Thank you for your interest in our company. You’re free to access our website without your personal data being indicated in any way. However, if a data subject (hereafter referred to as a ‘Data Subject’) wishes to use specific services provided by our business via our website, processing of personal data could become necessary.
This data protection declaration is designed to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, Data Subjects are informed of their rights by means of this data protection declaration.
I
Definitions
1) personal data
Personal data means any information relating to an identified or identifiable natural person, or any other kind of Data Subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2) person of concern
A Data Subject means any identified or identifiable natural person whose personal data are processed by the data Controller (hereafter referred to as the ‘Controller’).
3) processing
Processing is any operation or set of operations carried out on personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4) restriction of processing
Restriction of processing entails the Controller (or representatives thereof) ensuring that any stored personal data are safeguarded with the aim of limiting future processing of personal data.
5) profiling
Profiling is any form of automated processing of personal data that refers to using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
6) pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data aren’t attributed to an identified or identifiable natural person.
7) ‘Controller’
The Controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU or member state law, the Controller or the specific criteria for its designation may be provided for under EU or member state law.
8) processor
A ‘processor’ in this instance refers to a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
9) recipient
A recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether this be a third party or not. However, public authorities that may receive personal data in the context of a specific investigation mandated under EU or member state law shall not be considered as recipients.
10) third party
A third party in the context of these terms and conditions refers to a natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the processor, and the persons or other legal entities authorised to process the personal data under the direct responsibility of the Controller or the processor.
11) consent
Consent shall mean any freely given specific and informed indication of the Data Subject’s wishes in the form of a statement or other unambiguous affirmative act by which the Data Subject signifies and confirms his or her agreement to the processing of personal data relating to him or her.
Name and address of the responsible party
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Herr Frank Elminowski
carrying out business activities under the rubric or company name ‘Hauptstadtstudio Freier Lektoren’
Hagedornstr. 14
12 487 Berlin
Germany
Tel.: 0049 (30) 755 41 38 - 9
E-mail: info@hauptstadtstudio-freier-lektoren.de
Website: www.hauptstadtstudio-freier-lektoren.de
III
Scope or extent of the processing of personal data
As a matter of legal principle, we only process users’ personal data in the event that this may be necessary for the provision of a functional website as well as for offering our services under the aforementioned company name.
IV
Legal basis for the processing of personal data
Insofar as we obtain the consent of the Data Subject for processing operations involving personal data, the first stipulation of paragraph one of article six (conventionally referred to as Art. 6 (1) a) of the EU General Data Protection Regulation (GDPR) – known in German as the EU-Datenschutzgrund-verordnung (DSGVO) – serves as the legal basis.
When processing personal data necessary for fulfilling a contractual obligation to which the client (in this case, a Data Subject) is a party, Art. 6 (1) b of the DSGVO serves as the legal basis. This also applies to processing operations that are necessary for ensuring the carrying out of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c of the DSGVO serves as the legal basis.
In the event that vital interests of the Data Subject or another natural person make the processing of personal data necessary, Art. 6 (1) d of the DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party – and as long as the interests, fundamental rights and freedoms of the Data Subject do not outweigh the above-mentioned interest or interests – Art. 6 (1) f of theDSGVO serves as the legal basis.
V
Data deletion and storage period
The personal data of the Data Subject shall be deleted or blocked as soon as the purpose of (or reason for) the storage ceases to apply. Storage may also occur if the conditions and agreements for this have been provided for by the EU or national legislator in EU regulations, laws or other provisions to which the Controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for the data to be stored until such time as the provisions of the contract are concluded, fulfilled or expired.
VI
Transmission of data to third parties
As a matter of legal principle, we do not transfer your personal data to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with Art. 6 (1) a of the DSGVO; or
- this is legally permissible and necessary for the fulfilment of a contract’s stipulations with you, in line with the provision set out in Art. 6 (1) b of the DSGVO; or
- if there is a legal obligation for disclosure of information, pursuant to Art. 6 (1) c of the DSGVO; or
- the disclosure is necessary pursuant to Art. 6 (1) f of the DSGVO on the basis of a legitimate interest, such as the assertion, exercise or defence of legal claims, and in the event that there’s no reason to assume that you have an overriding interest worthy of protection when it comes to the non-disclosure of your data.
VII
Description and scope of data processing
a. description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected:
- Information about the type of browser and the version used;
- The user’s operating system;
- A user’s internet service provider
- The IP address of the user;
- The date and time of access;
- Websites from which a user’s system accesses our website.
b. legal basis
The legal basis for the temporary storage of data and log files is stipulated in Art. 6 (1) f of the DSGVO.
c. purpose
The temporary storage of the IP address by the system is necessary to ensure that a Data Subject’s computer is able to access the contracting party’s website. For this purpose, a user’s IP address will be stored for as long as he or she is accessing our website.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. Notwithstanding these system requirements, there is no evaluation of resultant data for marketing or advertising purposes.
Any storage of data exclusively supports our legitimate interest in data processing, as set out in Art. 6 (1) f of the DSGVO.
The data are deleted as soon as they’re no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this remains the case even when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign details to the person (hereafter called the ‘Client’) who is requesting this information.
e. possibility of objection and removal
The collection of data for the provision and optimisation of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility for the user to object.
2
E-mail contact
a. description and scope of data processing
It is possible to contact us via the e-mail address provided. In this event, a user’s personal data that they have transmitted via this e-mail will be stored.
In this context, data are not passed on to third parties. The data are used exclusively for processing the conversation.
b. legal basis
The legal basis for processing the data transmitted in the course of contacting us is Art. 6 (1) f of the DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) b of the DSGVO.
c. purpose
The processing of personal data is undertaken solely for the purpose of processing the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
d. duration
The data are deleted as soon as they’re no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Further necessary contact may result from legal retention periods and from the fact that the storage of data is necessary for the processing of a contract.
e. possibility of objection and removal
The user has the option to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time.
All personal data stored in the course of contacting us will be deleted in this case, unless we can invoke an exemption (on the legal basis as set out either in Art. 21 Para. 1, subsection 2 of the DSGVO, or in Art. 17 (3) b of the DSGVO).
3
Social networks and other sites
We maintain online an presence within social networks and platforms in order to be able to communicate with potential clients, interested parties and users active on these platforms and to inform them about our services. When accessing the respective networks and platforms, the terms, conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
a. Meta (formerly Facebook)
We link from the website to our presence on Facebook/Meta. On the basis of, and insofar as they support, our legally protected rights and interests (that is, the right to perform analytics on, to optimise and carry out reasonable business activities in respect to our online offer on the basis of the stipulation laid out in Art. 6 (1) f of the DSGVO), we use social-media-related plugins provided by Facebook/Meta.com, which is operated by Facebook/Meta Ireland Ltd, 4 Grand Canal Square, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as of 2022 operating under the business name ‘Meta’). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognisable by one of the Facebook/Meta logos (a white ‘f’ on a blue square, the terms ‘Like’ or a ‘thumbs-up’ symbol) or are marked with the additional information ‘Facebook/Meta Social Plugin’.
When a user calls up a function of this online provider that contains such a plugin, his or her end device establishes a connection with the Facebook/Meta servers. The content of the plugin is transmitted by Facebook/Meta directly to the user’s terminal device and integrated into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook/Meta collects with the help of this plugin and we can therefore inform users only according to our current level of knowledge about Facebook-Meta’s data-processing activities.
By integrating the plugins, Facebook/Meta receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook/Meta, Facebook/Meta can assign the visit to that user’s Facebook/Meta account. If users interact with the plugins, for example by clicking the ‘Like’ button or posting a comment, the corresponding information is transmitted from their device directly to Facebook/Meta and stored there. If a user is not a member of Facebook/Meta, there is still the possibility that Facebook/Meta will find out and store his or her IP address. According to Facebook/Meta, only an anonymised IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook/Meta, as well as the relevant rights and settings options for protecting the privacy of users, can be found in Meta’s (formerly Facebook/Meta’s) privacy policy at https://www.Facebook/Meta.com/about/privacy/.
If a user is a Facebook/Meta member and does not want Facebook/Meta to collect data about them via this online offer and link it to their membership data stored on Facebook/Meta, they must log out of Facebook/Meta and delete their cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook/Meta profile settings.
The legal basis is Art. 6 (1) f of the DSGVO. We maintain a presence on Facebook/Meta in order to communicate with potential clients, interested parties and users active there and to give them an alternative way of finding out about our company and our services. This also constitutes the purpose, (in German, ‘Zweck’) of the maintaining of our presence on Facebook/Meta websites.
b. Xing
As part of our online offer, we link to functions and contents regarding our presence on the Xing network, provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. We post content there, such as images, videos or texts, to which users can add their comments. If the users are members of the Xing platform, Xing can assign the call-up of the above-mentioned content and functions to the user’s profile there. Xing’s privacy policy can be found at https://privacy.xing.com/de/datenschutzerklaerung.
c. LinkedIn
As part of our online offer, we link to functions and content of our presence on the LinkedIn network, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We post content there, such as images, videos or texts, to which users can add their comments. If the users are members of LinkedIn, LinkedIn assigns the call of the above-mentioned content and functions to the user’s profile there. LinkedIn’s privacy policy can be accessed at https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.
VIII
Processing for business purposes
We process
- Contract data, e.g. the subject of contracts, terms, customer categories, names, and addresses
- Payment data, e.g. bank details and payment histories
from our clients, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
IX
Rights of Data Subjects
If your personal data is processed, you are a Data Subject under the stipulations of the EU General Data Protection Regulation – known in German as the EU-Datenschutzgrundverordnung (DSGVO). You have the following rights in relation to the data Controller:
- Right to access data, pursuant to Art. 15 of the DSGVO
Pursuant to Art. 15 of the DSGVO, you may request confirmation from the Controller as to whether personal data concerning you are being processed by us.
If such processing is taking place, you can request information from the Controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the envisaged duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the Controller, or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the Data Subject;
(8) the existence of automated decision-making, including profiling, pursuant to Arts. 22(1) and (4) of the DSGVO and, at least in these cases, meaningful information about the reasons for, scope and intended effects of such processing for the Data Subject.
You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards, pursuant to Art. 46 of the DSGVO, in connection with the transfer.
- Right of rectification, pursuant to Art. 16 of the DSGVO
Pursuant to Art. 16 of the DSGVO, you have a right of rectification and/or completion with respect to the Controller if the personal data processed concerning you are inaccurate or incomplete. The Controller must carry out the rectification without delay.
- Right to erasure (the ‘right to be forgotten’), pursuant to Art. 17 of the DSGVO
You may request the Controller to erase the personal data concerning you without undue delay and the Controller shall be obliged to erase such data without undue delay if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9(2) a of the DSGVO, and there is no other legal basis for the processing;
(3) You object to the processing pursuant to Art. 21(1) of the DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the DSGVO;
(4) The personal data concerning you have been processed unlawfully;
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under EU or member-state law to which the Controller is subject;
(6) The personal data concerning you have been collected in relation to information services offered pursuant to Article 8(1) of the DSGVO.
- Information conveyed to third parties
If the Controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) of the DSGVO, the Controller shall take reasonable steps, including technical measures, with due regard to the available technology and the cost of implementation, to inform data Controllers that process the personal data that you, as the Data Subject, have requested that they erase all links to, or copies or replications of, that personal data.
- Exceptional cases (exemptions)
The right to erasure does not exist insofar as the processing is necessary for:
(1) the exercise of the right to freedom of expression and information;
(2) compliance with a legal obligation that requires processing under EU or member state law to which the Controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the Controller;
(3) reasons of public interest in the area of public health pursuant to Arts.9(2)(h) and (i) and Art. 9(3) of the DSGVO;
(4) archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the DSGVO, insofar as the right referred to in section (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) the assertion, exercise or defence of legal claims.
- Right to restriction of processing, pursuant to Art. 18 of the DSGVO
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) for reasons of public interest in the area of public health pursuant to Arts. 9(2) h and i, and Art. 9(3) of the DSGVO;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the DSGVO, insofar as the right referred to in section (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) for the assertion, exercise or defence of legal claims. if you have objected to the processing pursuant to Art. 21(1) of the DSGVO and it has not yet been determined whether the Controller’s legitimate grounds override your grounds.
Where the processing of personal data relating to you has been restricted, such personal data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the EU or a member state.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.
- Disclosure requirement (duty of notification), pursuant to Art. 18 of the DSGVO
If you have asserted the right to rectification, erasure or restriction of processing against the Controller, the Controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the Controller to be informed about these recipients.
- Right to data transmissibility (or assignability), pursuant to Art. 20 of the DSGVO
You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another Controller without hindrance by the Controller to whom the personal data was provided, provided that
(1) the processing is based on consent pursuant to Art. 6 (1) a of the DSGVO or Art. 9 (2) a of the DSGVO or on a contract pursuant to Art. 6 (1) b of the DSGVO, and
(2) the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one Controller to another Controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
- Right to object,pursuant to Art. 21 of the DSGVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) e or f of the DSGVO; this also applies to profiling based on these provisions.
The Controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or in cases where this processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it’s related to such direct marketing.
If you object to this processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
- Right to revoke the declaration of consent under data protection law, pursuant to Art. 7(3) of the DSGVO
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
- Automated decision-making in individual cases, including profiling, pursuant to Art. 22 of the DSGVO
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the Controller,
(2) is permissible on the basis of legal provisions of the EU or the member states to which the Controller is subject, and provided that these legal provisions include appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
(3) is made with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) of the DSGVO, unless Art. (6) a or g of the DSGVO applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in (1) and (3), the Controller shall take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a person on the part of the Controller, to express his or her point of view and to contest the decision.
- Right to complain to a supervisory authority, pursuant to Art. 77 of the DSGVO
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of the residence in which you’re domiciled for legal purposes, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the DSGVO.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy, under Art. 78 of the DSGVO.
This data protection declaration conforms to all pertinent and currently valid stipulations of the EU General Data Protection Regulation (GDPR) – known in German as the EU-Datenschutzgrund-verordnung (DSGVO) – and was updated in January 2023.
Due to the ongoing development of our website and its associated offers, or because of changed legal or official requirements, including changes to the names of external companies that this website may (in the course of its reasonable business activities) provide links to, it may become necessary to change this data protection declaration. The current data protection declaration can be viewed on our website at any time.