Dr. Daniel Goerke
Hernando de Aguirre 959, Departamento 705
Types of processed data
- Inventory data (e.g., person master data, name or address).
- Contact information (e.g., e-mail, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online offer (In the following, I also refer to the affected persons as “users”).
Purpose of processing
- Providing the online offer, its features and content.
- Answering contact requests and communicating with users.
- Safety measures.
- Reach Measurement / Marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or to one or more special features, which are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing” means any process performed with or without the aid of automated procedures, which is associated with personal data. The term covers practically every handling of data.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.
“Profiling” means any kind of automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects related to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts, or relocation of that natural person.
“Responsible person” means the natural or legal person, public authority or body which, alone or in concert with others, decides on the purposes and means of processing personal data.
“Processor” means a natural or legal person, public authority or body that processes personal data on behalf of the responsible person.
Relevant legal bases
In accordance with Art. 13 GDPR I inform you about the legal basis of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), that is the EU and the EEC, if the legal basis in the data protection declaration is not mentioned, the following applies:
- The legal basis for obtaining consent is Article 6 (1) (a) and Art. 7 GDPR.
- The legal basis for the processing for the fulfilment of my services and the execution of contractual measures as well as the answer to inquiries is Art. 6 (1) (b) GDPR.
- The legal basis for processing to fulfil my legal obligations is Art. 6 (1) (c) GDPR.
- In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR is legal basis.
- The legal basis for the processing required to carry out a task in the public interest or in the exercise of official authority delegated to the controller is Article 6 (1) (e) GDPR.
- The legal basis for processing for the purposes of my legitimate interests is Article 6 (1) (f) GDPR.
- The processing of data for purposes other than those for which they were collected is governed by the provisions of Article 6 (4) GDPR.
- The processing of special categories of data (pursuant to Art. 9 (1) GDPR) is governed by the provisions of Art. 9 (2) GDPR.
In accordance with legal requirements, I shall take into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational Measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and disconnection. Furthermore, I have set up procedures that ensure the execution of data subjects’ rights, the deletion of data and the reaction to the threat to data. In addition, I consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection through technology design and privacy-friendly presets.
Collaboration with contract processors, joint controllers and third parties
If, in the course of my processing, I disclose data to other persons and companies (contract processors, joint controllers or third parties), forward them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is necessary to fulfil the contract), if users have consented, a legal obligation provides for this or on the basis of my legitimate interests (e.g. the use of agents, web hosting providers, etc.).
If I entrust third parties with the processing of data on the basis of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
As my place of residence is in Chile, I process data in a third country (that is outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation). This is done to fulfil my (pre-) contractual obligations, based on your consent, on the basis of a legal obligation or on the basis of my legitimate interests. This also applies if the processing of data occurs in the context of the use of third party services or disclosure, or transmission of data to other persons or companies. Subject to legal or contractual permissions, I process the data by third parties in a third country only in the presence of legal requirements. The processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. for the USA through the Privacy Shield) or compliance with officially recognized specific contractual obligations.
Rights of the data subjects
You have the right to ask for confirmation whether such data is being processed and to get information about this data, as well as further information and copy of the data in accordance with legal requirements.
You have the right, in accordance with the legal requirements, to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with the legal requirements, you have the right to demand that the relevant data be deleted immediately, or alternatively to demand a restriction of the processing of the data in accordance with the statutory provisions.
You have the right to request that the data relating to you provided to us be obtained in accordance with the statutory requirements and to request their transmission to other persons responsible.
You also have the right, in accordance with the statutory provisions, to submit a complaint to the competent supervisor authority.
Right of withdrawal
You have the right to revoke granted consent with effect for the future.
Right of objection
You may object to the future processing of your data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.
Deletion of data
The data processed by me will be deleted or restricted in accordance with legal requirements. Unless explicitly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements.
Unless the data is deleted because it is required for other and legally permitted purposes, its processing will be restricted. That means the data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.
Administration, financial accounting, office organization, contact management
I process data in the context of administrative tasks and organization of my business, financial accounting and compliance with legal obligations, such as archiving. In doing so, I process the same data that I use in the course of the performance of my contractual services. The processing principles are Art. 6 (1) (c) GDPR, Art. 6 (1) (f) GDPR.
The processing affects customers, interested persons, business partners and website visitors. I process data for administration, financial accounting, office organization, data archiving. These tasks serve to maintain my business, perform my duties and provide my services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
I disclose or transmit data to the financial administration, consultants such as tax accountants or auditors, and other fee agents and payment service providers.
Furthermore, on the basis of my business interests, I store information about suppliers, promoters and other business partners, e.g. for later contact. In principle, I store this mostly company-related data permanently.
Comments and posts
If you want to comment on posts in this site’s blog, you will need to provide a name and an email address. You can also use a pseudonym or a non-existent e-mail address (for example, email@example.com). You can also specify the address of your website. Name/alias, e-mail address and website address are stored in the database of this website.
For the comments and other contributions I do not store IP addresses. For my safety, all comments and posts are moderated manually. Comments and posts will not be published if someone leaves unlawful content (insults, prohibited political propaganda, etc.). In that case, I could be sued for the comment or post myself.
Furthermore, I reserve the right, based on my legitimate interests according to Art. 6 (1) (f) GDPR to process the information of users for the purpose of spam detection.
The data provided in the comments and posts are stored by me permanently until the users object.
When contacting me (for example, by contact form, e-mail, telephone or via social media), the information of the user to handle the contact request is processed according to Art. 6 (1) (b) GDPR (in the context of contractual / pre-contractual relationships) and Art. 6 (1) (f) GDPR (other inquiries). User information can be stored in a Customer Relationship Management System (“CRM System”) or comparable request organization.
I delete the requests, if they are no longer required. I check the requirement every two years; Furthermore, the statutory archiving obligations apply.
Hosting and e-mailing
The hosting services I use are designed to provide infrastructure and platform services, computing capacity, storage and database services, e-mailing, security and technical maintenance services, which I employ to operate this online service.
Hereby, I or my hosting provider processes stock data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR.
A data processing agreement has been concluded with the hosting provider ALL-INKL.COM (Hauptstrasse 68, D-02742 Friedersdorf, Fon +49 35872 353-10, https://all-inkl.com)
Collection of access data and log files
In my customer account the storage of logfiles is switched off. My hosting provider collects Data based on our legitimate interests according to Art. 6 (1) (f) GDPR on every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed web page, file, date and time of access, time offset between requesting host and web server, amount of data transferred, message about successful access, browser type and version, browser interface and language, user’s operating system, referrer URL (previously visited page), IP address and requesting provider.
Logfile information is stored for security reasons (for example to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further storage is required for evidential purposes are excluded from the erasure until the final clarification of the incident.
Statistics analysis with Statify
The statistical analysis of this website is based on my legitimate interests (i.e., interest in the analysis, optimization and economic operation of my online offer in terms of Art. 6 (1) (f) GDPR). For this I use the WordPress plug-in Statify, which uses neither cookies nor a third party. Statify counts page views and does not process personal information such as IP addresses.
Created with Datenschutz-Generator.de by Dr. Thomas Schwenke. Adapted and translated into English by the website owner.