Tim Wehrle

Privacy Policy

Responsible

What is personal data?

“Personal data” means any information relating to an identified or identifiable natural person ("data subject"). A person is considered identifiable if they can be identified directly or indirectly by means of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics. These characteristics reflect the physical, physiological, genetic, psychological, economic, cultural or social identity of that person. 

We collect and use personal information exclusively on a voluntary basis and/or if a legal basis permits this. This privacy policy describes how we collect and use personal data.

Types of data processed

The data listed here includes all types of processed information that we can use. However, not all of it is used.

  • Inventory data (e.g., names, addresses)
  • Contact data (e.g., email, telephone numbers)
  • Content data (e.g., text entries, photographs, videos)
  • Usage data (e.g., websites visited, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Purpose of processing

We use your personal data for the following purposes:

  • Provision of the online offer, its functions and content of contact requests and communication with users
  • Security measures
  • Reach measurement/marketing

Relevant legal bases

In accordance with Art. 13 GDPR, we provide information about the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies:

  • The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR.
  • The legal basis for the processing of personal data for the purpose of providing our services, executing contracts and responding to requests is Art. 6 para. 1 lit. b GDPR.
  • The legal basis for processing for the fulfillment of legal obligations is Art. 6 para. 1 lit. c GDPR.
  • The legal basis for the processing of data to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.
  • In the event that the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d GDPR is the legal basis.

Security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

In doing so, we take into account the state of the art, the implementation costs, the nature and scope of the processing and the likelihood and severity of possible risks to the rights and freedoms of natural persons in accordance with Art. 32 of the GDPR.

The measures include, in particular, securing data by controlling physical access, access, input, disclosure and separation. In doing so, we ensure that the confidentiality, integrity and availability of the data are guaranteed. We also have procedures for exercising data subject rights, deleting data and responding to threats. When developing and selecting hardware, software and procedures, we ensure the protection of personal data in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

Data transfer

If we pass on data to other persons or companies in the course of our work, for example to processors or third parties, we only do so if this is permitted by law. This may be the case, for example, if we have to transfer data to third parties such as payment service providers in accordance with Article 6(1)(b) GDPR in order to fulfill a contract, if you have consented, if there is a legal obligation or if it is based on our legitimate interests, for example when hiring employees, web hosts, etc.

If we commission someone else to process data for us, we do so on the basis of a contract that meets the conditions of Art. 28 GDPR.

Transfer to third countries

If we process data in a country outside the European Union (EU) or the European Economic Area (EEA) or disclose it in the context of the use of third-party services or the transfer of data to third parties, this is done exclusively to fulfill our contractual obligations, based on your consent, due to a legal obligation or to protect our legitimate interests.

Subject to legal or contractual permissions, we will only transfer data to a third country in accordance with the specific requirements of Art. 44 et seq. GDPR. Processing is carried out on the basis of special guarantees, such as the formal recognition of a level of data protection in the USA that corresponds to the EU level of data protection (e.g. through the “Privacy Shield”) or compliance with formally recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of the data subjects

In accordance with Art. 15 of the GDPR, you have the right to request confirmation as to whether we are processing personal data concerning you and you have the right to access this data as well as further information and a copy of this data.

In accordance with Art. 16 GDPR, you have the right to request the completion of incomplete data or the rectification of inaccurate data.

In accordance with Art. 17 GDPR, you have the right to demand the immediate erasure of your personal data or, alternatively, to demand the restriction of the processing of your data in accordance with Art. 18 GDPR.

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.

In addition, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates data protection regulations.

Right of revocation and objection

You have the right to withdraw your consent with effect for the future in accordance with Art. 7 para. 3 GDPR.

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.

Deletion of data

The data that we process is either deleted or processing is restricted in accordance with the GDPR. If the data is no longer necessary for the original purpose and there are no legal obligations to retain it, it will be deleted. If deletion is not possible because the data is legally required for other permissible purposes, it will be blocked and not used for other purposes. Examples of this are information that must be stored because it is subject to commercial or tax regulations.

In Germany, documents such as books, commercial books and tax records must be stored for 10 years, in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB. Commercial letters must be kept for 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB. In Austria, business documents must be kept for a certain period of time in accordance with § 132 para. 1 BAO. Accounting documents, receipts, business papers etc. must be kept for 7 years, in connection with real estate for 22 years and for certain services to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used, for 10 years.

Contacting

If you contact us (e.g. by contact form, email, telephone or via social media), we use your data exclusively to process your request in accordance with Art. 6 para. 1 lit. b GDPR. We store your data in a customer relationship management system (“CRM system”) or a comparable inquiry management system and delete it as soon as it is no longer required. Every two years, we check whether it is necessary to retain the data and we comply with statutory retention obligations.