Der Schutz von personenbezogenen Daten ist mir sehr wichtig. Ob Daten erhoben und zu welchem Zweck diese verarbeitet werden, wird in der folgenden Datenschutzerklärung ausgeführt. Ich halte mich an alle anwendbaren Rechtsvorschriften zum Schutz personenbezogener Daten und zur Datensicherheit. Auch meine Mitarbeiter werden jeweils umfangreich geschult und auf Verschwiegenheit und Einhaltung sämtlicher datenschutzrechtlicher Bestimmungen verpflichtet.
Rechtsgrundlage der Datenverarbeitung sind für Einwilligungen Art. 6 Abs. 1 a) und Art. 7 EU-DSGVO, für die Erfüllung der Leistungen und Durchführung vertraglicher Pflichten Art. 6 Abs. 1 b) EU-DSGVO, für die Erfüllung der rechtlichen Verpflichtungen Art. 6 Abs. 1 c) EU-DSGVO und für die Wahrung der berechtigten Interessen Art. 6 Abs. 1 f) EU-DSGVO.
Personenbezogene Daten werden nur erhoben, gespeichert und verarbeitet, soweit es für die das Bereitstellen des Angebotes und die Erbringung der Dienstleistung oder die Beantwortung der Anfrage erforderlich ist. In der Folge werden die Zwecke dargestellt, für welche die Verarbeitung insbesondere notwendig ist.
Ich verarbeite Ihre personenbezogenen Daten nur unter strenger Einhaltung der Datenschutzvorschriften. Insbesondere werden entsprechende Daten nur bei Vorliegen einer gesetzlichen Erlaubnis verarbeitet.
1. Name und Kontaktdaten des Verantwortlichen
The person responsible for processing personal data in accordance with Article 4 of the EU GDPR is:
Kristina Müller
Sophienstr. 21, 10317 Berlin/Germany
kristina@99facets.de
+49 (0)175 5470089
2. Server-Logfiles
I collect data, known as server log files, about every access to the server on which the https://99facets.de website is located. This access data includes, for example, the name of the retrieved website, file, date and time of retrieval, amount of data transferred, message regarding successful retrieval, browser type and version, the user's operating system, referrer URL (the page previously visited), IP address, and the requesting provider.
The legal basis for data processing is Art. 6 para. 1 lit. f) EU GDPR.
The aforementioned data is processed by me to establish a connection to my website. The processing is necessary to ensure the security and stability of the system.
I only use the log data for statistical evaluations, for the purpose of business operations, the security of the service, and the optimisation of the offering.
I reserve the right to subsequently review the log data if there are concrete indications of the suspicion of unlawful use of the provided service.
3. Kontaktaufnahme
Contact me at the email address provided on my website; I will process the personal data you have provided – email address as well as further contact information and your name – for the purpose of responding to your request.
The legal basis for data processing is Art. 6 para. 1 lit. b) and Art. 6 para. 1 lit. f) EU GDPR.
The processing of your email address is essential in order to respond to your request. If additional data is processed, such as name, address, or similar, such processing serves to individualise the respective user and enable the best possible response to their request.
4. Cookies
My website uses cookies. This is a small data packet exchanged between computer programs or a text file that is stored on the user's computer system. Session cookies are deleted after you close your browser, while persistent cookies remain on your device and allow us to recognise your browser on your next visit.
You can configure your browser to be informed about the setting of cookies and to accept them individually, or to exclude the acceptance of cookies for specific cases or in general, such as for third-party cookies. Not accepting cookies may limit the functionality of my website.
The legal basis for data processing is Article 6 (1) (f) of the EU General Data Protection Regulation (GDPR).
The use of cookies enables the website to be optimally tailored to the needs of individual users. The use of cookies allows me to analyse user behaviour, the performance of the website with respect to, for example, loading times when using different browsers, and to deploy suitable personalised advertising in accordance with user behaviour.
5. Hosting
I host the content of my website with Strato.
The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter referred to as "Strato"). When you visit our website, Strato captures various log files including your IP addresses.
For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/.
The use of Strato is based on Article 6(1)(f) of the EU GDPR.
I have a legitimate interest in a reliable representation of our website. If corresponding consent has been requested, processing will take place exclusively on the basis of Article 6(1)(a) of the EU GDPR and Section 25(1) of the TTDSG, insofar as the consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.
I have entered into a processing agreement (AVV) for the use of the aforementioned service. This is a legally required contract that ensures that the personal data of my website visitors is processed only according to my instructions and in compliance with the EU GDPR.
6. Canva
I use the services of Canva for creating graphics, such as visualisations for LinkedIn posts, presentations, etc.
Canva may process usage data and metadata for security purposes, service optimisation, or marketing purposes.
Canva is an online design and publishing tool; the service provider is Canva Pty Ltd, 110 Kippax St, Surry Hills, NSW 2010, Australia.
You can find the website and the terms of use at https://www.canva.com/de_de/ and https://about.canva.com/de_de/nutzungsbedingungen/.
The use of Canva is based on Art. 6 para. 1 lit. f GDPR.
I have a legitimate interest in optimising my services. If relevant consent has been requested, processing will take place exclusively based on Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
I have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of my website visitors only according to my instructions and in compliance with GDPR.
7. Zoom
To conduct video conferences, I use "Zoom" from Zoom Video Communications Inc.
As part of the video conference, both user data (e.g. name, email address, possibly phone number) and content data (e.g. date and time of participation, shared screen contents and files, chat content) are processed. This is done in order to carry out (pre)contractual measures with you and for the purpose of conducting internal and external meetings. A recording of a video conference only takes place with prior explicit consent.
The legal basis for the processing of data can be Article 6 (1) sentence 1 lit. a, b or f GDPR.
The use of Zoom enables the holding of video conferences and thus provides the best possible delivery of my services for my clients.
Detailed information on security and compliance in "Zoom" is provided by Zoom at https://explore.zoom.us/de/gdpr/.
8. Google Analytics
I use Google Analytics to analyse website usage.
Google Analytics is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data concerning website usage on my behalf and is contractually committed to measures to ensure the security and confidentiality of the processed data.
The legal basis for processing the data may be Art. 6 para. 1 sentence 1 lit. a, b or f of the EU GDPR.
During your website visit, the following data is recorded, among others: pages visited, achieving "website goals" (e.g. contact requests), your behaviour on the pages (for example, duration of stay, clicks, scrolling behaviour), your approximate location (country and city), your IP address (in shortened form, so that no unique assignment is possible), technical information such as browser, internet provider, device and screen resolution, the referral source of your visit (i.e., which website or advertising medium brought you to us).
No personal data such as name, address or contact details are transferred to Google Analytics.
The data is transmitted to Google servers in the USA. I would like to point out that the USA does not guarantee the same level of data protection as within the EU.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID, which allows you to be recognised during future website visits.
The recorded data is stored along with the randomly generated user ID, enabling the evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
Details on data protection in Google Analytics can be found at https://support.google.com/analytics/answer/6004245?hl=de
The data obtained through the use of Google Analytics is used to optimise my website and possibly advertising measures.
9. Google Workspace
I use Google Workspace for the efficient organisation of my work and for conducting video conferences, particularly for email communication. As a result, data, especially personal data, is stored on external servers (Cloud) by Google Inc.
The legal basis for the processing of data may be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
Guarantees according to Art. 46 EU GDPR for the transmission to third countries are in the form of standard contractual clauses.
Further information about data protection at Google can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
10. Apple iCloud
I use www.icloud.com, a cloud service for data storage and exchange. The service provider is the American company Apple Inc., Infinite Loop, Cupertino, CA95014, USA.
The legal basis for the processing of data may be Article 6(1) sentence 1 lit. a, b or f of the EU GDPR.
Apple processes data, among other things, in the USA. I would like to point out that the same level of data protection as is guaranteed within the EU cannot be ensured in the USA.
However, Apple uses standard contractual clauses approved by the EU Commission in accordance with Article 46(2) and (3) of the EU GDPR.
10. Apple iCloud
I use www.icloud.com, a cloud service for data storage and data exchange. The service provider is the American company Apple Inc., Infinite Loop, Cupertino, CA95014, USA.
The legal basis for processing the data may be Art. 6(1) sentence 1 lit. a, b, or f of the EU GDPR.
Apple processes data, among other things, in the USA. I would like to point out that the level of data protection in the USA cannot be guaranteed to be the same as within the EU.
However, Apple uses standard contractual clauses approved by the EU Commission in accordance with Art. 46(2) and (3) of the EU GDPR.
These contractual clauses oblige Apple to maintain a certain level of data protection even outside the USA. These standard contractual clauses are based on a so-called implementing decision of the EU Commission, available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
Apple's Privacy Policy can be found at https://www.apple.com/legal/privacy/en-ww/.
The use of iCloud allows me to provide customer-oriented and optimized services.
11. Miro
I use the whiteboard tool Miro as part of online training workshops or conceptual work. Miro is a service of RealtimeBoard Inc. based in San Francisco, USA.
The legal basis for data processing may be Article 6(1) sentence 1 lit. a, b or f of the EU GDPR.
To learn more about data protection at Miro, please visit https://miro.com/de/trust/datenschutz-und-governance/
Miro processes data, among other places, in the USA. I would like to point out that in the USA there is not the same level of data protection guaranteed as within the EU.
However, Miro uses standard contractual clauses approved by the EU Commission in accordance with Article 46(2) and (3) of the EU GDPR. These contractual clauses require Miro to maintain a certain level of data protection even outside the USA. These standard contractual clauses, which are based on a so-called implementing decision of the EU Commission, can be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
You can find Miro's Privacy Policy at https://miro.com/legal/privacy-policy/.
The use of Miro allows me to conduct my services to the client in a contemporary manner.
12. Dropbox
I use Dropbox, an online storage service for files, photos and videos. The service provider is the American company Dropbox Inc.
The legal basis for the processing of data may be Article 6 paragraph 1 sentence 1 lit. a, b or f of the EU GDPR.
The European branch of the company is located at One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland.
Dropbox processes data, among other places, in the USA. I would like to point out that according to the opinion of the European Court of Justice, there is no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.
Dropbox uses standard contractual clauses approved by the EU Commission in accordance with Article 46 paragraphs 2 and 3 of the EU GDPR. These contractual clauses require Apple to maintain a certain level of data protection even outside the USA. These standard contractual clauses, which are based on a so-called implementing decision of the EU Commission, can be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
The Privacy Policy of Dropbox can be found at https://www.dropbox.com/privacy.
The use of Dropbox allows me to provide my services in a customer-oriented and pragmatic manner.
13. Microsoft Suite
I use services from Microsoft Suite. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399 USA.
The legal basis for processing the data may be Article 6(1) sentence 1 letter a, b or f of the EU GDPR.
Microsoft processes data, among other places, in the USA. I would like to point out that, in the opinion of the European Court of Justice, there is no adequate level of protection for data transfer to the USA. This may involve various risks for the lawfulness and security of data processing.
Microsoft uses standard contractual clauses approved by the EU Commission in accordance with Article 46(2) and (3) of the EU GDPR. These contractual clauses require Apple to maintain a certain level of data protection even outside the USA. These standard contractual clauses, which are based on a so-called implementing decision of the EU Commission, can be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
You can find Microsoft's Privacy Statement at https://privacy.microsoft.com/en-gb/privacystatement.
Microsoft Suite provides me with customisable IT software to meet all customer requirements as effectively as possible.
14. Framer
I use the design software Framer for my website. The provider is Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. When visiting my website, Framer collects various log files including your IP addresses.
The use of Framer is based on Art. 6 para. 1 lit. f EU-GDPR. I have a legitimate interest in as reliable a representation of my website as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a EU-GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Framer is a tool for creating and hosting websites. Framer stores cookies or other recognition technologies that are necessary for displaying the page, providing certain website functions, and ensuring security (necessary cookies). For details, please see Framer's privacy policy: https://www.framer.com/legal/privacy-statement/. Data transfer to the Netherlands is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.framer.com/legal/privacy-statement/.
15. Conceptboard
In order to provide you with an online whiteboard for seminars, I use the service Conceptboard.
The provider is Digital Republic Media Group GmbH, Mansfelder Str. 56, 06108 Halle (Saale).
The legal basis for using Conceptboard is Art. 6 para. 1 sentence 1 letter b) EU GDPR, as it is necessary for me to fulfil my contractual obligations for providing seminar services.
To use the service, the processing of users' IP addresses is technically necessary. I have entered into a data processing agreement with Digital Republic Media Group GmbH.
The above-mentioned data is processed as necessary for the purpose of the online event. The IP address and hardware information of the end devices are usually stored in the server log files for possible error analysis for a period of 30 days and are then automatically deleted.
16. Easy Retro
Furthermore, the tools from EasyRetro can be used during digital events to collect ideas, conduct surveys, etc.
The legal basis for data processing can be Article 6(1)(a), (b) or (f) of the EU GDPR.
Further information on the processing of your data by EasyRetro can be found at https://easyretro.io/privacy/ .
Trello
In some cases, I resort to self-organisation using the project management solution Trello, where I enter personal data.
The legal basis for processing the data can be Article 6(1) sentence 1 lit. a, b or f of the EU GDPR.
Trello is a provider based in the USA (San Francisco, California), in a third country, that operates according to the highest compliance and EU GDPR standards. You can currently find detailed information about the EU GDPR standards via the following link https://trello.com/de/trust. There is no adequacy decision from the European Commission for the USA. As far as personal data is transmitted outside the EU, Trello has committed to comply with appropriate data transfer mechanisms as required by the EU GDPR. In particular, there is a current certification under the EU-US Privacy Shield. Further information on Trello and the EU GDPR can be found at https://help.trello.com/article/1118-trello-and-gdpr-our-commitment-to-data-privacy. Furthermore, I do not intend to transfer your personal data to a third country or to an international organisation.
Slack
I use the provider Slack for instant messaging.
The legal basis for the processing of data can be Art. 6 para. 1 sentence 1 lit. a, b or f of the EU GDPR.
Slack is a messaging service; the provider is Slack Technologies, Inc., 500 Howard Street, San Francisco, CA 94105, USA.
The data collection takes place based on my legitimate interest according to Art. 6 para. 1 sentence 1 lit. f) EU GDPR.
Further information about Slack can be found on the website https://slack.com/intl/de-de/; there you can also find the privacy policy (https://slack.com/intl/de-de/legal) as well as the data processing agreement (https://slack.com/intl/de-de/terms-of-service/data-processing), the standard contractual clauses (guaranteeing the level of data protection in processing in third countries) https://slack.com/intl/de-de/terms-of-service/data-processing; as well as the security measures: https://slack.com/intl/de-de/security-practices.
19. SessionLab
I use the provider SessionLab for planning workshops and training. SessionLab is a provider of TrainedOn OÜ, with an address at Voolu tn 20a, Tallinn, 10918 Tallinn, Estonia.
The legal basis for processing the data can be Article 6(1) sentence 1 letters a, b, or f of the EU GDPR.
The privacy policy of SessionLab can be found at https://www.sessionlab.com/privacy/. You can find the cookie policy at https://www.sessionlab.com/cookies/. Contact with SessionLab can be made at support@sessionlab.com. As a provider based in the EU, SessionLab is subject to the requirements of the EU GDPR.
20. DocuSign
The storage and processing of personal data also takes place in the context of using the SAP Signature Management by DocuSign service for contract management primarily on servers in the EU.
The legal basis for the processing of data may be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
The operator of the DocuSign service is DocuSign, Inc., 221 Main Street Suite 1000 San Francisco, CA 94105 United States.
In providing the DocuSign service, processing of personal data by processors based in the USA may occur (e.g. in the context of support services or the transfer of transaction data). The USA is not a secure third country according to EU data protection law. US companies may be required to disclose personal data to security authorities, without you, as the affected party, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. intelligence services) may process, evaluate, and permanently store your data located on the servers for surveillance purposes. I have no influence over these processing activities.
The suitable guarantees required under Art. 46 para. 1 EU GDPR for the transfer are provided by DocuSign through government-approved binding internal data protection regulations (so-called Binding Corporate Rules - BCR) in accordance with Art. 46 para. 2 lit. b) in conjunction with Art. 47 EU GDPR. The currently valid binding data protection regulations of DocuSign can be found at: https://www.docusign.com/trust/privacy/binding-corporate-rules.
21. Werden Daten an Dritte weitergegeben und wenn ja, welche?
In principle, the data you provide will not be made available to third parties. However, in individual cases, it may be necessary to pass on your personal data to companies tasked by me with providing individual services in order to fulfil the contract. These third parties are also required to comply with the legal provisions when handling and processing this data. They have been carefully selected and commissioned by me. These service providers use your data only for order processing.
Transmission to authorities entitled to information and state institutions occurs only within the framework of legal disclosure obligations and in the event of a court order to this effect. In these cases, I may provide the information, e.g. for the assertion, exercise and defence of legal claims, enforcement of existing contracts, in the context of fraud allegations, security measures or generally applicable legal regulations.
Personal data will not be passed on outside the framework described here without explicit consent.
In no case will I sell or rent personal data to third parties.
22. Wie lange werden die Daten gespeichert?
Ihre Daten werden von mir nur so lange gespeichert, wie diese zur Erfüllung der oben genannten Zwecke erforderlich sind. Sobald dies nicht mehr der Fall ist, z.B. nach vollständiger Vertragsdurchführung werden sie gelöscht bzw. gesperrt, wenn handels- oder steuerrechtliche Aufbewahrungspflichten dies verlangen. Ab dem Zeitpunkt, ab dem gesetzliche Aufbewahrungspflichten nicht mehr entgegenstehen, werden die Daten gelöscht, sollten Sie nicht ausdrücklich einer weiteren Verwendung zugestimmt haben.
23. Ihre Rechte als Betroffene*r
Ihnen als einer von der Verarbeitung personenbezogener Daten Betroffene*r stehen die im Folgenden aufgeführten Rechte zu. Diese Rechte ergeben sich aus den Vorgaben der Datenschutz Grundverordnung und werden hier in teils vereinfachter Form wiedergegeben.
Auskunftsrecht
Sie haben gem. Art. 15 EU-DSGVO das Recht, von mir eine Bestätigung darüber zu verlangen, ob Sie betreffende personenbezogene Daten verarbeitet werden. Ist dies der Fall, so haben Sie ein Recht auf Auskunft über diese personenbezogenen Daten und die in Art. 15 Abs. 1 Hs. 2 EU-DSGVO genannten Informationen. Dazu zählen insbesondere der Zweck der Verarbeitung, die Kategorien der verarbeiteten Daten, die Empfänger, gegenüber denen Daten offengelegt worden sind oder noch werden, soweit möglich die geplante Dauer der Speicherung und die Kriterien für die Dauer der Speicherung.
Recht auf Berichtigung
Sie haben gem. Art. 16 EU-DSGVO das Recht, von mir unverzüglich die Berichtigung Sie betreffender unrichtiger personenbezogener Daten zu verlangen. Unter Berücksichtigung der Zwecke der Verarbeitung haben Sie das Recht, die Vervollständigung unvollständiger personenbezogener Daten – auch mittels einer ergänzenden Erklärung – zu verlangen.
Recht auf Löschung
Sie haben gem. Art. 17 EU-DSGVO das Recht, von mir zu verlangen, dass Sie betreffende personenbezogene Daten unverzüglich gelöscht werden. Ich bin verpflichtet, personenbezogene Daten unverzüglich zu löschen, sofern einer der in Art. 17 Abs. 1 EU-DSGVO genannten Gründe zutrifft. Zu diesen Gründen gehört etwa, dass die Daten für die Zwecke, für die sie erhoben oder sonst verarbeitet werden, nicht mehr notwendig sind.
Recht auf Einschränkung der Verarbeitung
Sie haben gem. Art. 18 EU-DSGVO das Recht, von mir die Einschränkung der Verarbeitung zu verlangen, wenn eine der in Art. 18 EU-DSGVO genannten Voraussetzungen vorliegt. Dazu gehört etwa, dass Sie die Richtigkeit der personenbezogenen Daten bestreiten. Dann darf ich die Daten solange nur eingeschränkt verarbeiten, wie es dauert, die Richtigkeit der personenbezogenen Daten zu überprüfen.
Recht auf Datenübertragbarkeit
Sie haben gem. Art. 20 EU-DSGVO das Recht, die Sie betreffenden personenbezogenen Daten, die sie mir bereitgestellt haben, in einem strukturierten, gängigen und maschinenlesbaren Format zu erhalten. Sie haben das Recht, diese Daten einem anderen Verantwortlichen, d.h. einer anderen Stelle, die Daten verarbeitet, ohne Behinderung zu übermitteln, sofern die ursprüngliche Verarbeitung auf einer Einwilligung beruhte oder zur Durchführung eines Vertrages erforderlich war.
Widerspruchsrecht
Sie haben gem. Art. 21 EU-DSGVO das Recht, jederzeit gegen die Verarbeitung Sie betreffender personenbezogener Daten Widerspruch einzulegen, wenn diese Daten auf der Grundlage des Art. 6 Abs. 1 lit. e) oder f) EU-DSGVO verarbeitet werden und Gründe vorliegen, die sich aus Ihrer persönlichen Situation ergeben. Gegen die Verarbeitung von Daten zum Zwecke des Betreibens von Direktwerbung kann jederzeit Widerspruch eingelegt werden. Personenbezogene Daten werden dann nicht mehr für diesen Zweck verarbeitet. Das Widerspruchsrecht kann durch eine formlose Erklärung ausgeübt werden. Es genügt eine schriftliche Erklärung oder wahlweise eine E-Mail an die oben genannte Kontaktadresse.
Recht auf Widerruf der Einwilligungserklärung
Sie haben gem. Art. 7 Abs. 3 EU-DSGVO das Recht, Ihre Einwilligung in die Verarbeitung jederzeit zu widerrufen. Die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung wird nicht berührt. Das Widerrufsrecht kann durch eine formlose Erklärung ausgeübt werden. Es genügt eine schriftliche Erklärung oder wahlweise eine E-Mail an die oben genannte Kontaktadresse.
Automatisierte Entscheidung im Einzelfall einschließlich Profiling
Sie haben gem. Art. 22 EU-DSGVO das Recht, nicht einer ausschließlich auf einer automatisierten Verarbeitung – einschließlich Profiling – beruhenden Entscheidung unterworfen zu werden, die Ihnen gegenüber rechtliche Wirkung entfaltet oder Sie in ähnlicher Weise erheblich beeinträchtigt. Hiervon sieht Art. 22 Abs. 1 EU-DSGVO Ausnahmen vor, wobei sich in Art. 22 Abs. 4 EU-DSGVO wiederum teilweise Rückausnahmen finden.
Recht auf Beschwerde bei einer Aufsichtsbehörde
You have the right, according to Article 77 of the EU GDPR, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates this regulation.
In this case, the competent supervisory authority is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Phone: 030/13 889-0
Fax: 030/215-5050
Email: mailbox@datenschutz-berlin.de
http://www.datenschutz-berlin.de
24. Technische und organisatorische Maßnahmen
Ich treffe technische und organisatorische Maßnahmen, um zu gewährleisten, dass die Sicherheits- und Schutzanforderungen der EU-DSGVO erfüllt sind und die personenbezogenen Daten vor Verlust, Zerstörung, Manipulation oder Zugriff durch unbefugte Personen geschützt sind. Die Maßnahmen werden jeweils dem aktuellen Stand der Technik angepasst.
25. Änderungen der Datenschutzerklärung
Ich behalte mir das Recht vor, diese Datenschutzerklärung jederzeit zu ändern. Sie werden gebeten, sich regelmäßig über den Inhalt der Datenschutzerklärung zu informieren.
English Version
Privacy policy
The protection of personal data is very important to me. Whether data is collected and for what purpose it is processed is explained in the following privacy policy. I comply with all applicable legislation on the protection of personal data and data security. My employees are also extensively trained and obliged to maintain confidentiality and comply with all data protection regulations.
The legal basis for data processing is Art. 6 para. 1 a) and Art. 7 EU-GDPR for consent, Art. 6 para. 1 b) EU-GDPR for the fulfilment of services and the performance of contractual obligations, Art. 6 para. 1 c) EU-GDPR for the fulfilment of legal obligations and Art. 6 para. 1 f) EU-GDPR for the protection of legitimate interests.
Personal data will only be collected, stored and processed insofar as it is necessary for the provision of the offer and the provision of the service or the answer to the enquiry. In the following, the purposes for which the processing is necessary in particular are presented.
I will only process your personal data in strict compliance with data protection regulations. In particular, such data will only be processed if there is a legal permission.
1. Name and contact details of the controller
The controller within the meaning of Art. 4 EU-GDPR for the processing of personal data is:
Kristina MüllerSophienstr. 21, 10317 Berlin/Germany
kristina@99facets.de
+49 (0)175 5470089
2. Server-Logfiles
I collect data, so-called server log files, about every access to the server on which the https://99facets.de website is located. This access data includes, for example, the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
The legal basis for data processing is Art. 6 para. 1 lit. f) EU GDPR.
The data mentioned is processed by me in order to establish a connection to my website. Processing is necessary to ensure the safety and stability of the system.
I only use the log data for statistical evaluations, for the purpose of business operations, the security of the service and the optimization of the offer.
I reserve the right to check the log data retrospectively if there is a suspicion of illegal use of the service provided on the basis of concrete indications.
3. Contact
If you contact me at the e-mail address provided on my website, I will process the personal data provided by you – e-mail address as well as additional contact information and your name – for the purpose of answering the inquiry.
The legal basis for data processing is Art. 6 para. 1 lit. b) and Art. 6 para. 1 lit. f) EU GDPR.
The processing of your e-mail address is essential in order to be able to answer your request. If data is also processed, such as name, address or the like, processing serves to individualize the respective user and thus to be able to respond to his or her request in the best possible way.
4. Cookies
My website uses cookies. This is a short data packet that is exchanged between computer programs or a text file that is stored on the user's computer system. Session cookies are deleted when you close your browser, persistent cookies, on the other hand, remain on your device and enable us to recognize your browser the next time you visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general, such as third-party cookies. If you do not accept cookies, the functionality of my website may be limited.
The legal basis for data processing is Art. 6 para. 1 lit. f) EU GDPR.
The use of cookies makes it possible to optimally adapt the website to the needs of each user. The use of cookies enables me to analyze user behavior, the performance of the website with regard to e.g. loading times when using different browsers and the use of appropriate individualized advertising according to user behavior.
5. Hosting
I host the content of my website on Strato.
The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter referred to as "Strato"). When you visit our website, Strato collects various log files including your IP addresses.
For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/.
Strato is used on the basis of Art. 6 para. 1 lit. f EU GDPR.
I have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a EU GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
I have concluded a contract for data processing (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of my website visitors only in accordance with my instructions and in compliance with the EU GDPR.
6. Canva
I use the services of Canva to create graphics, such as visualizations for LinkedIn posts, presentations, etc.
Canva may process Usage Data and Metadata for security purposes, service optimization, or marketing purposes.
Canva is an online design and publishing tool; The service provider is Canva Pty Ltd, 110 Kippax St, Surry Hills, NSW 2010, Australia.
The website and the terms of use can be found under https://www.canva.com/de_de/ and https://about.canva.com/de_de/nutzungsbedingungen/.
The use of Canva is based on Art. 6 para. 1 lit. f EU GDPR.
I have a legitimate interest in optimising my services. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) EU GDPR. The consent can be revoked at any time.
I have concluded a contract for data processing (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of my website visitors only in accordance with my instructions and in compliance with the EU GDPR.
7. Zoom
To conduct video conferences, I use "Zoom" from Zoom Video Communications Inc.
In the course of the video conference, both user data (e.g. name, e-mail address, telephone number if applicable) and content data (e.g. date and time of participation, shared screen content and files, chat content) are processed. This is done in order to be able to carry out (pre-)contractual measures with you and thus to conduct internal and external meetings. A recording of a video conference will only take place with prior express consent.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
The use of Zoom enables video conferences to be held and thus enables the best possible provision of my services for my customers.
Zoom provides detailed information on security and compliance in "Zoom" at https://explore.zoom.us/de/gdpr/ .
8. Google Analytics
I use Google Analytics to analyze website usage.
Google Analytics is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on my behalf and contractually undertakes to take measures to ensure the security and confidentiality of the data processed.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
During your visit to the website, the following data is recorded, among other things: pages viewed, the achievement of "website goals" (e.g. contact requests), your behaviour on the pages (e.g. time spent on the pages, clicks, scrolling behaviour), your approximate location (country and city), your IP address (in abbreviated form so that no clear assignment is possible), technical information such as browser, internet provider, device and screen resolution, source of origin of your visit (i.e. via which website) website or through which advertising medium you came to us).
Personal data such as name, address or contact details are never transmitted to Google Analytics.
The data is transmitted to Google servers in the USA. I would like to point out that the same level of protection cannot be guaranteed in the USA as within the EU.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future website visits.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data will be stored in aggregated form for an indefinite period.
For details on data protection at Google Analytics, please see https://support.google.com/analytics/answer/6004245?hl=de
The data obtained through the use of Google Analytics is used to optimize my website and, if necessary, advertising measures.
9. Google Workspace
I use Google Workspace to efficiently organize my work and to conduct video conferences, especially for e-mail communication. As a result, data, in particular personal data, is stored on external servers (cloud) of Google Inc.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
Guarantees in accordance with Art. 46 EU GDPR for transfer to a third country are available in the form of standard contractual clauses.
For more information about data protection at Google, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
10. Apple iCloud
I use www.icloud.com, a cloud service for data storage and data exchange. The service provider is the American company Apple Inc., Infinte Loop, Cupertino, CA95014, USA.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
Apple also processes data in the USA, among other places. I would like to point out that the same level of protection cannot be guaranteed in the USA as within the EU.
However, Apple uses standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2) and (3) EU GDPR.
These contractual clauses oblige Apple to maintain a certain level of data protection even outside the USA. These standard contractual clauses, which are based on a so-called implementing decision of the EU Commission, under https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Apple's Privacy Policy can be found at https://www.apple.com/legal/privacy/de-ww/.
The use of iCloud enables me to provide my services in a customer-oriented and optimized way.
11. Miro
I use the Miro whiteboard tool as part of online training, workshops or conceptual work. Miro is a service of RealtimeBoard Inc., based in San Francisco, USA.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
You can find out more about data protection at Miro under https://miro.com/de/trust/datenschutz-und-governance/
Miro also processes data in the USA, among other places. I would like to point out that the same level of protection cannot be guaranteed in the USA as within the EU.
However, Miro uses standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2) and (3) EU GDPR. These contractual clauses oblige Miro to maintain a certain level of data protection even outside the USA. These standard contractual clauses, which are based on a so-called implementing decision of the EU Commission, are https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
Miro's Privacy Policy can be found at https://miro.com/legal/privacy-policy/.
The use of Miro enables me to carry out my services to the customer in a timely manner.
12. Dropbox
I use Dropbox, an online storage service for files, photos and videos. The service provider is the American company Dropbox Inc.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
The company's European office is located at One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland.
Dropbox also processes data in the USA, among other places. I would like to point out that, in the opinion of the European Court of Justice, there is no adequate level of protection for data transfers to the USA. This can be accompanied by various risks to the lawfulness and security of data processing.
Dropbox uses standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2) and (3) EU GDPR. These contractual clauses oblige Apple to maintain a certain level of data protection even outside the USA. These standard contractual clauses, which are based on a so-called implementing decision of the EU Commission, under https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Dropbox's privacy policy can be found at https://www.dropbox.com/privacy.
The use of Dropbox enables me to provide my services in the most customer-oriented and pragmatic way possible.
13. Microsoft Suite
I use services from Microsoft Suite. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399 USA.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
Microsoft processes data in the USA, among other places. I would like to point out that, in the opinion of the European Court of Justice, there is no adequate level of protection for data transfers to the USA. This can be accompanied by various risks to the lawfulness and security of data processing.
Microsoft uses standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2) and (3) EU GDPR. These contractual clauses oblige Apple to maintain a certain level of data protection even outside the USA. These standard contractual clauses, which are based on a so-called implementing decision of the EU Commission, under https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Microsoft's privacy statement can be found at https://privacy.microsoft.com/de-de/privacystatement.
Microsoft Suite provides me with IT software that can be individually adapted to the provision of services in order to meet all customer requirements in the best possible way.
14. Framer
I use the design software Framer for my website. The provider is Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, The Netherlands. When you visit my website, Framer collects various log files including your IP-3 / 8 addresses.
The use of Framer is based on Art. 6 para. 1 lit. f EU GDPR. I have a legitimate interest in presenting my website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a EU GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Framer is a tool for creating and hosting websites. Framer stores cookies or other recognition technologies that are necessary for the presentation of the site, to provide certain website functions and to ensure security (necessary cookies). For details, please refer to Framer's privacy policy: https://www.framer.com/legal/privacy-statement/. The data transfer to the Netherlands is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.framer.com/legal/privacy-statement/.
15. Conceptboard
In order to be able to provide you with an online whiteboard for seminars, I use the Conceptboard service.
The provider is Digital Republic Media Group GmbH, Mansfelder Str. 56, 06108 Halle (Saale).
The legal basis for the use of Conceptboard is Art. 6 para. 1 subpara. 1 letter b) EU GDPR, because it is necessary for me to be able to fulfil my contractual obligations to provide seminar services.
In order to be able to use the service, the processing of the IP address of the users is technically necessary. I have concluded a data processing agreement with Digital Republic Media Group GmbH.
The data provided above will be processed as necessary for the purpose of the online event. The IP address and hardware information of the end devices are usually stored in the server log files for a period of 30 days for possible error analyses and then automatically deleted.
16. Easy Retro
In addition, EasyRetro's tools can be used in digital events to collect ideas together, carry out queries, etc.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
For more information on the processing of your data by EasyRetro, please see https://easyretro.io/privacy/ .
17. Trello
In some cases, I use the project management solution Trello for self-organization, into which I enter the personal data.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
Trello is a provider based in the USA (San Francisco California), in a third country that operates according to the highest compliance and EU GDPR standards. You can find out more about the EU GDPR standards via the following link https://trello.com/de/trust. For the USA, there is no adequacy decision from the European Commission. To the extent that personal data is transferred outside of the EU, Trello is committed to adhering to appropriate data transfer mechanisms as required by the EU GDPR. In particular, there is a current certification according to EU-US Privacy Shield. For more information on Trello and the EU GDPR, visit https://help.trello.com/article/1118-trello-and-gdpr-our-commitment-to-data-privacy. In addition, I do not intend to transfer your personal data to a third country or to an international organisation.
Slack
I use the provider Slack for instant messaging.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
Slack is an instant messaging service; the provider is Slack Technologies, Inc., 500 Howard Street, San Francisco, CA 94105, USA.
The data is collected on the basis of my legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f) EU GDPR.
You can find more information about Slack on the https://slack.com/intl/de-de/ website, where you can also find the Privacy Policy (https://slack.com/intl/de-de/legal) and the Data Processing Agreement (https://slack.com/intl/de-de/terms-of-service/data-processing), the Standard Contractual Clauses (ensuring the level of data protection when processing in third countries) https://slack.com/intl/de-de/terms-of-service/data-processing; as well as the safety measures: https://slack.com/intl/de-de/security-practices to find.
19. SessionLab
I use the provider SessionLab for planning workshops and trainings. SessionLab is a provider of TrainedOn OÜ, with address at Voolu tn 20a, Tallinn, 10918 Tallinn, Estonia.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
SeesionLab's privacy policy can be found at https://www.sessionlab.com/privacy/. You can find the Cookie Policy at https://www.sessionlab.com/cookies/ . Contact SessionLab can be made at support@sessionlab.com . As a provider based in the EU, SessionLab is subject to the requirements of the EU GDPR.
20. DocuSign
The storage and processing of personal data is also carried out on servers in the EU as part of the use of the SAP Signature Management by DocuSign service for contract management.
The legal basis for the processing of the data can be Art. 6 para. 1 sentence 1 lit. a, b or f EU GDPR.
The operator of the DocuSign service is DocuSign, Inc., 221 Main Street Suite 1000 San Francisco, CA 94105 United States.
When providing the DocuSign service, personal data may be processed by processors based in the USA (e.g. in the context of support services or the transmission of transaction data). The USA is not a safe third country within the meaning of EU data protection law. US companies may be obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against it. It cannot therefore be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data on the servers for surveillance purposes. I have no influence on these processing activities.
DocuSign ensures the appropriate safeguards for the transfer required under Art. 46 (1) EU GDPR by means of officially approved binding corporate rules (BCR) in accordance with Art. 46 (2) (b) in conjunction with Art. 47 EU-GDPR. DocuSign's current binding data protection rules can be found at: https://www.docusign.com/trust/privacy/binding-corporate-rules.
21. Is data passed on to third parties and if so, which ones?
As a matter of principle, the data you transmit will not be made available to third parties. In individual cases, however, it may be necessary to pass on your personal data to companies that are entrusted by me with the provision of individual services in order to perform the contract. For their part, third parties are obliged to comply with legal regulations when handling and processing this data. They were carefully selected and commissioned by me. These service providers will only use your data for order processing.
A transfer to authorities and state institutions entitled to information only takes place within the framework of the statutory obligation to provide information and in the event of a court decision obliging to do so. In these cases, I can provide the information, e.g. for the establishment, exercise and defence of legal claims, enforcement of existing contracts, in the context of allegations of fraud, security measures or generally applicable legal regulations.
Personal data will not be passed on outside the scope described here without explicit consent.
Under no circumstances will I sell or rent personal data to third parties.
22. How long will the data be stored?
Your data will only be stored by me for as long as it is necessary to fulfil the above-mentioned purposes. As soon as this is no longer the case, e.g. after the contract has been fully executed, they will be deleted or blocked if this is required by commercial or tax law retention obligations. From the point in time when statutory retention obligations no longer apply, the data will be deleted unless you have expressly consented to further use.
23. Your rights as a data subject
As a data subject to the processing of personal data, you have the rights listed below. These rights result from the requirements of the General Data Protection Regulation and are reproduced here in a partially simplified form.
Right
In accordance with Art. 15 EU-GDPR, you have the right to request confirmation from me as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this personal data and the information specified in Art. 15 para. 1 Hs. 2 EU-GDPR. These include, in particular, the purpose of the processing, the categories of data processed, the recipients to whom data have been or will be disclosed, the planned duration of storage as far as possible and the criteria for the duration of storage.
Right to rectification
In accordance with Art. 16 EU-GDPR, you have the right to demand that I correct incorrect personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to restriction of processing
In accordance with Art. 18 EU-GDPR, you have the right to demand that I restrict the processing if one of the conditions specified in Art. 18 EU-GDPR is met. This includes, for example, contesting the accuracy of the personal data. In this case, I may only process the data to a limited extent as long as it takes to check the accuracy of the personal data.
Right to data portability
In accordance with Article 20 of the EU GDPR, you have the right to receive the personal data concerning you that you have provided to me in a structured, commonly used and machine-readable format. You have the right to transmit these data to another controller, i.e. another entity that processes data, without hindrance, provided that the initial processing was based on consent or was necessary for the performance of a contract.
Right to object
In accordance with Article 21 of the EU GDPR, you have the right to object to the processing of personal data concerning you at any time if this data is processed on the basis of Article 6 (1) (e) or (f) of the EU GDPR and there are reasons arising from your personal situation. You can object to the processing of data for the purpose of direct marketing at any time. Personal data will then no longer be processed for this purpose. The right to object can be exercised by means of an informal declaration. A written declaration or, optionally, an e-mail to the above contact address is sufficient.
Right to withdraw consent
In accordance with Article 7 (3) of the EU GDPR, you have the right to revoke your consent to the processing at any time. The lawfulness of the processing carried out on the basis of consent before its revocation is not affected. The right of withdrawal can be exercised by means of an informal declaration. A written declaration or, optionally, an e-mail to the above contact address is sufficient.
Automated decision-making in individual cases including profiling
In accordance with Article 22 of the EU GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects on you or similarly significantly affects you. Art. 22 para. 1 EU-GDPR provides for exceptions to this, whereby Art. 22 para. 4 EU-GDPR again contains partial retroactive exceptions.
Right to lodge a complaint with a supervisory authority
In accordance with Article 77 of the EU GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes this Regulation, without prejudice to any other administrative or judicial remedy.
In the present case, the competent supervisory authority is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 21910969 Berlin
Phone: 030/13 889-0
Fax: 030/215-5050
E-Mail: mailbox@datenschutz-berlin.de
http://www.datenschutz-berlin.de
24. Technical and organisational measures
I take technical and organizational measures to ensure that the security and protection requirements of the EU GDPR are met and that the personal data is protected from loss, destruction, manipulation or access by unauthorized persons. The measures are adapted to the current state of the art.
25. Changes to the Privacy Policy
I reserve the right to change this privacy policy at any time. You are requested to inform yourself regularly about the content of the privacy policy.