Data Protection Declaration
(Translated from German – original version: Datenschutz)
Responsible for the Data Protection Declaration
Art Vego | Beatrice Winkel
Last update: May 2018
Basic details of the data processing and legal basis
This data protection declaration informs you about the type, scope and purpose of personal data processing within the online offer and its related website, functions and contents (hereinafter collectively referred to as the “online offer” or “website”). The Data Protection Declaration applies irrespective of the domains, systems, platform and equipment (for example desktop or mobile) which run the online offer.
You find more information about the used terminology, for example “personal data” and its “processing” in the article 4 of the General Data Protection Regulation (in German Datenschutzgrundverordnung – DSGVO).
The personal data processed of the user in the framework of the online offer includes the stock data (for example your name and your address), contract data (for example the used services and payment information), usage data (for example the visited websites of my online offer, interest in my products) and content data (for example entries in the contact form or newsletter form).
The purpose of the processing includes the provision of the online offer, its functions and contents, the reply of contact requests and communication with users, security measures, measurement of the reach and marketing.
The term “users” covers all categories of data subjects. These include my business partner, customers, interested parties and other visitors to my online offer.
I use the personal data of my users only in compliance with the relevant data processing laws. That means, the personal data of users were just processed with a legal permission.
This applies in particular if the data processing is necessary or prescribed by law for delivery my contractual services (for example processing of orders) and online services, is the approval of the user obtained. Furthermore is the approval of the user obtained because of my legitimate interests (for example interest in the analysis, optimisation and economic operation and security of my online offer within the meaning of Article 6 (1) (f) DSGVO, in particular for the measurement of the reach, create profiles for advertising and marketing purposes as well as collection of data and the use of third-party services).
I would point out that the legal basis of the agreements is Article 6 (1) (a) DSGVO and Article 7 DSGVO, the legal basis of the data processing to fulfil my services and perform my contractually measures is Article 6 (1) (b) DSGVO, the legal basis of the data processing for the fulfillment of my legal obligations is Article 6 (1) (c) DSGVO, and the legal basis of the data processing to safeguard my legitimate interests is Article 6 (1) (f) DSGVO.
I take suitable organizational, technical and contractual precautions according to the state of the art, to ensure that the rules of the data protection laws are fulfilled and to protect the personal information processed by me against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.
Disclosure of data to third party and third-party providers
Data shall only be passed on to third parties within the requirements set by the law. I will only pass on personal details to third parties if it is necessary for example for contractual purposes within the framework of the Article 6 (1) (b) DSGVO or for my legitimate interests within the framework of Article 6 (1) (f) DSGVO.
If I use subcontractors to deliver my services, I take appropriate legal measures as well as technical and organisational measures to secure the personal data in accordance with the relevant regulation.
If, in connection with this Data Protection Declaration, I use contents, tools or other means from other provider (hereinafter jointly designated by the term „third-party providers „) and their registered office is in a third country, it can be assumed that the data transfer is in the country in which the third party has its seat. Third state countries are countries in which the DSGVO is no directly applicable law. That means basically countries which are outside the European Union and the European Economic Area. The transfer of data to third countries take place either when an adequate level of data privacy protection, an user permission or some other legal permission exist.
Provision of contractual services
I use inventory data (for example name, address as well as contact data from user), contract data (for example received services, contact names, payment information) to fulfill my contractual obligations and services within the framework of the Article 6 (1) (b) DSGVO.
When you contact me (via contact form or email) the details provided by users will be used for purpose of processing contact request or processing within the framework of the Article 6 (1) (b) DSGVO.
Elevation of access data and log files
Because of my legitimate interests within the framework of Article 6 (1) (f) DSGVO I collect data about the access to the server on which this service is located (so-called server log files). The access data include name of the clicked web page, file, date and time of the access, transmitted data volume, report on successful access, web browser and version, operating system of the user, referrer URL (previously visited page), IP address and inquired provider.
Log file information will be stored for security reasons for maximum seven days and deleted afterwards. Data which are necessary to store for evidence purposes, are excluded this deletion until the incident has been finally clarified.
Cookies and measurement of the reach
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.
If the user don´t want that cookies will be placed on their computer´s hard drive, the user were asked to deactivate the relevant option in the system settings for their browser (so does it work for example for Firefox, Safari, Chrome, Internet Explorer). Saved cookies can be deleted using your browser settings at any time. The exclusion from cookies could result functional limitations of this online offer.
The following information is intended to give you a summary of the contents of my newsletter as well as the application procedure, transit procedure and statistical evaluation procedure as well as your right of objection.
Content of the Newsletter
I send Newsletter, emails and other electronically massages which commercial information (hereinafter “newsletter) only with the consent with the recipient or due to a legal obligation. As long as, in the framework of the newsletter, the contents of the newsletter are concrete described, they are relevant for the consent of users. Furthermore my newsletter contain reports of aspects of my everyday life, recipes, download links to free colouring pages, information about my products, offers, special offers and my business.
Double-Opt-In and recording
The registration to the newsletter is with a so-called “Double-opt-In-Process”. That means, after your registration you will receive an email, in which you are being asked to confirm your registration. This confirmation necessary, so nobody can registries with strange email addresses. The confirmations will be recorded to demonstrate the confirmation process in accordance with legal requirements. This includes storage of the time of the registration, time of the confirmation and the IP address. The changes of your dates, which are stored at the email marketing service, will be recorded.
Email marketing service “MailChimp”
The sending of the newsletter will be made by “MailChimp”, newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of my newsletter receiver and all the data, which were explained within this framework, will be stored on the server of MailChimp in the USA. MailChimp uses these information for the sending and for evaluation of the newsletter on my behalf. Furthermore, basis its own information, MailChimp can use these data for optimisation and improvement of its own services, for example for technical optimisation of the sending and the presentation of the newsletter or for commercial goals, to determine from which countries the receivers are. But MailChimp doesn´t use the data of my newsletter receiver to write them emails on their own or to give it to third parties.
I trust in the reliability and in the IT security and data security of MailChimp. MailChimp is part of the US EU Data Protection Convention “Privacy Shield“ and thereby committing itself officially to comply with the EU data protection preferences. Furthermore I concluded with MailChimp a “Data-Processing-Agreement“. This is a contract, in which MailChimp commits, to protect the data of my user in accordance with the data protection regulations and in particular to refrain from passing it on or making it accessible to third parties. You can read the Data Protection Declaration of MailChimp here.
To sign in the newsletter, it usually suffices if you enter your email address. Optional you can enter your first name, this is intended only for personal approach in the newsletter.
Statistical survey and analyses
The newsletters contain a so-called “Web Beacon”. That is a pixel-sized file, which will be recalled from the server of the email marketing service when you open the newsletter. Within the framework of this recall technical information such as information about the browser and your system, your IP address and the time of the visit of the website will be collected. These information will be used for the technical development of the service with the technical data or target group and their reading behaviour for the locations of the recalls (with the help of the IP addresses) or time of the recall. Part of the statistical survey is also if the newsletter will be opened, when they will be opened and which links will be clicked. These Information will be allocated to the specific newsletter receiver because of the technical data.
But it is not my aim to observe my user as well as the email marketing service and I have no interest to observe my user. The aim of the evaluation is only to understand the reading habits of my user so I can conform the contents to their habits or to send different contents to my user.
Termination / Revocation
You can terminate the receiver of my newsletters at any time. That means you revoke your permission. Therefore your permission for the sending with the email marketing service and its analyses will laps. A separated revocation of the sending with the email marketing service or the statistical evaluation is not possible. You find the termination link on the bottom of every newsletter. When user just sign in for the newsletter and then terminate it, all personal data will be deleted.
The use of the email marketing service, statistical evaluation and analyses as well as the recording of the application procedure follow on basis of my legitimate interests within the framework of Article 6 (1) (f) DSGVO. I’m interested in the use of an user-friendly and safe newsletter system, which fulfil business interest and meet the expectations of my user.
Integration of third party services or third party content
On my online offer, I use, because of the basis of my legitimate interests within the framework of Article 6 (1) (f) DSGVO, content and services of third parties (hereinafter called “content”), for example videos or fonts.
That means always, that the third parties of these contents perceive the IP addresses of my user, because they need the IP address to send their contents to their browser. The IP address is therefore necessary. I try to use only contents of third parties which use the IP address only to deliver their contents.
Third parties can also use so-called “Web Beacon”. That is a pixel-sized file, which will be recalled from the server of the third party and can be used for statistic evaluation or marketing. Within the framework of this recall technical information such as information about the browser and your system, your IP address and the time of the visit of the website will be collected. These pixle-sized files can be in cookies.
The following table provides an overview of the used third parties, their contents, their links to the Data Protection Declarartion (which have additional hints how they use the Data), Opt-Out-Options:
- If my user use the payment methods of third parties (for example PayPal), the business conditions and guidelines of these third parties apply (which can be read on their web pages).
- External font “Google Fonts“ of the third party Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The integration of Google Fonts is delivered through the server call of Google (normally in the USA). Data Protection Declaration, Opt-Out
- Videos of the platform “YouTube“ of the third party Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Declaration, Opt-Out
Rights of the user
Users have the right, to receive information concerning the personal data stored about them at any time, free of charge.
Furthermore, users have the right that inaccurate data be corrected, the right of limiting the processing and deleting of personal registration data, where applicable, assert the right of data portability and in case of the assumption of unlawful data processing, they can to file a complaint to the responsible regulatory agency.
Users can revoke consent for future usage at any time.
Deleting of data
I will immediately delete the personal data, when they are no longer needed for their specific purposes, provided that statutory storage obligations do not exist. If a deletion should be prevented by other or legal obligation to retain data, the use of data will be limited. That mean they will be blocked and won´t processed for other purposes. That includes for example data of users which have to be stored due to commerce and tax law reasons. Prescribed by law the data retain for six years (§ 257 Abs. 1 HGB) or ten years (§ 147 Abs. 1 AO).
Right of objection
Users can object future processing of their personal data in accordance with legal requirements at any time. In particular, the users can object the data processing for the purpose of direct mailing.
Changes of the Data Protection Declaration
I reserve the right to alter the Data Protection Declaration, to conform it to the changed legal situation, offered services or data processing. However, this only applies the statements of data processing. Where the agreements of the users are necessary, the changes can only be done in agreement with the users.
Users were asked to inform itself periodically about the Data Protection Declaration.