Data protection notice as of: 16.06.2021
In this data protection notice we inform you about the type, purpose and scope of the processing of your personal data. This data protection notice applies to the processing of your personal data as part of the provision of our services online and offline, but above all to this website and our social media presence.
The terms used are not gender specific.
Responsible for data processing:
Owner: Alexandra M. Huetter
Address: Sepapaja 6, Tallinn 15551, Estonia
Phone: +31 628 620 755
The protection and security of your personal data are important to us. This website therefore stores and processes data exclusively in accordance with the European General Data Protection Regulation (GDPR). As a user, you consent to data processing in the sense of this declaration. You can find the current version of the GDPR at:
This data protection declaration only applies to this website. If you are forwarded to other pages via links on our pages, you can find out more about how your data is handled on the forwarded website. Your personal data (e.g. title, name, address, email address, telephone and fax number, date of birth, text input) will only be processed by us in accordance with the provisions of European data protection law. The following regulations inform you about the type, scope and purpose of the collection, processing and use of personal data.
Types of data processed
- Contact details (e.g. telephone numbers, email addresses)
- Inventory data (e.g. names, addresses)
- Content data (e.g. text entries, photos, videos)
- Contract data (e.g. subject matter of the contract)
- Payment details (e.g. account details)
- Usage data (e.g. websites visited)
- Location data (e.g. position of the device)
- Meta / communication data (e.g. IP addresses)
Categories of data subjects
- Customers, business partners, interested parties
- Visitors and users of the online offer
Purpose of processing
- Provision of our online offer
- Ease of use
- Communication with customers, business partners, interested parties, users
- Provision of contractual services
- Fulfillment of legal documentation requirements
- Safety measures
- Marketing & Advertising
Processing of special categories of personal data
A processing of sensitive personal data according to Art. 9 GDPR and Art. 10 GDPR does not take place.
Overview of the legal bases
- Consent (Art. 6 para. 1 lit. a GDPR)
The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR)
The processing is necessary for the fulfillment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.
- Fulfillment of a legal obligation (Art. 6 para. 1 lit. c GDPR)
The processing is necessary to fulfill a legal obligation to which the person responsible for the processing is subject.
- Preservation of legitimate interests (Art. 6 para. 1 lit. f GDPR)
Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh this.
Rights of the persons affected
According to the European GDPR, you as the person concerned have extensive rights. Above all, these rights should ensure more transparency. Your rights as a data subject are the right to information about your personal data, to correction, deletion, restriction of processing, objection to processing and data portability (only in the case of a contractual relationship or consent) and to withdraw consent at any time (Art. 15 to 21 GDPR).
The easiest way for you as a data subject to exercise your rights is to send an email to firstname.lastname@example.org. In addition, by sending a message by post, making personal contact, as well as via the contact form on the website.
In addition, you always have the right to lodge a complaint with the data protection authority regarding the processing of your personal data. The contact details of the data protection authority are:
Your data will be deleted as soon as the respective contract with you has been fulfilled and there is no longer any legal obligation to store the data.
Statutory / legal retention obligations or contractual obligations e.g. personal data must continue to be stored in relation to customers from warranty or compensation or to contractual partners. (Art. 6 para. 1 lit. c GDPR)
Contact form, email, phone, social media
If you contact us using the form on the website, via e-mail, phone or social media, the data you provide (e-mail addresses, names, addresses, telephone and fax numbers, date of birth, text input, etc.) will be used for the purpose of processing the request and in the event of Follow-up questions stored with us for 12 months. We do not pass on this data without your consent. The data entered is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent informally by email to us at any time.
The data you have entered will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. completed processing of your request). Statutory provisions remain unaffected (retention periods).
By submitting a comment in the comment form on our website, the personal data you provide will be processed for the purpose of presenting your comment on our website and our internal documentation. This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract (free hosting contract to display your comment on our website). Your entered data will be stored by us until your comment is deleted.
Inventory data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship. This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data on the use of our website (usage data) only insofar as this is necessary to enable the user to use the service. The customer data collected will be deleted after the business relationship has ended. Statutory retention periods remain unaffected.
Automatic data storage
When you visit our website, various information is automatically stored on the web server of the hosting provider.
We host our website with our processor Lederhaas IT Solutions, Schönberg 3, 8411 Hengsberg, Austria.
Only connection data are processed for the mere provision of the website. This processing is based on our legitimate interest in accordance with. Art. 6 para. 1 lit. f GDPR (absolute technical necessity to provide this website).
Personal data is processed to operate the website and to call up other functions. You can read details about the individual functions and services here in this data protection declaration.
Server log files
When you visit this website, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- Name and URL of the file called up,
- Website from which access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer and the name
- your access provider.
The possibility to use this data on the legal basis according to Art. 6 para. 1 lit. f GDPR for purposes like
- ensuring a smooth connection to the website,
- ensuring comfortable use of our website,
- the evaluation of system security and stability as well as
- for further administrative purposes
to use is currently being used by us. Under no circumstances will the data collected be used to draw conclusions about you personally. The duration of the processing is limited to 14 days.
What is a cookie?
Cookies are small text files that are created by the website you are visiting and that contain data. They are stored on the visitor’s computer in order to give the user access to various functions. A session cookie is temporarily stored on the computer while the visitor is navigating through the website. This cookie is deleted when the user closes his internet browser or after a certain period of time (i.e. when the session expires). A permanent cookie remains on the visitor’s computer until it is deleted.
Types of cookies
- Temporary cookies (session cookies)
Session cookies are only temporarily stored on the computer and are deleted when the browser is closed.
- Permanent cookies
Permanent cookies remain stored on the computer even after the browser is closed. E.g. Language settings for the next visit are saved in these cookies.
- Essential cookies
Essential cookies are absolutely necessary for the smooth operation of a website.
- Marketing cookies
These cookies are used for advertising purposes, e.g. to assign a specific user profile to a user and thereby show the user advertising appropriate to his surfing behavior.
- First-party cookies
These cookies are set by the website operator himself.
- Third-party cookies
These cookies are mostly set by so-called social networks (so-called third parties) to process the usage behavior of the website visitor.
Storage duration of cookies
The storage duration of cookies varies depending on the type and function of the cookie. If our cookie notice does not provide any information on the storage period, the storage period can be up to 2 years.
How can I refuse and delete cookies?
If you deactivate cookies, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide certain functions you require (e.g. comment function, shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR saved. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.
For more information about cookies, including information on how to set, organize, block or delete cookies, visit www.allaboutcookies.org. The website www.allaboutcookies.org provides detailed instructions on how cookies are set and deleted, depending on the browser type.
Your cookie settings
As a user, you can make your personal cookie settings in our cookie notice (pop-up window). If you give us your consent to the setting of cookies, we will process this data on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time.
Otherwise, only cookies (essential cookies) are set that are absolutely necessary for the operation of the website. We act on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
If you want to change your cookie settings, click on the following button:
Integration of third party services
We integrate services (content and functions) from third-party providers on our website in order to display their content such as fonts, videos, images, etc.
If we obtain the consent of the user for this, the processing of the data takes place on the legal basis of the consent of the user (Art. 6 para. 1 lit. a GDPR). Otherwise, we process the user’s data on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
We use the hCaptcha anti-bot service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the “invisible mode” may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a “service provider” for the purposes of the California Consumer Privacy Act (CCPA).
Social plugins (“plugins”) from the social network instagram.com can be integrated into our website. The provider of the service is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
Details can be found here:
We use the Wordfence Security Plugin to secure our online offer. The provider of this plug-in is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.
Our website uses this service to protect against viruses, malware and other attacks by criminals. For the purpose of protection against brute force and DDoS attacks or message spam, IP addresses are stored on the servers of Defiant, Inc. Wordfence Security protects our website and thus all visitors to our website against viruses and malware.
This data processing is based on our legitimate interest in accordance with. Art. 6 para. 1 lit. f GDPR (absolute technical necessity to provide this website).
Details on the collection and use of data by Wordfence Security can be found here: https://www.wordfence.com/privacy-policy/
Wordfence currently uses three cookies:
What does this cookie do: This cookie is used by the Wordfence firewall to perform a functional test of the current user before WordPress is loaded.
Who receives this cookie: This cookie is only set for users who can log into WordPress.
How does this cookie help: With this cookie, the Wordfence firewall can recognize registered users and give them increased access. Wordfence can also detect users who are not logged in and restrict their access to secure areas. The cookie also tells the firewall what level of access a visitor has, so the firewall can make wise decisions about who to allow and who to block.
What does this cookie do: This cookie is used to notify the Wordfence administrator when an administrator logs in from a new device or location.
Who is receiving this cookie? This is only set for administrators.
How does this cookie help: This cookie enables website owners to determine if an administrator has been logged in from a new device or location.
What does this cookie do: Wordfence offers a function for a website visitor to bypass country blocking by accessing a hidden URL. You can use this cookie to track who is allowed to bypass country blocking.
Who is receiving this cookie? If a hidden URL defined by the site administrator is visited, this cookie is set to check whether the user can access the site from a country restricted by country blocking. This is set for anyone who knows the URL that can be used to bypass the standard country blocking. This cookie is not set for people who do not know the hidden URL in order to bypass country blocking.
How does this cookie help: With this cookie, website owners can allow certain users from blocked countries even though their country has been blocked.
We send newsletters or e-mails to inform you about our services, offers and current events. We only send these on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR or on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR if this is legally permitted.
Registration for the newsletters
To register for our newsletters, we only need your email address. Should we ask you for further data such as first name, last name, etc., then this is done on the basis of our legitimate interests (e.g. to address you personally in the newsletters)
If you register for our newsletters, this is done using the so-called double-opt-in procedure. For this purpose, after you have registered for the newsletter, you will receive an e-mail from us in which you have to confirm your e-mail address. This is for your own protection, so that nobody can log in with an unfamiliar e-mail address.
Logging the registrations
The registrations for the newsletters are logged by us or our emailing service provider in order to be able to prove the entire registration process later (legal obligation to provide evidence). For this purpose, e.g. registration time, confirmation time, IP address are saved in order to meet legal requirements.
When you access our newsletter, both technical data and information about your reading behavior are collected. The technical data includes e.g. operating system, browser system, IP address, location at the time of retrieval.
The information about your reading habits include e.g. opening rate of the newsletter, time of opening, which content or link in the newsletter was clicked.
The evaluations from the performance measurement serve to better understand the reading habits of our users, to adapt the reading content and to personalize our newsletter service.
If you, as a user, do not want this performance measurement, please cancel the newsletter subscription. A separate revocation of the performance measurement is unfortunately not possible for technical reasons.
Revocation and termination
You can revoke your consent to receive our newsletters at any time and thus cancel your newsletter subscription. The easiest way to do this is by clicking on the “unsubscribe newsletter” link at the end of each newsletter. Alternatively, you can also send us a simple e-mail with the subject “unsubscribe from newsletter”.
Emailing service provider
We use the mailing service provider “Mailchimp” to send the newsletters. This is done on the basis of our legitimate interests in the smooth handling of the newsletter dispatch. Details about the emailing service provider can be found here:
Provider of the service ‘Mailchimp’ is The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Details can be found here:
Data privacy statement: https://mailchimp.com/legal/privacy/
Online presence in social media
On the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) we operate online presences within so-called “social media” in order to be able to communicate with users there or to provide information about our services.
We would like to point out that these social media can also process user data outside of the European Union and that this user data is processed in most cases for marketing and advertising purposes.
If you use these social media or networks (such as Facebook, Instagram, Pinterest, etc.), the terms and conditions and data processing guidelines of the respective operator apply.
The provider of the service is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Details can be found here:
Data protection notice: https://www.facebook.com/about/privacy
Additional data protection notice: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-out (advertising settings): https://www.facebook.com/settings?tab=ads
The provider of the service is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details can be found here:
Data protection notice: https://instagram.com/about/legal/privacy
The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details can be found here:
Data protection notice: https://policies.google.com/privacy
Opt-out (advertising settings): https://adssettings.google.com/authenticated
The provider of the service is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. Details can be found here:
Data protection notice: https://www.linkedin.com/legal/privacy-policy
Opt-out (advertising settings): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
The provider of the service is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Details can be found here:
Data protection notice: https://twitter.com/en/privacy
Privacy settings: https://twitter.com/settings/account/personalization
This site uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as the inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If the SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
The provider uses technical and organizational security measures to protect the data stored by the provider against accidental or deliberate manipulation, loss, destruction or against access by unauthorized persons. Data transfers between service providers are carried out using the SSL (Secure Socket Layer) method. In this case, this software encrypts all information that is transmitted to and from supporters.
All data is stored on the server of this website or on the servers of our service providers, with whom contracts for order processing according to § 28 GDPR have been concluded with appropriate verification.
Updates to this privacy notice
We adjust the content of this data protection notice at regular intervals if this becomes necessary due to changes in the data processing we have carried out. We therefore ask you to inform yourself regularly about the content of our data protection notice.
For your information: Addresses, links and other contact information that are given here in this data protection notice may change over time.