© 2024 carl-friedemann kästner
privacy policy
1 Data Protection Overview
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes any data that can identify you personally. For detailed information on data protection, please refer to the privacy policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the section „Notice on the responsible entity“ in this privacy policy.
How do we collect your data?
Your data is collected when you provide it to us, for example, by entering information into a contact form. Other data is automatically collected by our IT systems when you visit the website. This mainly includes technical data (e.g., internet browser, operating system, or time of the page access). The collection of this data occurs automatically as soon as you enter the website.
What do we use your data for?
Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke it at any time for the future. Furthermore, you have the right to request the restriction of processing your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.
Analysis Tools and Third-Party Tools
When visiting this website, your browsing behavior may be statistically analyzed, primarily using analysis programs. Detailed information on these analysis programs can be found in this privacy policy.
2 Hosting
Alfahosting
Our website is hosted by Alfahosting GmbH, Ankerstraße 3b, 06108 Halle (Saale). When you visit our website, Alfahosting collects various log files, including your IP addresses.
Further information about how Alfahosting handles user data can be found in Alfahosting’s privacy policy at: https://alfahosting.de/datenschutz/.
The use of Alfahosting is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, as long as the consent includes the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.
Cloudflare
We use the Content Delivery Network (CDN) provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare) to improve the security and delivery speed of our website. This is based on our legitimate interest (Art. 6(1)(f) GDPR). A CDN is a network of globally distributed servers that can deliver content to website users in an optimized way. For this purpose, personal data may be processed in Cloudflare’s server log files. Please refer to the „Hosting“ section for more details.
Cloudflare is the recipient of your personal data and acts as a data processor on our behalf. This is in line with our legitimate interest, according to Art. 6(1)(f) GDPR, as we do not operate our own Content Delivery Network.
You have the right to object to the processing of your data. Whether your objection is successful will be determined through a balancing of interests.
The processing of data described in this section is neither legally nor contractually required. However, the website’s functionality cannot be guaranteed without this data processing.
Your personal data will be stored by Cloudflare for as long as necessary for the described purposes.
For more information about objection and removal options regarding Cloudflare, please refer to: Cloudflare DPA.
Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data from individuals within the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information is available here: Cloudflare SCCs.
Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a legally required contract under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3 General Information and Mandatory Notices
Data Protection
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. This policy explains which data we collect, how we use it, and for what purpose.
When you use this website, various personal data are collected. Personal data refers to information that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. Complete protection of data from third-party access is not possible.
Note on the Responsible Entity
The responsible entity for data processing on this website is:
Carl-Friedemann Kästner
Arendsweg 3, 13055 Berlin
Phone: +4915904892423
Email: carl@cfk.works
The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Duration
Your personal data remains with us until the purpose for the data processing no longer applies. If you request the deletion of your data or revoke consent, your data will be deleted unless we are legally required to retain it.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data according to Art. 9(1) GDPR are processed. In the case of explicit consent for the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) TTDSG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The specific legal basis applicable in each case is explained in the following sections of this privacy policy.
Note on Data Transfer to the USA and Other Third Countries
We use tools from companies based in the USA or other countries that do not guarantee the same level of data protection as the EU. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that in these countries, there is no data protection level comparable to that of the EU. For instance, U.S. companies are obligated to hand over personal data to security authorities, without you being able to take legal action. It cannot be ruled out that U.S. authorities (e.g., intelligence services) may process, analyze, and store your data located on U.S. servers for surveillance purposes. We have no control over these processing activities.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of the data processing carried out before the revocation remains unaffected.
Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged violation. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process based on your consent or in the performance of a contract automatically delivered to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.
Access, Rectification, and Erasure
Within the scope of the applicable legal provisions, you have the right at any time to request information about your stored personal data, its origin, and recipients, the purpose of data processing, and, if applicable, a right to rectification or erasure of this data. You can contact us at any time with any further questions on the subject of personal data.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing applies in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of processing of your personal data.
- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing instead of erasure.
- If you have lodged an objection under Art. 21(1) GDPR, a balancing of your and our interests must be carried out. As long as it has not been determined whose interests prevail, you have the right to request the restriction of processing of your personal data.
If you have restricted the processing of your personal data, such data may – apart from its storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
4 Data Collection on this Website
Cookies
Our websites use cookies. Cookies are small data packets that do not harm your device. They are stored either temporarily for a session (session cookies) or permanently (persistent cookies). Cookies can also come from third-party companies (third-party cookies). You can configure your browser to alert you when cookies are set, only allow cookies in individual cases, or automatically delete them when the browser is closed.
Cookies can be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary because certain website functions wouldn’t work without them (e.g., shopping cart functionality or video display). Other cookies may be used for analyzing user behavior or for advertising purposes.
Cookies that are necessary for carrying out the electronic communication process, providing certain functions you requested (e.g., shopping cart function), or optimizing the website (e.g., cookies to measure web traffic) are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and similar recognition technologies has been requested, processing will take place solely on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TTDSG); the consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Which cookies and services are used on this website can be found in this privacy policy.
Server Log Files
The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website — for this purpose, the server log files must be recorded.
5 Plugins and Tools
Vimeo
Our website uses plugins from the video platform Vimeo.
The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages featuring a Vimeo video, a connection is made to Vimeo’s servers. The Vimeo server is informed about which of our pages you visited. Vimeo also gains access to your IP address. This occurs even if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transferred to Vimeo’s servers in the USA.
If you are logged into your Vimeo account, Vimeo can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
To recognize website visitors, Vimeo uses cookies or similar recognition technologies (e.g., device fingerprinting).
The use of Vimeo is in the interest of a visually appealing presentation of our online offerings. This constitutes a legitimate interest according to Article 6(1)(f) of the GDPR. If consent is requested, processing is based solely on Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, as long as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time.
Data transfers to the USA are based on the EU Commission’s standard contractual clauses and, according to Vimeo, on „legitimate business interests.“ You can find more details here: https://vimeo.com/privacy.
Further information about how Vimeo handles user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.
Google Fonts
This page uses Google Fonts, provided by Google, to ensure a uniform presentation of fonts. When you visit a page, your browser loads the necessary fonts into its cache to correctly display texts and fonts.
To do this, the browser you are using must connect to Google’s servers. This informs Google that your IP address has accessed this website. The use of Google Fonts is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in a uniform presentation of the website’s fonts. If consent is requested, processing is based solely on Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, as long as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time.
If your browser does not support Google Fonts, a default font from your computer will be used.
More information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at: https://policies.google.com/privacy?hl=en.
Source: https://www.e-recht24.de
Use of Google Analytics
We use Google Analytics to analyze the use of our website. The data collected is used to optimize our website and advertising measures.
Google Analytics is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data related to website usage on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data.
During your website visit, the following data, among others, is recorded:
- Pages accessed
- Achievement of „website goals“ (e.g., contact inquiries and newsletter sign-ups)
- Your behavior on the pages (e.g., time spent, clicks, scroll behavior)
- Your approximate location (country and city)
- Your IP address (in shortened form so that no precise identification is possible)
- Technical information like browser, internet provider, device, and screen resolution
- The source of your visit (i.e., which website or advertising material led you to us)
Personal data such as your name, address, or contact details are never transferred to Google Analytics.
This data is transferred to Google servers in the USA. Please note that data protection levels in the USA may not be equivalent to those within the EU.
Google Analytics stores cookies in your web browser for two years from your last visit. These cookies contain a randomly generated user ID, which can be used to recognize you on future visits.
The recorded data is stored together with the randomly generated user ID, allowing the creation of pseudonymous user profiles. User-related data is automatically deleted after 14 months. Other data is retained in aggregated form indefinitely.
If you do not agree with the data collection, you can prevent it by installing the browser add-on to deactivate Google Analytics or by rejecting cookies through our cookie settings dialog.
Source: https://traffic3.net