Privacy Policy
1. Data Protection at a Glance
​
General Notes
​
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data that can personally identify you. Detailed information on data protection can be found in our privacy policy below.
​
Data Collection on This Website
​
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the "Note on the Responsible Entity" section of this privacy policy.
​
How do we collect your data?
​
Your data is collected either because you provide it to us, e.g., by entering it into a contact form. Other data is automatically or with your consent collected by our IT systems when you visit the website. This primarily includes technical data (e.g., browser type, operating system, or time of access). This data is collected automatically as soon as you enter this website.
​
What do we use your data for?
​
Part of the data is collected to ensure the error-free provision of the website. Other data may be used for analyzing your user behavior.
​
What rights do you have regarding your data?
​
You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request restriction of processing of your personal data. Furthermore, you have the right to file a complaint with the relevant supervisory authority. You can contact us at any time regarding this and other questions related to data protection.
​
Analysis tools and tools from third parties
​
When visiting this website, your surfing behavior may be statistically evaluated, mainly using analysis programs. Detailed information about these analysis programs can be found in this privacy policy.
​
2. Hosting
​
We host the content of our website with the following provider:
​
WIX
​
The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter "WIX").
WIX is a tool for creating and hosting websites. When you visit our website, WIX analyzes user behavior, source of visitors, region of visitors, and visitor numbers. WIX stores cookies on your browser, necessary for the presentation of the website and security (necessary cookies).
​
The data collected via WIX may be stored on various servers worldwide, including in the USA.
​
Details can be found in WIX's privacy policy: https://de.wix.com/about/privacy.
​
Data transfer to the USA and other third countries is based on the standard contractual clauses of the EU Commission or comparable guarantees under Art. 46 GDPR. More details can be found here: https://de.wix.com/about/privacy-dpa-users.
​
The use of WIX is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If consent has been obtained, processing is solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, insofar as the consent includes storing cookies or accessing information on the end device of the user (e.g., device fingerprinting according to TDDG). Consent can be revoked at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF commits to these data protection standards. More information is available here: https://www.dataprivacyframework.gov/participant/5626.
​
3. General Notices and Mandatory Information on Data Protection
​
The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
​
When you use this website, various personal data are collected. Personal data are data that can identify you personally. This privacy policy explains what data we collect, for what purpose, and how it is processed.
Please note that data transmission over the internet (e.g., email communication) may have security vulnerabilities. Complete protection against access by third parties is not possible.
​
Note on the Responsible Entity
​
The responsible entity for data processing on this website is:
​
Sarah Kersebaum
Bergwiesenstraße 9
35325 Mücke, Germany
​
Phone: +49 170 7314325
Email: sarah.kersebaum@gmail.com
​
The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses).
​
Data Retention
​
Unless a specific retention period is mentioned, your personal data will remain with us until the purpose of data processing no longer applies. If you assert a legal right to deletion or revoke consent, your data will be deleted unless we have other legally permissible reasons to retain it (e.g., tax or commercial law retention periods). In the latter case, data will be deleted after these reasons no longer apply.
​
Legal Basis for Data Processing on This Website
​
If you have given consent, we process your personal data based on Art. 6 Abs. 1 lit. a GDPR or Art. 9 Abs. 2 lit. a GDPR if special categories of data are processed according to Art. 9 Abs. 1 GDPR.
In case of explicit consent to data transfer to third countries, processing also depends on Art. 49 Abs. 1 lit. a GDPR.
​
If you have consented to the storage of cookies or similar technologies, processing is also based on § 25 Abs. 1 TDDG, which you can revoke at any time.
​
If data is necessary for contract performance or pre-contractual measures, processing is based on Art. 6 Abs. 1 lit. b GDPR.
​
If data is processed to fulfill a legal obligation, it is based on Art. 6 Abs. 1 lit. c GDPR.
Furthermore, data may be processed based on our legitimate interest under Art. 6 Abs. 1 lit. f GDPR.
​
This detailed translation ensures compliance and clarity for English-speaking users regarding data protection practices, in accordance with GDPR and international standards.
​
Data Recipients
​
Within our business activities, we cooperate with various external entities. Part of these collaborations may require the transmission of personal data to these external bodies. We only pass on personal data to third parties if it is necessary for contract fulfillment, if we are legally obliged to do so (e.g., data sharing with tax authorities), if we have a legitimate interest under Art. 6 Abs. 1 lit. f DSGVO, or if another legal basis permits data transfer. When using processors, we only share personal data of our clients based on a valid contract for data processing. In cases of joint processing, a joint processing agreement is concluded.
​
Revocation of Your Consent to Data Processing
​
Many data processing operations are only possible with your explicit consent. You can revoke an already granted consent at any time. The legality of the data processing carried out until the revocation remains unaffected.
​
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
​
If the data processing is based on Art. 6 Abs. 1 lit. e or f DSGVO, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or if processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21 Abs. 1 DSGVO).
If your personal data are processed for direct marketing, you have the right to object at any time to such processing. This also applies to profiling related to that kind of direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21 Abs. 2 DSGVO).
​
Complaint Right with the Responsible Supervisory Authority
​
In the event of violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority, especially in the member state of their habitual residence, workplace, or the place of the alleged breach. This right exists alongside other administrative or judicial remedies.
​
Right to Data Portability
​
You have the right to receive data processed automatically based on your consent or performance of a contract in a structured, common, and machine-readable format. You also have the right, under certain conditions, to transfer this data to another controller.
​
Right to Access, Rectification, and Erasure
​
You can request information about your processed personal data, including the purpose, categories, recipients, and storage duration, at any time. You also have the right to correction or deletion, provided legal conditions are met. Further questions about your personal data can be directed to us anytime.
​
Right to Restrict Data Processing
​
You can request the restriction of your personal data processing. This right can be exercised if you contest the accuracy of the data, if processing is unlawful but you oppose deletion, if we no longer need the data but you do for legal claims, or if you have objected to the processing.
​
SSL/TLS Encryption
​
For security reasons and to protect the transmission of confidential content (such as orders or inquiries you send us), this site uses SSL/TLS encryption. You recognize an encrypted connection by the change in the browser address line from "http://" to "https://" and by the padlock symbol in your browser.
When SSL/TLS encryption is activated, the data you send to us cannot be read by third parties.
​
​4. Data Collection on This Website
​
Cookies
​
Our websites use so-called "cookies." Cookies are small data packets and do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently stored on your device (persistent cookies). Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them yourself or an automatic deletion is carried out by your web browser.
​
Cookies can come from us (first-party cookies) or from third parties (so-called third-party cookies). Third-party cookies enable the integration of certain services from third parties within web pages (e.g., cookies for processing payment services).
​
Cookies have various functions. Many cookies are technically necessary because certain web functions would not work without them (e.g., shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes.
​
Cookies necessary for carrying out electronic communication, providing certain requested functions by you (e.g., shopping cart function), or optimizing the website (e.g., cookies for measuring web traffic) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis applies. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimized provision of services. If consent for the storage of cookies and similar technologies has been requested, processing is solely based on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG); consent can be revoked at any time.
​
You can set your browser to inform you about cookie settings and to allow cookies only in individual cases, to exclude cookie acceptance for certain cases or generally, as well as to activate automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website. Information about which cookies and services are used on this website can be found in this privacy policy.
​
Contact Form
​
If you submit queries to us via contact form, your details from the inquiry form, including the contact data you provide there, are stored for the purpose of processing the inquiry and in case of follow-up questions. We do not forward these data without your consent.
​
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided your inquiry is related to contract fulfillment or executing pre-contractual measures. In all other cases, processing is based on our legitimate interest in effective handling of inquiries (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if requested; consent can be revoked at any time.
​
Data you enter in the contact form remains with us until you ask for deletion, revoke consent, or the purpose for storage no longer applies (e.g., after completed processing). Mandatory statutory provisions (especially retention periods) remain unaffected.
​
Inquiry by Email, Phone, or Fax
​
If you contact us by email, phone, or fax, your inquiry, including all personal data resulting from it (name, inquiry), is stored and processed for the purpose of handling your request. We do not forward these data without your consent.
​
Processing here is based on Art. 6 para. 1 lit. b GDPR if related to contract fulfillment or pre-contractual actions, or otherwise based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) or consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time.
​
Your inquiry data remain with us until deletion is requested, consent is revoked, or the purpose is fulfilled. Legal retention periods remain unaffected.
​
Comment Function on this Website
​
For the comment function, besides your comment, information about the time of comment creation, email address, and, if not posted anonymously, your chosen user name are stored.
​
IP Address Storage
​
Our comment function stores IP addresses of users who write comments. Because we do not review comments before publication, this data is required to act legally in case of offenses such as insults or propaganda.
​
Subscribing to Comments
​
Registered users may subscribe to comments. A confirmation email is sent verifying the email address owner. The function can be unsubscribed anytime via a link in info emails. Data entered during subscription is deleted if unsubscribed, except if data is used elsewhere (e.g., newsletter subscription).
​
Comment Storage Duration
​
Comments and related data are stored and remain on this website until the commented content is deleted or comments must be deleted for legal reasons (e.g., offensive comments).
​
Legal Basis
​
Comment storage is based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked anytime by informal email notification. Lawfulness of past data processing remains unaffected.
​
5. Social Media
​
​
Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries.
​
An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
​
When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives information that you have visited this website with your IP address. If you click the Facebook “Like Button” while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted nor its usage-by Facebook. Further information can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG. The consent can be revoked at any time.
If personal data are collected and transmitted to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is strictly limited to the collection and transfer of data to Facebook. The further processing of this data by Facebook is not part of this joint responsibility. The obligations owed jointly have been documented in a joint processing agreement, which can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing information about data privacy when using the Facebook tool and for the proper technical implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. Data subject rights (e.g., access requests) regarding the data processed by Facebook can be asserted directly with Facebook. If you exercise your rights with us, we are obliged to forward these to Facebook.
Data transfer to the USA relies on the standard contractual clauses of the EU Commission. More details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.
The company holds certification under the “EU-US Data Privacy Framework”. The DPF is an agreement between the European Union and the USA, designed to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF commits to adhere to these data privacy standards. More information is available here: https://www.dataprivacyframework.gov/participant/4452.
​
​
This website also embeds features of the Instagram service. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
​
When the social media element is active, a direct connection between your device and the Instagram server is established. Instagram then receives information that you have visited this website.
​
If you are logged into your Instagram account, clicking the Instagram button can link the content of this website with your Instagram profile. This allows Instagram to associate your visit with your user account. We point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted nor its usage by Instagram.
​
The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG. The consent can be revoked at any time.
​
If personal data are collected and transferred to Instagram using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is strictly limited to collection and transfer of data to Instagram. Further processing by Instagram after the transfer is outside our joint responsibility. The obligations we share have been documented in a joint processing agreement, which can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing information about data privacy when using the Instagram tool and for the proper technical implementation of the tool on our website. Instagram is responsible for data security of the products. Rights of data subjects (e.g., access requests) regarding the data processed by Instagram can be asserted directly with Instagram. If you exercise your rights with us, we are obliged to forward them to Instagram.
Data transfer in the USA is based on the standard contractual clauses of the EU Commission. More details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.
​
Further information can be found in Instagram’s privacy policy at: https://privacycenter.instagram.com/policy/.
The company has certification under the “EU-US Data Privacy Framework”. The DPF is an agreement between the European Union and the United States to ensure European data protection standards are maintained in US data processing. Every certified company under the DPF agrees to adhere to these standards. More information is available here: https://www.dataprivacyframework.gov/participant/4452.