This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions and content as well as external online presences, e.g. our social media profiles (hereinafter collectively referred to as “online offering”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Christian Berlinghof, Ludwig-Wagner-Str. 19/1, 69168 Wiesloch, Germany
Contact: Phone: +49 6222 9398481 | E-mail: office@brainyard.de
Types of Data Processed
– Inventory data (e.g. names, addresses)
– Contact data (e.g. e-mail, telephone numbers)
– Content data (e.g. text entries, photographs, videos)
– Meta/communication data (e.g. device information, IP addresses)
Categories of Data Subjects
Visitors and users of the online offering (hereinafter we also refer to the data subjects collectively as “users”).
Purpose of Processing
– Provision of the online offering, its functions and content
– Responding to contact requests and communication with users
– Security measures
Definitions
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”).
“Processing” means any operation performed on personal data, whether or not by automated means.
“Pseudonymisation” means processing in such a way that data cannot be attributed to a specific person without additional information kept separately.
“Profiling” means any automated processing to evaluate personal aspects of a natural person.
“Controller” means the person or entity which determines the purposes and means of processing.
“Processor” means any person or entity which processes personal data on behalf of the controller.
Legal Basis
In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. Unless otherwise specified, the following applies:
– Consent: Article 6(1)(a) and Article 7 GDPR
– Contractual performance: Article 6(1)(b) GDPR
– Legal obligation: Article 6(1)(c) GDPR
– Legitimate interests: Article 6(1)(f) GDPR
– Vital interests: Article 6(1)(d) GDPR
Security Measures
We take appropriate technical and organisational measures in accordance with Article 32 GDPR, considering the state of the art, implementation costs and the nature and scope of processing, to ensure a level of protection appropriate to the risk.
Cooperation with Processors and Third Parties
Where we disclose or transmit data to other persons or companies (processors or third parties), this is based on legal permission, consent, legal obligation or our legitimate interests. Processing by third parties is carried out on the basis of a contract pursuant to Article 28 GDPR.
Transfers to Third Countries
If we process data in a third country (outside the EU/EEA), this only takes place where necessary for contractual performance, based on consent, legal obligation or our legitimate interests, and always subject to Articles 44 ff. GDPR (e.g. adequacy decision, standard contractual clauses).
Rights of Data Subjects
– Right of access (Art. 15 GDPR)
– Right to rectification (Art. 16 GDPR)
– Right to erasure (Art. 17 GDPR)
– Right to restriction of processing (Art. 18 GDPR)
– Right to data portability (Art. 20 GDPR)
– Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Right of Withdrawal
You have the right to withdraw consent given under Article 7(3) GDPR with effect for the future.
Right to Object
You may object to the future processing of data relating to you at any time in accordance with Article 21 GDPR, in particular to processing for direct marketing purposes.
Data Deletion
Data will be deleted in accordance with Articles 17 and 18 GDPR when they are no longer required, unless legal storage obligations prevent this. Where data cannot be deleted, processing will be restricted.
Contact
When contacting us (e.g. via contact form, e-mail, telephone or social media), user details will be processed for the purpose of handling the request pursuant to Article 6(1)(b) GDPR. Requests will be deleted when no longer necessary; necessity is reviewed every two years.
Hosting and E-mail
Our hosting services are provided on the basis of our legitimate interests (Art. 6(1)(f) GDPR) and include infrastructure, storage, e-mail delivery, security services and maintenance.
Access Data and Logfiles
Our hosting provider collects logfiles on the basis of our legitimate interests (Art. 6(1)(f) GDPR): accessed pages, files, date/time, data volume, success message, browser type/version, operating system, referrer URL, IP address, requesting provider. Logfile data are stored for security reasons for up to 7 days and then deleted.
Social Media
We maintain online presences within social networks and platforms. When accessing these networks, the terms and data processing policies of the respective providers apply.
Third-Party Content and Services
We use third-party services within our online offering on the basis of our legitimate interests (Art. 6(1)(f) GDPR), such as videos or fonts. This always requires that the providers perceive the users’ IP address. Providers may use tracking technologies such as pixel tags for statistical or marketing purposes.