top of page

Protection of Data

Oneness of Responsibility

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to shortly as "data") that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Date: May 3, 2023

 

Table of Contents

  • Preamble

  • Controller

  • Contact Data Protection Officer

  • Overview of Processing Activities

  • Relevant Legal Bases

  • Transmission of Personal Data

  • Deletion of Data

  • Use of Cookies

  • Provision of the Online Offering and Web Hosting

  • Blogs and Publication

  • Media Contact and Inquiry Management

  • Web Analysis, Monitoring, and Optimization

  • Presence in Social Networks (Social Media)

  • Amendment and Update of the Privacy Policy

  • Rights of Data Subjects

 

Controller

Benjamin Doppscher

01326 Dresden
+49 (0) 179 686 1226
info@stickandstone.eu

 

Authorized Representatives

Benjamin Doppscher

E-Mail-Adresse: info@stickandstone.eu

Imprint

https://www.stickandstone.de/impressum

 

Contact Data Protection Officer

info@stickandstone.eu

 

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing and refers to the data subjects concerned.

 

Types of Processed Data

Master Data

Contact Data

Content Data

Usage Data

Meta, Communication, and Process Data

 

Categories of Data Subjects

Communication Partners

User

 

Purposes of Processing

Provision of contractual services and customer service

Contact inquiries and communication

Security measures

Reach measurement

Tracking

Management and response to inquiries

Feedback

Marketing

Profiles with user-related information

Provision of our online offering and user-friendliness

Information technology infrastructure

 

Relevant Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 p. 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Legitimate Interests (Art. 6 para. 1 p. 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection regulations in Austria apply, in particular the Federal Data Protection Act (DSG). The DSG contains in particular special provisions on the right to information, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes, and the transmission as well as automated decision-making in individual cases.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units, or persons or that they are disclosed to them. Recipients of this data may include, for example, IT service providers entrusted with tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Data Transmission within the Organization: We may transfer personal data to other units within our organization or grant them access to this data. If this transfer is for administrative purposes, the transfer of data is based on our legitimate business and economic interests or takes place if it is necessary for the fulfillment of our contractual obligations or if you have given your consent or if a legal permission exists.

Deletion of Data

The data processed by us will be deleted or restricted in their processing in accordance with legal requirements. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or for which retention is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.

Our data protection information may also contain further information on the retention and deletion of data that applies primarily to the respective processing activities.

 

Use of Cookies

Cookies are small text files that are stored on a user's computer. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. Likewise, the interests of users used for reach measurement or marketing purposes may be stored in such a cookie. Third-party cookies are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if only its cookies are referred to as "first-party cookies").

We may use temporary and permanent cookies and clarify this within the scope of our privacy policy.

Provision of the Online Offering and Web Hosting

In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services.

The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that is collected in the context of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

Collection of Access Data and Log Files: We ourselves (or our web hosting provider) collect data on the basis of each access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers.

 

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). The data of the readers are only processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium in the context of this privacy policy.

Comments and Posts: If users leave comments or other contributions, their IP addresses may be based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR be stored for 7 days. This is for our own safety if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right, based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR to process user information for the purpose of spam detection.

On the same legal basis, we reserve the right, in the case of surveys, to store IP addresses of users for their duration and to use cookies to avoid multiple votes.

The data provided in the context of comments and contributions will be permanently stored by us until the user objects.

 

Contact and Inquiry Management

When contacting us (e.g., by contact form, e-mail, telephone, or via social media), the user's details are processed for processing the contact request and its handling in accordance with Art. 6 Para. 1 lit. b) GDPR processed. The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization.

We delete the requests if they are no longer necessary. We check the necessity every two years; furthermore, the legal archiving obligations apply.

Web Analysis, Monitoring, and Optimization

Web analysis, monitoring, and optimization services allow us to track the user behavior and interests of our users in pseudonymous form. The purpose of web analysis is to improve the quality of our online offering and its content. We use web analysis services, including services for reach measurement, such as Google Analytics.

Web Analytics Service Google Analytics: Google Analytics is provided by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates in the European Economic Area and Switzerland.

Google processes the data on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer, and to provide us with further services associated with the use of this online offer and the internet use. In doing so, pseudonymous user profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information on data use by Google, settings, and objection options, please refer to Google's privacy policy (https://policies.google.com/privacy) and the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

Users' personal data will be deleted or anonymized after 14 months.

Presence in Social Networks (Social Media)

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users who are active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within social networks and platforms, e.g., write articles on our online presences or send us messages.

Amendment and Update of the Privacy Policy

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 18 and 21 GDPR:

Right to Object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

Right to Withdraw Consent: You have the right to revoke any consent you have given at any time.

Right of Access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.

Right to Rectification: You have the right to request the completion of data concerning you or the rectification of incorrect data concerning you in accordance with the law.

Right to Erasure and Right to Restriction of Processing: You have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the law.

Right to Data Portability: You have the right to receive data concerning you that you have provided to us in a structured, common, and machine-readable format in accordance with the legal requirements.

Complaint to the Supervisory Authority: You also have the right, under the conditions laid down by law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you is in breach of the GDPR.

 

Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined primarily in Art. 4 GDPR. The legal definitions are binding and can be found at https://gdpr-info.eu/art-4-gdpr/.

 

Last Update: February 2024

This privacy policy has been translated from German into English. In the event of inconsistencies or ambiguities, the German version shall prevail.

bottom of page