PRIVACY POLICY
What happens to your data?
I am very pleased about your interest in my company and/or in my personal. Data protection has a high priority for me, which is partly because I studied law and also worked as a lawyer (including in a law firm) and partly because I am often confronted with data protection issues as a practicing software architect. And last but not least, as a consumer of other websites, I detest it when an entire profile of me is created secretly and without my knowledge.
One thing in advance:
Use of my website is possible without providing personal data.
However, if a data subject wants to use special services provided by my enterprise via my website, processing of personal data could become necessary.
If the processing of personal data is necessary and there is no legal basis for such processing, I generally obtain the consent of the data subject.
As the controller, I have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to me by alternative means, for example by phone.
A. Definitions
The data protection declaration is based on the terms used by the European Directive and Ordinance when adopting the General Data Protection Regulation (DS-GVO). My privacy policy should be easy to read and understand for the public as well as for my customers and business partners. To ensure this, I would like to explain in advance the terminology used.
I use the following terms, among others, in this Privacy Policy:
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Person concerned
The data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller or person responsible for the processing
The controller or data controller is the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Receiver
A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered recipients.
Third
Third-party means a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent
Consent means any freely given indication of the data subject's wishes in an informed and unambiguous manner for the specific case, in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
B. My cookies
The easiest way to find out which cookies a website sets is the tool Webbkoll (https://webbkoll.dataskydd.net/de/).
1. Consent free cookies
The following information is mainly taken from Carlo Piltz/Jasmin Kühner (ZD 2021, 123, beck-online).
According to Art. 5 (3) p. 2 2nd var. ePrivacy Directive, consent is not required for a cookie "if this is absolutely necessary for the provider of an information society service expressly requested by the subscriber or user to be able to provide this service". To fall under the exception, the cookie must meet two requirements:
â– The service must be explicitly desired by the user and
â– the cookie must be absolutely necessary for this service.
The ePrivacy Directive does not specify what these conditions mean in detail. Practical information can be found in Opinion 04/2012 of the Art. 29 Data Protection Working Party on the exemption of cookies from the consent requirement.
Expressly desired
First, the service must have been explicitly requested by the user. This requires the user to take an active action to request a service with a clearly defined scope.
For the characteristic "expressly desired" to be fulfilled, it is sufficient that a certain function is actually used by the user. Thus, the clicking of a button (e.g. "Add to shopping cart") may be sufficient as a positive action of the user for requesting the shopping cart function.
The Art. 29 Working Party also sees an explicit wish in the registration with a service. By doing so, the user requests access to all content or functions for which he has access authorization. Since the user would otherwise have to re-authenticate on each page, the authentication function is an essential part of the service he or she is requesting.
The Art. 29 Data Protection Working Party goes even further in the case of multimedia player session cookies. Thus, in the case of websites that contain interlinked text and video content, the visit to the website is already understood as an explicit request for the video display function by the user. The text and video content is also part of the service explicitly requested by the user, which is why the setting of multimedia player session cookies is considered absolutely necessary. In contrast to the above-mentioned examples, no positive action by the user beyond the use of the website is required here, but rather the visit to the website is considered sufficient.
Required to provide the service
Furthermore, the cookie must be absolutely necessary to provide the service. This is only the case if the service or a requested function would no longer function if the cookie were deactivated. However, also with regard to the validity period of the cookies, a direct connection with the purpose pursued by the cookie is required. It follows that these cookies usually expire at the same time as or even before the browser session expires (so-called session cookies), as they are then no longer required for the provision of the service.
However, so-called persistent cookies that are stored beyond the session may also be "absolutely necessary", for example, if this corresponds to the reasonable expectations of the average user or if the user expressly asks the service to remember certain information until the next session. As an example, shopping cart cookies are cited that may remain valid beyond the end of the browser session because the user might accidentally close his browser and then reasonably expect to still find the contents of his shopping cart when he returns to the merchant's website in the following minutes. For authentication cookies, the Art. 29 Working Party also focuses on the reasonable expectations of the user. The user expects to be identified during the entire session but does not expect to remain logged in after closing the browser window. However, if the user selects a corresponding option ("Stay logged in"), a longer storage period is permissible.
2. Cookies requiring consent
​
These are all the others. For these, of course, I obtain consent via a cookie banner.
C. Data protection information concretized
The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:
Jens Henneberg
Elderberry angle 1a
29339 Wathlingen
Mail: jens@it-henneberg.com; jens@wackyworld.de
Your data subject rights
You can exercise the following rights at any time using the contact details provided for the data protection officer:
Information about your data stored by me and its processing (Art. 15 DSGVO),
Correction of inaccurate personal data (Art. 16 GDPR),
Deletion of your data stored by me (Art. 17 DSGVO),
Restriction of data processing provided that I have received your data due to legal
obligations may not yet delete (Art. 18 GDPR),
Object to the processing of your data with me (Art. 21 DSGVO) and
Data portability, provided that you have consented to the data processing or have concluded a contract with me (Art. 20 DSGVO).
If you have given me consent, you can revoke this at any time with effect in the future.
You may at any time lodge a complaint with a supervisory authority, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for me as the responsible body.
A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
Storage duration (general)
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for the data used to provide the website when the respective session has ended.
In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. Without the IP address, however, the service and the functionality of my website is not guaranteed. In addition, individual services and services may not be available or may be limited. For this reason, an objection is excluded.
Third country transfer
The collected data will NOT be transferred to third countries.
Provision of chargeable services
Nature and purpose of processing
For the provision of chargeable services, I will ask for additional data, such as payment details, in order to process your order.
Legal basis (in the case of the provision of chargeable services)
The processing of data required for the conclusion of the contract is based on Art. 6 para. 1 lit. b DSGVO.
Receiver
Recipients of the data are, if applicable, order processors.
Deviating storage period
I store this data in my systems until the statutory retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.
Comment function
Nature and purpose of processing
When users leave comments on my website, in addition to this information, the time of their creation and the username previously selected by the website visitor are stored. This is for my security, because I can be held liable for illegal content on my website, even if it was created by users.
Legal basis:
The processing of the data entered as comments is based on a legitimate interest (Art. 6 para. 1 lit. f DSGVO).
By providing the comment function I would like to enable you an uncomplicated interaction. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.
Receiver
Recipients of the data are, if applicable, order processors.
Deviating storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case when the communication with the user has been completed and the company can see from the circumstances that the matter in question has been conclusively clarified.
I reserve the right to delete without giving reasons and without prior or subsequent information.
You can also have your comment deleted by me at any time. To do so, please write an e-mail to the data protection officer listed below or to the person responsible for data protection and submit the link to your comment as well as, for identification purposes, the e-mail address used when creating the comment.
Newsletter
Nature and purpose of processing
For the delivery of my newsletter, I collect personal data that is transmitted to me via an input mask.
For an effective registration I need a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, I use the "double opt-in" procedure. For this purpose, we log the registration for the newsletter, the sending of a confirmation email and the receipt of the hereby requested response. Further data is not collected.
Legal basis
Based on your explicit consent (Art. 6 para. 1 lit. a DSGVO), I will regularly send you my newsletter or similar information by e-mail to your specified e-mail address. Provided that you have "requested" this from me. Without consent, you will not receive any emails from me.
You can revoke your consent to the storage of your personal data and its use for the newsletter dispatch at any time with effect for the future. In each newsletter, you will find a corresponding link. In addition, you can also unsubscribe directly from this website at any time or inform me of your revocation via the contact option provided at the end of this privacy policy.
Receiver
Recipients of the data are, if applicable, order processors.
Deviating storage period:
In this context, the data will only be processed as long as the corresponding consent is given. Afterwards they will be deleted.
Cancellation
You can revoke your consent to the storage of your personal data and its use for newsletter dispatch at any time with effect for the future. Unsubscribing can be requested via the link contained in every e-mail or from the data protection officer or person responsible for data protection listed below.
Contact form
Nature and purpose of processing
The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid e-mail address and your name. This serves the assignment of the request and the subsequent response to the same. The provision of further data is optional.
Legal basis:
The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 para. 1 lit. f DSGVO).
By providing the contact form, I would like to make it easy for you to contact me. Your information will be stored for the purpose of processing the request and for possible follow-up questions.
If you contact me to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b DSGVO).
Recipient:
Deviating storage period
Data will be deleted no later than 6 months after processing the request.
If there is a contractual relationship, I am subject to the statutory retention periods under the German Commercial Code (HGB) and delete your data after these periods have expired.
D. SSL encryption
To protect the security of your data during transmission, I use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
E. Information about your right to object according to Art. 21 DSGVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests).
If you object, I will no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
Recipient of an opposition
Jens Henneberg
Holunderwinkel 1a
29339 Wathlingen
Mail: jens@it-henneberg.com; jens@wackyworld.de
F. Change to my privacy policy
I reserve the right to adapt this privacy policy to ensure that it always complies with the current legal requirements or to implement changes to my services in the privacy policy, e.g. when introducing new services.
The new privacy policy will then apply to your next visit.
G. Questions for the data protection officer
If you have any questions about data protection, please send me an e-mail or contact the person responsible for data protection in my organization directly:
Jens Henneberg
Holunderwinkel 1a
29339 Wathlingen
Mail: jens@it-henneberg.com; jens@wackyworld.de
As a responsible company, I do not use automatic decision-making or profiling.
Stand: 10/07/2022 - 10:30