Server log files
When you visit our website, our hosting provider jweiland.net, Echterdinger Straße 57, 70794 Filderstadt, Germany, automatically and by our request stores user data in server log files, which your browser transfers automatically. This act of data processing is carried out pursuant to Section 6 Subsection 1(f) GDPR. The data are collected by our web server operator in order to ensure the functioning and security of our website. Collected data include the IP address of the requesting computer, date and time of the request, accessed pages, and information about the applications and devices you are using to access our website (browser type, language, browser version, operating system). These data are deleted after 30 days at the latest. For more information, see this page.
Matomo web analysis service
On our website, we use the web analysis service Matomo (formerly Piwik) in order to gain anonymous, pseudonymised information that allows us to measure and analyse how visitors use our website. We use these data to expand and optimise our website. This act of data processing takes place on the basis of of Section 6 Subsection(a) GDPR. You can modify your cookie settings here.
Matomo uses cookies that are stored on your computer and facilitate an anonymised analysis of your use of the website. In addition to the anonymised IP address of the requesting computer, Matomo stores information about the date, time and duration of your visit, accessed pages, and the applications and devices you are using to access our website (browser type, language, browser version, operating system).
Your IP address is immediately anonymised after collection and prior to storage, so that we cannot identify you. In concrete terms, ‘anonymised’ means that the IP address is not stored in full but partially masked (an Ipv4 address would look like this, for example: 192.168.xxx.xxx). A partially masked IP address cannot be matched with a specific device.
By changing the settings of your browser, you can deactivate or limit the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can be done automatically, too. When you use such a ‘do-not-track’ option in your browser (also called ‘incognito mode’), it tells websites not to track your activities. Matomo respects this option.
Matomo is only used on the servers of our hosting provider, jweiland.net, Echterdinger Straße 57, 70794 Filderstadt, Germany. The aforementioned data are only stored on their servers and not shared with any third parties. Your data are deleted as soon as we no longer need them for our own recording purposes, normally after twelve months.
Social-media plug-ins
Some pages of our website contain buttons to social-media networks, which allow you to share our content. These buttons only establish contact between the user and the social network in question when you actively click them (one-click solution). By activating a social-media plug-in or icon, data such as your IP address, browser information, operating system and the URL of the current website may be transferred to the respective social-media provider. Please consult the privacy policies of the individual social-media platforms to find out to what extent, for what purpose and on what legal basis your data may be processed. The following section provides and overview of the social-media plug-ins integrated into our website.
YouTube plug-in
Our website uses the plug-in of YouTube/Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It allows us to embed videos in our website. The plug-in was implemented into our website with data privacy in mind. Users only establish a connection to YouTube when they activate the corresponding cookie by giving their consent. If you give your consent, a connection will be established between your browser and the YouTube servers. We cannot influence whether or not these providers comply with data protection laws. We do not know to what extent, in what location and for what duration the data are stored, if the networks comply with deletion requirements, how the data are evaluated and connected, and with whom the data are shared. For more information, see the privacy policy of YouTube.
Spotify plug-in
Our website uses the plug-in of Spotify/Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. It allows us to embed podcasts in our website. The plug-in was implemented into our website with data privacy in mind. Users only establish a connection to Spotify when they activate the corresponding cookie by giving their consent. If you give your consent, a connection will be established between your browser and the Spotify servers. We cannot influence whether or not these providers comply with data protection laws. We do not know to what extent, in what location and for what duration the data are stored, if the networks comply with deletion requirements, how the data are evaluated and connected, and with whom the data are shared. For more information, see the privacy policy of Spotify.
Twitter share button
Our website uses the share button of Twitter/Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. You can identify the button by the Twitter logo (stylised bird). The share button allows users to share an article, page or piece of content from our website on Twitter. The buttons were implemented into our website with data privacy in mind. Users only establish a connection to Twitter when activating one of the buttons with a click. If you click a button, a connection will be established between your browser and the Twitter servers. We have no influence on the extent of data collected by Twitter and only make you aware of this process on the basis of the information available to us. For more information, see the privacy policy of Twitter.
LinkedIn share button
Our website uses the share button of LinkedIn/LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. You can identify the button by the LinkedIn logo (white ‘in’ on a background). The share button allows users to share an article, page or piece of content from our website on LinkedIn. The buttons were implemented into our website with data privacy in mind. Users only establish a connection to LinkedIn when activating one of the buttons with a click. If you click a button, a connection will be established between your browser and the LinkedIn servers. The content of the share button is directly transferred to your browser from LinkedIn. This means that LinkedIn will be informed that you have visited this website. We do not have any knowledge about nor influence over the content of that data transfer and the purpose of the data processing. Click here for more information about data processing and the privacy settings of your LinkedIn profile.
Facebook share button
Our website uses the share button of Facebook/Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. If you are a permanent resident of the European Union, your relevant service provider will be Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. The share button displays the Facebook logo (white ‘f’ on a background). The share button allows users to share an article, page or piece of content from our website on Facebook. The buttons were implemented into our website with data privacy in mind. Users only establish a connection to Facebook when activating one of the buttons with a click. If you click a button, a connection will be established between your browser and the Facebook servers. As far as we are aware, the following data are transferred to Facebook:
- Date and time of your visit
- Accessed pages
- IP address
- Browser type
- Operating system
- User ID (if you are a registered Facebook user)
We have no influence over which data Facebook collects, uses or stores. Please consult the privacy policy and cookie guidelines of Facebook.
Contacting us
When you contact us by email, the personal data submitted along with your email will be used to respond to your inquiry. No data will be passed on to third parties. This act of data processing is carried out pursuant to Section 6 Subsection 1(f) GDPR. If you email us in order to enter into a contract, Section 6 Subsection 1(b) GDPR also applies. Your data will be deleted as soon as we have conclusively responded to your inquiry and there are no legal requirements prevents us from deleting them, as would be the case when the communication results in the conclusion of a contract, for instance. You can withdraw your consent to the processing of your data at any time. If you do, we will not be able to continue the conversation.
Data security
Our website uses the TSL (Transport Layer Security) process in conjunction with the highest level of encryption supported by your browser. Normally, this will be 256-bit encryption. If your browser does not support this, we will use 128-bit encryption instead. To determine whether a specific page of our website is encrypted, check for the padlock symbol in your browser’s address bar.
Recipients of personal data
Your personal data are only processed within our company. Only specific departments have access to your data, depending on the type of personal data and the purpose of their processing. They include the specialist departments responsible for our online presence and our IT department. We operate a role-based access control system to restrict data access to the functions and scope necessary for processing the data.
To the extent permitted by law, we are allowed to pass your personal data on to third parties outside of our company. Such external recipients may include, in particular:
- service providers who work for us on the basis of a separate contract and whose services may the processing of personal data, such as hosting or maintenance providers, and any sub-contractors of our service providers which have been involved in the process with our consent,
- service providers who have been contracted in relation to our newsletter, such as CleverReach GmbH, Schafjückenweg 2 26180 Rastede, and the sub-contractors Amazon Web Services Inc.*, Hetzner Online GmbH and PlusServer GmbH.
*Third countries, especially the USA, may not have the same standards of data protection upheld in the European Union. This may lead to disadvantages such as difficulties in exercising the rights of the data subject, lack of control over the further processing and transfer of data, and data access by public bodies, especially US governmental authorities, without any legal remedies being available to those affected.
- non-public and public bodies in cases where we are legally obliged to transfer your personal data, e.g., for the purpose of legal or criminal prosecution.
Data transfer to third countries
Your personal data are always processed inside the European Union (EU) or the European Economic Area (EEA). They may be transferred to recipients in third countries only in cases where web analysis service providers are involved. Third countries are countries outside the European Union or outside the Agreement on the European Economic Area which may not necessarily adhere to standards of data protection comparable to those of the European Union.
Where the submitted data include personal data, we ensure that the third country or third-country recipient in question adhere to the required standards of data protection before transferring any data. The adequacy of data protection standards in a third country may be confirmed by a decision from the European Commission. Alternatively, we may rely on standard contractual clauses agreed between a recipient and the European Union; in individual cases, we will verify whether these clauses ensure adequate protection in consideration of the laws of the third country in question. Where necessary, we will take additional measures to ensure an appropriate level of protection. In exceptional cases, the transfer of personal data may be justified in terms of informed consent. We will be happy to provide you with further information about the suitable and adequate guarantees in place to ensure compliance with an appropriate level of data protection upon request. You can find our contact data at the start of this privacy policy.
Obligation to provide personal data
There is no legal or contractual obligation to provide personal data. No personal data are needed to enter into a contract. If you choose not to provide any personal data, certain functions of this website may not be available in full, and you may be unable to subscribe to our newsletter.
Automated decision-making
We do not use any automated decision-making processes, including profiling as defined in Section 22 GDPR, in relation to the operation of our website. If we use any such processes in individual instances in future, we will inform you about this to the extent required by law.
Rights of the data subject
Anyone whose personal data is being processed is a data subject as defined by the GDPR. This gives you the following rights against the data controller, provided that all legal requirements are met.
- Right of access: As per Section 15 GDPR, you have right to access any personal data concerning you that we have processed.
- Right to rectification: As per Section 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data concerning you.
- Right to erasure: As per Section 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you, provided that their processing is not required for compliance with a legal obligation or for the assertion, exercise or defence of any legal claims.
- Right to restriction of processing: As per section 18 GDPR, you have the right to obtain from us restriction of processing in cases where you contest the accuracy of your personal data, they have been processed unlawfully, or we no longer require the data in question.
-
- Right to data portability: As per Section 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or have those data transmitted to another controller.
- Right to withdrawal of consent: As per Section 7 Subsection 3 Sentence 1 GDPR, you have the right to withdraw your consent at any time If you withdraw your consent, we will no longer be permitted to perform the acts of data processing relying on your consent. Withdrawal does not affect the lawfulness of any acts of processing carried out prior to withdrawal.
- Right to lodge a complaint with a supervisory authority: As per Section 77 GDPR, you have the right to lodge a complaint with a supervisory authority.
To exercise this right, you may contact us using the information provided at the beginning of this privacy policy. If you have questions about the processing of your personal data, you may also contact our data protection officer. If you believe that the processing of your data violates data protection laws or infringes on your data protection rights in any other way, you can also contact the Federal Commissioner for Data Protection and Freedom of Information.