Privacy Policy
1. Data Protection
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find the operator's contact details in the section "Notice on the Responsible Party" in this privacy policy.
How do we collect your data?
Your data is collected in two ways:
-
Data Provided by You: Some data is collected when you provide it to us. This could include, for example, data you enter in a contact form.
-
Data Collected Automatically: Other data is collected automatically or after your consent when you visit the website by our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or the time of the page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
-
Ensuring Error-Free Provision: Part of the data is collected to ensure the website is provided without errors.
-
Analyzing User Behavior: Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
-
Right to Information: You have the right to obtain, at any time, information about the origin, recipients, and purpose of your stored personal data at no charge.
-
Right to Correction or Deletion: You also have the right to request the correction or deletion of this data.
-
Right to Revoke Consent: If you have given consent for data processing, you can revoke this consent at any time for the future.
-
Right to Restriction of Processing: Furthermore, you have the right to request the restriction of processing your personal data under certain circumstances.
-
Right to Lodge a Complaint: You also have the right to lodge a complaint with the competent supervisory authority. For this, as well as for further questions on the subject of data protection, you can contact us at any time.
Analysis Tools and Third-Party Tools
When you visit this website, your surfing behavior can be statistically evaluated. This is mainly done using so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.
2. Hosting
We host the contents of our website with the following provider:
WIX
The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter referred to as “WIX”).
WIX is a tool for creating and hosting websites. When you visit our website, WIX analyzes user behavior, visitor sources, the region of website visitors, and visitor numbers. WIX stores cookies in your browser that are necessary for displaying the website and ensuring security (essential cookies).
The data collected by WIX may be stored on various servers worldwide. WIX servers are located, among other places, in the USA.
For more details, please refer to WIX's privacy policy: https://de.wix.com/about/privacy.
According to WIX, data transfer to the USA and other third countries is based on the EU Commission’s Standard Contractual Clauses or comparable guarantees under Art. 46 GDPR. Details can be found here: https://de.wix.com/about/privacy-dpa-users.
The use of WIX is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If appropriate consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF is committed to complying with these data protection standards. For more information, please refer to the provider’s link: https://www.dataprivacyframework.gov/s/participant-search/ participant-detail?contact=true&id=a2zt0000000GnbGAAS&status=Active.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a data protection-related contract that ensures that WIX processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General Information and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens. We would like to point out that data transmission over the Internet (e.g., communication via email) can have security vulnerabilities. A complete protection of data from access by third parties is not possible.
Notice Concerning the Responsible Party
The responsible party for data processing on this website is:
Felix Wittmann
Drei Linden 24
96264 Altenkunstadt
Phone: +49 (0) 176 56772122
Email: hello@felix-wittmann.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Duration
Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the data will be deleted after these reasons no longer apply.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to data processing, we process your personal data based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data as defined by Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is additionally based on § 25 (1) TTDSG. Consent can be revoked at any time.
If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6 (1) lit. b GDPR. Furthermore, we process your data if it is required to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing may also occur based on our legitimate interests under Art. 6 (1) lit. f GDPR. The specific legal bases applicable in each case are outlined in the following sections of this privacy policy.
Recipients of Personal Data
As part of our business operations, we collaborate with various external entities. This sometimes requires the transfer of personal data to these external parties. We only disclose personal data to external parties when necessary for fulfilling a contract, when legally required (e.g., providing data to tax authorities), when we have a legitimate interest under Art. 6 (1) lit. f GDPR in the disclosure, or when another legal basis permits the data transfer. When using processors, we only share personal data of our customers based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.
Withdrawal of Consent for Data Processing
Many data processing activities are only possible with your explicit consent. You can withdraw your consent at any time. The legality of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.
Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)
WHEN DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE SPECIFIC LEGAL BASIS FOR THE PROCESSING IS PROVIDED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING IN SO FAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 (2) GDPR).
Right to Lodge a Complaint with the Supervisory Authority
In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, their place of work, or the location of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
Right to Data Portability
You have the right to request the transfer of data that we process automatically based on your consent or in the fulfillment of a contract, to yourself or to a third party in a structured, commonly used, and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.
Right to Access, Rectification, and Erasure
You have the right, under applicable legal provisions, to obtain information about your stored personal data, its origin, recipients, and the purpose of data processing free of charge, and, if necessary, to request rectification or erasure of such data. For these purposes, and for any further questions regarding personal data, you may contact us at any time.
Right to Restriction of Processing
You have the right to request the restriction of processing your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
-
If you contest the accuracy of your personal data stored with us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
-
If the processing of your personal data was unlawful or is unlawful, you may request the restriction of data processing instead of erasure.
-
If we no longer need your personal data but you need it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing of your personal data instead of erasure.
-
If you have lodged an objection under Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests outweigh, you have the right to request the restriction of processing your personal data.
If you have requested the restriction of processing your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of significant public interest of the European Union or a member state.
4. Data Collection on This Website
Cookies
Our website uses so-called "cookies." Cookies are small data packets that do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them or they are automatically deleted by your web browser.
Cookies can come from us (first-party cookies) or from third parties (so-called third-party cookies). Third-party cookies allow for the integration of specific third-party services within websites (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functions or video displays). Other cookies can be used to analyze user behavior or for advertising purposes.
Cookies necessary for conducting electronic communication, providing specific functions you have requested (e.g., shopping cart functionality), or optimizing the website (e.g., cookies for measuring web audience) are stored based on Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure technically error-free and optimized delivery of their services. If consent for the storage of cookies and similar recognition technologies has been obtained, processing is carried out solely based on this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG); consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies and to allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
The specific cookies and services used on this website can be found in this privacy policy.
Contact Form
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you specify, will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your inquiry relates to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if such consent was requested; consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—particularly retention periods—remain unaffected.
Inquiries via Email
If you contact us via email your inquiry, including all personal data arising from it (name, inquiry), will be stored and processed by us for the purpose of handling your concern. We do not share this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your inquiry relates to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if such consent was requested; consent can be revoked at any time.
The data you send us via contact inquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your concern has been resolved). Mandatory legal provisions—particularly legal retention periods— remain unaffected.
5. Newsletter
Newsletter Data
To subscribe to the newsletter offered on the website, we require an email address and information that allows us to verify that you are the owner of the provided email address and consent to receive the newsletter. Additional data is collected only on a voluntary basis. We use this data solely for the purpose of sending the requested information and do not share it with third parties.
The processing of the data entered into the newsletter registration form is based solely on your consent (Art. 6 (1) lit. a GDPR). You may revoke the consent given for the storage of data, the email address, and its use for sending the newsletter at any time, for example, via the "unsubscribe" link in the newsletter. The legality of data processing that occurred prior to the revocation remains unaffected.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose of the data storage ceases to apply (e.g., after the newsletter subscription is canceled). We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, within the scope of our legitimate interest under Art. 6 (1) lit. f GDPR.
Data stored for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. Data in the blacklist will be used solely for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest under Art. 6 (1) lit. f GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
6. Plugins and Tools
Google Fonts (Local Hosting)
This site uses Google Fonts to ensure uniform font representation. The Google Fonts are installed locally, and no connection to Google servers occurs. For more information about Google Fonts, visit https://developers.google.com/fonts/faq?hl=de and Google's Privacy Policy.
7. Own Services
Google Drive
We have integrated Google Drive on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Drive allows us to include an upload area on our website where you can upload content. When you upload content, it is stored on Google Drive servers. Additionally, when you visit our website, a connection to Google Drive is established, so Google Drive can determine that you have visited our website.
The use of Google Drive is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in having a reliable upload area on their website. If consent is requested, processing is carried out solely based on Art. 6 (1) lit. a GDPR; consent can be revoked at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States aimed at ensuring adherence to European data protection standards for data processing in the U.S. Any company certified under the DPF is committed to upholding these data protection standards. For more information, you can visit the provider’s link: https://www.dataprivacyframework.gov/participant/5780
8. Appointment Scheduling via Calendly
To offer you the modern service of simplified online appointment booking, we use the services of Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA (hereinafter "Calendly").
If you choose to use the online appointment scheduling option and click the corresponding button, you will leave our website and be redirected to Calendly. All functions on Calendly, as well as the subsequent processing, are handled by Calendly.
We do not have knowledge of the further processing and duration of storage of this data. Please note that this data is transferred to the USA and processed by US authorities. According to current legal standards, the USA is considered an insecure third country with insufficient data protection levels.
Currently, there is no adequacy decision according to Art. 45 GDPR.
However, Calendly is committed to adhering to the Standard Contractual Clauses for the transfer of personal data to third countries as per Directive 2016/679 (Standard Contractual Clauses - SCC).
We have entered into a data processing agreement with Calendly in accordance with Art. 28 GDPR to protect your personal data.
Furthermore, please note that you are not obligated to use this service for scheduling an appointment. If you do not wish to use it, please use one of the other available contact options for appointment scheduling.
For more information, please refer to Calendly's privacy policy at Calendly Privacy Policy and Calendly GDPR FAQs.
Legal Basis
The legal basis for using Calendly's online appointment scheduling is your consent according to Art. 6 (1) lit. a GDPR.
9. Zoom
As part of our services, we use Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA, represented by Lionheart Squared, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, DO2 EK84, Republic of Ireland, for online meetings, webinars, and video conferences.
Please note that there is a possibility that data may be transferred to the USA and processed by US authorities. According to current legal standards, the USA is considered an insecure third country with insufficient data protection levels.
Currently, there is no adequacy decision pursuant to Art. 45 GDPR.
However, Zoom is committed to adhering to the Standard Contractual Clauses for the transfer of personal data to third countries as per Directive 2016/679 (Standard Contractual Clauses - SCC).
Standard Contractual Clauses
For more information on Standard Contractual Clauses, please visit https://ec.europa.eu/info/ law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clausesscc_de and https://blog.zoom.us/de/sicherheit-und-datenschutz-bei-zoom-unsere-antwortenauf-ihre-fragen/. We have entered into a Data Processing Agreement with Zoom Video Communications, Inc. pursuant to Art. 28 GDPR to protect your data. Further information can be found in Zoom's Privacy Policy at https://zoom.us/de-de/privacy.html and at https://zoom.us/de-de/gdpr.
Legal Basis
The legal basis for this data processing is your consent pursuant to Art. 6 (1) (a) GDPR as well as your explicit consent pursuant to Art. 49 (1) (a) GDPR.
System and Information Security
We secure our website and other systems through technical and organizational measures to protect against loss, destruction, unauthorized access, alteration, or dissemination of the stored data. Despite these measures, complete protection against all hazards cannot be guaranteed. Due to the connection to the internet and the associated technical possibilities, it cannot be ensured that content and information flows are not accessed and recorded by third parties.
Source: E-Recht24