Privacy Notice & Cookies

Last updated on 07.08.2023

This privacy notice for Carolin Mallmann International LLC (“Company,” “we,” “us,” or “our“), describes how and why we might collect, store, use, and/or share (“process“) your information when you use our services (“Services“), such as when you:

  • Visit our website at shamanism.one, or any website of ours that links to this privacy notice
  • Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@ shamanism.one.

You can change your cookie settings here:

You have the right at any time to obtain information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

The entity responsible for data processing on this website is:

Carolin Mallmann International LLC
Carolin Mallmann
7901 4TH ST N
STE 300
St. Petersburg, Florida, US, 33702

E-Mail: info @shamanism.one

The responsible entity is the natural or legal person who decides alone or jointly with others on the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).

Storage Duration

Unless a more specific storage period has been specified in this privacy policy, your personal data remains with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur once these reasons no longer apply.

Data Transfer to the USA

Our website includes tools from companies based in the USA. When these tools are active, your personal data can be transferred to the US servers of the respective companies. We point out that the USA is not a safe third country in the sense of EU data protection law. US companies are required to hand over personal data to security authorities without you being able to legally object. Therefore, it cannot be excluded that US authorities (e.g., intelligence agencies) process, evaluate, and permanently store your data stored on US servers for surveillance purposes. We have no influence on these processing activities.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing carried out before the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Specific Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, AS FAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of breaches of the GDPR, the persons affected have a right to lodge a complaint with a supervisory authority, in particular in the member state of their usual place of residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint is in addition to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, in a standard, machine-readable format or to request its transfer to a third party. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock symbol in your browser line.

When the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, Deletion, and Correction

Within the framework of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing, and if necessary, a right to correct or delete this data. For this purpose, as well as for further questions on the topic of personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is done unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have filed an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may only be processed – with the exception of its storage – with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of significant public interest of the European Union or a member state.

Please note that while this translation aims to be accurate, there might be slight variations due to language nuances.

Cookies

Our websites use what are known as “cookies”. Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These allow us or you to use certain services provided by the third-party company (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website features would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.

Cookies required for the electronic communication process (necessary cookies) or for providing certain functions desired by you (functional cookies, e.g., for the shopping cart function) or for optimizing the website (e.g., cookies for measuring the web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies has been requested, the storage of the relevant cookies is based solely on this consent (Art. 6 para. 1 lit. a GDPR); this consent can be revoked at any time.

You can set your browser to inform you about the setting of cookies and to only allow cookies in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Insofar as cookies from third-party companies or for analysis purposes are used, we will inform you separately about this within the scope of this data protection declaration and, if necessary, ask for your consent.


Real Cookie Banner

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as Wordfence).

Wordfence serves to protect our website from unwanted access or malicious cyber attacks. For this purpose, our website establishes a permanent connection to the servers of Wordfence so that Wordfence can compare its databases with the access made on our website and block them if necessary.

The use of Wordfence is based on Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in the most effective protection of his website against cyber attacks. If the appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO; consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Conclusion of a Contract for Order Processing

We have concluded a contract for order processing with Wordfence. This is a contract required by data protection law, which ensures that Wordfence processes the personal data of our website visitors only according to our instructions and in compliance with the DSGVO.

Hosting and Content Delivery Networks (CDN)

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This primarily concerns IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data.

We use the following hoster:

Febas – Owner: Roman Baumgärtner Ostlandstraße 5 D-49565 Bramsche

Conclusion of a contract for order processing

To ensure data protection-compliant processing, we have concluded a contract for order processing with our hoster.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data will not be merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this purpose, the server log files must be recorded.

Payment provider: Digistore24

We collect, process, and use personal data only to the extent necessary for the establishment, content design, or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit. b DSGVO, which allows the processing of data to fulfill a contract or pre-contractual measures. We collect, process, and use personal data on the use of this website (usage data) only insofar as it is necessary to enable or bill users for the use of the service.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

We produce online courses and digital products and offer them for purchase. For this purpose, we use the Digistore24 service. As soon as you click on the purchase button of one of our digital products, you leave our website and are redirected to our specifically set up individual Digistore purchase page.

Digistore24 is a service provided by:
Digistore24 GmbH
St.-Godehard-Straße 32
31139 Hildesheim

Imprint: https://www.digistore24.com/page/imprint

All functions on the purchase pages, as well as the entire related payment processing, are carried out via Digistore24. Therefore, when you enter the purchasing process, the data protection regulations of Digistore24 apply. You can view the data protection declaration of Digistore24 here: https://www.digistore24.com/page/privacy

Digistore24 is not a data processor on behalf of others but sells our products and handles the entire payment processing and product delivery. Consequently, there was no need to conclude a contract for order data processing. In its privacy policy, Digistore24 has assured that it will treat the personal data of our customers it collects in compliance with data protection and other laws. The legal basis for processing personal data when forwarding from our website to the sales page via Digistore arises from Art. 6 Para. 1 S. 1 lit. b).

Audio and Video Conferences

For communication with our customers, among other tools, we use online conference tools. The tools we use are listed below. When you communicate with us via internet-based video or audio conferencing, your personal data are captured and processed by us and the provider of the respective conference tool.

The conference tools collect all the data you provide/use to utilize the tools (email address and/or your phone number). Additionally, the conference tools process the duration of the conference, the start and end (time) of participation, the number of participants, and other “contextual information” related to the communication process (metadata).

Moreover, the tool provider processes all technical data necessary for the online communication. This especially includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise provided within the tool, it is also stored on the tool provider’s servers. Such content notably includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the service’s use.

Please note that we don’t have full control over the data processing operations of the tools used. Our options are largely based on the corporate policy of the respective provider. Further details on data processing by the conference tools can be taken from the data protection declarations of the tools we use, which are listed below this text.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contract partners or to offer certain services to our customers (Art. 6 Para. 1 S. 1 lit. b GDPR). Furthermore, the use of the tools serves to simplify and accelerate communication with us or our company (legitimate interest as per Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the concerned tools are used based on this consent; this consent can be revoked at any time for the future.

Storage Duration

Data directly captured by us via the video and conference tools are deleted from our systems as soon as you request deletion, revoke your storage consent, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We don’t influence the storage duration of your data, which the operators of the conference tools store for their purposes. For details, please consult directly with the conference tool operators.

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom’s privacy policy: https://zoom.us/de-de/privacy.html.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://zoom.us/de-de/privacy.html.

Conclusion of a Contract for Order Processing

We have concluded a contract with the Zoom provider for order processing and fully implement the strict requirements of the German data protection authorities when using Zoom.

Newsletter: Active Campaign

This website uses ActiveCampaign for sending newsletters. The provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor Chicago, Illinois 60602, USA.

ActiveCampaign is a service that, among other things, allows newsletters to be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter is stored on ActiveCampaign’s servers in the USA.

With the help of ActiveCampaign, we can analyze our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links may have been clicked. This way, we can determine, among other things, which links were clicked particularly often.

We can also identify whether certain predefined actions were taken after opening/clicking (conversion rate). For example, we can determine whether you made a purchase after clicking on the newsletter.

ActiveCampaign also allows us to segment newsletter recipients into different categories (“clustering”). This allows the newsletter recipients to be segmented, for example, by age, gender, or location. This way, the newsletters can be better adapted to the respective target groups. If you do not want analysis by ActiveCampaign, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

Detailed information on the functions of ActiveCampaign can be found at the following link: https://www.activecampaign.com/email-marketing.

You can find ActiveCampaign’s privacy policy at: https://www.activecampaign.com/privacy-policy.

Legal Basis

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.activecampaign.com/legal/scc and https://www.activecampaign.com/de/legal/gdpr-updates/privacy-shield.

Storage Duration

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

This is a detailed description of the tools and practices related to data collection, processing, and storage on a website, specifically related to the use of Google services. Here’s a summary:

Analytical Tools and Advertising

Google Tag Manager:

  • Used to integrate tracking, statistics, or other technologies on the website.
  • Managed by Google Ireland Limited.
  • Doesn’t create user profiles, store cookies, or conduct independent analysis.
  • It captures the user’s IP address, which may be transferred to Google’s parent company in the USA.
  • Its use is justified by Art. 6, paragraph 1, point f of the GDPR, aiming for swift integration and management of tools on the website.

Google Analytics:

  • Allows website owners to analyze the behavior of visitors.
  • Collects user data like page views, duration of visit, used operating systems, and the user’s origin.
  • Data may be transferred and stored in the USA.
  • Website owners are interested in analyzing user behavior to optimize their website and advertising.
  • Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

IP Anonymization:

  • Activated on the website, ensuring IP addresses are shortened within EU member states before being sent to the USA.
  • Full IP addresses are only transferred to the USA in exceptional cases.
  • Google uses this data to evaluate website usage and provide related services.

Browser Plugin:

  • A browser plugin is available to prevent Google from collecting and processing user data.

Order Processing:

  • A contract has been signed with Google for order processing, ensuring compliance with strict German data protection regulations.

Demographic Features in Google Analytics:

  • Used to display relevant ads to visitors within the Google advertising network.
  • Provides reports on age, gender, and interests.
  • Data is sourced from Google’s interest-based advertising and third-party visitor data.
  • Users can deactivate this feature.

Google Analytics E-Commerce Tracking:

  • Helps website owners analyze the purchasing behavior of visitors.
  • Captures data like orders made, average order values, shipping costs, and time from viewing to purchasing a product.

Storage Duration:

  • Data linked to cookies, user IDs, or advertising IDs stored by Google are anonymized or deleted after 14 months.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (Keyword Targeting). Furthermore, targeted advertisements can be displayed based on user data available at Google (e.g., location data and interests) (Audience Targeting). As the website operator, we can evaluate this data quantitatively, for example by analyzing which search terms have led to the display of our ads and how many ads have resulted in clicks.

The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing its services and products as effectively as possible.

Data transfer to the USA is based on the standard contract clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, both Google and we can determine whether the user has carried out certain actions. For instance, we can evaluate how often specific buttons on our website were clicked or which products were viewed or purchased frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We don’t receive any information that personally identifies the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of Google Conversion Tracking is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising. If appropriate consent has been requested (e.g., consent to store cookies), processing is solely based on Art. 6 para. 1 lit. a GDPR; this consent can be revoked at any time.

For more information about Google Conversion Tracking, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the website operator, and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible, and Facebook can use the data for its advertising purposes according to Facebook’s data usage policy. This allows Facebook to serve ads on Facebook pages as well as outside of Facebook. This use of data cannot be influenced by us as site operators.

The use of Facebook Pixel is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If appropriate consent has been obtained (e.g., consent to store cookies), processing is solely based on Art. 6 para. 1 lit. a GDPR; this consent can be revoked at any time.

Data transfer to the USA is based on the standard contract clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited to the collection of the data and its forwarding to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. The obligations incumbent upon us jointly have been defined in an agreement on joint processing. You can find the wording of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for implementing the tool on our website in a data protection compliant manner. Facebook is responsible for the data security of Facebook products. Rights of those affected (e.g., requests for information) regarding the data processed by Facebook can be claimed directly from Facebook. If you assert the data subject rights with us, we are obliged to forward these to Facebook.

Further information on the protection of your privacy can be found in Facebook’s data protection notices: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can opt-out of usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/en/praferenzmanagement/.

Our Social Media Profiles

https://www.facebook.com/oneshamanism

https://www.instagram.com/oneshamanism/

Social networks like Facebook, Instagram, etc., can typically analyze your user behavior extensively when you visit their websites or a website with integrated social media content (e.g., like buttons or ad banners). By visiting our social media profiles, numerous data processing operations relevant to data protection are triggered. In detail:

If you are logged into your social media account and visit our social media profile, the operator of the social media portal can associate this visit with your user account. However, your personal data can also be collected even if you are not logged in or do not have an account with the respective social media portal. This data collection can occur, for instance, via cookies stored on your device or by recording your IP address.

Using this collected data, the operators of the social media portals can create user profiles where your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the respective social media profile. If you have an account with the social network, the interest-based advertising can be displayed on all devices on which you are or have been logged in.

Please also note that we cannot trace all processing operations on social media portals. Depending on the provider, the operators of the social media portals might conduct additional processing operations. For details, please refer to the terms of use and data protection regulations of the respective social media portals.

Legal Basis

Our social media profiles aim to ensure the broadest possible presence on the internet. This constitutes a legitimate interest as defined in Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Data Controller and Assertion of Rights

When you visit one of our social media profiles (e.g., Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations triggered by this visit. You can assert your rights (information, correction, deletion, limitation of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).

Please note that despite our joint responsibility with the social media portal operators, we do not have complete influence over the data processing operations of the social media portals. Our possibilities are largely based on the corporate policy of the respective provider.

Storage Duration

Data directly collected by us via the social media presence will be deleted from our systems as soon as the purpose for their storage is no longer relevant, you ask us to delete them, you revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions, especially retention periods, remain unaffected.

We have no influence over the storage duration of your data, which the operators of the social networks store for their purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policy, see below).

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

We have entered into an agreement with Facebook on shared processing (Controller Addendum). This agreement defines which processing operations are the responsibility of us or Facebook when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For more information about how they handle your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.

Within our online offer, features and content of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This can include content such as images, videos, or text, and buttons that allow users to express their appreciation for the content, subscribe to the authors of the content, or our posts. If users are members of the Instagram platform, Instagram can assign the call of the above-mentioned content and features to the profiles of the users. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/. On our website, we use the “Instagram Feed” plugin. The plugin is developed by Smash Balloon LLC in the USA (https://smashballoon.com/) and is offered as a WordPress plugin or as a standalone PHP plugin. The plugin allows us to display the newsfeed of our Instagram fan page directly on our website. To do this, the plugin retrieves the information from Instagram and integrates it into our website. To the best of our knowledge, no special cookies that collect, process, or use personal data are specifically set by this plugin in your browser. However, we cannot completely rule out the possibility that personal data (e.g., IP addresses, browser data, etc.) may be transmitted to the provider of the plugin or to Instagram. If you click on a link in the news feed, you will be redirected to our Instagram fan page. In this case, Instagram saves which website you used to access our Instagram fan page. For more information on which data is collected, processed, or used by you when you access the pages of Instagram, please refer to the privacy policy of Instagram. The complete range of functions of the plugin can be viewed at https://de.wordpress.org/plugins/instagram-feed/ and https://smashballoon.com/instagram-feed. Further information on data protection at Smash Balloon can be found here: https://smashballoon.com/gdpr-and-our-plugins/ If you do not want Instagram to associate your visit to our site with your Instagram user account, please log out of your Instagram user account.

Vimeo

We have a profile on Vimeo. The provider is Vimeo, Inc., 555 West 18th Street, New York 10011, USA.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.

For details on their handling of your personal data, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy.

Comment Function on this Website

User Data Collection:

  • When you comment on the website, the system collects the time of comment creation, your email address, and your chosen username (unless you post anonymously).

Duration of Comment Storage:

  • Comments, along with the associated data, remain on the website until either the content commented upon is entirely deleted or the comments must be removed due to legal reasons (e.g., offensive comments).

Legal Basis:

  • Comments are stored based on your consent, as per Art. 6, paragraph 1, point a of the GDPR.
  • You have the right to withdraw your consent at any time. To do so, a simple email notification to the website owner suffices. The legality of the data processing operations that have taken place remains unaffected by this withdrawal.

IP Address Storage:

  • The comment function stores the IP addresses of users who comment.
  • Since comments aren’t reviewed before being made public, IP addresses are stored to take action against the author in cases of legal violations, such as insults or propaganda.

Subscribing to Comments:

  • As a user, you can subscribe to comments after registering.
  • A confirmation email is sent to verify that you’re the owner of the provided email address.
  • You can unsubscribe from this feature anytime using a link provided in the informational emails. Data entered during the subscription will be deleted unless used for other purposes (e.g., newsletter subscription).

Duration of Comment Storage (repeated section):

  • The details regarding the storage duration of comments and the associated data are repeated, mentioning they remain until the content is fully deleted or if there are legal reasons for deletion (like offensive comments).

Legal Basis (repeated section):

  • This section is a repetition, emphasizing the storage of comments based on the user’s consent as per the GDPR. Users can withdraw their consent at any time, and previous data processing remains lawful despite withdrawal.

In summary, this text provides details about the comment functionality, what user data is stored when commenting, and how long the data is retained. It emphasizes user rights, GDPR compliance, and offers ways for users to control their data and preferences.

Here’s a translation of the provided German text into English:

Inquiry via Email or Telephone

When you contact us by email or telephone, your inquiry, including all resulting personal data (name, request), is stored and processed by us for the purpose of handling your concern. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this was requested.

The data you sent to us via contact requests remains with us until you ask us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after the completion of your request). Mandatory statutory provisions – especially retention periods – remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp for communication with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is end-to-end encrypted (peer-to-peer), preventing WhatsApp or other third parties from accessing the communication content. However, WhatsApp does have access to metadata generated during communication (e.g., sender, recipient, and timestamp). Furthermore, as per its own statement, WhatsApp shares personal data of its users with its US-based parent company, Facebook. More details about data processing can be found in WhatsApp’s privacy policy: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in fast and efficient communication with customers, prospects, and other business and contractual partners (Art. 6 (1) lit. f GDPR). If consent was sought, data processing occurs exclusively on the basis of this consent, which can be revoked at any time for the future.

The communication content exchanged between us on WhatsApp remains with us until you ask us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after the completion of your inquiry). Mandatory statutory provisions – especially retention periods – remain unaffected.

We’ve set our WhatsApp accounts to avoid automatic data synchronization with the address book on the smartphones in use. We have a data processing agreement with WhatsApp.

Google Calendar

On our website, you have the option to schedule appointments with us. For scheduling, we use Google Calendar. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

For the purpose of booking an appointment, you enter the requested data and the desired date into the provided form. The entered data is used for the planning, execution, and possible follow-up of the appointment. The appointment data is stored for us on the servers of Google Calendar. You can view their privacy policy here: https://policies.google.com/privacy.

The data you enter remains with us until you ask us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies. Mandatory statutory provisions – especially retention periods – remain unaffected.

The legal basis for data processing is Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in facilitating uncomplicated appointment scheduling with prospects and clients. If consent was sought, processing is exclusively based on Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s end device (e.g., for device fingerprinting) in the sense of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://workspace.google.com/terms/dpa_terms.html and here: https://cloud.google.com/terms/sccs.

Cookie Consent with Real Cookie Banner