Data Protection Declaration - natalie-sina-larimar.com

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Sarah Natalie Bloch, 78467 Konstanz, Germany, E-Mail: art @ natalie-sina-larimar.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

2) Data Collection When You Visit Our Website

When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called „server log files“). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

3) Cookies

In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

If personal data are also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6 (1) point b GDPR either for the execution of the contract or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

We work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following sections.

Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://www.mozilla.org/en-US/privacy/websites/#cookies
Google: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that the functionality of our website may be limited if cookies are not accepted.

4) Contacting

In the context of contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided that there are no legal storage obligations to the contrary.

5) Google reCAPTCHA

5.1 Type and scope of processing

We have integrated Google reCAPTCHA components on our website. Google reCAPTCHA is a service provided by Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated using a program. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the length of stay and mouse movements of the user in order to distinguish automated requests from human ones. This data is processed solely for the above purposes and to maintain the security and functionality of Google reCAPTCHA.

5.2 Purpose and Legal Basis

Google reCAPTCHA is used on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a. DSGVO and § 25 Abs. 1 TTDSG We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g. in the USA), we have agreed other suitable guarantees within the meaning of Art. 44 et seq. GDPR with the recipients of the data. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can find a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/ EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, prior to such a transfer to a third country, we obtain your consent in accordance with Article 49 (1) sentence 1 lit. DSGVO, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries there are risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and which you may not be aware of) can exist.

5.3 Duration of storage

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. You can find further information in the data protection declaration for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

Source: Data protection configurator by Mein-Datenschutzbeauftragter.de

6) Tools and Miscellaneous

6.1 GDPR Compliance Pro

This website uses the cookie consent tool “GDPR Compliance Pro” supplied by Teapot Creative, Bowdens Farm, The Courtyard TA10 0BP, UK, to obtain valid user consents for cookies and cookie-based applications. By incorporating a corresponding JavaScript code, users are shown a banner when calling up a page, in which consent for certain cookies and/or cookie-based applications can be given by ticking the respective box. The tool blocks all cookies requiring consent until the individual user gives corresponding consent. This ensures that such cookies are only set on the user’s terminal device if consent is given.
To enable the cookie consent tool to clearly assign page views to individual users and to individually record, log and store the consent settings made by the user for a session, certain user information (including the IP address) is collected by the cookie consent tool when calling up our website, transmitted to Teapot Creative servers and stored there.
This data processing takes place in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
Further legal basis for the data processing described is Art. 6 para. 1 lit. c GDPR. As the data controller for this website, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user’s consent.
Further information on data use by Teapot Creative can be found at https://www.teapotcreative.co.uk/legal-policies/privacy-policy/

6.2 Google Web Fonts

This site uses web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“) to uniformly display fonts. When you call up a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
To do this, the browser you are using must have a connection to Google’s servers. When using Google Maps, personal data may also be transmitted to the servers of Google LLC. in the USA. In this way, Google will be informed that our website has been accessed via your IP address. Google Web Fonts are used for the purpose of a uniform and attractive presentation of our online offers and its use is in our legitimate interest within the meaning of Art. 6 (1) point f GDPR. If your browser does not support web fonts, a default font is used by your computer.
Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

7) Rights of the Data Subject

7.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:

– Right of access by the data subject pursuant to Art. 15 GDPR: You shall have the right to receive the following information: The personal data processed by us; the purposes of the processing; the categories of processed personal data; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject; the appropriate safeguards pursuant to Article 46 when personal data is transferred to a third country.

– Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and/or the right to have incomplete personal data completed which are stored by us.

– Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR: You have the right to obtain from the controller the erasure of personal data concerning you if the conditions of Art. 17 (2) GDPR are fulfilled. However, this right will not apply for exercising the freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

– Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to obtain from the controller restriction of processing your personal data for the following reasons: As long as the accuracy of your personal data contested by you will be verified. If you oppose the erasure of your personal data because of unlawful processing and you request the restriction of their use instead. If you require the personal data for the establishment, exercise or defense of legal claims, once we no longer need those data for the purposes of the processing. If you have objected to processing on grounds relating to your personal situation pending the verification whether our legitimate grounds override your grounds.

– Right to be informed pursuant to Art. 19 GDPR: If you have asserted the right of rectification, erasure or restriction of processing against the controller, he is obliged to communicate to each recipient to whom the personal date has been disclosed any rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.

– Right to data portability pursuant to Art. 20 GDPR: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to require that those data be transmitted to another controller, where technically feasible.

– Right to withdraw a given consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent for the processing of personal data at any time with effect for the future. In the event of withdrawal, we will immediately erase the data concerned, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

– Right to lodge a complaint pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

7.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

8) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in the further storage.