Privacy Policy
This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) in connection with the provision of our services as well as within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Davíd Maydell
Contact
Email: info@davídmaydell.com
Types of Data Processed
– Inventory data (e.g., personal master data, names or addresses)
– Contact data (e.g., email, telephone numbers)
– Content data (e.g., text entries, photographs, videos)
– Usage data (e.g., visited websites, interest in content, access times)
– Meta/communication data (e.g., device information, IP addresses).
Categories of Data Subjects
Visitors and users of the online offering (hereinafter we also collectively refer to the data subjects as “users”).
Purpose of Processing
– Provision of the online offering, its functions, and content
– Responding to contact requests and communication with users
– Security measures
– Reach measurement/marketing.
However, ongoing content control of linked pages is not reasonable without specific indications of a legal violation. If we become aware of legal violations, we will remove such links immediately.
Definitions
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie), or one or more specific factors expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and includes practically any handling of data. “Pseudonymization” means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures. “Profiling” means any form of automated processing of personal data that involves evaluating certain personal aspects relating to a natural person. The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data. “Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. If the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is marked as such. Should you nevertheless become aware of a copyright infringement, please notify us accordingly. If we become aware of legal violations, we will remove such content immediately.
Relevant Legal Bases
In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. For users from the scope of the GDPR (i.e., the EU and EEA), unless the legal basis is specified in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Article 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR; in the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis. The legal basis for necessary processing in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) GDPR. The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR. Processing for purposes other than those for which the data was collected is determined by Article 6(4) GDPR. The processing of special categories of data (according to Article 9(1) GDPR) is based on Article 9(2) GDPR.
Security Measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transfer, availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, data deletion, and response to data threats. Additionally, we consider data protection in the development or selection of hardware, software, and processes in accordance with the principle of data protection by design and by default.
Cooperation with Processors, Joint Controllers, and Third Parties
If we disclose data to other persons and companies (processors, joint controllers, or third parties), transfer it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is required to fulfill a contract), if users have given their consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we disclose or transmit data to other companies in our corporate group, or otherwise grant them access, this is done particularly for administrative purposes as a legitimate interest and additionally on a legal basis.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation), or this occurs in the context of using third-party services or disclosing/transferring data to other persons or companies, it is only done if it is necessary to fulfill our (pre)contractual obligations, based on your consent, a legal obligation, or our legitimate interests. Unless explicit consent or contractually required transfer exists, we process data only in third countries with a recognized level of data protection, which includes U.S. processors certified under the “Privacy Shield,” or based on special guarantees, such as contractual obligations using standard contractual clauses of the EU Commission, existing certifications, or binding internal data protection regulations (Articles 44 to 49 GDPR, EU Commission information page).
Rights of Data Subjects
Right of Access: You have the right to request confirmation as to whether data concerning you is being processed and to access this data as well as additional information and a copy of the data in accordance with legal requirements. Right to Rectification: You have the right to request the completion or correction of data concerning you in accordance with legal requirements. Right to Erasure and Restriction of Processing: You have the right to request the deletion of data concerning you or alternatively, restriction of processing in accordance with legal requirements. Right to Data Portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller, in accordance with legal requirements. Complaint to Supervisory Authority: You also have the right to lodge a complaint with the relevant supervisory authority in accordance with legal requirements.
Right of Withdrawal
You have the right to withdraw consent given at any time with effect for the future.
Right to Object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Cookies and Right to Object to Direct Advertising
“Cookies” are small files stored on users’ devices. Various information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves the online offering and closes their browser. For example, a shopping cart’s contents or login status can be stored in such a cookie. “Permanent” or “persistent” cookies remain stored even after the browser is closed. For example, the login status can be stored if users revisit the site after several days. Likewise, user interests may be stored in such a cookie for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller operating the online offering (otherwise, if they are only its cookies, they are referred to as “first-party cookies”). We may use temporary and permanent cookies and inform you accordingly in this privacy policy. If we ask users for consent to use cookies (e.g., as part of a cookie consent), the legal basis is Article 6(1)(a) GDPR. Otherwise, users' personal cookies are processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering as per Article 6(1)(f) GDPR) or if the use of cookies is necessary to provide our contractual services, pursuant to Article 6(1)(b) GDPR, or if the use of cookies is necessary for performing a task carried out in the public interest or in the exercise of official authority, pursuant to Article 6(1)(e) GDPR. If users do not want cookies to be stored on their computer, they should disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies may restrict the functionality of this online offering. A general objection to the use of cookies used for online marketing purposes can be made via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, cookies can be disabled in browser settings. Please note that not all functions of this online offering may then be available.
Deletion of Data
The data we process is deleted or its processing is restricted in accordance with legal requirements. Unless expressly stated in this privacy policy, the stored data is deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Changes and Updates to the Privacy Policy
Please inform yourself regularly about the content of our privacy policy. We will adjust the privacy policy as soon as changes in our data processing make this necessary. We will inform you if the changes require cooperation from your side (e.g., consent) or another individual notification.
Integration of Third-Party Services and Content
We use content or service offerings from third-party providers within our online offering based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering in accordance with Article 6(1)(f) GDPR) to incorporate their content and services, such as videos or fonts (collectively referred to as “content”). This always requires that the third-party providers of this content perceive the users’ IP address, as they could not send the content to their browser without the IP address. The IP address is therefore necessary to display this content. We strive to use only content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate visitor traffic on this website’s pages. The pseudonymous information may also be stored in cookies on users’ devices and may contain technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, and may be linked with such information from other sources.