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- **Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR)** – Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
- **Legitimate interests (Art. 6(1)(f) GDPR)** – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
**Security Measures**
We take appropriate technical and organizational measures in accordance with the legal requirements, considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, and the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transmission, availability, and separation of the data. Furthermore, we have procedures in place to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data during the development or selection of hardware, software, and procedures, following the principle of data protection by design and by default.
**TLS Encryption (https):** To protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address line.
**Transfer of Personal Data**
In the course of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
**Data Processing in Third Countries**
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this will only occur in accordance with legal requirements.
Subject to explicit consent or contractual or legal requirements, we process or allow data to be processed only in third countries with a recognized level of data protection, contractual obligations through so-called standard protection clauses of the EU Commission, certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: [https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de)).
**Deletion of Data**
The data processed by us will be deleted in accordance with the legal requirements as soon as their consent allowed for processing is revoked or other permissions cease to apply (e.g., if the purpose of processing this data ceases to apply or they are no longer necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or the protection of the rights of another natural or legal person.
Our data protection notices may also include additional information on the retention and deletion of data, which will take precedence for the respective processing operations.
**Use of Cookies**
Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an online shop, the accessed content, or the functions used in an online offering. Cookies can also be used for different purposes, e.g., for the functionality, security, and convenience of online offerings, as well as for the creation of analyses of visitor flows.
**Consent Notices:** We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, except when it is not legally required. Consent is particularly not required if the storage and retrieval of information, including cookies, are absolutely necessary to provide users with a telemedia service (i.e., our online offering) they explicitly request. The absolutely necessary cookies generally include cookies with functions that serve to display and operate the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to the main and secondary functions of the online offering requested by the users. The revocable consent will be clearly communicated to users and include information on the respective cookie usage.
**Legal Basis Notices:** The legal basis on which we process personal data of users with the help of cookies depends on whether we ask users for consent. If the users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies will be based on our legitimate interests (e.g., in the economic operation of our online offering and its improvement) or, if necessary, for the fulfillment of our contractual obligations, if the use of cookies is required for this purpose. We clarify the purposes for which the cookies are processed in the course of this privacy policy or within our consent and processing processes.
**Storage Duration:** With regard to the storage duration, the following types of cookies are distinguished:
- **Temporary Cookies (also: Session Cookies):** Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g., browser or mobile application).
- **Permanent Cookies:** Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected with the help of cookies may be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., in the context of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.
**General Information on Revocation and Objection (Opt-Out):** Users can revoke the consents they have given at any time and object to the processing of their data according to the legal requirements in Art. 21 GDPR. Users can also declare their objection via their browser settings, e.g., by deactivating the use of cookies (which may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites [https://optout.aboutads.info](https://optout.aboutads.info) and [https://www.youronlinechoices.com](https://www.youronlinechoices.com).
**Legal Bases:** Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).
**Further Information on Processing, Procedures, and Services:**
- **Processing of Cookie Data Based on Consent:** We use a cookie consent management procedure in which users’ consents to the use of cookies and the related processing and providers are obtained and managed, and can be revoked by users. The consent declaration is stored to avoid having to repeat the inquiry and to prove the consent in accordance with legal obligations. The storage can take place server-side and/or in a cookie (so-called opt-in cookie or using comparable technologies) to be able to assign the consent to a user or their device. Unless individual information about the providers of cookie management services is provided, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and end device used; Legal bases: Consent (Art. 6(1)(a) GDPR).
To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used and the respective consents, we use the consent tool "GDPR Cookie Compliance."
The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the consents related to them.
The provision of personal data is neither contractually required nor necessary