Privacy Policy

The data controller within the meaning of the GDPR and other national data protection laws of the Member States as well as other data protection provisions is:

Address:
Charlotte Waldburg-Zeil
c/o Postflex #4001
Emsdettener Str. 10
48268 Greven
No parcels or packages - acceptance will be refused!

Email: info@charlottewaldburgzeil.com

I. General Information/Privacy Policy Notes

The processing of users' personal data is carried out only to the extent necessary for the provision of a functioning website as well as my content and services.
The processing of users' personal data is regularly only carried out with their consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

The legal basis for processing personal data with consent can be found in Art. 6(1)(a) GDPR.
If the processing of data is necessary to protect a legitimate interest of mine or a third party, and the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.

II. Provision of the Website/Informational Use

When using the website for informational purposes only, i.e., if you do not send me a contact request or provide me with information in any other way, information and data about your use of this website are automatically collected and temporarily stored by the computer system of the accessing end device with each call to the website.
The following data is collected in this process:
• Information about the type of browser and the version used
• The user's operating system
• The user's internet service provider
• The user's IP address
• Date and time of access
• Websites from which the user's system accesses our website
• Websites accessed by the user's system via our website
The temporary storage of this data is necessary to enable the website to be provided and to ensure its functionality for the accessing visitor. There is therefore a legitimate interest in the temporary storage of data in accordance with Art. 6(1)(f) GDPR.

The data is deleted as soon as it is no longer necessary to achieve the purpose, i.e., at the end of the user session.
If data is stored in log files, deletion or anonymization takes place no later than after 7 days. It is then no longer possible to draw conclusions about the respective user.

Because the temporary storage of data for the provision of the website is mandatory for the user, there is no option to object to this data storage.

III. Google Analytics/ "Cookies"

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies." Cookies are small text files that are stored on the user's operating system as soon as you visit a website. Each cookie contains a characteristic string (so-called cookie ID) that allows the browser to be uniquely identified when the website is called up again. Cookies do not cause any harm to your device and do not contain viruses.
The legal basis for processing personal data using cookies is derived from Art. 6(1)(f) GDPR.
Cookies are used to make our website more user-friendly. Some elements of our website require that the accessing browser can also be identified after a page change.
The following data can be stored in the cookies:
• Language settings
• Display of images

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies.
The user data collected through technically necessary cookies is not used to create user profiles.

Furthermore, this website uses cookies that enable an analysis of users' browsing behavior.
In this way, the following data can be transmitted:
• Entered search terms
• Frequency of page views
• Use of website features
The use of analysis cookies is for the purpose of improving the quality of the website and its content. Through analysis cookies, it can be determined how the website is used, and the offering can be continuously optimized as a result. The legal basis can be found in Art. 6(1)(a) GDPR.
The data collected in this way is pseudonymized by technical measures. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When accessing the website, users are informed about the use of cookies for analysis purposes through an info banner and referred to this privacy policy. In this context, there is also a notice on how to prevent the storage of cookies in the browser settings.
When accessing the website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

Cookies are stored on the user's computer and transmitted to the website by the user. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, not all functions of the website may be fully usable.

IV. Contact Form/Email Contact

This website has a contact form that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to me and stored.
In addition to the personal or business data expressly and voluntarily provided, this data also includes the user's IP address as well as the date and time of registration.
Your consent is obtained for the processing of the data as part of the sending process, and reference is made to this privacy policy.
Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for the processing of the conversation.

The legal basis for processing the data, if the user has given their consent, is Art. 6(1)(a) GDPR.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR.

The processing of the personal data from the input mask serves me solely for processing the contact. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered terminated when it can be inferred from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be deleted no later than after a period of seven days.

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts me by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.
In this case, all personal data stored in the course of making contact will be deleted.

V. Data Subject Rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

Right to Access (Art. 15 GDPR):
You have the right to obtain from me as the controller confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the following information:
a. The purposes of the processing.
b. The categories of personal data concerned.
c. The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations.
d. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
e. The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
f. The right to lodge a complaint with a supervisory authority.
g. Where the personal data are not collected from the data subject, any available information as to their source.

Right to Rectification (Art. 16 GDPR):
You have the right to obtain from me as the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure ("Right to Be Forgotten") (Art. 17 GDPR):
You have the right to obtain from me as the controller the erasure of personal data concerning you without undue delay, and I am obliged to erase personal data without undue delay where one of the following grounds applies:

a. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b. You withdraw consent on which the processing is based according to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR, and where there is no other legal ground for the processing.
c. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
d. The personal data have been unlawfully processed.
e. The personal data must be erased for compliance with a legal obligation in Union or Member State law to which I am subject.
f. The personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

Right to Restriction of Processing (Art. 18 GDPR):
You have the right to obtain from me as the controller restriction of processing where one of the following applies:
a. The accuracy of the personal data is contested by you, for a period enabling me, as the controller, to verify the accuracy of the personal data.
b. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
c. I no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims.
d. You have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of my company override yours.

If processing has been restricted in accordance with the above conditions, you will be informed by me before the restriction is lifted.

Right to Data Portability (Art. 20 GDPR):
You have the right to receive the personal data concerning you, which you have provided to me, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from me, as long as processing is based on consent pursuant to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR and processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in me.
Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have personal data transmitted directly from me to another controller, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

Right to Object (Art. 21 GDPR):
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions.
I will no longer process the personal data unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

Right to Withdraw Consent (Art. 7(3) GDPR):
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Automated Individual Decision-Making, Including Profiling (Art. 22 GDPR):
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

An automated decision-making process based on the collected personal data does not take place.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR):
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

VI. Data Security

I use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, I use 128-bit v3 technology instead. You can tell whether a single page of my website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
I also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. My security measures are continuously improved in line with technological developments.
VII. Validity and Amendment of This Privacy Policy

This privacy policy is currently valid and has the status of May 2023.