Shankari Susanne Hill
Musician & Yoga Teacher
Email address: firstname.lastname@example.org
Owner: Shankari Susanne Hill
Link to the imprint: https://forheartnsoul.com/impressum/
Types of processed data:
- Inventory data (e.g. names, addresses).
- Contact details (e.g. email, telephone numbers).
- Content data (e.g. text input, photographs, videos).
- Usage data (e.g. visited websites, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
Categories of affected persons:
Visitors and users of the online offer (hereinafter also referred to collectively as “users”).
Purpose of processing:
- Provision of the online offer, its functions, and content.
- Responding to contact requests and communicating with users.
- Security measures.
- Range measurement/marketing.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Authoritative Legal Bases
In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as the access, input, disclosure, availability and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to data breaches. We also consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
Cooperation with Data Processors and Third Parties
If we disclose data to other individuals or companies (data processors or third parties) in the course of our processing, transmit them to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is necessary for the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b GDPR), if you have given your consent, if a legal obligation provides for it or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.
Transmissions to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing/transmitting data to third parties, this only happens if it is necessary for the fulfillment of our pre-contractual or contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means, for example, that processing is based on special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and other information as specified in Article 15 GDPR.
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed, as specified in Article 16 GDPR.
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the grounds specified in Article 17 GDPR applies. Alternatively, you may request a restriction of the processing of the personal data in accordance with Article 18 GDPR.
You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on your consent or on a contract pursuant to Article 20 GDPR.
Furthermore, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.
Right of withdrawal
You have the right to withdraw your consent under Article 7(3) GDPR with effect for the future.
Right to object
You may at any time object to the future processing of personal data concerning you in accordance with Article 21 GDPR. This objection may be made in particular against processing for direct marketing purposes.
Cookies and the right to object to direct advertising
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Cookies that are deleted after a user leaves an online service and closes their browser are called temporary cookies or session cookies. The contents of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are called “permanent” or “persistent”. In such a cookie, a user’s interests can also be stored and used for measuring reach or marketing purposes. Cookies that are offered by providers other than the person responsible for operating the online service are called “third-party cookies” (otherwise, if they are only the person’s cookies, they are referred to as “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies can lead to functional restrictions of this online service.
Deletion of Data
According to legal requirements in Germany, storage is carried out in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, relevant for taxation documents, etc.) and for 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters).
According to legal requirements in Austria, storage is carried out in particular for 7 years in accordance with § 132 para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents relating to electronically supplied services, telecommunications, radio and television services which are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
We process our customers’ data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
We process inventory data (e.g. customer master data, such as names or addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. contract object, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. in the context of evaluating and measuring the success of marketing measures). We generally do not process special categories of personal data unless they are part of a commissioned processing. Those affected include our customers, interested parties as well as their customers, users, website visitors or employees as well as third parties. The purpose of the processing is to provide contractual services, billing, and our customer service. The legal basis for the processing is derived from Art. 6 para. 1 lit. b GDPR (contractual services), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization, security measures). We process data that is necessary for the establishment and fulfillment of the contractual services and point out the necessity of their provision. Disclosure to third parties only takes place if it is necessary within the scope of an order. When processing data that has been disclosed to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of a commissioned processing pursuant to Art. 28 GDPR and process the data for no other purposes than those specified in the order.
When contacting us (e.g. via contact form, email, telephone or social media), the user’s information will be processed in accordance with Art. 6 para. 1 lit. b) GDPR for the purpose of processing the contact request and its handling. The user’s information may be stored in a customer relationship management system (“CRM system”) or a comparable inquiry organization.
We delete requests if they are no longer necessary. We review the necessity every two years; statutory retention obligations also apply.
Online presence in social media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Integration of third-party services and content
Based on our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offerings from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content perceive the user’s IP address, since they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ device and may contain technical information about the browser and operating system, referring web pages, visit time, and other information about the use of our online offer, as well as be linked to such information from other sources.
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke
Unter den Linden 25
Phone: +49 (0)5221 57405