Privacy Statement

Data privacy statement

 

  1. Name and contact details of the data controller and the company data protection officer.

 

This data protection notice applies to data processing by:

Person responsible:    Ms Petra Coll Exposito

- Feng Shui Consultation and Training -

An der Kirche 96

14476 Potsdam

Phone: (49) 033201/457688

E-mail: office@feng-shui.de

A company data protection officer has not been appointed. There is currently no legal obligation to do so.

 

 

  1. General information on data processing

 

a.) Scope of the personal data processing

 

As a matter of principle, we only process your personal data to the extent that this is necessary to provide a functioning website and our services.

 

b.) Legal basis for the processing of personal data

 

Insofar, as we ask for the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis.

 

When processing personal data that is necessary for the fulfilment of a contract to which the concerned person is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

 

Insofar the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis.

 

In the event that vital interests of the person concerned or another natural person require processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

 

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

 

c.) Data deletion and storage period

 

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

 

 

  1. Collection and storage of personal data as well as type and purpose of their use

 

a.) Web hosting and data processing when visiting the website: https://feng-shui-institute.com/

 

ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, D-02742 Friedersdorf, is used as hosting provider for the provision of the services offered by us on the Internet.

 

ALL-INKL.COM processes contact data, content data, inventory data as well as meta and communication data on our behalf in accordance with Art. 28 GDPR.

 

The hosting services we use serve to provide computing capacity, storage space, technical maintenance and security services as well as infrastructure and database services which we use for the purpose of operating our website.

 

Our website is hosted on servers located in Germany.

 

The data processing is based on our legitimate interest in the efficient and secure provision of our internet services, Art. 6 para. 1 lit. f in conjunction with. Art. 28 GDPR. For the data protection regulations of ALL-INKL.COM please go to: https://all-inkl.com/datenschutzinformationen/.

 

On our behalf ALL-INKL.COM automatically collects and stores server log files containing information transmitted by your browser.

 

This information includes:

 

  • Browser type
  • operating system
  • Referrer URL (previously visited page)
  • Host name (IP address)

 

ALL-INKL.COM cannot assign this data to specific persons. This data is not merged with other data sources. The data is deleted after a statistical evaluation after 3 weeks at the latest.

 

The aforementioned data is processed by us for the following purposes:

 

- Ensuring a smooth connection set-up of the website,

- Ensuring a comfortable use of our website,

- Evaluation of the system security and stability as well as

- For other administrative purposes.

 

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use this collected data for the purpose of drawing conclusions about your person.

b.) When using our contact form

 

If you have any questions about our services, we offer the option of contacting us via a contact form provided on the website. In doing so, it is necessary to provide a valid email address and your name so that we know who the enquiry is from and so that we can answer it. Further information can be provided voluntarily. It is your free decision whether you provide further data.

 

The necessary and required data processing for the purpose of implementing an existing or new contractual relationship is based on the legal authorisation from Art. 6 Para. 1 Sentence 1 lit. b GDPR. For further processing purposes, your voluntarily given consent is generally required in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR.

 

c.) When registering for our newsletter

 

If you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to enter your first name and email address. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the login and confirmation time as well as the IP address.

 

You can unsubscribe from the newsletter at any time via a link at the end of each newsletter. Alternatively, you can also send an email to office@feng-shui.de. requesting to unsubscribe at any time.

 

 

  1. Transfer of data

 

We do not transfer your personal data to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

 

you have given your express consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR,

 

the disclosure is necessary to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, unless your interests, fundamental rights or freedoms, which require the protection of personal data, prevail,

 

in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c GDPR, as well as

 

this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b GDPR.

As far as we offer and/or use third party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms also apply in the relationship between the users and the providers.

 

 

  1. Cookies

 

We use cookies on our website. Cookies are small text files that are transmitted from the Internet to your browser together with the data actually requested and that enable specific, device-related information to be stored on your access device.

 

The use of cookies serves to make the use of our offer more pleasant for you.

 

We may use the following types of cookies:

 

Technically necessary cookies (required)

 

These are cookies are required for the proper functioning of our website, applications or services.

 

Functional cookies (optional)

 

These cookies allow our website, apps or services to remember a choice you made and help provide enhanced, more personalised features.

 

Performance and analytics cookies (optional)

 

These cookies collect information on how visitors and users use our website, apps and services and whether they receive error messages.

 

The data processed by technically necessary cookies is required to protect our legitimate interest in a technically functioning website in accordance with Art. 6 (1) p. 1 lit. f GDPR and their use does not require explicit consent.

 

Functional, performance and analysis cookies are only used after your consent to the use of such cookies on the basis of Art. 6 para. 1 lit. a GDPR.

 

Even after consent has been given, you can usually manage cookies independently via your browser.

 

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or a notice always appears before a new cookie is created. You can find more information on this in the help function of your internet browser. For the most common browsers use the following links:

 

Internet Explorer™

Safari™

Chrome™

Firefox™

Opera™

 

Completely disabling cookies may prevent you from using all the features of our website.

 

 

  1. Social media buttons from Facebook, Twitter, Instagram, Pinterest, Youtube, LinkedIn

 

On the basis of Art. 6 (1) p. 1 lit. f GDPR, we offer you the option of using so-called "social media buttons" on our website. However, to protect your data, we use the so-called "Shariff solution". This means that these buttons are only integrated on the website as a graphic that contains a link to the corresponding website of the button provider. By clicking on the graphic, you are thus redirected to the services of the respective provider. Only then your data will be sent to the respective providers. If you do not click on the graphic, no exchange takes place between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers. You can find more information about the Shariff solution under: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

 

 

  1. Analysis/tracking tools

 

The tracking measures listed below and used by us are only carried out with your prior consent on the basis of Art. 6 (1) sentence 1 lit. a GDPR.

 

With the tracking measures used, we want to ensure a needs-oriented design and the continuous optimisation of our website. On the other hand, we use the tracking measures to record statistically the use of our website and to evaluate it for the purpose of optimising our offer for you.

 

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

 

a.) Google Analytics

 

For the purpose of a needs-oriented design and continuous optimisation of our websites, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). Google has been certified under the Privacy Shield agreement and thus offers a sufficient guarantee to maintain an adequate level of data protection in the sense of the GDPR.

 

In this context, pseudonymous user profiles are created and cookies (see point 5.) are used. The information generated by the cookie about your use of our website such as

 

The Browser type/version,

 

The operating system used,

 

The Referrer URL (the previously visited page),

 

The host name of the accessing computer (IP address),

 

The time of the server request,

 

are usually transferred to a Google server in the USA and stored there.

 

IP anonymisation

 

We have set IP anonymisation for Google Analytics on our website. This means that Google will shorten your IP address beforehand in member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. Therefore, your IP address is always anonymised so that it cannot be assigned (so-called IP masking).

 

Google will use this information on our behalf for the purpose of evaluating the use of our website, compiling reports on website activities and providing us with other services related to website activity and internet use for the purposes of market research and tailoring our website to our needs. This information may also be transferred to third parties as long as this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data.

 

However, even after you have given your consent you can prevent cookies from being stored in the future by setting your browser software accordingly (see point 5.).

 

Furthermore, even after you have given your consent, you can prevent Google from collecting the data generated by the cookie and related to your use of our website (including your IP address) and from processing this data for the future by downloading and installing the browser add-on available at the following link.

 

The current link is: http://tools.google.com/dlpage/gaoptout?hl=de

 

Order data processing

 

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

 

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help https://support.google.com/analytics/answer/6004245?hl=de.

 

b.) Google AdWords conversion tracking

 

In order to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you, we also use Google Conversion Tracking. In this process, Google will set a cookie (see point 5.) on your computer for a short period of time if you have accessed our website via a Google advertisement.

 

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the AdWords customer's website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page.

 

Each AdWords customer receives a different cookie. Therefore, cookies cannot be tracked via AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for convention tracking. AdWords customers learn the total number of users who clicked on your ad and were redirected to a page tagged with a convention tracking tag. However, they will not receive any information that personally identifies users. If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com. Google's privacy policy on conversion tracking can be found here: https://services.google.com/sitestats/de.html

 

 

  1. Notes on the integration of videos

 

We like to use videos on our website on the basis of Art. 6 (1) p. 1 lit. f GDPR in order to make content easier to understand, to present it in an appealing way and to make our website better known through this. Since local hosting of videos is not powerful enough, we use the option of external video providers. The underlying purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

 

We use the providers Vimeo and YouTube for the integration of videos.

 

Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011.

 

YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

 

Normally, when you visit a page with embedded videos, your IP address is already sent to the respective video provider and cookies are installed on your computer. However, we have embedded our videos with the extended data protection mode. This means that a connection to the servers of the respective provider will only be established when you call up a page of this website equipped with a YouTube or Vimeo video and also start playback of the video. Only then will the provider's server be informed which specific page of our website was visited. For the use of data from your browser or terminal device, we also refer to the respective data protection notices of the providers who are responsible for the corresponding data processing.

 

If you are logged in to one of the providers with your own user account, your surfing behaviour will also be assigned to your personal profile. You can prevent this by logging out of the account with the respective provider beforehand.

 

For more information on data processing and data protection by Vimeo please visit https://vimeo.com/privacy

 

For more information on data processing and data protection by YouTube please visit https://policies.google.com/privacy

 

The use of the two named providers of video functions is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most appealing design and presentation of our content and in an extensive visibility in social media.

 

YouTube and Vimeo have submitted to the EU-US Privacy Shield and thereby offer a guarantee of compliance with European data protection law, www.privacyshield.gov/EU-US-Framework

 

 

  1. Embedding of fonts

 

Google Web Fonts

 

We have integrated the "Google Fonts" service for the display of fonts. This service is provided by Google. For the integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Therefore, your IP address is transmitted to Google. This data processing is carried out to protect our legitimate interest in the optimisation and economic operation of our website and is based on the legal basis of Art. 6 para. 1 p. 1 lit. f GDPR. Google has submitted to the EU-US Privacy Shield and thereby offers a guarantee of compliance with European data protection law, www.privacyshield.gov/EU-US-Framework

 

 

  1. Amazon affiliate programme

 

On the basis of our legitimate interests (i.e. interest in the economic operation of our online offer in the sense of Art. 6 para 1 lit. f. GDPR) we are participants in the Amazon EU S.à r.l. affiliate programme which was designed to place advertisements and links to Amazon.de on external websites and which enables us to earn advertising fees through this (so-called affiliate system). Amazon EU S.à r.l uses cookies to track the origin of orders. Amazon EU S.à r.l can recognise among other things, that you have clicked on the affiliate link on our website and subsequently purchased a product on Amazon.

 

For more information on Amazon's use of data and ways to object, please see the company's privacy policy:

 

http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401

 

 

  1. Data subject rights

 

You have the right

 

to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

 

in accordance with Art. 16 GDPR, to demand the immediate correction of inaccurate or incomplete personal data stored with us;

 

in accordance with Article 17 GDPR, to request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

 

in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

 

in accordance Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;

 

in accordance with Art. 7 para 3 GDPR to revoke your consent at any time. This has the consequence that we may no longer continue data processing based on this consent in the future; and

 

in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or our company headquarters.

 

 

  1. Right of objection

 

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

 

If you wish to exercise your right of revocation or objection, simply send an email to office@feng-shui.de

 

 

  1. Data security

On our website, we use the Transport Layer Security procedure, more widely known under the name of its predecessor Secure Sockets Layer (SSL), as a hybrid encryption protocol for secure data transmission on the Internet, in conjunction with the highest security level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual (sub)page of our website is transmitted in encrypted form from the closed display of the key or lock symbol in the status bar of your browser. In addition, we use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties.