Privacy Policy

1, Scope of Application

This privacy policy informs you about the type, amount and purpose of personal data collected on my website by me, Michele Gauler, the controller of this website.

2, Name and Address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Michele Gauler
Gartenstr. 16d
D-13088 Berlin

Phone +49 (0)30 555 164 59
E-mail: hello(at)michelegauler(dot)net
Website: www.michelegauler.net

3, Collection of General Data and Information (Access Data / Server-Logfiles)

I (respectively the webspace provider) collects data about the access to my website (so called server log files). This access data might include:

The name of the website or file access, access date and time, amount of data transferred, notification of successful transfer, the browser types and versions used, the operating system used by the user, referrer URL, IP-address and provider of the called website.

I use this access data purely for statistical reasons in order to ensure the operation, safety and optimisation of my website. I retain the right to retrospectively analyse the access data in case of a justified evidence of illegal activities.

4, Handling of Personal Data

You can use my website without any indication of personal data; if however, you want to use certain services on my website, like for instance the contact form, processing of personal data can become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, I generally obtain consent from you.

5, Establishing Contact via the Website

If you contact. me (for instance via e-mail or a contact form), I store the personal data that you transmit in order to process your request and in case follow-up questions occur.

6, Routine erasure and blocking of personal data

I process and store your personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

7, Comments and other Input

If you leave a comment or other type of input on my website, your IP-address is stored to allow me to block illegal and unwanted contributions such as insults and illegal political propaganda.

8, Newsletter

You can subscribe to my newsletter on my website.

In order to be able to receive my newsletter, you need to have a valid e-mail address and you need to register for the delivery of the newsletter. I will send a confirmation e-mail to any e-mail address that is submitted to my newsletter subscription list for the first time. I use, for legal reasons, a double opt-in procedure where your confirmation e-mail is used to prove whether the owner of the submitted e-mail address you submitted authorises the newsletter.

During your newsletter registration, I store your IP address as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of an e-mail address to subscribe to my newsletter without the consent of the owner of the e-mail address. There is no other data I collect. I use the collected data only to send you my newsletter and I do not give it to third parties.

I use the services of CleverReach GmbH & Co. KG, a newsletter service provider based in  Schafjückenweg 2, 26180 Rastede, Deutschland to send my newsletters.

The email addresses of my newsletter subscribers as well as other data as described here are stored on German and European (i.e. Irish) servers. CleverReach uses this information to send and analyse the newlsetter on my behalf. CleverReach does not use the data in order to contact my newsletter subscribers or pass on their data to third parties. I have a „Data-Processing-Agreement“ with CleverReach in which they commit to protect the data of my users. You can read the privacy policy of CleverReach here.

If you gave your consent to me sending your information about my offers during your newsletter registration, I process your data according to article 6, paragraph 1 S. 1 lit d GDPR. By subscribing to my newsletter you agree that I, respectively the newsletter service provider CleverReach (CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede) measure your click- and open-behaviour in order optimise my newsletter offers to you.

You can unsubscribe from my newsletter at any time via e-mail to hello(at)michelegaulerq(dot)net or by using the unsubscribe link that you con find in every newsletter I send you. I delete your personal data related to your newsletter subscription after I receive your cancellation notice.

9, Cookies

My webpage uses cookies. Cookies are small text files that are stored on user devices (desktop computer, smartphone, etc.) and contain device-specific information. On the one hand, they are used to improve the usability of a website for its user (for example by storing login information). On the other hand they are used to capture statistical data on the usage of the website that can be analysed for optimising it.

You can allow or block the usage of cookies on your devices in general or for each website individually in your browser settings. Blocking cookies might result in a less comfortable user experience.

You can control the usage of online-ad cookies set by companies in this U.S.-based page http://www.aboutads.info/choices/ and this EU-based page http://www.youronlinechoices.com/uk/your-ad-choices/

10, Third-Party Content and Services

Sometimes I embed third-party content on my website, for instance YouTube or Vimeo videos, Instagram images, Google maps, RSS-feeds. This requires third-party content provides to have access to your IP-address. Without your IP-address they cannot send their content to your browser, your IP-address thus is necessary for the delivery of this content. I try to only embed those third-party content providers who use your IP-address only to deliver their content but I have no influence on them additionally storing it for statistical reasons. Whenever I am aware of this, I will let you know.

10.1, Instagram

I show Instagram content on my website to present my content in an attractive and approachable way and to increase my online presence. This is a legitimate interest in accordance with article 6, S.1 lit. d GDPR.

In order to embed Instagram content, I use Instagram-plugins provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit my website that contains Instagram-Plugins, a connection to the Facebook-servers is established. Your IP address and the page you have visited on my webpage is transferred to Facebook in order to display the requested Instagram-content on my web page.

By providing their content, Facebook is responsible for the handling of your data. You can find more information on the privacy policy of Instagram / Facebook here: https://help.instagram.com/519522125107875.

10.2, YouTube

I show YouTube videos on my website to present my content in an attractive and approachable way and to increase my online presence. This is a legitimate interest in accordance with article 6, S.1 lit. d GDPR.

In order to embed YouTube videos, I use YouTube-plugins provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit my website that contains YouTube-Plugins, a connection to the YouTube-servers is established. Your IP address and the page you have visited on my webpage is transferred to YouTube in order to display the YouTube-content on my web page.

When you are logged in to your YouTube account while being online, you allow YouTube to collect your online behaviour and assign it to your profile. You can prevent this by logging out of your YouTube account.

By providing the YouTube-content, Google is responsible for the handling of your data. You can find more information on the privacy policy of Google here: https://policies.google.com/privacy

Google is certified for the US-EU data protection agreement “Privacy Shield” This data protection agreement  intends to ensure the EU regulations for data protection.

10.3, Vimeo

I show Vimeo videos on my website to present my content in an attractive and approachable way and to increase my online presence. This is a legitimate interest in accordance with article 6, S.1 lit. d GDPR.

In order to embed Vimeo videos, I use Vimeo-plugins provided by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit my website that contains Vimeo-Plugins, a connection to the Vimeo-servers is established. Your IP address and the page you have visited on my webpage is transferred to Vimeo in order to display the Vimeo-content on my web page.

By providing the content, Vimeo is responsible for the handling of your data. You can find more information on the privacy policy of Vimeo here: https://vimeo.com/privacy.

By their own account, Vimeo guarantees a high level of data protection by adhering to the Privacy Shield recommendations (paragraph 14.1 of their Privacy Policy).

10.4, Google Web Fonts

I use Google Web Fonts on my website in order to show you my website in the design I intend for it, independent of the fonts you. have available locally. This is a legitimate interest in accordance with article 6, S.1 lit. d GDPR.

In order to embed Google Web Fonts, I use Google-plugins provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit my website that contains Google Web Fonts, a connection to the Google-servers is established. Your IP address and the page you have visited on my webpage is transferred to Google in order to display the Google Web Fonts on my web page.

By providing Google Web Fonts, Google is responsible for the handling of your data. You can find more information on the privacy policy of Google here: https://policies.google.com/privacy

Google is certified for the US-EU data protection agreement “Privacy Shield” This data protection agreement  intends to ensure the EU regulations for data protection.

You can find details about Google Web Fonts here: https://www.google.com/fonts#AboutPlace:about 

10.5 Google reCAPTCHA

I use the Google service reCaptcha, in order to determine whether a human being or a computer is filling in my contact or newsletter form. Google uses the following data in order to find out if you are human or machine: IP-address of the end user device, the web page you are visiting on my site that contains the captcha, the date and duration of the visit, the identification data of the browser and operating system, the Google account if you are logged into Google, mouse movements on the reCaptcha areas as well as tasks that ask you to identify pictures. Art. 6(1) lit. a GDPR serves as the legal basis for the described processing operations. It is in my legitimate interest to ensure the safety of my website and protect myself from cyber attacks.

11. Your Right of Confirmation, Access, Rectification, Erasure, Restriction of Processing,  to Data Portability and to Object and Withdraw

You have the right to request access to the personal data I store about you. In addition, you have the right of rectification of false personal data, the erasure and restriction of processing of your personal data (as far it does not oppose to legal requirements for the storage of data), as well as the right to obtain a digital record of the personal data I store about you and the right to object and withdraw your consent to me storing your personal data.

12, Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which I obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are party, as is the case, for example, when processing operations that are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Am I subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of you or of another natural person. This would be the case, for example, if a visitor were injured in my offices and her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by me or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

13, The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out my business in favour of the well-being of my employees.

14, Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

Contact

Would love to hear from you!