Data privacy statement
1. Information on the collection of personal data and contact details of the responsible persons
1.1 In the following we inform you about the handling of your personal data when using our online offer and the associated websites, functions and contents as well as external internet presences, e.g. our Social Media Profile (hereinafter jointly referred to as "online offer"). Here personal data are all data with which you can be personally identified.
1.2 Person responsible for data processing on this website in the sense of the data protection basic regulation (DSGVO):
Ottenser Hauptstrasse 39A
Link zum Impressum: https://studio-wehberg.de/de/impressum.html
The controller of personal data is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data.
2. Data collection when you visit our website
When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Inventory data (e.g. names, addresses)
- Contact details (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. visited websites, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
Processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are any concrete indications of illegal use.
3. Security measures
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 DSGVO.
Such measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures to ensure the exercise of rights of data subjects, deletion of data and reaction to endangerment of data. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 DSGVO).
If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 lit. b DSGVO for contract fulfilment is necessary), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 ff. Process DSGVO. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your mobile device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard disk (third-party cookies) when you visit our website. If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the extent of the information collected in each case within the following paragraphs.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
In the context of contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f DSGVO. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.
6. Use of Social Media
We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white "f" on blue tile, the terms "like", "like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and the appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of the privacy of the users, can be found in the Facebook data protection information: https://www.facebook.com/about/privacy/
If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his membership data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info/choices/ or the European site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
7. Data processing
7.1. Deletion of data
The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
According to legal requirements in Germany, the storage is carried out in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters).
In accordance with legal requirements in Austria, storage is carried out in particular for 7 years in accordance with § 132 (1) BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services which are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
7.2. Business related processing
Additionally we process
- Contract data (e.g. contract object, duration, customer category)
- Payment data (e.g. bank details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
7.3. Agency services
We process our customers' data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development / consulting or maintenance, implementation of campaigns and processes / handling, server administration, data analysis / consulting services and training services.
We process inventory data (e.g. customer master data, such as names or addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. subject matter of the contract, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. as part of the evaluation and performance measurement of marketing measures). We do not process special categories of personal data unless these are part of commissioned processing. This includes our customers, prospects, their customers, users, website visitors or employees, as well as third parties. The purpose of the processing is to provide contractual services, billing and our customer service. The legal basis for processing results from Art. 6 para. 1 lit. b DSGVO (contractual services), Art. 6 para. 1 lit. f DSGVO (analysis, statistics, optimisation, safety measures). We process data which are necessary to justify and fulfil the contractual services and point out the necessity of their disclosure. Disclosure to external parties only takes place if it is necessary within the framework of an order. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements for order processing pursuant to Art. 28 DSGVO and process the data for no other purposes than those stipulated in the order.
We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of storing the data is checked every three years; in the case of statutory archiving obligations, the data is deleted after their expiry (6 years, in accordance with § 257 Paragraph 1 HGB, 10 years, in accordance with § 147 Paragraph 1 AO). In the case of data disclosed to us within the scope of an order by the customer, we delete the data in accordance with the specifications of the order, generally after the end of the order.
7.4. Administration, financial accounting, office organization, contact management
We process data within the framework of administrative tasks as well as the organisation of our company, financial accounting and compliance with legal obligations, e.g. archiving. We process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, prospects, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, thus tasks which serve the maintenance of our business activities, perception of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later date. We store this data, which is mainly company-related, permanently.
7.5. Hosting and email dispatch
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail delivery, security services and technical maintenance services that we use for the purpose of operating this online offer.
We and our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests.
8. Rights of the data subject
The applicable data protection law grants you comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:
Right to information pursuant to Art. 15 DSGVO: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or, as the case may be, the planned storage period. the criteria for determining the duration of the storage, the existence of a right to rectification, deletion, restriction of processing, objection to processing, a complaint to a supervisory authority, the origin of your data if these were not collected by us from you, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope concerning you and the desired effects of such processing, as well as your right to be informed of the guarantees provided in accordance with Article 46 DSGVO for the transfer of your data to third countries;
Right to rectification pursuant to Art. 16 DSGVO: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
Right of deletion pursuant to Art. 17 DSGVO: You have the right to request the deletion of your personal data if the requirements of Art. 17 para. 1 DSGVO are met. However, this right shall not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Right to restrict processing pursuant to Art. 18 DSGVO: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data contested is verified, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims, after we no longer need this data after the purpose has been achieved or if you have filed an objection for reasons of your particular situation, as long as it is not yet established whether our legitimate reasons predominate;
Right to information in accordance with Art. 19 DSGVO: If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
Right to data transferability pursuant to Art. 20 DSGVO: You have the right to receive the personal data you have provided us in a structured, current and machine-readable format or to request its transfer to another person responsible, insofar as this is technically feasible;
Right to revoke consent granted pursuant to Art. 7 para. 3 DSGVO: You have the right to revoke consent to the processing of data once granted at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation;
Right of appeal under Art. 77 DSGVO: If you believe that the processing of personal data concerning you infringes the DSGVO, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspected infringement, without prejudice to any other administrative or judicial remedy.
9. Right of objection
If, within the framework of a weighing of interests, we process your personal data on the basis of our predominant legitimate interest, you have the right at any time to object to this processing with effect for the future by giving reasons arising from your particular situation.
If you make use of your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can prove compelling reasons worthy of protection for processing which outweigh their interests, fundamental rights and freedoms or if the processing serves to assert, exercise or defend legal claims.
if your personal data are processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise the contradiction as described above.
if you exercise your right of opposition, we will stop processing the data concerned for direct advertising purposes
10. Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided that they are no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in the further storage.