The protection of your personal data is very important to me, so I would like to provide you with all the information about the processing and storage of your data when you visit my website and my company.
In order to use all the functions and services on my website, it is necessary to collect your personal data. However, this data is only processed and stored in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG).
Marlen Najmann, née Scharf
Schwielowseestraße 111c
14548 Schwielowsee
e-mail: me@marlenscharf.com
You can find more information in the Legal notice.
Note: In order to protect your data as comprehensively as possible from unauthorised access, I take technical and organisational measures and use an encryption process on my website. Your data is transferred via the Internet from your computer to my computer and vice versa using TLS encryption.
TLS stands for ‘Transport Layer Security’ and is an encryption protocol for data transmission on the Internet. You can usually recognise ‘TLS’ by the fact that the lock symbol in your browser's status bar is closed and the address begins with https://.
This website automatically collects and stores server log file information that your browser transmits to me.
This refers to
Your personal data will not be transferred to third parties. I have concluded a data processing agreement with the provider of this website, ALL-INKL.com – Neue Medien Münnich, based in Germany, in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that ALL-INKL.com – Neue Medien Münnich processes the personal data of my website visitors only in accordance with my instructions and in compliance with the GDPR.
The collected data is stored in server log files, which your browser automatically transmits to me in encrypted form, for seven days. I only store the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR and serves solely to preserve evidence.
Any personal information that you voluntarily provide to me will, of course, be treated confidentially. I will use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR. This arises from my interest in responding to enquiries from my customers, business partners and interested parties and in promoting and maintaining customer satisfaction. A further legal basis for natural persons is the initiation or fulfilment of a contract pursuant to Art. 6 (1) (b) GDPR.
All personal data that you send to me with your enquiry will be deleted or anonymised by me no later than two years after the final reply has been sent to you, provided that no contract is concluded. The retention period of two years is based on the fact that, in isolated cases, you may contact me again regarding the same matter after receiving a response and refer to the previous correspondence. Experience has shown that after two years, there are no further queries regarding my responses.
I use cookies to facilitate and improve the use of my website. Cookies are small pieces of text information that can be stored on your computer or smartphone via your browser when you visit a website. This serves to recognise the website visitor. Cookies can also provide me with information about how you use my website, enabling me to continuously improve its design.
Cookies themselves do not contain any personal data about users; they are only used to clearly identify what my customers find interesting and useful on my website. I also use so-called ‘web beacons’ (small graphic images, also known as ‘pixel tags’ or ‘clear GIFs’) on my website. They are used in conjunction with cookies to track general user behaviour on the website.
The legal basis for the processing of personal data using cookies and other technologies is your consent pursuant to Art. 6(1)(a) GDPR, which you give us via the so-called ‘consent banner’ as soon as you visit my website for the first time.
We use cookies for the following purposes:
The data processed by necessary cookies is required for the purposes listed below to safeguard my legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR.
Any use of cookies that is not strictly necessary for technical reasons constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6(1)(a) GDPR. Using my cookie consent tool, you can choose which cookie categories you wish to accept when visiting my website.
Once cookies have been stored, you can delete them at any time via your web browser settings. You can also adjust your web browser settings so that no cookies are stored. However, this may mean that not all functions of my website are available.
To obtain consent in accordance with data protection laws, I use the cookie consent technology from Complianz B.V., a company based in the Netherlands.
This is used to obtain the legally required consent for the use of cookies and other data processing requiring consent. The legal basis for this is my legitimate interest pursuant to Art. 6 (1) (f) GDPR and the fulfilment of legal obligations pursuant to Art. 6 (1) (c) GDPR. The legitimate interest lies in the legally compliant documentation and verifiability of consent in order to fulfil the obligation of accountability. No personal data is stored.
You can change your settings at any time by accessing the cookie settings at the bottom right of the website.
This website uses Koko Analytics to statistically evaluate visitor traffic. The provider of the analysis tool is ibericode BV, based in the Netherlands, see here. www.ibericode.com.
Koko Analytics is a privacy-friendly open source (GPLv3) analytics plugin for WordPress that does not transfer any personal data to external servers. Koko Analytics determines the number of visitors and page views, displays a list of the most frequently visited posts, and records which referring websites visitors came from.
For this purpose, a statistics cookie is set, provided that you have given your consent in accordance with Art. 6 (1) (a) GDPR via the cookie consent banner:
Cookie name: _koko_analytics_pages_viewed
Storage period: 60 months
The consent given may be revoked at any time.
I embed map services on my website that are not stored on my servers. To ensure that visiting my website with embedded maps does not automatically result in third-party content being reloaded, I initially only display locally stored preview images of the maps. This means that the third-party provider does not receive any information.
Only after clicking on the preview image or giving your consent via the cookie consent banner will third-party content be loaded. This provides the third-party provider with information that you have visited my website, as well as the technically necessary usage data. I have no influence on further data processing by the third-party provider. By clicking on the preview image, you give me your consent to reload the third-party provider's content. The embedding is based on your consent in accordance with Art. 6 (1) (a) GDPR, provided that you have previously given your consent by clicking on the preview image. An adequacy decision exists for the USA, meaning that data can be transferred without further measures. You can view Google's (YouTube) certification here einsehen.
Video service provider:
Google Ireland Limited/Google LLC (USA) („Google Maps”)
I use the WordPress plugins Woocommerce and Woocommerce Germansized to handle the technical aspects of selling my products. These are local plugins, which means that no personal data is transferred to WooCommerce. The WooCommerce plugin adds the functionality of this online shop to my content management system, and WooCommerce Germanized extends WooCommerce and ensures technical adaptation to specific legal requirements.
When you place an order via my online shop, I only collect the data from you that is necessary to process the order. The legal basis for this data processing is Art. 6(1)(b) GDPR. Your data is therefore processed for the purpose of fulfilling contractual obligations.
If the delivery address differs from the billing address, personal data may also be processed for persons who do not order directly from my shop. Experience has shown that these orders are often gifts. I have received your address from a person who is giving you my products as a gift. Your address data therefore does not come from publicly accessible sources (Art. 14 (2) (f) GDPR). The legal basis for this data processing is the fulfilment of the contract in accordance with Art. 6 (1) (b) GDPR.
You can pay by credit card or PayPal. To do so, you will be redirected to the website of the selected payment service provider. There you can enter your payment details and complete the order. The specific payment amount will be transmitted to the service provider used. Further information on the data processing carried out can be found in the information texts on the input mask/website of the service providers. You will also find further contact information there. Payment is processed directly by the selected payment service provider. The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide me with the data on the basis of the contractual relationship between you and me.
For payment and to complete the booking, you will be redirected to a page of the payment service provider STRIPE Payments Europe Limited, based at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. For more information on Stripe Payments' data protection policy, please visit: https://stripe.com/at/privacy.
You can also make your payments via the payment service provider PayPal. For more information about PayPal, please visit: PayPal (PayPal (Europe) S.à.r.l., based in Luxembourg. Data protection at PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Processing via payment providers is not required by law or contract. However, without the transfer of your personal data, I cannot process a payment via the payment providers.
I store your data in order to comply with the 10-year retention requirements under the Federal Tax Code.
Insofar as your data is processed on the basis of consent pursuant to Art. 6(1)(a), Art. 9(2)(a) or Art. 49(1)(a) GDPR, I will process your data exclusively for the specified purpose and after providing separate information in order to be able to prove, within the scope of my accountability under Art. 5(2) GDPR, that you have consented to the data processing in question. If you withdraw your consent, your data will be deleted within the statutory period – please note, however, that data subject to tax law or other retention obligations must be stored for at least seven years and, if necessary, for the duration of proceedings by the (tax) authorities. The legal basis for data processing is Art. 6(1)(c) GDPR.
If you assert your rights as a data subject against me in accordance with Articles 15 to 21 of the GDPR, I will also process and store your data in order to be able to prove, within the scope of my accountability pursuant to Article 5(2) of the GDPR, that I have complied with the GDPR when processing your request. The legal basis for this processing is Art. 6(1)(c) GDPR in conjunction with the respective data subject right(s) asserted.
I maintain the following social media accounts:
Instagram: https://www.instagram.com/marlen_kann_malen/.
Instagram is a product of Meta Platforms Inc. (formerly Facebook Inc.). Here you will find more information.
Personal data entered on social media sites, such as comments, videos, images, likes, public messages, etc., are published by the respective social media platform. I reserve the right to delete content if necessary. If necessary, I may share content on my page and contact you via the social media platform, for example via the messenger services offered. In addition, I sometimes place advertisements (‘ads’) on my social media pages.
The legal basis for this data processing is the legitimate interest pursuant to Art. 6(1)(f) GDPR, which lies in the interest of my public relations and communication.
Social media platforms provide anonymised statistics and insights that help me gain insights into the types of actions people take on my page (known as ‘page insights’). These page insights are generated based on certain information about people who have visited my page.
The legal basis for this data processing is my legitimate interest pursuant to Art. 6(1)(f) GDPR, which is based on obtaining information about the actions and visitors to my websites.
This processing of personal data is carried out by the social media platform and me as so-called joint controllers pursuant to Art. 26 GDPR. In the case of joint responsibility, a separate agreement must be concluded.
>> To the agreement with Instagram
If you wish to object to specific data processing over which I have control (e.g. deletion of comments), please contact me using the contact details above.
Note: The provision of your data is neither required by law nor contractually stipulated, nor is it necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with me via my social media pages, interact with me or participate in competitions. To contact me, please use the email address provided above.
In addition to me, there is also the operator of the social media platforms themselves. From a data protection perspective, they are also considered to be another controller who carries out their own data processing. This means that the operator is also a responsible body under the GDPR. However, I have only limited influence on data processing by the operator. Where I can exert influence (e.g. through parameterisation), I work within the scope of my possibilities to ensure that the operator of the social media platform handles data in accordance with data protection regulations. In many cases, however, I cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in their own privacy policy:
When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries have been certified by the European Commission as having an adequate level of data protection. This means that the legal situation regarding privacy protection in these countries is comparable to that in the EU or the EEA. You can find more detailed information on the countries currently certified as having an adequate level of data protection here. here.
Certifications under the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram) as well as Google (YouTube). In all other cases, I conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.
Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, I unfortunately have little influence over the web tracking methods used by social media platforms. I cannot switch this off, for example. Please be aware that: It cannot be ruled out that the provider of the social media platform may use your uses profile and behavioural data, for example to track your habits or personal relationships and preferences, etc. I have no influence on the processing of your data by the provider of the social media platform.
YOU HAVE THE RIGHT UNDER ARTICLE 15(1) OF THE GDPR TO REQUEST, FREE OF CHARGE INFORMATION ABOUT THE PERSONAL DATA STORED ABOUT YOU. FURTHERMORE, IF THE LEGAL REQUIREMENTS ARE MET, YOU HAVE THE RIGHT TO CORRECTION (ART. 16 DSGVO), DELETION (ART. 17 DSGVO) AND RESTRICTION THE PROCESSING (ART. 18 GDPR) OF YOUR PERSONAL DATA. IF YOU HAVE PROVIDED THE PROCESSED DATA YOURSELF, YOU HAVE THE RIGHT TO DATA TRANSFER IN ACCORDANCE WITH ART. 20 GDPR.
IF DATA PROCESSING IS BASED ON ART. 6(1)(e) OR (f) GDPR, YOU HAVE THE RIGHT TO OBJECT IN ACCORDANCE WITH ARTICLE 21 GDPR. IF YOU OBJECT TO DATA PROCESSING, IT WILL NOT TAKE PLACE. IN FUTURE, IF THE PERSON RESPONSIBLE CAN COMPEL PROVE PROTECTABLE REASONS FOR FURTHER PROCESSING THAT JUSTIFY THE INTEREST OF THE DATA SUBJECT IN OBJECTING PREVAILS.
IF DATA PROCESSING IS BASED ON CONSENT IN ACCORDANCE WITH ART. 6 PAR. 1 LIT. A), ART. 9 PAR. 2 LIT. A) BZW. ART. 49 PAR. 1 LIT. A) DSGVO BASED ON, YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME WITH FUTURE EFFECT WITHOUT AFFECTING THE LAWFULNESS OF THE PROCESSING CARRIED OUT UP TO THAT POINT BERÜHRT WIRD.
YOU ALSO HAVE THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION SUPERVISORY AUTHORITY. THE COMPLAINT CAN BE LODGED IN PARTICULAR WITH A SUPERVISORY AUTHORITY IN THE EU MEMBER STATE OF YOUR PLACE OF RESIDENCE, PLACE OF WORK OR THE PLACE OF THE ALLEGED INFRINGEMENT.
The State Commissioner for Data Protection and the Right of Access to Files
Dagmar Hartge
Stahnsdorfer Damm 77
14532 Kleinmachnow
Phone: 033203- 356 – 0
fax: 033203 – 356 – 49
e-mail: poststelle@LDA.brandenburg.de
I do not engage in automated decision-making or profiling.
Unless otherwise stated in the previous chapters, the provision of personal data is neither required by law nor contractually required, nor is it necessary for the conclusion of a contract.
Failure to provide your personal data may mean that I am unable to respond to your enquiries, for example.
This privacy policy was developed in collaboration with the consulting firm SCALELINE. The legal texts are subject to copyright.