Data Protection

[borlabs-cookie type="btn-cookie-preference" title="Cookie Einstellungen anpassen"/]

1 ) Introduction and overview
I have drafted this privacy statement (as of March 2023) in order to explain to you in a transparent manner what personal data I process as a data controller.
I am subject to Swiss data protection law and, where applicable, the requirements of the European General Data Protection Regulation (GDPR).

I would like to point out that the European Commission has determined by adequacy decision that an adequate level of protection equivalent to the GDPR exists in Switzerland.
Further data protection declarations and other legal documents such as general terms and conditions (GTC), terms of use or conditions of participation may apply to individual or additional activities and operations.

Contact details of the person responsible
Responsible for the processing of personal data:

Be-More-Present
Barbara Hesse Managing Director
Seidenhofweg 3
8914 Aeugstertal
Switzerland
barbara@be-more-present.com

I explicitly point out at the appropriate place if there are other persons responsible for the processing of personal data in individual cases.

2) Scope of application
The scope of this privacy policy includes:

all online presences such as my websites that I operate

my social media sites and email communications

mobile apps for smartphones and other devices

3) Terms and legal basis
Personal data is any information relating to an identified or identifiable individual. A data subject is a person about whom personal data is processed.
Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, collection, deletion, storage, modification, destruction and use of personal data.
The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.

The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

I process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (DPA) and the Ordinance to the Federal Data Protection Act (DPA).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, I will only process your data if at least one of the following legal bases applies:

·       Art. 6 Abs. 1 lit. b DSGVO für die erforderliche Bearbeitung von Personendaten zur Erfüllung eines Vertrages mit der betroffenen Person sowie zur Durchführung vorvertraglicher Maßnahmen.

·       Art. 6 Abs. 1 lit. f DSGVO für die erforderliche Bearbeitung von Personendaten, um die berechtigten Interessen von mir oder von Dritten zu wahren, sofern nicht die Grundfreiheiten und Grundrechte sowie Interessen der betroffenen Person überwiegen. Berechtigte Interessen sind insbesondere meinem Interesse, meinen Aktivitäten und Tätigkeiten dauerhaft, nutzerfreundlich, sicher und zuverlässig ausüben sowie darüber kommunizieren zu können, die Gewährleistung der Informationssicherheit, der Schutz vor Missbrauch, die Durchsetzung von eigenen rechtlichen Ansprüchen und die Einhaltung von Schweizerischem Recht.

·       Art. 6 Abs. 1 lit. c DSGVO für die erforderliche Bearbeitung von Personendaten zur Erfüllung einer rechtlichen Verpflichtung, der ich gemäß allenfalls anwendbarem Recht von Mitgliedstaaten im Europäischen Wirtschaftsraum (EWR) unterliegen.

·       Art. 6 Abs. 1 lit. e DSGVO für die erforderliche Bearbeitung von Personendaten zur Wahrnehmung einer Aufgabe, die im öffentlichen Interesse liegt.

·       Art. 6 Abs. 1 lit. a DSGVO für die Bearbeitung von Personendaten mit Einwilligung der betroffenen Person.

·       Art. 6 Abs. 1 lit. d DSGVO für die erforderliche Bearbeitung von Personendaten, um lebenswichtige Interessen der betroffenen Person oder einer anderen natürlichen Person zu schützen.

 

4) Nature, scope, purpose and duration
I process those personal data that are necessary to carry out my activities and operations in a permanent, user-friendly, secure and reliable manner. Such personal data may in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data and contract and payment data.

I process personal data for the period of time necessary for the relevant purpose(s) or as required by law. Personal data whose processing is no longer necessary will be anonymised or deleted.

As a matter of principle, I only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, for example for the performance of a contract with the data subject and for corresponding pre-contractual measures, in order to protect my overriding legitimate interests, because the processing is evident from the circumstances or after prior information.

In this context, I process in particular information that a data subject voluntarily and self-submits to me when contacting me – for example, by letter, email, instant messaging, contact form, social media or telephone – or when registering for a user account. I may store such information, for example, in an address book or with comparable tools. If you transmit personal data to me via third parties, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.

5) Rights of data subjects

Data subjects whose personal data I process have the rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the personal data processed.

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects whose personal data I process have the right to access their personal data,

Data subjects whose personal data I process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC)

  • obtain confirmation free of charge as to whether I am processing their personal data and, if so, request information on the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data corrected, deleted (“right to be forgotten”), blocked or completed.
  • revoke their consent at any time with effect for the future and object to the processing of their personal data at any time.

Data subjects whose personal data I process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

6) Data transfer to third countries
I process personal data in Switzerland and in the European Economic Area (EEA). However, I may also export or transfer personal data to other countries, in particular in order to process it or have it processed there.

I may export personal data to all states and territories on earth as well as elsewhere in the universe, provided that the law there ensures adequate data protection according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or according to the decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – according to the decision of the European Commission.

I may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other appropriate safeguards.

Exceptionally, I may export personal data to countries without adequate or appropriate data protection if the special data protection law requirements are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, I will be happy to provide data subjects with information about any guarantees or provide a copy of any guarantees.

I expressly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services may result in data not being processed and stored anonymously. Furthermore, US authorities may be able to access the data. In addition, it may happen that collected data is linked to data from other services of the same provider, if you have a corresponding user account there. Where possible, I try to use server locations within the EU, if this is offered.

If data is transferred to third countries, I will inform you of this in more detail at the relevant point in this privacy policy.

7) Security of data processing
I take appropriate technical and organisational measures to ensure data security commensurate with the risk involved. Unfortunately, however, I cannot guarantee absolute data security.

Access to my website is via transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

My digital communication is subject – like all digital communication in principle – to mass surveillance without any reason or suspicion, as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. I cannot directly influence the corresponding processing of personal data by secret services, police agencies and other security authorities.

8) Communication

When you contact me and communicate by phone, email or online form, personal data may be processed.

The data will be processed for the purpose of handling and processing your question and the related business transaction. The data will be stored as long as required by law.

8.1 Telephone
When you call me, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been closed and legal requirements allow it.

8.2 E-mail
When you communicate with me by e-mail, data is stored on the e-mail server. In addition, data may be stored on the respective end device (e.g. computer, laptop, smartphone). The data will be deleted as soon as the business case has been terminated and legal requirements permit.

8.3 Online forms
If you communicate with me using an online form, data is stored on the web server and, if applicable, forwarded to an e-mail address of mine. The data will be deleted as soon as the business case has been terminated and legal requirements permit.

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, the processing of the data is based on the following legal grounds:

·       Art. 6 Abs. 1 lit. a DSGVO (consent)

·       Art. 6 Abs. 1 lit. b DSGVO (contract)

·       Art. 6 Abs. 1 lit. f DSGVO (legitimate interests).

 

9) Cookies
I may use cookies. Cookies – both my own cookies (first-party cookies) and cookies from third parties whose services I use (third-party cookies) – are data that are stored in your browser. Such stored data need not be limited to traditional cookies in text form. Cookies are not software programmes and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.

Cookies can be stored temporarily in your browser as “session cookies” when you visit us or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies have a specific storage period. Cookies make it possible in particular to recognise your browser the next time you visit my website and thus, for example, to measure the reach of my website. However, permanent cookies can also be used for online marketing, for example.

You can deactivate or delete cookies in full or in part in your browser settings at any time. Without cookies, my website may no longer be fully available. I actively request your express consent for the use of cookies – if and when necessary. If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Cookies in Chrome löschen, aktivieren und verwalten 

Safari: Verwalten von Cookies und Websitedaten mit Safari 

Firefox: Cookies löschen, um Daten zu entfernen, die Websites auf Ihrem Computer abgelegt haben 

Internet Explorer: Löschen und Verwalten von Cookies 

Microsoft Edge: Löschen und Verwalten von Cookies 

In the case of cookies used for performance and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via AdChoices (https://youradchoices.ca/) (Digital Advertising Alliance of Canada), the Network Advertising Initiative (https://optout.networkadvertising.org/) (NAI), YourAdChoices (https://optout.aboutads.info/) (Digital Advertising Alliance) or Your Online Choices (https://www.youronlinechoices.com/ch-de/praferenzmanagement) (European Interactive Digital Advertising Alliance, EDAA).
I use the cookie consent technology of BorlabsCookie on my website to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection compliant manner. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can find out more about the data processed through the use of BorlabsCookie in the Privacy Policy at https://de.borlabs.io/datenschutz/. The collected data will be stored until you request me to delete it or until you delete the Borlabs-Cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of BorlabsCookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.The BorlabsCookie Consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

 

10) Web hosting and server log files
I host my website at Metanet, Josefstrasse 218, 8005 Zurich, Switzerland (hereinafter “Metanet”).

When you visit my website, Metanet collects various log files including your IP addresses. For details, please refer to Metanet’s privacy policy: https://www.metanet.ch/de/ueber-metanet/datenschutzerklaerung.
The use of Metanet is based on Art. 6 para. 1 lit. f GDPR. I have a legitimate interest in the most reliable presentation of my website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. for device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

When you visit my website, I may also collect the following information for each access to my website, provided that this information is transmitted by your browser to my server infrastructure or can be determined by my web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of my website accessed including amount of data transferred, website last accessed in the same browser window. (referrer or referrer).

I store such information, which may also constitute personal data, in server log files. The information is necessary to provide my website permanently, user-friendly and reliably, as well as to be able to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.

I have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of my website visitors in accordance with my instructions and in compliance with the GDPR.

10) Website Content Management Systems (CMS)
I use WordPress.com, a website building system, for my website. The service provider is the American company Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA.

WordPress also processes data from you in the USA, among other places. I would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the legality and security of data processing.

WordPress uses so-called standard contractual clauses (= Art. 46 Para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.
You can find out more about the data processed by using WordPress.com in the privacy policy at https://automattic.com/de/privacy/.
I have concluded a contract on commissioned processing (GCP) with the provider mentioned above. This is a contract required by data protection law, which ensures that the provider only processes the personal data of my website visitors according to my instructions and in compliance with the GDPR.

11) Google Analytics
On my website I use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google Analytics is a tracking tool that is used to analyse the traffic on my website. In order for Google Analytics to work, a tracking code is built into the code of my website. When you visit my website, this code records various actions you take on my website. As soon as you leave my website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and I receive reports about your user behaviour.

With the help of these reports, I learn more about how my marketing measures are received by you. This is how I want to increase my conversion rate.
I want to offer you the best possible service when you visit my website. The statistics and data from Google Analytics help me achieve this goal.

The data also helps me to carry out my advertising and marketing measures in a more individual and cost-effective way.

Google has servers all over the world. Most servers are located in the USA. Here you can read exactly where the Google data centres are located: https://www.google.com/about/datacenters/locations/?hl=de
As a result, Google also processes data from you in the USA, among other places. I would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the lawfulness and security of the data processing. Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission.

The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period of your user data is set to 14 months. For event data, I have also selected a retention period of 14 months.

Once the fixed period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored separately from user data. For more information on data retention, please visit: https://support.google.com/analytics/answer/7667196?hl=de.
Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de.
and install it. Please note that this add-on only disables the collection of data by Google Analytics.

If you generally want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions of the most popular browsers under the section “Cookies”.

The use of Google Analytics requires your consent, which I have obtained with my Cookie Consent banner. According to Art. 6 (1) lit. a DSGVO, this consent constitutes the legal basis for the processing of personal data as it may occur when collected by web analytics tools.

You can find more information about the data processing of Google Analytics under the links:

https://marketingplatform.google.com/about/analytics/terms/de/
and https://support.google.com/analytics/answer/6004245?hl=de.

I have concluded an order processing agreement (OPA) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find the link to the order data processing conditions at https://business.safety.google/intl/de/adsprocessorterms/.

 

12) Messenger & Communication
I offer the possibility to contact me via the instant messaging service WhatsApp. The service provider is the American company WhatsApp Inc., a subsidiary of Meta Platforms Inc. WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the European region.

If you contact me via WhatsApp on the occasion of a specific transaction (for example, an order placed), I store and use the mobile phone number you use on WhatsApp as well as – if provided – your first name and surname in accordance with Art. 6 Para. 1 lit. b. DSGVO to process and respond to your request. On the basis of the same legal basis, I may ask you to provide further data (order number, customer number, address or email address) via WhatsApp in order to be able to assign your request to a specific process.

If you use my WhatsApp contact for general enquiries (e.g. about the range of services, availability or my website), I will store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 (1) lit. f DSGVO on the basis of my legitimate interest in providing the requested information efficiently and promptly.

Your data will only ever be used to respond to your request via WhatsApp.

Please note that WhatsApp Business receives access to the address book of the mobile device I use for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms, Inc. in the USA. I would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the lawfulness and security of data processing.

WhatsApp uses so-called standard contractual clauses (= Art. 46 Para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WhatsApp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission.

For information on WhatsApp data transfer, which complies with the standard contractual clauses, please visit https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927.
You can find out more about the data processed through the use of WhatsApp in the Privacy Policy at https://www.whatsapp.com/privacy.
For the operation of my WhatsApp business account, I use a mobile device in whose address book only the WhatsApp contact data of those users who have also contacted me via WhatsApp are stored.

This ensures that every person whose WhatsApp contact data is stored in my address book has already consented to the transmission of his WhatsApp telephone number from the address books of his chat contacts in accordance with Art. 6 (1) lit. a DSGVO when using the app on his device for the first time by accepting the WhatsApp terms of use. A transmission of data of such users who do not use WhatsApp and/or have not contacted me via WhatsApp is excluded in this respect.

For the purpose and scope of the data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and setting options for protecting your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

13) Social media with Shariff
In addition to my website, I am also active on various social media platforms. This may involve processing user data so that I can target users who are interested in me via the social networks. To ensure data protection on this website, I only use these elements together with the so-called “Shariff” solution. This application prevents the social media elements integrated on this website from transmitting your personal data to the respective provider when you first enter the page.

Please note that when using social media platforms, data about you may be processed outside the European Union as many social media channels are offered by US companies. This may make it less easy for you to claim or enforce your rights in relation to your personal data.

Insofar as consent has been obtained, the service is used on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 TTDSG. Consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is stored and processed on the basis of my legitimate interest in having as much visibility as possible in social media, in communicating quickly and well with you or other customers and business partners, and in optimising my service performance. Most social media platforms also set cookies in your browser to store data. That’s why I recommend that you read my privacy text about cookies carefully and look at the privacy policy or cookie policy of the respective service provider.

Information on specific social media platforms – if available – can be found in the following sections.

14) Instagram
I use so-called social plugins (“plugins”) of the online service Instagram on my website. This allows me to show you content such as buttons, photos or videos from Instagram directly on my website. Instagram belongs to the Facebook products and is a subsidiary of Meta Platforms Inc. or for the European area of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies. Therefore, the data collected may also serve me for personalised advertising on Facebook. Instagram also uses the collected data for measurement and analysis purposes.

In order to increase the protection of your data when visiting my website, the Instagram plugin buttons are not unrestricted plugins, but are only integrated into the page using an HTML link. This type of integration ensures that when you call up a page of my website that contains such buttons, no connection is yet established with the servers of Instagram. When you click on the button, a new browser window opens and calls up the Instagram page, where you can interact with the plugins there (possibly after entering your login data).

For security reasons, among others, your data is distributed on Facebook servers all over the world. Most of these servers are located in the USA. In this respect, the explanations and notes under 16.1 apply with regard to data processing in the USA.

Although I have intensively studied Instagram’s data processing, I cannot say exactly what data Instagram processes.

You can find more information about Instagram’s data policies at https://privacycenter.instagram.com/policy/. For settings options to protect your privacy, please visit:
https://help.instagram.com/285881641526716?ref=igtos

15) LinkedIn
On my website I use social plugins (“plugins”) of the online service LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

In order to increase the protection of your data when visiting my website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page of my website that contains such buttons, no connection is yet established with the servers of LinkedIn. When you click on the button, a new browser window opens and calls up the LinkedIn page, where you can interact with the plugins there (possibly after entering your login data).

For the purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, please refer to LinkedIn’s data protection information: https://www.linkedin.com/legal/privacy-policy

16) OneDrive
I use OneDrive for my business, which is a file hosting service from Microsoft. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft also processes your data in the USA, among other places. I would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the lawfulness and security of the data processing. Microsoft uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. More information on Microsoft’s standard contractual clauses can be found at https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

I have concluded a contract on order processing (AVV) with the provider mentioned above.

You can find out more about the data processed by using Microsoft in the privacy policy at https://privacy.microsoft.com/de-de/privacystatement .

17) External online platforms
In order to offer my services or products outside my website, I use external platforms. In addition to my responsibility of data protection, the data protection regulations of the external platforms I use also apply. This is specifically the case if my products are purchased via the platform.

It may happen that built-in elements on my page lead to an external online platform. Data that is processed and stored by the online platform used serves the company on the one hand to log the payment process and on the other hand to be able to carry out web analyses.

The aim of these analyses is to be able to develop more precise and personalised marketing and advertising strategies. Depending on your behaviour on a platform, appropriate conclusions can be drawn about your interests with the help of the analysed data and so-called user profiles can be created. In this way, it is also possible for the platforms to present you with customised advertisements or products. Cookies are usually set in your browser for this purpose, which store data on your usage behaviour.

The exact data that is stored and processed depends on the external platform. But usually it is data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, when you visited which pages, information about your device and your IP address. Very often, most of this data is stored in cookies. If you have your own profile on an external platform and are also logged in there, data can be linked to the profile. The collected data is stored on the servers of the platforms used and processed there. You can find out exactly how an external platform stores, manages and processes data in the respective data protection declaration.

In general, I only process personal data for as long as it is absolutely necessary for the provision of my services and products.

Since cookies may be used, I also recommend my general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy statements of the respective external platforms.

If you have consented to your data being processed and stored by external platforms, this consent is the legal basis for the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, if consent has been given, your data will also be stored and processed on the basis of a legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. If I have integrated elements of external platforms on my website, I will nevertheless only use these if you have given your consent. You have the right and the possibility to revoke your consent to the use of cookies at any time. This works either via my cookie management tool or via opt-out functions at the respective external platform. Furthermore, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Information on specific external platforms – if available – can be found in the following sections.

18) elopage
I use the online sales platform elopage to offer and sell my products, services and content. The service provider is the German company elopage GmbH, Kurfürstendamm 208, 10719 Berlin, Germany.

You can find out more about the data processed through the use of elopage in the privacy policy at https://elopage.com/privacy?locale=de .

The use of elopage is based on Art. 6 (1) lit. f DSGVO. I have a legitimate interest in using a fast and professional sales page to sell my products. Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

19) Video Conferencing & Streaming Zoom
In my business, I use the video conferencing tool Zoom from the American software company Zoom Video Communications, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113. Thanks to “Zoom”, I can hold a video conference with customers, business partners, clients and also employees very easily and without installing any software and communicate with each other quickly and easily.

When you use Zoom, data is also collected from you so that Zoom can provide its services. On the one hand, this is data that you consciously provide to the company. This includes, for example, your name, telephone number or e-mail address. However, data is also automatically transmitted to Zoom and stored. This includes, for example, technical data of your browser, your IP address, MAC address, other device IDs, device type, which operating system you use, which client you use, camera type, microphone and speaker type. Your approximate location is also determined and stored. Zoom also records so-called metadata such as duration of the meeting/call, start and end of meeting participation, meeting name and chat status.

According to Zoom’s own privacy policy, the company does not use advertising cookies or tracking technologies for its services. Only its own marketing websites, such as https://explore.zoom.us/docs/de-de/home.html, use these tracking methods. Zoom does not resell personal information or use it for advertising purposes.
If you do not want data to be stored during the Zoom meeting, you must opt out of the meeting. However, you always have the right and the possibility to have all your personal data deleted.

If you have a Zoom account, you can find instructions on how to delete your account at https://support.zoom.us/hc/en-us/articles/201363243-How-Do-I-Delete-Terminate-My-Account.
Zoom stores the data for as long as it is necessary to provide the services or for its own purposes. The data will only be stored longer if this is required for legal reasons.

Zoom also processes data from you in the USA, among other places. I would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the lawfulness and security of the data processing. Zoom uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a transfer of data there.

Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Zoom undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. In principle, Zoom stores the collected data on American servers, but data can arrive at different data centres worldwide.

If you have consented to your data being processed and stored by the video or streaming solution, this consent is the legal basis for the data processing (Art. 6 para. 1 lit. a DSGVO). In addition, I can also offer a video conference as part of my service if this has been contractually agreed with you in advance (Art. 6 para. 1 lit. b DSGVO). In principle, your data will also be stored and processed on the basis of my legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers, business partners and employees, but only if you have at least consented to this.

I hope I have provided you with an overview of Zoom’s data processing. Of course, it is always possible that the company’s privacy policy may change. Therefore, for more information on the data processed and the standard contractual clauses, I also recommend Zoom’s privacy policy at https://explore.zoom.us/de/privacy/?tid=312258369 .
In accordance with Article 28 of the General Data Protection Regulation (GDPR), I have concluded a data processing agreement (GCPA) with Zoom.

20) Web design Google Fonts
On my website, I use so-called web fonts provided by Google Inc. (“Google Fonts”) for the uniform display of fonts. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area. I have integrated the Google Fonts locally, i.e. on the web server – not on Google’s servers. This means that there is no connection to Google servers and thus no data transfer or storage.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy:https://policies.google.com/privacy?hl=de .

I can adapt and supplement this privacy policy at any time. I will inform about such adjustments and additions in an appropriate form, in particular by publishing the respective current privacy policy on my website.