With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter referred to as "data") we process for which purposes and to what extent. This privacy policy applies to all personal data processing activities we carry out, both as part of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online offer").
Moritz Borkowski
Leuschnerdamm 1
10999 Berlin
moritz@moritzborkowski.com
Below, you will find an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations in your or our country of residence or business may also apply. If more specific legal bases apply in individual cases, we will inform you of these in this privacy policy.
In addition to the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions on the right of access, right to deletion, right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. It also governs data processing for employment purposes (§ 26 BDSG), especially regarding the establishment, performance, or termination of employment relationships, as well as employee consent. Furthermore, data protection laws of individual federal states may also apply.
We implement appropriate technical and organizational measures, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data vulnerabilities. We also ensure that personal data is protected at the design stage of software, hardware, and procedures in accordance with the principles of data protection by design and by default.
SSL Encryption (HTTPS): To protect your data transmitted via our online services, we use SSL encryption. You can recognize encrypted connections by the prefix "https://" in the address bar of your browser.
In the course of processing personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or individuals or disclosed to them. These recipients of the data may include, for example, IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and enter into appropriate contracts or agreements with the recipients of your data to protect your data.
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of the use of third-party services or disclosure or transmission of data to other persons, entities, or companies, this is done only in compliance with legal requirements.
Subject to explicit consent or contractually or legally required transmission, we process or allow the data to be processed only in third countries with a recognized level of data protection, contractual obligations through so-called standard protection clauses of the EU Commission, certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
The data we process will be deleted in accordance with legal requirements once the permissions for processing are revoked or no longer apply (e.g., if the purpose for processing the data has expired or the data is no longer necessary for the purpose). If the data is not deleted because it is needed for other and legally permissible purposes, its processing will be restricted to those purposes. This means the data will be locked and not processed for other purposes. For example, this applies to data that must be retained for commercial or tax law reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.
Our privacy notices may include further information on the retention and deletion of data, which applies primarily to the respective processing activities.
Cookies are small text files or other storage markers that store information on end devices and retrieve information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the visited content, or used functions of an online offer. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online services and creating analyses of visitor flows.
Information on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless it is not required by law. Consent is particularly unnecessary if the storage and retrieval of information, including cookies, is strictly necessary to provide users with a telemedia service (i.e., our online offer) that they explicitly request. The revocable consent is clearly communicated to users and includes information on the respective cookie use.
Information on Legal Bases for Data Processing: The legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the economic operation of our online offer and improvement of its usability) or, if necessary, for fulfilling our contractual obligations, when the use of cookies is required for fulfilling our contractual obligations. For what purposes the cookies are processed, we inform in the course of this privacy policy or in the context of our consent and processing procedures.
The following types of cookies are distinguished regarding storage duration:
Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).
Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be stored, or preferred content can be displayed directly when the user revisits a website. Similarly, the data collected through cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., in the context of obtaining consent), users should assume that cookies are permanent and that their storage duration can be up to two years.
General Information on Withdrawal and Objection (Opt-Out): Users can revoke their consent at any time and object to the processing in accordance with legal requirements under Art. 21 GDPR. Users can also declare their objection through their browser settings, e.g., by deactivating the use of cookies (though this may limit the functionality of our online services). Objections to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Processing of Cookie Data on the Basis of Consent: We use a procedure for cookie consent management in which the consents of users to the use of cookies or the processing of data, as mentioned in the cookie consent management procedure, and providers are obtained, managed, and revoked. The consent declaration is stored to avoid asking for it repeatedly and to be able to prove the consent following the legal obligation. Storage can occur on a server and/or in a cookie (so-called opt-in cookie or using similar technologies) to assign the consent to a user or their device. Unless otherwise specified, the storage duration of the consent may be up to two years. A pseudonymous user identifier is created and stored with the time of consent, the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, system, and device used.
We process the users' data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or end device.
Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Providing our online offer and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment, such as computers, servers, etc.); security measures.
Legal Bases: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
Further Information on Processing Procedures, Methods, and Services:
Provision of Online Offer on Rented Storage Space: For the provision of our online offer, we use storage space, computing capacity, and software that we rent or otherwise obtain from a server provider (also known as "web host"); Legal Bases: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files." Server log files may include the address and name of the retrieved websites and files, date and time of the retrieval, transmitted data amounts, reports on successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability of the servers; Legal Bases: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes is excluded from deletion until the incident is fully clarified.
ALL-INKL: Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: ALL-INKL.COM - Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; Legal Bases: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://all-inkl.com/; Privacy Policy: https://all-inkl.com/datenschutzinformationen/; Data Processing Agreement: Provided by the service provider.
We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") only with the recipients' consent or a legal permission. If the contents of the newsletter are specifically described in the course of registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal salutation in the newsletter or other information if necessary for the purposes of the newsletter.
Double-Opt-In Procedure: The registration for our newsletter is generally carried out in a so-called double-opt-in procedure. This means that you will receive an email after registration in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with external email addresses. The registrations for the newsletter are logged to be able to prove the registration process following the legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored with the email service provider are also logged.
Deletion and Restriction of Processing: We may store the email addresses of unsubscribed recipients for up to three years based on our legitimate interests before deleting them to prove previously given consent. The processing of this data is limited to the purpose of defending against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blacklist (so-called "blocklist").
The logging of the registration process is carried out based on our legitimate interests for the purpose of proving its proper execution. If we engage a service provider for the dispatch of emails, this is based on our legitimate interests in an efficient and secure dispatch system.
Legal Bases: The dispatch of the newsletter is based on the recipients' consent or, if consent is not required, on our legitimate interests in direct marketing, provided that this is permitted by law, e.g., in the case of customer advertising. If we engage a service provider for the dispatch of emails, this is based on our legitimate interests. The registration process is recorded based on our legitimate interests to prove that it was carried out in compliance with the law.
Analysis and Success Measurement: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server or, if we use an email service provider, from their server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected.
This information is used to technically improve our newsletter based on technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, neither we nor, if used, the email service provider aim to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The evaluation of the newsletter and the success measurement are carried out, subject to an explicit consent of the users, based on our legitimate interests for the use of a user-friendly and secure newsletter system, which serves both our business interests and meets the expectations of the users. Unfortunately, it is not possible to revoke the success measurement separately; in this case, the entire newsletter subscription must be canceled or objected to.
Processed Data Types: Inventory data (e.g., names, addresses), Contact data (e.g., email, telephone numbers), Meta/communication data (e.g., device information, IP addresses), Usage data (e.g., visited websites, interest in content, access times).
Affected Persons: Communication partners, Users (e.g., website visitors, users of online services).
Purposes of Processing: Direct marketing (e.g., by email or post), Contractual services and support.
Legal Bases: Consent (Art. 6 Para. 1 Sentence 1 lit. a GDPR), Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f. GDPR).
Opt-Out: You can cancel the receipt of our newsletter at any time, i.e., withdraw your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or can otherwise use one of the contact options mentioned above, preferably email.
CleverReach: Email marketing platform; Service provider: CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany; Website: https://www.cleverreach.com/de; Privacy Policy: https://www.cleverreach.com/de/datenschutz/
When contacting us (e.g., via contact form, email, phone, or social media) and within the framework of existing user and business relationships, the information provided by the requesting persons is processed to the extent necessary to respond to the contact requests and any requested measures.
The response to contact requests and the management of contact and request data within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre-)contractual inquiries and otherwise based on our legitimate interests in responding to inquiries and maintaining user or business relationships.
Processed Data Types: Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
Affected Persons: Communication partners.
Purposes of Processing: Providing contractual services and customer support; Contact requests and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form); Providing our online offer and user-friendliness.
Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.
Social networks such as Facebook, Twitter, etc., can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data processing activities relevant to data protection. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media platform can assign this visit to your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media platform. This data collection occurs in this case, for example, via cookies stored on your device or by collecting your IP address.
With the help of the collected data, the operators of the social media platforms can create user profiles that contain your preferences and interests. This allows interest-based advertising to be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on social media platforms. Depending on the provider, additional processing may be carried out by the operators of the social media platforms. Details can be found in the terms of use and privacy policies of the respective social media platforms.
Our social media presences aim to ensure the broadest possible presence on the Internet. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by social networks may be based on different legal grounds, which must be indicated by the operators of the social networks (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
When you visit one of our social media presences (e.g., on Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can generally assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media platform (e.g., against Facebook).
Please note that despite joint responsibility with the social media platform operators, we do not have full influence on the data processing operations of the social media platforms. Our options depend largely on the corporate policies of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage ceases to exist, you request us to delete it, withdraw your consent to storage, or the purpose for the data storage ceases to exist. Stored cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no influence on the storage duration of your data, which the operators of the social networks store for their own purposes. For details, please refer directly to the operators of the social networks (e.g., in their privacy policies, see below).
We use the technical platform and services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Functions of the Instagram service are integrated on our pages.
When visiting our Instagram page, Instagram collects, among other things, your IP address and other information that is stored in the form of cookies on your PC. These data are used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page.
We point out that you use our Instagram page and its functions at your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting or rating).
The data collected about you in this context is processed by Instagram Inc. and may be transferred to countries outside the European Union. Which information Instagram receives and how it is used is described by Instagram in general form in its privacy policies. There you will also find information about contact options with Instagram and the settings for advertisements.
The privacy policies are available at the following link: https://help.instagram.com/519522125107875
It is not explicitly stated, and we are not aware of how Instagram uses data from visits to Instagram pages for its own purposes, the extent to which activities on the Instagram page are assigned to individual users, how long Instagram stores this data, or whether data from a visit to the Instagram page is passed on to third parties.
When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Instagram also stores information about its users' devices (e.g., as part of the "login notification" function); Instagram may, in some cases, be able to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Instagram to track that you have visited this page and how you used it. This also applies to all other Instagram pages. Through embedded Instagram buttons, it is possible for Instagram to track your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertisements can be tailored to you.
If you wish to avoid this, you should log out of Instagram or disable the "stay logged in" feature, delete the cookies on your device, and close and restart your browser. In this way, Instagram information that directly identifies you will be deleted. You can then use our Instagram page without revealing your Instagram ID. If you access interactive features of the page (like, comment, messages, etc.), an Instagram login screen will appear. After a possible login, you will again be recognizable to Instagram as a specific user.
Information on how you can manage or delete the information about you can be found in the Instagram help section.
We integrate function and content elements from the servers of their respective providers (hereinafter referred to as "third parties") into our online offer. These may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as "content").
The integration always assumes that the third-party providers of this content process the IP address of the users, as they could not send the content to their browsers without the IP address. The IP address is, therefore, necessary for the presentation of this content or functions. We strive to only use content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymized information may also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, visit time, and further information about the use of our online offer, as well as being combined with such information from other sources.
Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Providing our online offer and user-friendliness; Feedback (e.g., collecting feedback via online form).
Legal Bases: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
Further Information on Processing Procedures, Methods, and Services
We use the Google reCAPTCHA service to determine whether a human or a computer is making a particular input in our contact or newsletter form. Google checks the following data to determine whether you are a human or a computer: the IP address of the device used, the website you visit and on which the CAPTCHA is embedded, the date and duration of the visit, the identification data of the browser and operating system used, Google account if you are logged into Google, mouse movements on the reCAPTCHA surfaces, and tasks in which you need to identify images. The legal basis for the described data processing is Art. 6 Para. 1 lit. f GDPR. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect it from automated input (attacks).
Google Fonts (Sourced from Google Servers): Sourcing of fonts (and symbols) to ensure a technically secure, maintenance-free, and efficient use of fonts and symbols regarding up-to-dateness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address to make the fonts available in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, used hardware) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Bases: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.
YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal Bases: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Opt-Out: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Ad Settings: https://adssettings.google.com/authenticated.
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in our data processing activities make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notifications become necessary.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask that you verify the information before contacting them.
As a data subject, you are entitled to various rights under the GDPR, which primarily arise from Art. 15 to 21 GDPR:
This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are primarily defined in Art. 4 GDPR. The legal definitions are binding. However, the following explanations are primarily intended to help understand the terms. The terms are sorted alphabetically.
Personal Data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Controller: "Controller" means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing: "Processing" means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.
Legal text by Dr. Schwenke. For more information, please click here. We have adapted the text.