Privacy Policy

Introduction

With the following privacy policy we wish to inform you about the types of your personal data (hereinafter also referred to in short as "data") we process, for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the course of providing our services and in particular on our websites, in mobile applications, and within external online presences such as our social media profiles (collectively referred to as the "online offering").

The terms used are not gender-specific.

As of: 10 July 2022

Table of contents

  • Introduction
  • Controller
  • Overview of processing operations
  • Relevant legal bases
  • Security measures
  • Transmission of personal data
  • Deletion of data
  • Business services
  • Provision of the online offering and web hosting
  • Blogs and publication media
  • Contact and enquiry management
  • Presences in social networks (social media)
  • Amendment and updating of the privacy policy
  • Rights of data subjects
  • Definitions

Controller

Enrico Bühler
Schroffenstraße 44
78628 Rottweil

Email address:

buehler@unom.io

Imprint:

https://enrico.buehler.earth/legal/imprint

Overview of processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta/communication data.

Categories of data subjects

  • Prospective customers.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and customer service.
  • Contact enquiries and communication.
  • Office and organisational procedures.
  • Management of and responses to enquiries.
  • Feedback.
  • Marketing.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection rules in your or our country of residence or registered office may apply. Where more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Performance of contract and pre-contractual enquiries (Art. 6 (1) sentence 1 lit. b GDPR) — processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) sentence 1 lit. c GDPR) — processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR) — processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

In addition to the data protection provisions of the General Data Protection Regulation, national data protection rules apply in Germany. This includes in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act — BDSG). The BDSG in particular contains special rules on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases including profiling. It also regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, performance or termination of employment relationships as well as the consent of employees. Furthermore, the data protection laws of the individual federal states may apply.

Security measures

In accordance with the legal requirements and taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access to, input, disclosure, availability and separation of the data. We have also established procedures to ensure that data subjects' rights are exercised, data is deleted and reactions are made to threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

SSL encryption (https): To protect the data you transmit via our online offering we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of personal data

In the course of our processing of personal data, the data may be transmitted to or disclosed to other entities, companies, legally independent organisational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases we observe the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Deletion of data

The data we process is deleted in accordance with the legal requirements as soon as the consents permitting its processing are revoked or other permissions cease to apply (e.g. when the purpose of processing this data no longer applies or it is no longer required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to those purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may contain further information on the retention and deletion of data that takes precedence for the respective processing operations.

Business services

We process the data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships and associated measures, and in the course of communication with the contractual partners (or pre-contractual), e.g. to respond to enquiries.

We process this data in order to fulfil our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. We also process the data in order to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as the organisation of the business. We also process the data on the basis of our legitimate interests in proper and businesslike management as well as in security measures to protect our contractual partners and our business operations against misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law we only disclose the data of contractual partners to third parties insofar as this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners are informed about further forms of processing, e.g. for marketing purposes, within the framework of this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes prior to or as part of the data collection, e.g. in online forms, through special markings (e.g. colours) or symbols (e.g. asterisks etc.), or personally.

We delete the data after expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant for tax purposes as well as commercial books, inventories, opening balances, annual accounts, the working instructions and other organisational documents necessary for understanding these documents, and accounting vouchers; six years for received commercial and business letters and copies of dispatched commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance, annual accounts or management report was drawn up, the commercial or business letter was received or sent, or the accounting voucher was created, the record was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

  • Types of data processed: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, telephone numbers); contract data (e.g. subject matter of the contract, term, customer category).
  • Data subjects: prospective customers; business and contractual partners.
  • Purposes of processing: provision of contractual services and customer service; contact enquiries and communication; office and organisational procedures; management of and responses to enquiries.
  • Legal bases: performance of contract and pre-contractual enquiries (Art. 6 (1) sentence 1 lit. b GDPR); legal obligation (Art. 6 (1) sentence 1 lit. c GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

  • Agency services: we process the data of our customers in the course of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services; Legal bases: performance of contract and pre-contractual enquiries (Art. 6 (1) sentence 1 lit. b GDPR).

Provision of the online offering and web hosting

To provide our online offering securely and efficiently we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offering can be accessed. For these purposes we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed in connection with providing the hosting offering may include all information relating to the users of our online offering that arises in the course of use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites.

  • Types of data processed: content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers etc.)).
  • Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

  • Collection of access data and log files: we ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the websites and files accessed, the date and time of access, the volume of data transferred, a message about successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page) and as a rule IP addresses and the requesting provider. Server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure server utilisation and stability; Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR); Deletion of data: log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
  • Hetzner: services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR); Website: https://www.hetzner.com; Privacy policy:https://www.hetzner.com/de/rechtliches/datenschutz; Data processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only insofar as it is necessary for its presentation and for communication between authors and readers, or for reasons of security. For the rest we refer to the information on the processing of visitors to our publication medium in the context of this privacy policy.

  • Types of data processed: inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of contractual services and customer service; feedback (e.g. collecting feedback via an online form); provision of our online offering and user-friendliness.
  • Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Contact and enquiry management

When you contact us (e.g. via the contact form, email, telephone or social media) and in the course of existing user and business relationships, the information of the enquiring persons is processed insofar as this is necessary to respond to the contact enquiries and any requested measures.

Responses to contact enquiries and the management of contact and enquiry data within the framework of contractual or pre-contractual relationships are made in order to fulfil our contractual obligations or to respond to (pre-)contractual enquiries and otherwise on the basis of the legitimate interests in responding to enquiries and maintaining user or business relationships.

  • Types of data processed: contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: communication partners.
  • Purposes of processing: provision of contractual services and customer service; contact enquiries and communication; management of and responses to enquiries; feedback (e.g. collecting feedback via an online form); provision of our online offering and user-friendliness.
  • Legal bases: performance of contract and pre-contractual enquiries (Art. 6 (1) sentence 1 lit. b GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

  • Contact form: when users contact us via our contact form, email or other means of communication, we process the data communicated to us in this context to handle the matter raised. For this purpose we process personal data in the course of pre-contractual and contractual business relationships insofar as this is necessary for their performance and otherwise on the basis of our legitimate interests and the interests of the communication partners in responding to the matter and our statutory retention obligations; Legal bases: performance of contract and pre-contractual enquiries (Art. 6 (1) sentence 1 lit. b GDPR), legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Presences in social networks (social media)

We maintain online presences within social networks and in this context process users' data in order to communicate with the users active there or to provide information about us.

We point out that users' data may be processed outside the area of the European Union. This may give rise to risks for users, because, for example, the enforcement of users' rights could be made more difficult.

Furthermore, users' data is generally processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on users' usage behaviour and resulting interests. The usage profiles can in turn be used, for example, to display advertisements inside and outside the networks that presumably correspond to the users' interests. For these purposes, cookies are usually stored on users' computers in which the usage behaviour and interests of users are stored. Furthermore, data may be stored in the usage profiles independent of the devices used by the users (especially if the users are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the opt-out options, we refer to the privacy policies and information of the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights we point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.

  • Types of data processed: contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: users (e.g. website visitors, users of online services).
  • Purposes of processing: contact enquiries and communication; feedback (e.g. collecting feedback via an online form); marketing.
  • Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR).

Further information on processing operations, procedures and services:

  • Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR); Website:https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
  • Twitter: social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR); Privacy policy: https://twitter.com/privacy, (settings: https://twitter.com/personalization).
  • YouTube: social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal bases: legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR); Privacy policy: https://policies.google.com/privacy; Opt-out:https://adssettings.google.com/authenticated.

Amendment and updating of the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or any other individual notification.

Insofar as we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses can change over time and we ask you to check the information before contacting them.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you carried out on the basis of Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is connected with such direct marketing.
  • Right to withdraw consent: you have the right to withdraw consent you have given at any time.
  • Right of access: you have the right to obtain confirmation as to whether or not data concerning you is being processed and to access this data as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: in accordance with the legal requirements you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and to restriction of processing: in accordance with the legal requirements you have the right to request that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to request restriction of the processing of the data.
  • Right to data portability: you have the right to receive data concerning you which you have provided to us, in accordance with the legal requirements, in a structured, commonly used and machine-readable format, or to request the transmission of this data to another controller.
  • Complaint to a supervisory authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Definitions

This section gives you an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined in particular in Art. 4 GDPR. The statutory definitions are binding. The following explanations are intended primarily to aid understanding. The terms are sorted alphabetically.

  • Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Controller: "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether it is collection, evaluation, storage, transmission or deletion.


Legal

ImprintPrivacy Policy

Overview

Home

played

playedrememedresoluremplir

Social Media

instagram