Privacy
§ 1 Information about the collection of personal data
​
-
In the following we inform about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses and user behavior. With regard to the terms used in this statement, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
-
The responsible party pursuant to Art. 4 (7) GDPR is
Maria Petrat
Kazmairstr. 47
80339 Munich, Germany
E-mail address: welcome@mariapetrat.com
-
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the specified criteria for the storage period.
​
​§ 2 Your rights
​
-
You have the following rights vis-à-vis us with regard to the personal data concerning you:
-
Right to information and to confirmation as to whether data in question is being processed, as well as further information and a copy of the data, Art. 15 GDPR,
-
Right to withdraw your consent, Art. 7 (3) GDPR,
-
Right to rectification, completion or erasure, Art. 16-17 GDPR,
-
Right to restriction of processing, Art. 18 GDPR,
-
Right to data portability, Art. 20 GDPR,
-
Right to object to processing, Art. 21 GDPR, and
-
Right to lodge a complaint with a supervisory authority, Art. 77 GDPR.
The supervisory authority responsible for us is the
Bavarian State Office for Data Protection
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de
2. The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is required for other and legally permissible purposes (such as for reasons of commercial law and tax law), its processing will be restricted, i.e. we will block the data and not process it for other purposes. As for the deletion of data that is not stored by us, you can check the relevant offer.
​
​§ 3 Collection of personal data when visiting our website
-
In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits automatically to our server or the server on which this service is located (so-called server log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
-
IP address,
-
Date and time of the request,
-
Time zone difference from Greenwich Mean Time (GMT),
-
Content of the request (specific page),
-
access status/HTTP status code,
-
amount of data transferred in each case,
-
Message about successful retrieval,
-
referrer URL of the previously visited website,
-
the sub-websites that are accessed via an accessing system on our website,
-
requesting provider,
-
browser type and version,
-
operating system and its interface,
-
language and version of the browser software and
-
other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
​
The legal basis is Art. 6 (1) (f) GDPR, where our legitimate interest is ensuring the security and stability to provide our website.
-
Log file information is stored for security reasons for a maximum of seven days and then deleted. Backups are stored in encrypted form for 14 days. If the data is required for evidentiary purposes, it will not be deleted until the respective incident has been finally clarified.
-
In addition to the previously mentioned data, we may access information of your terminal device (e.g. via JavaScript, pixel) or may store information on your terminal device (such as cookies, local storage, session storage) when you use our website. For more information we also refer to § 6.
-
These processes can be used to serve our main website functionality. In this case, the legal basis is Art. 6 (1) (b) or Art. 6 (1) (f) GDPR.
-
If these processes aren’t strictly necessary for providing our website, we access or store information only with your consent according to the member state laws which execute the e-privacy directive of the EU. Legal basis is therefore Art. 6 (1) (a) GDPR.
-
Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which the body that sets the cookie (in this case by us) receives certain information. Cookies cannot execute programs or transfer viruses to your computer.
This website uses the following types of cookies, the scope and functionality of which are explained below:
transient cookies (for this purpose a) as well as
persistent cookies (b). Please note your browser configuration (c).
-
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
-
Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
-
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
​
​§ 4 Further functions of our website and third country transfer
-
In addition to the purely informational use of our website, we offer various services that you can use freely if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.
-
In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
-
If our service providers or partners or their sub service providers are based in a country outside the European Economic Area (EEA) or transfer data to or allow access to the data from there, it exists an adequacy decision for this country according to Art. 45 GDPR or we ensure having appropriate safeguards according to Art. 46 GDPR, such as Standard Contractual Clauses, or relying on derogrations for specific situations according to Art. 49 GDPR, such as consent or if the transfer is necessary for a contract, for important reasons of public interest or for establishment, exercise or defence of legal claims.
​
​§ 5 Objection or withdrawal against the processing of your data
-
If you have given your consent to the processing of your data, you may withdraw it at any time for the future, Art. 7 (3) GDPR. Such withdrawal affects the permissibility of the processing of your personal data after you have expressed it to us.
-
As we base the processing of your personal data on the balance of interests, you may object to the processing, Art. 21 GDPR. This also applies to profiling based on these provisions. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons relating to your particular situation why we should not process your personal data as carried out by us. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
-
You may, of course, object to the processing of your personal data for purposes of direct marketing at any time. You also have the right to object, on grounds relating to your particular situation, to the processing of your personal data carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
-
You can inform us about your withdrawal or objection at the above mentioned contact details.
​
​§ 6 This Website, accessing or storing termial device information
​
-
Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 (1)(f) GDPR).
-
For our website we use the website builder Wix of Wix.com Ltd, 40 Hanamal Tel Aviv St., Tel Aviv 6350671, Israel. Privacy policy: https://de.wix.com/about/privacy; Order processing contract: https://www.wix.com/about/privacy-dpa-users
-
By using Wix, personal data of you may also be collected, stored and processed. With this privacy policy, we want to explain to you why we use Wix, what data is stored where and how you can prevent this data storage. We concluded a data processing agreement (DPA) with Wix. For Isreal, which is a third country in meaning of the GDPR, the adequacy decision 211/61/EU according to Art. 45 GDPR exists. So far as Wix transfer data to parties in third countries, which haven’t an adequacy decision, Wix eighter relies on intra-company data processing agreements or concluded Standard Contractual Clauses (Implementing Decision (EU) 2021/914).
Further information: As part of the aforementioned services provided by Wix, data may also be transferred to Wix Inc, 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA on the basis of standard contractual clauses or an equivalent data protection guarantee as part of further processing on behalf of Wix.
​
-
Our website may process various types of data, such as technical usage information like browser activity, clickstream activity, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, Internet service provider, and date of visit. In addition, also contact data (e-mail address or telephone number, if you provide them), IP address or your geographical location may be processed.
-
If the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract, the legal basis is Art. 6 (1) (b) GDPR. If the processing is otherwise necessary for serving our website, the legal basis is Art. 6 (1) (f) GDPR.
​
-
Tracking systems which access information of or store information on your terminal device may be used to collect data about your behavior on our website. For example, we record which subpages you particularly like, how long you stay on individual pages, or when you leave a page again (bounce rate). We only use such tracking systems if you have given your consent. Legal basis is Art. 6 (1) (a) GDPR.
-
The following information are stored on your terminal device; for more information refer to https://support.wix.com/en/article/cookies-and-your-wix-site:
-
Cookies
XSRF-TOKEN (Session): Used for security reasons
svSession (2 years): Used in connection with user login.
consent-policy (12 months): Used for cookie banner parameters.
bSession (30 minutes): Used for system effectiveness measurement.
hs (Session): Used for security reasons.
ssr-caching (Session): Used to indicate the system from which the site was rendered.
Fedops.logger.defaultOverrides (Session): Used for stability/effectiveness measurement.
-
Web Storage
fedops.logger.sessionId (permanent): Used for stability/effectiveness measurement.
​
​§ 8 Social network pages
-
We operate company pages on social networks. On this pages the provider of the social networks performs a usage analysis, based on certain actions when visiting our company pages as well as information about the device used, the browser and the social network profile, if logged in. The social network provides us with part of this analysis as aggregated statistics (so-called “insights”).
-
These insights contain aggregated information about interaction with the company page, viewed posts and content, subscriptions and follower, comments on posts, shares, reactions to posts such as “Like” or similar, date and time of actions, approximate location, language, and information about the device and browser. If you are logged in, also further information such as age, gender group, job, industry, company size and employment status could be part of the insights. We only have access to the aggregated statistics, but not to the personal data previously collected for their compilation. It is not possible to draw conclusions about individual persons.
-
Unfortunately, the processing of insights data cannot be turned off. However, social networks are important to maintain the relationship with our interested parties.
-
We and the respective social network are jointly responsible according to Art. 26 GDPR for the processing of insights data on our company pages in social networks.
-
The basis for processing within the scope of joint responsibility is our legitimate interest in presenting the latest content of our website to our interested parties on the social network and staying in contact with them.
-
The social networks fulfill the information obligations as well as the data subject rights. If you assert your rights against us pursuant to Art. 26 (3) GDPR, we will forward your request to the social network.
-
We have the following company pages:
-
Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Joint Controller Agreement: https://www.facebook.com/legal/terms/page_controller_addendum.
-
LinkedIn: LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Joint Controller Agreement: https://legal.linkedin.com/pages-joint-controller-addendum.
-
Social Network; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 Par. 1 S. 1 lit. f) DSGVO); Website: https://x.com. Privacy statement: https://x.com/de/privacy.
-
​