Data Protection | Susanne Maria

Data privacy statement

(As at: 05/2020)

We inform you here about processing of personal data during usage of our Internet presences, such as our website www.susannemaria.de or our social-media profiles.

Personal data comprise all information which can be personally related to you, i.e. name, address, e-mail, IP address and user behaviour.

The terms employed here, such as “processing”, “responsible entity” or “concerned party”, are defined in Article 4 GDPR. In particular, it contains the following definitions:

“Personal data” means all information relating to an identified or identifiable natural person (hereinafter referred to as “concerned person”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4, Item 1 GDPR).

“Processing” means every procedure executed with or without the help of automation, or every such series of procedures involving personal data, such as collection, registration, organization, sorting, storage, adaptation or change, readout, querying, utilization, disclosure through transmission, dissemination or any other form of supply, comparison or association, restriction, deletion or destruction (Article 4, Item 2 GDPR).

“Responsible person” (or “responsible entity”) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data (Article 4, Item 7 GDPR).

“Delegated processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible entity (Article 4, Item 8 GDPR).

In particular, the terms “processing” and “personal data” are extremely broad so as to encompass almost any type of data handling.

Contents:

01. Who is the responsible entity?

02. Is there a data protection officer?

03. Who is concerned by data processing?

04. Which data do we collect from you, and for which purposes and on what legal basis do we process the data?

05. To whom do we relay your data?

06. Are your data relayed to parties outside the EU?

07. For how long do we process your data?

08. What are your rights?

09. When and how can you object to data processing?

10. When and how can you withdraw your consent?

11. Where can you submit complaints?

12. When and why is it necessary to provide your data?

13. Does automated decision-making (e.g. profiling) take place?

14. How can you contact us?

15. How do we secure our website?

16. What are cookies and how do we use them?

17. Which social media profiles do we use?

18. How and why do we use WhatsApp?

01. Who is the responsible entity?

Responsibility for processing your data lies with us:

Susanne van Loosen
Am Entensee 62
DE 63075 Offenbach am Main
Phone: +49 173/5202119
e‐mail: mail@susannemaria.de

02. Is there a data protection officer?

We are not required by law to appoint a data protection officer.

03. Who is concerned by data processing?

If you visit our website, e.g. as an interested party, customer, supplier, service provider or other visitor, your personal data are processed within the framework of legal regulations as well as this declaration. All visitors to our Internet presences are grouped under the term “user”.

04. Which data do we collect from you, and for which purposes and on what legal basis do we process the data?

If you visit our website without registering or otherwise conveying information to us, only the personal data which your browser submits to our server are processed. The data processed in this case are technically needed to display our website as well as ensure its stability and security, and include the following items according to our knowledge:

IP address of the invoking computer
Date and time of enquiry
Name and URL of the invoked file
Access status / HTTP status code
Transmitted quantity of data
Website sending the enquiry (referrer URL)
Employed browser
Operating system

If you additionally convey personal data to us, e.g. as part of an enquiry via e-mail, we may then also process details such as the following:

Basic subscriber data (e.g. name, address)
Contact data (e.g. e-mail address, phone number)
Data comprising content (e.g. input text, photos)
Usage data (e.g. visited sites, access times)
Communication data / metadata (e.g. device information, IP addresses)

During your visit to our website, we process your personal data for the following purposes, in particular:

To provide the functions and contents of our online offer
To ensure smooth establishment of connections to our website
To ensure comfortable usage of our website
To evaluate and guarantee system security and stability, as well as implementation of general security measures
To answer any enquiries during contact and to communicate with you
For further administrative purposes
To provide agreed services

Unless we provide a specific legal basis in the framework of this data privacy statement, the following applies to processing of your personal data: The legal basis for obtaining consent is derived from Article 6 Paragraph 1 lit. a) and Article 7 GDPR. The legal basis for data processing to fulfil our service obligations and implement (pre-) contractual measures as well as answer any enquiries is Article 6 Paragraph 1 lit. b) GDPR. The legal basis for processing data to fulfil legal obligations is Article 6 Paragraph 1 lit. c) GDPR. Should vital interests of the concerned person or another natural person necessitate data processing, the legal basis for this is derived from Article 6 Paragraph 1 lit. d) GDPR. Data processing to safeguard our legitimate interests takes place on the basis of Article 6 Paragraph 1 lit. f) GDPR. Our legitimate interests follow from the above-mentioned purposes of data collection.

If, in the framework of processing of your personal data, we disclose or relay these data to third parties or otherwise grant them access to these data, this is done exclusively on the basis of a legal permission, insofar as you have provided your consent or we are legally obliged to do so, or on the basis of our legitimate interests. Legal permission exists, in particular, if relay of the data is necessary to fulfil contractual obligations (e.g. vis-à-vis payment or shipping service providers). Legitimate interest can exist if we use data for direct marketing or to prevent fraud. There may also be a legitimate interest, for example, during use of web or e-mail hosts, cloud providers and similar service providers. Such service providers often act as delegated processors or jointly responsible parties on the basis of a corresponding contract. They are also obliged to comply with data protection regulations and guarantee this contractually. Articles 28 and 26 GDPR respectively provide the legal bases for such delegated processing relationships and shared responsibility.

05. To whom do we relay your data?

Unless otherwise mentioned in the data privacy statement, we regularly collaborate with the following recipients, in particular:

Shipping agencies
E-mail hosts
Web hosts
Banks
Internet service providers, where applicable

We carefully select such external service providers. In the case of delegated processing relationships (Article 28 GDPR), these companies are contractually bound by our instructions and are regularly monitored by us. More information on this can be found in the descriptions of the individual services further below. The legal basis for relay of your personal data is specified in Item 04 above.

06. Are your data relayed to parties outside the EU?

Only in certain, exceptional cases can your personal data be relayed to third-party countries (i.e. outside the EU or the EEA) or to an international organization. More information on this is provided in the descriptions of the individual services further below. If we process your personal data in a third-party country, or have these data processed by third parties, this is done only in order to fulfil our (pre-)contractual obligations, or on the basis of your consent, a legal obligation or our legitimate interests. Your personal data are processed in a third-party country only if the special conditions of Article 44 GDPR et seq. are met, unless there are legal or contractual permissions in individual cases. This means that data processing is carried out, for example, on the basis of special guarantees such as officially recognized determination of a data protection level compliant with the European Union (e.g. the EU-US privacy shield in the case of the USA) or observance of specific, recognized contractual obligations (in particular, standard EU contractual clauses).

07. For how long do we process your data?

The duration of storage of your personal data is assessed regularly on the basis of existent legal retention periods (e.g. according to commercial or tax law). Unless stated otherwise further below, your personal data are deleted routinely after expiry of any relevant period, provided that they are no longer necessary for contract fulfilment or initiation, we no longer have an overriding legitimate interest in continued storage and/or you have not consented to continued storage.

In Germany, special retention periods exist in areas such as the following:

According to commercial law (e.g. 6 years for opening balance sheets, annual financial statements, accounting documents, etc.)
According to tax law (10 years for all tax-related documents)
According to general equal treatment and labour court laws (6 months for documents of rejected applicants)

08. What are your rights?

With regard to processing of your personal data, you have the following rights vis-à-vis us:

Right to information
Right to rectification
Right to deletion
Right to restriction of processing
Right to data portability
Right to objection
Right to revocation of granted consent
Right to complaint

The last 3 rights are explained in more detail further below. If you have any questions about your rights, do not hesitate to contact us. Contact details are provided in the section on the responsible party further above.

09. When and how can you object to data processing?

If your personal data are processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Page 1 lit. f) GDPR, you have the right to object to such processing at any time. As a result, we are not permitted to continue processing your personal data in future, unless we can prove compelling, legitimate grounds for processing which outweigh your interests, rights and freedoms, or processing of the data serves to assert, exercise or defend legal claims.

However, the right of objection only applies if your particular situation provides grounds for this, or if your objection addresses direct marketing. In the latter case, you have a general right to objection which we fulfil without the need for specifying a particular situation.

If you wish to exercise your right of objection, simply send a message to our postal address or an e-mail (see above under Item 01).

10. When and how can you withdraw your consent?

You can at any time withdraw your consents from us. As a consequence, we will no longer be able to continue processing your personal data based on such consent. If you wish to exercise your right of withdrawal, simply send a message to our postal address or an e-mail (see above under Item 01).

11. Where can you submit complaints?

You have the right to complain to a data protection supervisory authority as regards our processing of your personal data. A list of state data protection supervisory authorities can be found at the following address: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

12. When and why is it necessary to provide your data?

You provide us with your personal data (e.g. name, postal address or e-mail address) when establishing any contact for the purpose of enquiry.

Provision of your personal data is partly required by law (e.g. by tax law regulations). It may also be necessary for implementation of (pre-)contractual measures. Failure to provide your personal information would result in the contract not being concluded with you, or your enquiry not being answered.

Provision of the following data, in particular, is mandatory for contract fulfilment, pre-contractual measures and communication with us:

First name and surname
E-mail address
Telephone number, if necessary (e.g. for queries or answers to enquiries)

Unless otherwise mentioned in this data privacy statement, all other information is voluntary.

13. Does automated decision-making (e.g. profiling) take place?

Automated decision-making, including profiling, does not take place.

14. How can you contact us?

You can contact us either by post, phone or e-mail. Contact details are provided in the section on the responsible entity further above.

If you contact us by e-mail, for example, we automatically store the personal data you voluntarily provide to us for the purpose of processing your enquiry and contacting you. These data are not relayed to third parties.

15. How do we secure our website?

We take appropriate technical and organizational measures to ensure a level of protection commensurate with risk (Article 32 GDPR), taking into account the state of the art, implementation costs, the type, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and severity of risk to the rights and freedoms of natural persons. These measures include, in particular, ensuring the confidentiality, integrity and availability of data. In addition, we have set up business processes at our company to ensure, in particular, the protection of concerned persons’ rights, deletion of data, as well as responses to mishaps involving data. In addition, we observe legal data protection principles, e.g. through technical design as well as presets facilitating data protection (privacy by design and privacy by default, Article 25 GDPR).

For security reasons and to protect transfer of your personal data as well as other confidential contents, our website makes use of encrypted transmission via SSL / TLS. This is indicated by “https” (instead of “http”) as well as a lock icon and a different colour representation in your browser’s address bar.

16. What are cookies and how do we use them?

Our website makes use of cookies which are small text files stored by your browser on your terminal device.

Temporary cookies are automatically deleted when you close your browser. These include, in particular, session cookies. They store a specific identifier (called session ID) which allows your device to be identified when you return to our website. This makes it possible, for example, to save a virtual shopping cart’s contents at an online shop or the login status. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a certain period of time, whose length depends on the cookie. This makes it possible, for example, to save user information for coverage measurement or marketing purposes, or login statuses for extended periods of time.

For both temporary and persistent cookies, a distinction must be made between first-party and third-party cookies. The former are set by the responsible entity, the latter by third-party providers.

You can delete cookies at any time via the security settings in your browser or, for example, by refusing to accept third-party cookies. Various services and providers, e.g. the American website www.aboutads.info/choices and the European website www.youronlinechoices.com allow you to object generally to a use of cookies for online marketing. Please note that you may then not be able to use all the functions of our website.

Currently, our website only uses cookies technically necessary for its operation. More information on this is provided further below as part of our data privacy statement.

The legal basis for use of cookies is Article 6 Paragraph 1 Page 1 lit. f) GDPR or, where applicable, your consent (Article 6 Paragraph 1 Page 1 lit. a) GDPR).

17. Which social media profiles do we use?

We operate the profiles listed below in social networks in order to contact users active there and to inform them about our services. Access to these networks is governed by their respective terms and conditions as well as their operators’ data protection statements. Unless specified otherwise in our data privacy statement, we process data of users only insofar as they contact us via social networks, e.g. by leaving posts on our profile pages or sending messages to us.

Our social media profiles:

Facebook (data privacy notes) (agreement on shared responsibility) (privacy shield certification)
Instagram (data privacy notes) (privacy shield certification)

18. How and why do we use WhatsApp?

Our website makes use of the WhatsApp messenger service (provider: WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA). This allows us to directly contact and communicate with you. Of course, you can also reach us by alternative means, e.g. by phone or e-mail. Use of WhatsApp is not mandatory, but only an additional and simple way of communicating. Recent versions of WhatsApp allow end-to-end encryption of content so that third parties, including the provider themselves, cannot access the content. However, the provider is able to view metadata, e.g. when and from where you contacted us via WhatsApp.

If we have asked for your permission before communicating with you via WhatsApp, your consent forms the legal basis for processing your data (Article 6 Paragraph 1 lit. a) GDPR). If you contact us on your own initiative via WhatsApp, we use this communication channel within the framework of contract fulfilment or initiation (Article 6 Paragraph 1 lit. b) GDPR) or on the basis of our legitimate interest in fast and efficient communications with you (Article 6 Paragraph 1 lit. f) GDPR).

You can at any time withdraw your consent and revoke communications with us via WhatsApp.

For more information, please refer to the provider’s data privacy statement at the following address: https://www.whatsapp.com/legal. The provider is registered with the EU-US privacy shield so as to ensure an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active).