data (in the following also referred to as "data") I process, and for which purposes and to what
by me, both
in the context of providing my services and, in particular, on my websites, in mobile
within external websites, such as my social media profiles (hereinafter referred to as "online
Last Update: February 3rd, 2023
Note: This page was translated manually. If you encounter any unfavorable ambiguities or notice a missing translation, please contact me for rectification.
Table of contents
- Responsible Person
- Overview of processing operations
- Significant legal bases
- Security measures
- Transmission and disclosure of personal data
- Cookie usage
- Providing the online offer and web hosting
- Presence in social networks
- Plug-ins, embedded functions and content
- Deletion of data
- Rights of data subjects
- Definitions of terms
c/o Block Services
Stuttgarter Str. 106
Overview of processing operations
The following overview summarizes the types of data that are processed and the purposes of their processing, with reference to the people affected.
Types of data processed
- Inventory data (e.g. names, addresses).
- Content data (e.g. text entries, photographs, videos).
- Contact data (e.g. email addresses, phone numbers).
- Meta/communication data (e.g. device information, IP addresses).
- Usage data (e.g. websites visited, interest in content types, access times).
Categories of affected people
- Communication partners.
- Users (e.g. website visitors, users of online services).
Purposes of data processing
- Providing my online services and user friendliness.
- Contact requests and communication.
- Reach analysis (e.g. access statistics, recognition of returning visitors).
- Tracking (e.g. interest/behaviour profiling, cookie usage).
- Contractual services.
Significant legal bases
In the following, I would like to inform you about the legal basis of the General Data Protection Regulation (GDPR), the basis of how I am processing personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or my country of residence. Should more specific legal regulations apply in individual cases, I will inform you about these in the data protection declaration.
- Consent (Article 6(1)(a) GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR) – Processing is necessary for the fulfillment of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Justified interest (Article 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
National data protection regulations in Germany
In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include especially the law on protection against misuse of personal data in data processing (Bundesdatenschutzgesetz - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
I will take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying degrees of likelihood and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
These measures cover especially the protection of confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as the access, input, disclosure, securing of availability and separation of the data concerned. Furthermore, I have established mechanisms to ensure the enforcement of data subjects' rights, the deletion of data and to react to any threats to the data. Moreover, I take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection, through the design of technology and through data protection-friendly presettings.
SSL Encryption (https): To protect your data transmitted over my online offer, I am using SSL encryption. You can recognize such encrypted connections by the prefix https:// in the browser's address line.
Transmission and disclosure of personal data
In the course of my processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases I observe the legal regulations and conclude corresponding contracts or agreements with the recipients of your data which serve to protect your data.
Data transfer within the organisation: I may transfer personal information to other entities within my organization or grant them access to that information. If this transfer is for administrative purposes, the transfer of the data is based on my justified business and economic interests or takes place if it is necessary to fulfil my contractual obligations or if there is a consent of the persons concerned or a legal permission.
When contacting me (e.g. by contact form, email, phone or via social media) the data of the inquiring persons will be processed as far as this is necessary to answer the inquiries and possible requested actions.
The answering of contact enquiries in the context of contractual or pre-contractual relations is done to fulfill my contractual obligations or to answer (pre)contractual enquiries and otherwise on the basis of my legitimate interest in answering the enquiries.
- Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. text submissions, photographs, videos).
- Categories of affected people: Communication partners.
- Purpose of processing: Contact requests and communication.
- Legal bases: Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR), justified interest (Article 6(1)(f) GDPR).
Providing the online offer and web hosting
In order to provide my online offer securely and efficiently, I use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, I may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.
The data processed within the context of providing the hosting offer can include all data concerning the users of my online offer, which are generated during the usage and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, as well as all entries made within my online offer or from websites.
Email transmission and hosting: The web hosting services I use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information concerning the sending of emails (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the Internet are generally not sent in encrypted form. Generally, e-mails are encrypted in transit, but (unless an end-to-end encryption method is used) they are not encrypted on the servers from which they are sent and received. Therefore I cannot take responsibility for the transfer path of the emails between the sender and the arrival on my server.
Collection of access data and log files: I (or my web hosting provider) collect data about every access to the server (so called server log files). The server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, report of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, usually, IP addresses and the requesting provider.
The server log files can be used on one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of misuse attempts, so-called DDoS attacks), and on the other hand to secure the capacity use and the stability of the servers.
- Types of data processed: Content data (e.g. text submissions, images, videos), usage data (e.g. websites visited, interest in content types, access times), meta/communication data (e.g. device information, IP addresses).
- Categories of affected people: Users (e.g. website visitors, users of online services).
- Legal bases: Justified interest (Article 6(1)(f) GDPR).
Plug-ins, embedded functions and content
I incorporate functional and content elements into my online offer which are obtained from servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or social media buttons and contributions (hereinafter referred to uniformly as "content").
The integration always assumes that the third-party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required to display these contents or functions. I make every effort to use only such content whose respective providers use the IP address exclusively to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, time of visit and other details about the use of my online offer and might be linked to such information from other sources.
- Types of data processed: Usage data (e.g. websites visited, interest in content types, access times), meta/communication data (e.g. device information, IP addresses).
- Categories of affected people: Users (e.g. website visitors, users of online services).
- Purpose of processing: Provision of my online offer and user-friendliness and contractual services.
- Legal bases: Justified interest (Article 6(1)(f) GDPR).
Used services and service providers
- Umami: I use a self-hosted instance of Umami to track user interactions with the site. For diagnostic purposes, data about browsers, operating systems, and device type (desktop, tablet, mobile) used are collected. No personal data is collected in this process.
- Google Fonts: Fonts from Google Fonts are used on this page. No connection to Google servers is established for this, as they are cached locally on the server.
Deletion of data
The data I process will be deleted in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing these data ceases to apply or if they are not necessary for the purpose).
Unless the data are deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data is locked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or that must be stored for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.
Whenever I provide addresses and contact information of companies and organizations in this data protection declaration, please note that the addresses may change over time and I would like to ask you to check the information before establishing contact.
Rights of data subjects
As a data subject, you are entitled to various rights under the GDPR, which result in particular from Articles 15 to 18 and 21 GDPR:
- Right of appeal: You have the right to appeal against the processing of personal data relating to you on the basis of Article 6(1)(e/f) GDPR, including profiling based on these regulations, at any time for reasons arising from your circumstances. If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
- Right of revocation for consents: You have the right to revoke any consent given at any time.
- Right of disclosure: You have the right to obtain confirmation as to whether or not data in question are being processed and to obtain information on such data, as well as further information and a copy of the data in accordance with legal requirements.
- Right of rectification: In accordance with the law, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
- Right to cancellation and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with the legal requirements, to demand a restriction on the processing of the data.
- Right to data transferability: You have the right, in accordance with legal regulations, to receive data concerning you that you have provided to me in a structured, common and machine-readable format or to request that it be transferred to another responsible party.
- Complaint to the supervisory authority: You further have the right, in accordance with the statutory provisions, to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of suspected infringement, if you believe that the processing of personal data concerning you is in violation of the GDPR.
Definitions of terms
- Personal data: "Personal data" shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Reach measurement: Reach measurement (also known as web analytics) is used to analyze the flow of visitors to a website and can include the behavior or interests of visitors in certain information, such as the content of websites. With the help of reach measurement, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This enables them to better adapt the contents of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for the purpose of reach measurement in order to recognize returning visitors and thus to obtain more precise statistics on the use of an online service.
- Remarketing: One refers to "remarketing" or "retargeting", when, for example, it is recorded which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
- Tracking: One talks about "tracking" if the behaviour of users can be traced across several websites. As a rule, behavioral and interest information regarding the online services used is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be used to display advertisements to users that are likely to match their interests.
- Responsible person: "Responsible person" refers to the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
- Processing: "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all handling of data, whether it be collection, analysis, storage, transmission or deletion.
Non-applicable declarations (such as for Google Maps) have been added in the prospect of upcoming projects or pages and are to be ignored until the time of applicability.
Presence in social networks
I maintain online presences within social networks to communicate with users or to offer information about me.
I want to point out that user data may be processed outside the European Union. This may cause risks for the users, as it could, for example, make it more difficult to enforce the rights of the users. With regard to US providers certified under the privacy shield or offering comparable guarantees of a secure level of data protection, I would point out that they thereby agree to comply with EU data protection standards.
Moreover, user data within social networks is typically processed for market research and advertising purposes. Thus, for example, user profiles can be created based on the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to serve advertisements within and outside the networks that are presumably corresponding to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in on them).
In the case of requests for information and the enforcement of data subject rights, I would also like to point out that these can most effectively be invoked with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. Should you still need help, you can contact me.
Used services and service providers