Data protection notice

on the processing of personal data in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR)

1. Responsible person and contact details

The person responsible for processing personal data is Ms. Katharina Knebel, Hofäckerstr. 12 in 97256 Geroldshausen, Germany, phone: +49 15203132355, e-mail: katharina@katharinaknebel.com (hereinafter ‘the person responsible’). Further information can also be viewed in my legal imprint notice.

2. General processing purposes and legal bases for processing

Your personal data will be processed for the purpose of answering your request (s), initiating a contract and / or executing my contractual services, fulfilling legal archiving obligations and to protect against liability risks.
Personal data is also processed when you visit my website (more on this below in Section 6).
The following purposes and legal bases for justifying data processing are regularly available:

§ If you give me your consent to the processing of personal data for one or more specific purposes, the legal basis is Art. 6 Para. 1 a) GDPR.

§ If the processing of your personal data is necessary for the fulfillment of the contractual relationship to which you are a party or for the implementation of pre-contractual measures that are carried out at your request, the legal basis for this processing (s) is Article 6 (1) (b) GDPR.

§ If  your personal data are processed for the fulfillment of  a legal obligation (especially archiving obligation), the legal basis is  Article 6 Paragraph 1 c) GDPR.

§ If your personal data is stored solely for legal protection purposes during the statutory limitation periods (e.g. if you contact me but no contractual relationship is established), this is in my legitimate interest, so that the legal basis is Article 6 (1) (f) GDPR .

§ If personal data is processed in the context of my use of social networks, this is done for direct exchange with other users and for my general information and increase in range. Depending on the facts, the legal basis for the processing may be your consent in accordance with Art. 6 Para. 1 a) GDPR or my legitimate interest in accordance with Art. 6 Para. 1 f) GDPR.

3. Data categories and data types, data subjects

The following data categories and data types are processed on a regular basis:
address data (name, street, postcode, town), communication data (contact person, telephone number, fax number, email address), bank details (account holder, IBAN), order content (including all personal information you have provided Third party data).
Groups of people affected by my processing: customers, former customers, prospective customers, service providers, contact persons at service providers.

4. Recipients or categories of recipients

To fulfill the contract or to carry out pre-contractual measures, personal data that are transmitted to the person responsible are made available to the following categories by the recipient: postal and shipping service providers, email, web hosting, video communication and telecommunications providers, banks and payment service providers as well as social networks ( only if you actively approach me via the respective platform), consultants (e.g. tax consultants, lawyers).
Without your consent, the personal data will not be made available to other third parties, unless it is made accessible due to legal obligation or legitimate interests.

5. Third country transfer

A transfer to a third country does not take place as part of order processing.
If you contact me via social networks, a third country transfer takes place:

LinkedIn

I use the LinkedIn platform of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ( ‘LinkedIn’).
Further information on data protection at LinkedIn, in particular details on the data processed by LinkedIn and the purposes for which it is used, can be found in LinkedIn’s data protection declaration: https://www.linkedin.com/legal/privacy-policy? _1 = de_DE

The American LinkedIn Corp. – As the parent company of InkedIn Ireland – has joined the EU-US Privacy Shield, which provides a sufficient guarantee within the meaning of Art. 44 ff. GDPR for some data transfers to the USA. You can find more information on the EU-US Privacy Shield at:https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

I would like to point out that I have read about the above at para. I can reach the specified contact options better and I do not want any order-related contact via LinkedIn.
If you use LinkedIn and get in touch with me, you do this voluntarily and on your own responsibility. This also applies to the use of the interactive functions.
I have no influence on the processing of personal data by LinkedIn (especially type, scope, disclosure) or a corresponding effective control option of the data protection level implemented at LinkedIn.

6. Visiting my website and leaving contact details

(1) When using the website for information purposes only, i.e. if you do not provide any other information when you contact us, I only collect the personal data that your browser transmits to my server. If you would like to view my website, I collect the following data, which is technically necessary for me to display my website to you and to ensure stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTPS status code
  • amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its surface
  • Language and version of the browser software.

In addition to the aforementioned data, cookies are saved on your computer when you use my website. Cookies are small text files that are assigned to the browse you use on your hard drive and through which certain information flows to the location that sets the cookie (here by me). They serve to make the Internet offer more user-friendly and effective overall, to store whether you have confirmed the cookie banner and to measure the statistical range.

(2) If you contact me by email, phone or via my contact form, the data you voluntarily provide (e.g. email address, name, phone number, request) will be saved by me to answer your request and, if necessary to get in touch with you. We delete the data arising in this context after the storage is no longer necessary, or restrict the processing if there are statutory retention requirements.

(3) Use my contact form, your data will be encrypted using TLS / SSL technology.

(4) My email provider uses TSL / SSL technology. For complete transport encryption, however, your email provider must also be open to this technology. You can check this here .

7. Storage period

The person responsible is subject to various storage and documentation obligations, which may arise from the tax code (AO). The deadlines for storage and documentation specified there are between six and ten years for tax-relevant documents ( § 147 AO). 
Finally, the storage period is also assessed according to the statutory limitation periods (see  § § 195 ff. Of the German Civil Code): 

 § Inquiries, feedback, endorsements or notes that belong to a situation that can lead to liability risks are stored for three years even without an order.

§ In certain cases (esp. claims for damages from the intentional injury to life, limb or health ( § 197 BGB)) the limitation period and thus the possible storage period is even up to 30 years.

8. Rights of data subjects

You have the following so-called data subject rights:

§ Revocation of consent given to me with effect for the future

§ Information according to Art. 15 GDPR, whereby the restrictions according to  § 35 BDSG apply

§ correction under Art. 16 DSGVO

§ Deletion according to Art. 17 GDPR, whereby the restrictions according to  § 35 BDSG apply

§ Restriction of processing according to Art. 18 GDPR, the right to

§ Objection according to Art. 21 GDPR (more on this below in Section 9) and the right to

§ Data portability, i.e. the receipt of your personal data provided to me in a structured, common and machine-readable format according to Art. 20 GDPR

Corresponding concerns are to be addressed to the address mentioned under point 1.

In addition, there is a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with  Section 19 BDSG). The data protection supervisory authority responsible for me is the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, website: https://www.lds.bayern.de

9. Right to object

You have the right, in particular against the processing of your personal data in the context of my legitimate interests, to object to the processing at any time free of charge with effect for the future. All you need to do is send an email to katharina@katharinaknebel.com or a postal message to the address given under point 1. In the event of an objection, please state your interests, rights and freedoms opposing the processing so that I can take these aspects into account as completely as possible in the legal considerations that he then has to make pursuant to Art. 21 GDPR. I no longer process the personal data unless I can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject,

10. Automated individual decision including profiling

An automated individual decision including profiling does not take place.

11. Changes to this data protection declaration

The responsible reserves the right to change the data protection information due to future changes in the actual or legal framework.