EQUESTRIAN ART
​
Data protection
introduction
With the following data protection declaration we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent the provision of our services as well as in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific.
As of May 24, 2020
Table of contents
introduction
Responsible
Overview of processing
Relevant legal bases
Use of cookies
Provision of the online offer and web hosting
contact
Communication via messenger
Newsletter and broad communication
Promotional communication via email, post, fax or telephone
Definitions of terms
Responsible
Wibke Albrecht
Bramberg 10
24357 Fleckeby
Email address: mail@wibkealbrecht.com
Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
Inventory data (e.g. names, addresses).
Content data (e.g. text input, photographs, videos).
Contact details (e.g. email, telephone numbers).
Meta / communication data (e.g. device information, IP addresses).
Usage data (e.g. visited websites, interest in content, access times).
Categories of data subjects
Communication partner.
Users (e.g. website visitors, users of online services).
Purposes of processing
Direct marketing (e.g. by email or post).
Contact requests and communication.
Relevant legal bases
In the following, we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. Should more specific legal bases also apply in individual cases, we will inform you of this in the data protection declaration.
Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. GDPR) - The processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are requested by the data subject respectively.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. GDPR) - The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject that protect personal data Data require, outweigh.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection in Germany apply. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes and for transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. State data protection laws of the individual federal states can also be applied.
Use of cookies
Cookies are text files that contain data from visited websites or domains and are saved by a browser on the user's computer. A cookie is primarily used to store information about a user during or after visiting an online offer. The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the point at which a video was viewed. The term cookies also includes other technologies that perform the same functions as cookies (for example, if user information is saved using pseudonymous online identifiers, also known as "user IDs")
A distinction is made between the following types of cookies and functions:
Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes his browser.
Permanent cookies: Permanent cookies remain saved even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users who are used for range measurement or for marketing purposes can be saved in such a cookie.
First-party cookies: We set first-party cookies ourselves.
Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).
Statistics, marketing and personalization cookies: Furthermore, cookies are generally also used in the scope of range measurement and when the interests of a user or his behavior (e.g. viewing certain content, use of functions etc.) on individual websites in a user profile get saved. Such profiles are used to show users, for example, content that corresponds to their potential interests. This process is also referred to as "tracking", ie tracking the potential interests of the users. . Insofar as we use cookies or "tracking" technologies, we will inform you separately in our data protection declaration or as part of obtaining consent.
Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in a business operation of our online offering and its improvement) or, if the use of cookies is necessary, to fulfill our contractual obligations.
General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies ( collectively referred to as "opt-out"). You can first declare your objection using the settings in your browser, e.g. by deactivating the use of cookies (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ will. In addition, you can receive further contradiction notices in the context of the information on the service providers and cookies used.
Processing of cookie data based on consent: Before we process or have data processed as part of the use of cookies, we ask users for consent that can be revoked at any time. Before consent has not been given, cookies are used that are necessary for the operation of our online offer. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.
Processed data types: usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: users (e.g. website visitors, users of online services).
Legal basis: consent (Art. 6 Para. 1 Clause 1 a) GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 lit. GDPR).
Provision of the online offer and web hosting
In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.
The data processed as part of the provision of the hosting offer can include all information relating to the users of our online offer, which is incurred in the context of use and communication. This regularly includes the IP address that is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or on websites.
Email sending and hosting: The web hosting services we use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information regarding the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for the purpose of detecting SPAM. We ask you to note that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted on the transport route, but (unless an end-to-end encryption process is used) not on the servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of the emails between the sender and the receipt on our server.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files can include the address and name of the accessed websites and files, date and time of access, transferred data volumes, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong.
The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the server's load and stability.
Processed data types: content data (e.g. text input, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: users (e.g. website visitors, users of online services).
Legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. GDPR).
contact
When contacting us (e.g. via contact form, email, telephone or via social media), the details of the inquiring person will be processed, insofar as this is necessary to answer the contact inquiries and any measures requested.
The answering of contact inquiries within the framework of contractual or pre-contractual relationships takes place to fulfill our contractual obligations or to answer (pre) contractual inquiries and, moreover, on the basis of the legitimate interests in answering the inquiries.
Processed data types: inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. text input, photographs, videos).
Affected persons: communication partner.
Purposes of processing: contact requests and communication.
Legal basis: performance of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. GDPR).
Communication via messenger
We use Messenger for communication purposes and therefore ask you to observe the following information on the functionality of Messenger, encryption, the use of communication metadata and your options for objection.
You can also contact us in alternative ways, e.g. by phone or email. Please use the contact options provided to you or the contact options specified within our online offer.
In the case of end-to-end encryption of content (ie the content of your message and attachments), we would like to point out that the communication content (ie the content of the message and attached images) will be encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with activated encryption so that the encryption of the message content is ensured.
However, we would also like to point out to our communication partners that the providers of Messenger do not see the content, but can find out that and when communication partners communicate with us, as well as technical information on the device used by the communication partner and, depending on the settings of their device, location information ( so-called metadata) are processed.
Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Incidentally, if we do not ask for consent and, for example, contact you on our own initiative, we use Messenger in relation to our contractual partners and in the course of contract initiation as a contractual measure and in the case of other interested parties and communication partners based on our legitimate interests in a fast and efficient communication and meeting the needs of our communication partner in communication via messenger. We would also like to point out that we will not transmit the contact details provided to us to Messenger for the first time without your consent.
Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (eg, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise, as soon as we can assume that we have answered any information from the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention requirements.
Reservation of the reference to other communication channels: In conclusion, we would like to point out that for reasons of your security we reserve the right not to answer inquiries via Messenger. This is the case if, for example, contract internals require special confidentiality or an answer via Messenger does not meet the formal requirements. In such cases, we refer you to more adequate communication channels.
Whatsapp:
Processed data types: contact data (e.g. email, telephone numbers), usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. device information, IP addresses), content data (e.g. text input, photographs, videos) .
Affected persons: communication partner.
Purposes of processing: contact inquiries and communication, direct marketing (e.g. by email or post).
Legal basis: consent (Art. 6 Para. 1 Clause 1 a) GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 lit. GDPR).
Services and service providers used:
Facebook messenger: Facebook messenger with end-to-end encryption (the end-to-end encryption of the Facebook messenger requires activation, unless it should be activated by default); Service provider: https://www.facebook.com , Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com ; Data protection declaration: https://www.facebook.com/about/privacy ; Privacy Shield (guarantee of data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ; Opposition option (opt-out): https://www.facebook.com/settings?tab=ads .
Threema: Threema Messenger with end-to-end encryption; Service provider: Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland; Website: https://threema.ch/en ; Data protection declaration: https://threema.ch/de/privacy .
1293052021.5786712 652830414.8289677 990749200.0828604 1150824189.9413266 695324711.0529716 787889928.7361112 993968994.9479353 155935266.70410368 1266999764.4605598 937279730.70494 1730092387.0538301 395510905.34491634 1233155370.7051852 380427815.9920364 3401500131.8550186 413850787.90806043 756382928.3065693 248896300.92446634 1417371796.278302 32479418671,875
Newsletter and broad communication
We only send newsletters, e-mails and other electronic notifications (hereinafter referred to as "newsletters") with the consent of the recipient or a legal permission. If the contents of a newsletter are specifically described, they are decisive for the user's consent. Our newsletters also contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we can ask you to enter a name for the purpose of addressing yourself personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.
Double opt-in procedure: The registration for our newsletter is generally carried out in a so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address. The registrations for the newsletter are logged in order to be able to demonstrate the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
Deletion and restriction of processing: We can save the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous consent is confirmed. In the case of obligations to permanently observe contradictions, we reserve the right to save the email address for this purpose alone in a blacklist.
The logging of the registration process takes place on the basis of our legitimate interests for the purpose of demonstrating its proper course. Insofar as we commission a service provider to send emails, this is based on our legitimate interests in an efficient and secure shipping system.
Notes on legal bases: The newsletter is sent based on the consent of the recipient or, if consent is not required, on the basis of our legitimate interests in direct marketing, insofar as and insofar as this is permitted by law, e.g. in the case of existing customer advertising. If we commission a service provider to send emails, this is based on our legitimate interests. The registration process is recorded based on our legitimate interests to demonstrate that it was conducted in accordance with the law.
Contents: Information about us, our services, promotions and offers.
Processed data types: inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), meta / communication data (e.g. device information, IP addresses).
Affected persons: communication partner.
Purposes of processing: direct marketing (e.g. by email or post).
Legal basis: consent (Art. 6 Para. 1 Clause 1 a) GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 lit. GDPR).
Opposition option (opt-out): You can cancel the receipt of our newsletter at any time, ie revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably by e-mail.
Promotional communication via email, post, fax or telephone
We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.
The recipients have the right to withdraw their consent at any time or to object to advertising communication at any time.
After revocation or objection, we can save the data required to prove consent for up to three years based on our legitimate interests before we delete it. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous consent is confirmed.
Processed data types: inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers).
Affected persons: communication partner.
Purposes of processing: direct marketing (e.g. by email or post).
Legal basis: consent (Art. 6 Para. 1 Clause 1 a) GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 lit. GDPR).
Definitions of terms
This section gives you an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and mainly defined in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding. The terms are sorted alphabetically.
Personal data: "Personal data" is all information that relates to an identified or identifiable natural person (hereinafter "data subject"); An identifiable person is a natural person who can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
Responsible: The "responsible" is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data.
Processing: "Processing" is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data. The term goes far and encompasses practically every handling of data, be it collection, evaluation, storage, transmission or deletion.