Privacy Policy

This privacy policy contains information concerning the type, scope and purpose of the processing of personal data (hereafter referred to simply as ‘data’) on my website and any related websites, features and content as well as websites operated by third parties, e.g. my social media profiles (hereafter collectively referred to as ‘online content’). The terms used in this document, e.g. ‘processing’ and ‘data controller’, refer to the definitions as they are set out in Article 4 of the General Data Protection Regulation (GDPR).

Data controller

Magali Karee
Rheinstr. 5
12161 Berlin
Germany

mail@magalikaree.com
+49 (0) 177 362 1331

Imprint: http://www.magalikaree.com/imprint

 

Types of data processed

– User data (e.g. names, addresses)
– Contact data (e.g. e-mail addresses, telephone numbers)
– Content data (e.g. text input, photographs, videos)
– Usage data (e.g. visited websites, interest in content, access times)
– Meta-/communication data (e.g. device information, IP addresses)

Data subjects

Visitors and users of my website (I shall hereafter refer to all data subjects collectively as ‘users’).

Purpose of processing

– For the running of my website, including the provision of features and content
– To reply to requests from and communicate with users
– Sicherheitsmaßnahmen
– To measure reach/marketing

Definition of terms

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term has a broad meaning and effectively covers all types of data handling.

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Legal basis

In accordance with Article 13 GDPR, I shall provide a legal basis for any processing of data that I carry out. If no specific legal basis is given in this privacy policy, the following shall apply: the legal basis for the acquisition of consent is Article 6 (1)(a) and Article 7 GDPR; the legal basis for processing necessary for the provision of services and the performance of contractual measures, as well as answering queries, is Article 6 (1)(b) GDPR; the legal basis for compliance with my legal obligations as controller is Article 6 (1)(c) GDPR; and the legal basis for processing necessary for the purposes of my legitimate interests is Article 6 (1)(f) GDPR. Should the processing of personal data be necessary in order to protect the vital interests of the data subject or another natural person, Article 6 (1)(d) GDPR shall form the legal basis of this action.

Security of processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, I shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the level of risk in accordance with Article 32 GDPR.

These measures notably include the ability to ensure ongoing confidentiality, integrity and availability of data by monitoring physical access to the data as well as related access, submission and transfer of data as well as ensuring its availability and its separation. Furthermore, I have put measures in place that ensure the data subject’s rights, the deletion of data and a response to data that is compromised. The protection of personal data is also a determining factor when developing and/or choosing hardware, software as well as processes in line with the principle of data protection by design and by default (Article 25 GDPR).

Processors and third parties

If data are disclosed or transferred to other persons and businesses (processors or third parties) or these parties are given any other form of access to this data during data processing, this shall only occur insofar as it is legally permitted (e.g. if the data are transferred to a third party, such as a payment provider, in accordance with Article 6 (1)(b) GDPR for the performance of a contract), you have given your consent, it is a legal obligation or is necessary for the purpose of our legitimate interests (e.g. when using a service provider or web hosting services).

If third parties are contracted to process data on the basis of a ‘processing contract’, this shall take place on the basis of Article 28 GDPR.

Transfer of personal data to third countries

Any processing of personal data in a third country (a country outside of the European Union (EU) or the European Economic Area (EEA)) undertaken by me or any such processing that takes place through the engagement of the services of a third party or the disclosure and/or transfer of data to third parties shall only occur as is necessary for me to fulfil my (pre-)contractual duties, providing your consent has been granted, on the basis of a legal obligation or my legitimate interests. Providing permission is legally or contractually granted, I shall process data or permit data to be processed in a third country only if special prerequisites outlined in Article 44 et seqq. GDPR are granted. This means that processing shall occur, for example, on the basis of specific guarantees, such as the officially acknowledged presence of data protection measures that are equivalent to the EU’s measures (such as the ‘Privacy Shield’ in the US) or the observance of specific, officially recognised contractual obligations (‘standard contractual clauses’).

Rights of the data subject

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to request access to the personal data as well as additional information and a copy of the data in accordance with Article 15 GDPR.

In accordance with Article 16 GDPR, you have the right to have incomplete personal data completed or to request the rectification of inaccurate personal data that concern you.

Pursuant to Article 17 GDPR, you have the right to obtain from the controller the erasure of personal data that concern you without undue delay or, alternatively, to request the restriction of processing of the data in accordance with Article 18 GDPR.

Pursuant to Article 20, you have the right to receive the personal data concerning you, which you have provided to the controller, and have the right to transmit those data to another controller.

Furthermore, you have the right in accordance with Article 77 GDPR to lodge a complaint with the appropriate supervisory authority.

Right to withdraw consent

In accordance with Article 7 (3) GDPR, you have the right to withdraw your consent at any time with future effect.

Right to object

In accordance with Article 21 GDPR, you have the right to object at any time to any further processing of your personal data. In particular, a user can object to the processing of their data for direct marketing purposes.

Cookies and the right to object for direct marketing purposes

‘Cookies’ are small files that are stored on a user’s computer. They can be used to store a variety of information. The primary purpose of cookies is to store information concerning a user (e.g. the device on which the cookie is stored) either during or after their visit to a website. Temporary cookies (also known as ‘session cookies’ or ‘transient cookies’) are cookies that are deleted once a user leaves a website and closes their browser. These cookies might store information such as the contents of a shopping basket in an online shop or a user’s login status. ‘Permanent’ or ‘persistent’ cookies are those that remain saved after a user closes their browser. This means, for example, that a user’s login details might reappear when they return to a website several days after their initial visit. These cookies can also store information relating to a user’s interests, which may be used to measure reach or for marketing purposes. ‘Third-party cookies’ are those used by providers other than the person responsible for operating the website (however, when only the website operator uses cookies, these are referred to as ‘first-party cookies’).

I may use both temporary and permanent cookies. The relevant information is set out in this privacy policy.

If a user does not want cookies to be stored on their computer, they should deactivate the appropriate option in their browser’s ‘system settings’. Saved cookies can be deleted from the ‘system settings’ section of your browser. Opting out of cookies can limit the features available on this website.

The US site http://www.aboutads.info/choices/ or the European site http://www.youronlinechoices.com/ explain how users can opt out of online marketing cookies for a variety of services, especially with regard to tracking. It is also possible to prevent cookies from storing data by deactivating them in your browser’s settings. Please note that this may also restrict the functionality of the website in question.

Erasure of personal data

Data that I have processed will be erased in accordance with Articles 17 and 18 GDPR or their processing will be restricted. Unless expressly stated in this privacy policy, any stored data that are no longer necessary for the purposes for which they were collected will be erased providing the controller is under no legal obligation to retain this data. If the data are not erased because they are required for other legally permissible purposes, their processing will be restricted. This means access to the data will be blocked and they will not be used for any other purposes. This applies, for example, to data that must be stored for tax or commercial law purposes.

German legal requirements stipulate that data must be retained, in particular, for 10 years in accordance with Section 147 (1) German Fiscal Code, Section 257 (1) Numbers 1 & 4, (4) German Commercial Code (bookkeeping, records, management reports, accounting receipts, trading books, documentation relevant for tax purposes, etc.) and 6 years in accordance with Section 257 (1) Numbers 2 and 3, (4) of the GCC (business correspondence).

Contractual services

I process the data of my contractual partners and interested parties as well as other clients, customers or contractual partners (collectively referred to as ‘contractual partners’) in accordance with Article 6 (1)(b) GDPR as is necessary to offer my contractual or precontractual services to you as a user. The data processed, the way they are processed, as well as the scope, purpose and necessity of this processing are determined by the underlying contractual relationship.

The processed data include basic data concerning my contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contractual data (e.g. services provided, contractual terms, contractual communication, names of contractual parties) and payment data (e.g. bank details, payment history).

Generally, I do not process special categories of personal data unless this is necessary for a commissioned or contractual processing.

I process data required in order to justify or deliver my contractual services and shall indicate why this is necessary should this not be evident to the contractual partner. Disclosure of data to external parties or companies shall only occur insofar as is necessary within the terms of a contract. When processing data given to me for the purpose of completing a commissioned job, I shall act in accordance with the instructions given by the commissioning customer as well as the relevant regulatory requirements.

As part of the provision of my online services, I may store IP addresses as well as the times of relevant actions taken by the user. These data are stored on the basis of my legitimate interests as well as those of the user to protect against misuse and other unauthorised use. Generally, these data are not transferred to third parties unless it is required in order to pursue my interests in accordance with Article 6 (1)(f) GDPR or a legal obligation arises in accordance with Article 6 (1)(c) GDPR.

Data shall be deleted when they are no longer required to fulfil a contractual or legal duty of care or to manage any guarantee or similar obligations. The need for data retention will be reassessed every three years; in all other respects, the legal obligations regarding the retention of data shall be observed.

Social media profiles

I maintain profiles on social networks and platforms for the purpose of communicating with clients, interested partners and users active on such networks and platforms and to be able to inform these parties about my services. The terms and conditions and data processing policies of the respective operators shall apply whenever these networks and platforms are accessed.

Unless otherwise stated within the scope of this privacy policy, I shall process the data of users if they communicate with me through social networks and platforms, e.g. by posting on my profiles or sending me a message.

Using the services and content of third parties

On the basis of my legitimate interests (i.e. interest in analysing, optimising and running my website within the meaning of Article 6 (1)(f) GDPR), I use the content and services of third parties on my website, such as videos or typefaces (hereafter collectively referred to as ‘content’).

In providing this content, the third party is always required to use the IP addresses of its users as this information is needed to enable them to send their content to the user’s browser. The IP address is thus necessary in order to display the content. I take steps to ensure that I only use content from providers who use IP addresses exclusively for the purpose of delivering their content. Third-party providers may also use ‘pixel tags’ (invisible graphics, also referred to as ‘web beacons’) for statistical or marketing purposes. ‘Pixel tags’ may analyse information, such as visitor traffic, on the pages of this website. This pseudonymised information can also be saved in cookies on the user’s device and contain technical information, e.g. concerning the browser and the operating system, referring sites, the length of a visit as well as other details concerning the use of my website, or be merged with similar information from other sources.

Xing

My website may integrate features and content provided by the networking site Xing: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include content, e.g. images, videos or text, and interfaces, which users can use to share the content of this website on Xing. If users are members of the Xing platform, Xing can ascribe the request for the aforementioned content and features to the Xing profile of the relevant user. Xing’s privacy policy can be accessed here: https://www.xing.com/app/share?op=data_protection.

LinkedIn

My website may integrate features and content provided by the networking site LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This may include content, e.g. images, videos or text, and interfaces, which users can use to share the content of this website on LinkedIn. If users are members of the LinkedIn platform, LinkedIn can ascribe the request for the aforementioned content and features to the LinkedIn profile of the relevant user. LinkedIn’s privacy policy can be accessed here: https://www.linkedin.com/legal/privacy-policy.

LinkedIn is certified under the Privacy Shield Framework and thus abides by European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.