About meWeb designProjectsContact

Privacy Policy

Introduction

With the following privacy policy I would like to inform you about which types of your personal data (in the following also referred to as "data") I process, and for which purposes and to what extent they are used. The privacy policy applies to all processing of personal data conducted by me, both in the context of providing my services and, in particular, on my websites, in mobile applications and within external websites, such as my social media profiles (hereinafter referred to as "online offer").

Last Update: February 3rd, 2023

Note: This page was translated manually. If you encounter any unfavorable ambiguities or notice a missing translation, please contact me for rectification.

Domains

This privacy policy applies to the following domains and their subdomains:

  • checksch.de
  • djlogarhythm.com
  • gondoliano.com
  • marvinscham.com
  • marvinscham.de
  • masterychart.com
  • scham.net
  • schmoekerei.com
  • schmökerei.de

Responsible person

Marvin Scham
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach

Email: mail@marvinscham.de
Contact Form: /contact
Legal Notice: /legal

Overview of processing operations

The following overview summarizes the types of data that are processed and the purposes of their processing, with reference to the people affected.

Types of data processed

  • Inventory data (e.g. names, addresses).
  • Content data (e.g. text entries, photographs, videos).
  • Contact data (e.g. email addresses, phone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content types, access times).

Categories of affected people

  • Communication partners.
  • Users (e.g. website visitors, users of online services).

Purposes of data processing

  • Providing my online services and user friendliness.
  • Contact requests and communication.
  • Remarketing.
  • Reach analysis (e.g. access statistics, recognition of returning visitors).
  • Tracking (e.g. interest/behaviour profiling, cookie usage).
  • Contractual services.

Back to Top

Significant legal bases

In the following, I would like to inform you about the legal basis of the General Data Protection Regulation (GDPR), the basis of how I am processing personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or my country of residence. Should more specific legal regulations apply in individual cases, I will inform you about these in the data protection declaration.

  • Consent (Article 6(1)(a) GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR) – Processing is necessary for the fulfillment of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Justified interest (Article 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

National data protection regulations in Germany

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include especially the law on protection against misuse of personal data in data processing (Bundesdatenschutzgesetz - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Back to Top

Security measures

I will take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying degrees of likelihood and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures cover especially the protection of confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as the access, input, disclosure, securing of availability and separation of the data concerned. Furthermore, I have established mechanisms to ensure the enforcement of data subjects' rights, the deletion of data and to react to any threats to the data. Moreover, I take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection, through the design of technology and through data protection-friendly presettings.

SSL Encryption (https): To protect your data transmitted over my online offer, I am using SSL encryption. You can recognize such encrypted connections by the prefix https:// in the browser's address line.

Back to Top

Transmission and disclosure of personal data

In the course of my processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases I observe the legal regulations and conclude corresponding contracts or agreements with the recipients of your data which serve to protect your data.

Data transfer within the organisation: I may transfer personal information to other entities within my organization or grant them access to that information. If this transfer is for administrative purposes, the transfer of the data is based on my justified business and economic interests or takes place if it is necessary to fulfil my contractual obligations or if there is a consent of the persons concerned or a legal permission.

Back to Top

Cookie usage

Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after his visit within an online service. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term "cookies" also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "User IDs").

A distinction is made between the following cookie types and functions:

  • Temporary/session cookies: Temporary cookies are deleted once a user has left an online service and closed his browser.
  • Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed automatically when the user revisits a website. Likewise, the interests of users used for reach measuring or marketing purposes can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by me.
  • Third-party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Required/essential cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user entries or for security reasons).
  • Statistical, marketing and personalization cookies: Furthermore, cookies are generally used for reach measurement and when a user's interests or behaviour (e.g. viewing certain content, the use of features, etc.) are stored in a user profile on individual websites. Such profiles are used to show users e.g. content that corresponds to their potential interests. This procedure is also known as "tracking", i.e., following the potential interests of users. Wherever I use cookies or "tracking" technologies, I will inform you separately in my privacy policy or when obtaining your consent.

Notes on legal bases: On which legal basis I process your personal data with the help of cookies depends on whether I ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of my legitimate interests (e.g. in the business administration of my online service and its improvement) or, if the use of cookies is necessary to fulfill my contractual obligations.

General information on revocations and objections (opt-out): Depending on whether the processing is based on consent or legal permission, you have the possibility at any time to revoke any consent given or to refuse the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can initially declare your objection by means of the settings of your browser, e.g. by deactivating the use of cookies (although this may also restrict the functionality of my online service). An opt-out against the use of cookies for online marketing purposes can also be achieved by using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition to this, you will find more information regarding consent revocation for all used service providers and cookies.

Processing of cookie data based on consent: Before I process or have data processed in the context of the use of cookies, I ask the users for their consent, which can be revoked at any time. Before the consent has not been given, cookies will be used if necessary, which are necessary for the operation of my online offer. Their use is based on my interest and the interest of the users in the expected functionality of my online offer.

  • Types of data processed: Usage data (e.g. websites visited, interest in content types, access times), meta/communication data (e.g. device information, IP addresses).
  • Categories of affected people: Users (e.g. website visitors, users of online services).
  • Legal bases: Consent (Article 6(1)(a) GDPR), justified interest (Article 6(1)(f) GDPR).
Back to Top

Contact

When contacting me (e.g. by contact form, email, phone or via social media) the data of the inquiring persons will be processed as far as this is necessary to answer the inquiries and possible requested actions.

The answering of contact enquiries in the context of contractual or pre-contractual relations is done to fulfill my contractual obligations or to answer (pre)contractual enquiries and otherwise on the basis of my legitimate interest in answering the enquiries.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. text submissions, photographs, videos).
  • Categories of affected people: Communication partners.
  • Purpose of processing: Contact requests and communication.
  • Legal bases: Contract fulfillment and pre-contractual inquiries (Article 6(1)(b) GDPR), justified interest (Article 6(1)(f) GDPR).
Back to Top

Providing the online offer and web hosting

In order to provide my online offer securely and efficiently, I use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, I may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.

The data processed within the context of providing the hosting offer can include all data concerning the users of my online offer, which are generated during the usage and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, as well as all entries made within my online offer or from websites.

Email transmission and hosting: The web hosting services I use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information concerning the sending of emails (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the Internet are generally not sent in encrypted form. Generally, e-mails are encrypted in transit, but (unless an end-to-end encryption method is used) they are not encrypted on the servers from which they are sent and received. Therefore I cannot take responsibility for the transfer path of the emails between the sender and the arrival on my server.

Collection of access data and log files: I (or my web hosting provider) collect data about every access to the server (so called server log files). The server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, report of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, usually, IP addresses and the requesting provider.

The server log files can be used on one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of misuse attempts, so-called DDoS attacks), and on the other hand to secure the capacity use and the stability of the servers.

  • Types of data processed: Content data (e.g. text submissions, images, videos), usage data (e.g. websites visited, interest in content types, access times), meta/communication data (e.g. device information, IP addresses).
  • Categories of affected people: Users (e.g. website visitors, users of online services).
  • Legal bases: Justified interest (Article 6(1)(f) GDPR).
Back to Top

Presence in social networks

I maintain online presences within social networks to communicate with users or to offer information about me.

I want to point out that user data may be processed outside the European Union. This may cause risks for the users, as it could, for example, make it more difficult to enforce the rights of the users. With regard to US providers certified under the privacy shield or offering comparable guarantees of a secure level of data protection, I would point out that they thereby agree to comply with EU data protection standards.

Moreover, user data within social networks is typically processed for market research and advertising purposes. Thus, for example, user profiles can be created based on the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to serve advertisements within and outside the networks that are presumably corresponding to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in on them).

For a detailed description of the respective types of processing and the possibilities of revocation (opt-out), I refer to the privacy policys and information provided by the operators of the respective networks.

In the case of requests for information and the enforcement of data subject rights, I would also like to point out that these can most effectively be invoked with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. Should you still need help, you can contact me.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. text submissions, images, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Categories of affected people: Users (e.g. website visitors, users of online services).
  • Purpose of processing: Contact inquiries and communication, tracking (e.g. interest/behavioural profiling, cookie usage), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
  • Legal bases: Justified interest (Article 6(1)(f) GDPR).

Used services and service providers

Back to Top

Plug-ins, embedded functions and content

I incorporate functional and content elements into my online offer which are obtained from servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or social media buttons and contributions (hereinafter referred to uniformly as "content").

The integration always assumes that the third-party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required to display these contents or functions. I make every effort to use only such content whose respective providers use the IP address exclusively to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, time of visit and other details about the use of my online offer and might be linked to such information from other sources.

Notes on legal bases: Provided I ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the users' data will be processed on the basis of my justified interests (i.e. interest in efficient, economic and user-friendly services). In this context, I would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. websites visited, interest in content types, access times), meta/communication data (e.g. device information, IP addresses).
  • Categories of affected people: Users (e.g. website visitors, users of online services).
  • Purpose of processing: Provision of my online offer and user-friendliness and contractual services.
  • Legal bases: Justified interest (Article 6(1)(f) GDPR).

Used services and service providers

  • Umami: I use a self-hosted instance of Umami to track user interactions with the site. For diagnostic purposes, data about browsers, operating systems, and device type (desktop, tablet, mobile) used are collected. No personal data is collected in this process.
  • Google Fonts: Fonts from Google Fonts are used on this page. No connection to Google servers is established for this, as they are cached locally on the server.
  • ReCaptcha: I am using Google's “ReCaptcha“ to detect bots. This is primarily used for online forms (e.g. the contact form), serving the purpose of distinguishing humans from bots. This is accomplished by evaluating the user's behavioural data (e.g. mouse movements and queries). Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/; Privacy policy: https://policies.google.com/privacy; Privacy Shield (securing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active; Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://adssettings.google.com/authenticated.
  • Google AdSense (exclusively on the Mastery Chart site): I'm using Google's "Google AdSense" service. With Google AdSense I can display advertisements on my site that fit the target group and offer added value if possible. This integration is done according to my justified interest to cover the costs of the project. Google collects data about your handling of ads (clicks, impressions, mouse movements) as well as data about whether the ad has already been presented to you. Furthermore, Google and other third parties have the possibility to store cookies in your browser. When you enter the site, you will be asked for your consent to the above, you have the possibility of a complete refusal without limiting the functionality of the site. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://maps.google.de; Privacy policy: https://policies.google.com/privacy; Privacy Shield (securing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active; Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://adssettings.google.com/authenticated.
Back to Top

Deletion of data

The data I process will be deleted in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing these data ceases to apply or if they are not necessary for the purpose).

Unless the data are deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data is locked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or that must be stored for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection notes of this privacy policy.

Back to Top

Changes and Updates of the Privacy Policy

I would like to ask you to inform yourself regularly about the content of my privacy policy. I will adapt the privacy policy as soon as changes in the data processing that I have carried out make this necessary. I will inform you as soon as the changes make it necessary for you to take cooperative action (e.g. consent) or other individual notification is required.

Whenever I provide addresses and contact information of companies and organizations in this data protection declaration, please note that the addresses may change over time and I would like to ask you to check the information before establishing contact.

If you have actually read this privacy policy up to this point, leave me an email in which the word "asparagus" is used. This section is of course not binding and is for entertainment purposes only.

Back to Top

Rights of data subjects

As a data subject, you are entitled to various rights under the GDPR, which result in particular from Articles 15 to 18 and 21 GDPR:

  • Right of appeal: You have the right to appeal against the processing of personal data relating to you on the basis of Article 6(1)(e/f) GDPR, including profiling based on these regulations, at any time for reasons arising from your circumstances. If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
  • Right of revocation for consents: You have the right to revoke any consent given at any time.
  • Right of disclosure: You have the right to obtain confirmation as to whether or not data in question are being processed and to obtain information on such data, as well as further information and a copy of the data in accordance with legal requirements.
  • Right of rectification: In accordance with the law, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
  • Right to cancellation and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with the legal requirements, to demand a restriction on the processing of the data.
  • Right to data transferability: You have the right, in accordance with legal regulations, to receive data concerning you that you have provided to me in a structured, common and machine-readable format or to request that it be transferred to another responsible party.
  • Complaint to the supervisory authority: You further have the right, in accordance with the statutory provisions, to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of suspected infringement, if you believe that the processing of personal data concerning you is in violation of the GDPR.
Back to Top

Definitions of terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined above all in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to help you understand them.

  • Personal data: "Personal data" shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Reach measurement: Reach measurement (also known as web analytics) is used to analyze the flow of visitors to a website and can include the behavior or interests of visitors in certain information, such as the content of websites. With the help of reach measurement, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This enables them to better adapt the contents of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for the purpose of reach measurement in order to recognize returning visitors and thus to obtain more precise statistics on the use of an online service.
  • Remarketing: One refers to "remarketing" or "retargeting", when, for example, it is recorded which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
  • Tracking: One talks about "tracking" if the behaviour of users can be traced across several websites. As a rule, behavioral and interest information regarding the online services used is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be used to display advertisements to users that are likely to match their interests.
  • Responsible person: "Responsible person" refers to the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processing: "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all handling of data, whether it be collection, analysis, storage, transmission or deletion.

Non-applicable declarations (such as for Google Maps) have been added in the prospect of upcoming projects or pages and are to be ignored until the time of applicability.

Nach oben
DEDEENEN