Privacy Policy

Introduction

With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) for which purposes and to what extent process. The privacy policy applies to all we conduct Processing of personal data, both in the context of providing our services and also in particular on our websites, in mobile applications and within external ones Online presence, such as our social media profiles (hereinafter collectively referred to as as "online offer").

The terms used are not gender specific.

As of June 19, 2020

Table of Contents

  • Introduction
  • Person responsible
  • Overview of processing
  • Relevant legal bases
  • Security Measures
  • Provision of the online offer and web hosting
  • Contact us
  • Deletion of data
  • Change and update of the privacy policy

Person responsible

Thomas Diroll
Zugspitzweg 26
82538 Geretsried

Email address: hello@thomasdiroll.com

Imprint: https://www.thomasdiroll.com/imprint

Overview of processing

The following overview summarizes the types of data processed and the purposes of them Processing together and refers to the data subjects.

Types of data processed

  • Inventory data (e.g. names, addresses).
  • Content data (e.g. text input, photographs, videos).
  • Contact details (e.g. email, telephone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).

Categories of data subjects

  • Communication partner.
  • Users (e.g. website visitors, users of online services).

Purposes of processing

  • Contact requests and communication.

Relevant legal bases

In the following we share the legal bases of the General Data Protection Regulation (GDPR), on whose Basis we process the personal data with. Please note that in addition to the regulations of the GDPR the national data protection regulations in your or our residential and Country of domicile may apply. Should more specific legal bases also apply in individual cases be, we will inform you of this in the data protection declaration.

  • Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) - The processing is necessary for the performance of a contract to which the data subject is party is necessary, or to carry out pre-contractual measures, which are carried out at the request of the person concerned person.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) - The processing is to protect the legitimate interests of the person responsible or a Third parties required, unless the interests or fundamental rights and freedoms of those concerned person requiring the protection of personal data prevail.

National data protection regulations in Germany : In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply on data protection in Germany. This includes in particular the law on the protection against misuse of personal data Data in data processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations the right to information, the right to erasure, the right to object, the processing of special data categories of personal data, for processing for other purposes and for transmission as well Automated individual decision-making including profiling. Furthermore regulates it is data processing for the purposes of the employment relationship (§ 26 BDSG), in particular in With regard to the establishment, implementation or termination of employment relationships and the employee consent. Furthermore, state data protection laws of the individual federal states apply.

Security Measures

We meet in accordance with the legal requirements, taking into account the status of the technology, the cost of implementation and the nature, scope, circumstances and purposes of the Processing as well as the different probabilities of occurrence and the extent of the Threats to the rights and freedoms of natural persons appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring confidentiality, integrity and Availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, security of the availability and their separation. Furthermore, we have set up procedures that Exercising the rights of data subjects, the deletion of data and reactions to the endangerment of data ensure data. Furthermore, we already take the protection of personal data into account the development or selection of hardware, software and processes according to the principle of Data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): To your transmitted via our online offer To protect data, we use SSL encryption. You recognize such encrypted Connections to the prefix https:// in the address bar of your browser.

Provision of the online offer and web hosting

In order to be able to provide our online offer securely and efficiently, we use the services by one or more web hosting providers, whose servers (or by them managed servers) the online offer can be accessed. For these purposes we can Infrastructure and platform services, computing capacity, storage space and Database services as well as security services and technical maintenance services take.

All of the data processed as part of the provision of the hosting offer can be The information relating to users of our online offer belongs to the information provided in the context of use and communication arise. This regularly includes the IP address, which is necessary to To be able to deliver content from online offers to browsers, and all within our online offer or entries made from websites.

Collection of access data and log files: We ourselves (or our Web hosting providers) collect data for each access to the server (so-called server log files). The server log files can contain the address and name of the accessed websites and files, date and time of retrieval, transferred data volume, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page) and im As a rule, IP addresses and the requesting provider belong.

The server log files can be used for security purposes, e.g. to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, the load on the servers and their stability ensure.

  • Types of data processed: content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Persons affected: users (e.g. website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Contact us

When contacting us (e.g. via contact form, e-mail, telephone or via social Media) the details of the inquiring persons will be processed, insofar as this is necessary for answering of the contact requests and any requested measures.

Answering contact requests within the framework of contractual or pre-contractual Relationships are made to fulfill our contractual obligations or to respond to (Pre)contractual inquiries and otherwise on the basis of the legitimate interests in the Answering the inquiries.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. E-mail, telephone numbers), content data (e.g. text input, photographs, videos).
  • Persons affected: Communication partners.
  • Purposes of processing: Contact Requests and Communication.
  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consent to processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or if it is used for the purpose are not required).

Unless the data is deleted because it is used for other and legally permissible purposes are required, their processing will be limited to these purposes. That is, the data will blocked and not processed for other purposes. This applies, for example, to data from commercial or must be kept for tax reasons or their storage to assert, exercise or defend legal claims or protect the rights of another natural or legal person is required.

Further information on the deletion of personal data can also be found within the framework of individual data protection notices of this data protection declaration.

Change and update of the data protection declaration

We ask you to inform yourself regularly about the content of our data protection declaration. We adjust the data protection declaration as soon as the changes made by us data processing make this necessary. We will inform you as soon as through the changes an act of cooperation on your part (e.g. consent) or another individual notification is required.

If we provide addresses and contact information of companies and organizations, please note that the addresses change over time can and ask to check the information before contacting us.