top of page

Privacy Policy

​

Preamble

​

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data"), the purposes, and the extent to which we process them. The privacy policy applies to all processing of personal data carried out by us (hereinafter collectively referred to as "online offer"). The terms used are not gender-specific.

​

Status: July 11, 2024

​

Table of Contents

​

  1. Preamble

  2. Responsible Party

  3. Overview of Processing

  4. Relevant Legal Bases

  5. Transfer of Personal Data

  6. Rights of Data Subjects

  7. Provision of the Online Offer and Web Hosting

  8. Use of Cookies

  9. Changes and Updates

  10. Definitions of Terms

​

Responsible Party

​

Dr. Ann-Cathrin Brock

Eimsbütteler Str. 45

22769 Hamburg
Email Address: info@ann-cathrin-brock.com

​

Overview of Processing

​

The following overview summarizes the types of processed data, the purposes of their processing, and refers to the affected individuals.

​

Types of Processed Data

​

  • Content data

  • Usage data

  • Meta, communication, and procedural data

  • Log data

​

Categories of Affected Individuals

​

  • Users

​

Purposes of Processing

​

  • Security measures

  • Providing our online offer and user-friendliness

  • Information technology infrastructure

​

Relevant Legal Bases

​

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR, on which we process personal data. Please note that national data protection regulations in your or our country of residence or domicile may apply in addition to the GDPR regulations. If more specific legal bases are relevant in individual cases, we will inform you in the privacy policy.

​

  • Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR) - the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

​

National Data Protection Regulations in Germany: In addition to the GDPR data protection regulations, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Furthermore, data protection laws of the individual federal states may apply.

​

Notice on the Applicability of GDPR and Swiss DSG: This privacy notice serves to provide information according to both the Swiss DSG and the General Data Protection Regulation (GDPR). Therefore, please note that due to broader spatial application and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms "processing" of "personal data," "overriding interest," and "particularly sensitive personal data" used in the Swiss DSG, the terms "processing" of "personal data," "legitimate interest," and "special categories of data" used in the GDPR are employed. The legal meaning of the terms, however, is still determined according to the Swiss DSG within the scope of its applicability.

​

Transfer of Personal Data

​

In the course of our processing of personal data, it may happen that these are transmitted to other bodies, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content that are embedded in a website. In such cases, we comply with the legal requirements and conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

​

Rights of Data Subjects

​

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right to Withdraw Consent: You have the right to withdraw consents given at any time.

  • Right of Access: You have the right to obtain confirmation as to whether or not data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.

  • Right to Rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements.

  • Right to Erasure and Restriction of Processing: You have the right, in accordance with the legal requirements, to request that data concerning you be deleted immediately, or alternatively, in accordance with the legal requirements, to request a restriction of the processing of the data.

  • Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, in accordance with the legal requirements, or to request its transmission to another controller.

  • Right to Complain to a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

​

Provision of the Online Offer and Web Hosting

​

We process the data of users to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to deliver the content and functions of our online services to the browser or end device of the user.

​

Types of Processed Data:

​

  • Usage data (e.g., page views and dwell time, click paths, usage intensity, and frequency, used device types and operating systems, interactions with content and functions)

  • Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, involved persons)

  • Log data (e.g., log files regarding logins or data retrieval or access times)

  • Content data (e.g., textual or visual messages and posts, as well as information related to them, such as authorship or creation time)

​

Affected Individuals:

​

  • Users (e.g., website visitors, users of online services)​

​

Purposes of Processing:

​

  • Providing our online offer and user-friendliness

  • Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.))

  • Security measures

​

Retention and Deletion:

​

  • Deletion in accordance with the section "General Information on Data Storage and Deletion"

​

Legal Bases:

​

  • Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR)

​

Additional Information on Processing Procedures, Processes, and Services:

​

  • Provision of Online Offer on Rented Storage Space: For the provision of our online offer, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web host"); Legal bases: Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR).

  • Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files." The server log files may include the address and name of the accessed websites and files, date and time of access, transferred data volumes, notification of successful access, browser type along with version, the user's operating system, referrer URL (the previously visited page), and as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers, especially in the case of abusive attacks (so-called DDoS attacks), and to ensure the stability and performance of the servers; Legal bases: Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidence purposes is exempt from deletion until the respective incident has been finally clarified.

  • Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information concerning the email dispatch (e.g., the involved providers) and the contents of the respective emails are processed. The aforementioned data can also be processed for spam detection purposes. We ask you to note that emails on the internet are generally not sent encrypted. As a rule, emails are encrypted during transit, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission path of the emails between the sender and the reception on our server; Legal bases: Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR).

  • Checkdomain: Services in the field of providing information technology infrastructure and associated services (e.g., storage space and/or computing capacity); Service provider: checkdomain GmbH, a dogado group company, Große Burgstraße 27/29, 23552 Lübeck, Germany; Website: https://www.checkdomain.de; Privacy Policy: https://www.checkdomain.de/agb/datenschutz.

​

Use of Cookies

​

Cookies are small text files or other memory markers that store information on end devices and read information from end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or used functions of an online offer. Cookies can also be used for various purposes, e.g., for purposes of functionality, security, and comfort of online offers, as well as the creation of analyses of visitor flows.

​

Notes on consent: We use cookies in accordance with the legal regulations. Therefore, we obtain prior consent from users, except when this is not required by law. In particular, consent is not necessary if the storing and reading of the information, including cookies, is absolutely necessary to provide a telemedia service (i.e., our online offer) explicitly requested by the users. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

​

Notes on legal bases under data protection law: The legal basis under data protection law on which we process the personal data of users using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g., in the business operation of our online offer and its improvement) or if the use of cookies is necessary to fulfill our contractual obligations.

​

Storage duration: Regarding storage duration, the following types of cookies are differentiated:

​

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).

  • Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected using cookies can be used to measure reach. Unless we provide explicit information on the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.

​

General information on withdrawal and objection (so-called "opt-out"): Users can revoke the consents given at any time and also object to the processing according to the legal requirements in Art. 21 GDPR. Users can also declare their objection via the settings of their browser.

​

Changes and Updates

​

We kindly ask you to inform yourself regularly about the content of our privacy policy. We adjust the privacy policy as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

​

Definitions of Terms

​

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are mainly defined in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to serve understanding. The terms are sorted alphabetically.

"Responsible Party" refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether collecting, evaluating, storing, transmitting, or deleting.

​

Created with the free privacy generator.de by Dr. Thomas Schwenke.

​

​

​

bottom of page