Types of Processed Data

• Inventory Data (e.g., names, addresses).

• Contact Data (e.g., email, phone numbers).

• Content Data (e.g., text entries, photographs, videos).

• Usage Data (e.g., visited websites, interest in content, access times).

• Meta/Communication Data (e.g., device information, IP addresses).

Categories of Affected Persons

Visitors and users of the online offering (hereinafter collectively referred to as “users”).

Purpose of Processing

• Provision of the online offering, its functions, and content.

• Responding to contact requests and user communication.

• Implementing security measures.

• Measuring reach/marketing purposes.

Key Terms

• Personal Data: Information relating to an identified or identifiable natural person (“data subject”). Identifiability includes association with identifiers such as names, location data, online identifiers (e.g., cookies), or specific attributes expressing the identity of an individual.

• Processing: Any operation performed on personal data, whether automated or not, including collection, storage, alteration, use, or deletion.

• Pseudonymization: Processing personal data in a way that they cannot be associated with a specific data subject without additional information stored separately under secure measures.

• Profiling: Automated processing of personal data to evaluate specific aspects of a natural person, such as performance, interests, location, or behavior.

• Controller: The entity deciding on the purposes and means of personal data processing.

• Processor: An entity processing personal data on behalf of the controller.

Legal Basis for Processing

In line with Article 13 GDPR, the legal basis for processing is:

• Consent: Article 6(1)(a) and Article 7 GDPR.

• Contractual necessity: Article 6(1)(b) GDPR.

• Legal obligation: Article 6(1)(c) GDPR.

• Legitimate interests: Article 6(1)(f) GDPR.

• Vital interests: Article 6(1)(d) GDPR.

Security Measures

Per Article 32 GDPR, technical and organizational measures ensure appropriate risk-based protection of data. This includes controlling physical and digital access, securing availability, and maintaining data separation. Privacy considerations are integrated into technology and default settings (Article 25 GDPR).

Collaboration with Processors and Third Parties

Data sharing with processors or third parties occurs based on legal permissions, consent, or legitimate interests. Contracts under Article 28 GDPR govern processing by third-party processors.

Data Transfers to Third Countries

Data processed outside the EU/EAA follows Articles 44–49 GDPR, relying on guarantees like EU adequacy decisions or standard contractual clauses.

Rights of Data Subjects

• Right to access (Article 15 GDPR).

• Right to rectification (Article 16 GDPR).

• Right to erasure (Article 17 GDPR).

• Right to restrict processing (Article 18 GDPR).

• Right to data portability (Article 20 GDPR).

• Right to lodge a complaint (Article 77 GDPR).

Withdrawal of Consent

Consent can be withdrawn at any time with future effect (Article 7(3) GDPR).

Right to Object

Data subjects may object to future processing, particularly for direct marketing (Article 21 GDPR).

Use of Google Maps

Google Maps integration is based on consent (Article 6(1)(a) GDPR). Data may be processed in the US under the EU-US Privacy Shield framework. Users can deactivate JavaScript in their browser to block data collection.

Cookies and Objection to Direct Marketing

Cookies store user-specific information temporarily or persistently. Users can disable cookies via browser settings but may experience functional limitations. General objections to cookies can be made via services such as About Ads or Your Online Choices.

Data Deletion

Data is deleted per Articles 17 and 18 GDPR once no longer required or if legal retention periods expire. Retention aligns with relevant national laws (e.g., 6–10 years for tax or commercial records).

Agency Services

Agency-related processing includes inventory, contact, content, contract, payment, and usage data for purposes like campaign planning and analysis. Processing follows Article 6(1)(b) and 6(1)(f) GDPR. Data retention aligns with legal obligations.

Health-Related Services

Patient data is processed per contractual or legal obligations under Articles 6(1)(b) and 9(2)(h) GDPR. Data includes health-related information. Deletion follows contract completion unless retention is legally mandated.

Therapeutic Services

Client data, including sensitive categories under Article 9 GDPR, is processed with explicit consent or legal necessity. Data is deleted upon fulfillment of contractual/legal obligations.

Contractual Services

Contract-related data is processed per Article 6(1)(b) GDPR and retained per statutory requirements.

Jetpack (WordPress Stats)

Jetpack collects data for statistical analysis under Article 6(1)(f) GDPR. Data stored in the US complies with privacy protections.

Matomo Analytics

Matomo processes anonymized usage data for site analysis under Article 6(1)(f) GDPR. Users can opt-out via browser settings.

Social Media Presence

Interactions on platforms follow the terms and privacy policies of respective operators. Data from communications is processed as necessary.

Third-Party Content Integration

External services, such as videos or fonts, rely on user IP addresses. Legitimate interest governs these integrations, and data is used only for content delivery.

Use of Facebook Plugins

Facebook plugins operate under Article 6(1)(f) GDPR. Data shared with Facebook may result in usage profiles. Users can object via Facebook settings.

Generated with Privacy Policy Generator.