Privacy policy

Privacy Policy

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions, and content, as well as external online presences such as our social media profiles (hereinafter collectively referred to as "Online Offer"). For definitions of terms such as "personal data" or "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller:

Name/Company: Verena Frfr. Ebner von Eschenbach
Street No.: Seestr. 2
Postal Code, City, Country: 83119 Obing, Germany
Email Address: info@edelreichvoneschenbach.com

Types of Processed Data:

• Inventory data (e.g., names, addresses)
• Contact data (e.g., email addresses)
• Content data (e.g., text entries)
• Usage data (e.g., visited websites, interest in content, access times)
• Meta/communication data (e.g., device information, IP addresses)

Processing of Special Categories of Data (Art. 9 Para. 1 GDPR):

No special categories of data are processed.

Categories of Data Subjects:

• Customers, potential customers, suppliers
• Visitors and users of the online offer

Hereinafter, we collectively refer to the affected individuals as "users."

Purpose of Processing:

• Providing the online offer, its content, and functions
• Responding to contact inquiries and communication with users
• Marketing, advertising, and market research
• Security measures

As of: 11.05.2018

---

1. Legal Bases

In accordance with Article 13 of the GDPR, we inform you about the legal bases of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies:
The legal basis for obtaining consent is Article 6 Para. 1 lit. a and Article 7 of the GDPR, the legal basis for processing to fulfill our services and to perform contractual measures, as well as to answer inquiries, is Article 6 Para. 1 lit. b of the GDPR, the legal basis for processing to fulfill our legal obligations is Article 6 Para. 1 lit. c of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6 Para. 1 lit. f of the GDPR. If processing is necessary to protect vital interests of the data subject or another natural person, Article 6 Para. 1 lit. d GDPR serves as the legal basis.

2. Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing we conduct make it necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or another individual notification.

3. Security Measures

3.1 We implement appropriate technical and organizational measures in accordance with Article 32 GDPR, considering the state of the technology, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, entry, transmission, and ensuring availability and separation of data. Furthermore, we have procedures in place to enable the exercise of rights by affected individuals, the deletion of data, and response to data risks. Additionally, we take the protection of personal data into account during the design phase or selection of hardware, software, and procedures, in line with the principle of "privacy by design and by default" (Article 25 GDPR).

3.2 Among the security measures is the encrypted transmission of data between your browser and our server.

4. Cooperation with Processors and Third Parties

4.1 If, as part of our processing, we disclose data to other persons and companies (processors or third parties), transmit them to these, or grant them access to the data, this will only occur on the basis of a legal authorization (e.g., if data transmission to third parties, such as payment service providers, is necessary for contract fulfillment under Article 6 Para. 1 lit. b GDPR), if you have given consent, if a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

4.2 If we engage third parties to process data on the basis of a "data processing agreement", this is done in accordance with Article 28 GDPR.

5. Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs within the context of using third-party services or disclosing or transmitting data to third parties, this will only happen if it is necessary for fulfilling our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual permissions, we process or allow data to be processed in a third country only if the specific conditions of Articles 44 ff. GDPR are met. This means, for example, processing based on special guarantees such as an officially recognized determination of an adequate level of data protection (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called "Standard Contractual Clauses").

6. Rights of Data Subjects

6.1 You have the right to request confirmation as to whether data concerning you are being processed and to obtain information about the data as well as further details and a copy of the data in accordance with Article 15 GDPR.

6.2 You have the right, in accordance with Article 16 GDPR, to request the completion of data concerning you or the correction of inaccurate data concerning you.

6.3 You have the right to request the immediate deletion of data concerning you in accordance with Article 17 GDPR or, alternatively, to request the restriction of processing of the data in accordance with Article 18 GDPR.

6.4 You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit these data to another controller in accordance with Article 20 GDPR.

6.5 Furthermore, you have the right to lodge a complaint with a supervisory authority, in accordance with Article 77 GDPR.

7. Right to Withdraw Consent

You have the right to withdraw any given consent in accordance with Article 7 Para. 3 GDPR with effect for the future.

8. Right to Object

You can object to the future processing of data concerning you at any time in accordance with Article 21 GDPR. The objection can be made, in particular, against processing for direct marketing purposes.

9. Cookies and Right to Object to Direct Marketing

We use temporary and permanent cookies, i.e., small files that are stored on users' devices (explanation of the term and function is provided in the last section of this privacy policy). Some cookies serve security purposes or are necessary for the operation of our online offer (e.g., for displaying the website) or to store the user’s decision when confirming the cookie banner. Additionally, we or our technology partners use cookies for reach measurement and marketing purposes, of which users will be informed throughout the privacy policy.
A general objection to the use of cookies for online marketing purposes can be declared for many services, particularly in the case of tracking, via the U.S. site aboutads.info/choices or the EU site youronlinechoices.com. Furthermore, the storage of cookies can be disabled through browser settings. Please note that not all features of this online offer may be accessible without cookies.

10. Deletion of Data

10.1 The data we process will be deleted or restricted in processing in accordance with Articles 17 and 18 GDPR. Unless otherwise expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal retention obligations prevent deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

10.2 According to legal provisions, storage is carried out, in particular, for 6 years in accordance with § 257 Para. 1 HGB (Commercial Books, Inventories, Opening Balances, Annual Financial Statements, Commercial Letters, Booking Documents, etc.) and for 10 years in accordance with § 147 Para. 1 AO (Books, Records, Management Reports, Booking Documents, Commercial and Business Letters, Tax-Relevant Documents, etc.).

11. Providing Contractual Services

11.1 We process inventory data (e.g., names and addresses, as well as contact details of users), contract data (e.g., services utilized, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and service provision in accordance with Article 6 Para. 1 lit. b GDPR. The mandatory entries in online forms are required for the conclusion of the contract.

12. Contacting Us

12.1 When contacting us (via contact form or email), the user’s information will be processed to handle the inquiry and its processing in accordance with Article 6 Para. 1 lit. b) GDPR.

12.2 The user’s information may be stored in our Customer Relationship Management system ("CRM system") or a comparable inquiry organization.