deutsche Version englische Version

Declaration of Data Protection

I take the protection of your personal data very seriously and treat all your personal information as strictly confidential. The following declaration gives an overview of how I guarantee this protection, what type of data is gathered and why.

1. Name and address of the responsible person

The responsible person in the sense of the General Data Protection Regulation and other national laws on data protection of the member states as well as other data protection regulations is:
Brigitte Patz
Drosselweg 21
D-71126 Gäufelden
Germany
Tel.: +49 7032-9109629
info(at)brigitte-patz.de

2. General notes on data gathering / data processing

2.1 Scope of personal data processing

As a matter of principle, I only process personal data of my users if this is necessary in order to provide a functioning website, my contents and services. I regularly process the personal data of my users after they have given consent. There is an exception in those cases when factual reasons do not allow to obtain prior consent and when data processing is permitted according to legal regulations.

2.2 Legal basis for the processing of personal data

Provided I obtain consent of the data subject, legal basis will be article 6(1) lit. a of the EU General Data Protection Regulation (GDPR).

With regard to the processing of personal data needed to fulfil the terms of an agreement (of which the data subject is the contracting party) legal basis will be article 6(1) lit. b of the GDPR. This will also be the case in all processing steps necessary to perform precontractual measures.

Provided I am subject to a legal obligation which requires processing of personal data for its fulfilment, legal basis will be article 6(1) lit. c of the GDPR.

In case vital interests of the data subject or another natural person require processing of personal data, legal basis will be article 6(1) lit. d of the GDPR.

If data processing is required to safeguard a legitimate interest of mine or a third person, interests, fundamental rights and fundamental freedoms of the data subject do not override the first mentioned interest, accordingly, legal basis for processing will be article 6(1) lit. f of the GDPR.

2.3 Removal of data and storage period

Personal data of the data subject will be deleted or blocked as soon as the purpose of the storage lapses.

Beyond that, data can be stored if stipulated by the European or national lawmaker in Union-law regulations, acts or other provisions to which the responsible is subject. Data will also be blocked or deleted if a storage period which is stipulated in the above norms expires, unless there is a necessity for continued data storage to conclude or fulfil an agreement according to article 6(1) lit. b of the GDPR.

2.4 Data disclosure to third parties

Your personal data will only be disclosed to third parties if this is necessary for the fulfilment of agreements; transmission will only have the scope required for the corresponding performance.

In case I outsource certain parts of data processing (“job processing”), I will make contractual arrangements with the job processor to only use personal data in line with the requirements of the data protection laws and to guarantee protection of the rights of the data subject.

A transfer of data to agencies or individuals outside the EU will not take place and nor is it planned.

3. Access data, log files & hosting

If you access my website, the browser of your terminal device in use will automatically send information to the server of my website. The following information is gathered without any action on your part and will be stored in so-called log files for a maximum period of seven days, after which it will be deleted:

  • Information about the type of browser and the version used
  • The operating system of your terminal device
  • Your internet service provider
  • Your IP address
  • Date and time of access
  • Referrer URL (the page accessed before)
  • The name of the file accessed
  • Transferred data volume and duration of data transfer
  • HTTP status code (the HTTP status code sets out whether the request was successful or if there was an error)

Without this information it would, for technical reasons, not be possible to correctly deliver the contents of my website to you. No such data will be merged with other sources of data.

The legal basis for data processing is article 6(1) lit. f of the GDPR. My legitimate interest derives from the purposes listed below:

  • to guarantee a smooth and secure operation of my online presentation
  • to evaluate system security and stability
  • to serve other administrative purposes

In accordance with article 4(2) & article 28 of the GDPR I concluded an agreement with my hosting provider on job data processing for the hosting services I use.

4. Email contact

If you send me enquiries via email, I will save your details to deal with the enquiry and for the possibility of follow-up questions.

I process the data for purposes of communication via email according to article 6(1) lit. b of the GDPR to fulfil a contract or to take pre-contractual measures implemented in response to your request.

Any of your requests sent to me will be deleted if they are no longer necessary, providing that the removal of data does not preclude any legal provisions – especially retention periods.

6. Cookies

No cookies are used on my website.

7. Data security & SSL encryption

My website is encrypted with the SSL process (Secure Socket Layer) so that the security of your data during the transfer is protected.

You can identify an encrypted connection by the fact that the address line of your browser switches from "http://" to "https://" and by the padlock icon of your browser line.

Moreover, I adopt adequate technical security measures in compliance with the state of the art to protect your data against accidental or deliberate manipulation, loss, destruction and against unauthorised access.

8. Your rights as a data subject

If your personal data is processed, you are a data subject as laid down in the GDPR and in terms of your personal data, you have various rights against the responsible. These rights include:

  • Right of confirmation and access according to article 15 of the GDPR
  • Right of rectification according to article 16 of the GDPR
  • Right to erase („right to be forgotten“) according to article 17 of the GDPR
  • Right to limit processing according to article 18 of the GDPR
  • Right of data portability according to article 20 of the GDPR
  • Right of withdrawal of consent according to article 7(3) of the GDPR

If you would like to assert these rights, please direct your enquiry to the address indicated in paragraph 1 either via email or by mail, providing clear identification of yourself.

Moreover, you have the right to complain to the competent supervisory authority according to art. 77 of the GDPR.

9. Right of objection

In accordance with article 21 of the GDPR, you have the right to appeal, at any time, against the processing of your personal data carried out based on article 6(1) lit. e or f of the GDPR on grounds arising from your specific situation; this is also the case for any profiling which is based on these provisions.

As the person responsible, I will no longer process your personal data unless I can provide compelling and legitimate reasons for the processing which outweigh your interests, rights and freedom or if the processing serves the establishment, exercise or defence of legal claims.

10. Changes to the Declaration of Data Protection

I reserve the right to change the Declaration of Data Protection at any time in view of the data protection provisions in force.

Last update: May 2018