GDPR Compliance and Privacy Information
Preamble
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Offer").
The terms used are not gender-specific.
Status: 1 April 2023
Content overview
- Preamble
- Controller
- Overview of processing operations
- Relevant legal basis
- Security Measures
- Deletion of data
- Payment procedures
- Provision of the online offer and web hosting
- Registration, Login and User Account
- Blogs and publication media
- Contact and enquiry management
- Audio content
- Newsletters and electronic notifications
- Amend and update privacy policy
- Data subject rights
Responsible
Dr. Robert Giacinto
Tulpenweg 16
53783 Eitorf
E-mail address:
Imprint:
https://inspiration.garden/imprint
Overview of processing
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
- Inventory data.
- Payment data.
- Contact data.
- Content data.
- Contract data.
- Usage data.
- Meta, communication and procedural data.
Categories of data subjects
- Customers.
- Prospective customers.
- Communication partners.
- Users.
Purposes of processing
- Provision of contractual services and customer service.
- Contact requests and communication.
- Security measures.
- Direct marketing.
- Reach measurement.
- Conversion measurement.
- Managing and responding to enquiries.
- Feedback.
- Profiles containing user-related information.
- Provision of our online offering and user experience.
- Information technology infrastructure.
Relevant legal basis
Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.
- Consent (Art. 6 para. 1 sentence 1 lit. a) DSGVO) - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
- Contractual performance and pre-contractual enquiries (Art. 6(1) p. 1 lit. b) DSGVO) - Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures carried out at the data subject's request.
- Registered interests (Art. 6(1) p. 1 lit. f) DSGVO) - Processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.
Security measures
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
TLS encryption (https): In order to protect your data transmitted via our online offer, we use TLS encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consent to processing is revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
Our data protection notices may also contain further information on the retention and deletion of data, which will take precedence for the respective processing operations.
Payment procedures
In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions for this purpose (collectively "payment service providers").
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related details. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.
The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.
- Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contractual data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
- Data subjects: Customers; Interested parties.
Purposes of processing: Provision of contractual services and customer service. - Legal basis:** Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Further information on processing operations, procedures and services: ** Stripe: Payment.
Stripe: Payment services (technical connection of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://stripe.com; Data protection statement: https://stripe.com/de/privacy.
Provision of the online offer and web hosting
We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.
- Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); content data (e.g. entries in online forms).
- Data subjects:** Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).); security measures.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Further notes on processing operations, procedures and services: **.
- Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
- Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used on the one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilisation of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.
- The web hosting services we use also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. the providers involved) as well as the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of recognising SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption procedure is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
- Content Delivery Network: We use a "Content Delivery Network" (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or programme scripts, can be delivered more quickly and securely with the help of regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
- netcup: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www. netcup.de/; Data protection declaration: https://www.netcup.de/kontakt/datenschutzerklaerung.php; Contractual processing agreement: https://www.netcup-wiki.de/wiki/Zusatzvereinbarung_zur_contractual processing.
Registration, login and user account
Users can create a user account. In the course of registration, users are provided with the required mandatory data and processed for the purpose of providing the user account on the basis of contractual obligation fulfilment. The processed data includes in particular the login information (user name, password and an e-mail address).
Within the scope of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so.
Users can be informed by e-mail about processes relevant to their user account, such as technical changes.
- Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
- Data subjects:** Users (e.g. website visitors, users of online services).
Purposes of processing: Providing contractual services and customer service; security measures; managing and responding to requests; providing our online offer and user experience. - Legal basis: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Further notes on processing processes, procedures and services: **.
- Registration with pseudonyms: Users may use pseudonyms as usernames instead of plain names; Legal basis: Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Blogs and publication media
We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data are processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.
- Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. web pages visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
- Data subjects:** Users (e.g. website visitors, users of online services).
Purposes of processing: Providing contractual services and customer service; feedback (e.g. collecting feedback via online form); providing our online offer and user experience; security measures; managing and responding to requests. - Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Further information on processing operations, procedures and services:
- Comments and posts:** When users leave comments or other posts, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author. Furthermore, we reserve the right, on the basis of our legitimate interests, to process users' details for the purpose of spam detection. On the same legal basis, we reserve the right to store the IP addresses of users for the duration of surveys and to use cookies in order to avoid multiple voting. The personal information provided in the context of comments and contributions, any contact and website information as well as the content-related information will be permanently stored by us until the user objects; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Contact and enquiry management
When contacting us (e.g. by post, contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact enquiries and any requested measures.
- Types of data processed: Contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
- Data subjects: Communication partners.
Purposes of processing: Contact requests and communication; managing and responding to requests; feedback (e.g. collecting feedback via online form); providing our online offer and user experience. - Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Audio content
We use hosting and analysis offers from service providers to offer our audio content for listening or downloading and to obtain statistical information on the retrieval of the audio content.
- Types of data processed:** Usage data (e.g. web pages visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
- Data subjects:** Users (e.g. website visitors, users of online services).
Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); conversion measurement (measurement of the effectiveness of marketing measures); profiles with user-related information (creation of user profiles); provision of our online offer and user-friendliness. - Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Further notes on processing processes, procedures and services:
- Soundcloud: Soundcloud - Music Hosting; Service Provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Legal Grounds: Legitimate Interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.
- Spotify: Spotify - music hosting and widget; Service provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.spotify.com/de; Data protection statement: https://www.spotify.com/de/legal/privacy-policy/.
Newsletter and electronic notifications
We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us.
In order to subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of a personal address in the newsletter, or further details, if these are necessary for the purposes of the newsletter.
Double opt-in procedure: The registration for our newsletter is always carried out in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people's email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.
**We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list (so-called "block list") for this purpose alone.
The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.
Contents:
Information about us, our services, promotions and offers.
- Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); usage data (e.g. websites visited, interest in content, access times).
- Special categories of personal data: Health data (Art. 9 (1) DGSVO).
- Data subjects:** Communication partners; users (e.g. website visitors, users of online services).
Purposes of processing: Direct marketing (e.g. by e-mail or post); provision of contractual services and customer service. - Legal basis:** Consent (Art. 6 para. 1 sentence 1 lit. a) DSGVO); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
- You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail, for this purpose.
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO).* Prerequisite for the use of free services: Consent to the sending of mailings can be made dependent as a prerequisite for the use of free services (e.g. access to certain content or participation in certain promotions). If users wish to take advantage of the free service without subscribing to the newsletter, please contact.
- mailgun: Email marketing platform; Service provider: mailgun, 112 E Pecan St. #1135, San Antonio, TX 78205 (USA); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.mailun.com; Data protection statement: https://www.mailgun.com/de/rechtliches/datenschutzerklaerung/; Task processing agreement: https://www.mailgun.com/de/rechtliches/av-vertrag/.
Amendment and updating of the data protection declaration
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Where we provide addresses and contact details of companies and organisations in this privacy statement, please note that the addresses may change over time and please check the details before contacting us.
Rights of data subjects
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
- Right of objection: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. **Right of withdrawal.
- Right of withdrawal in the case of consent: You have the right to withdraw consent given at any time.
- Right of access: You have the right to obtain confirmation as to whether or not data concerned is being processed and to obtain information about such data and further information and a copy of the data in accordance with the law.
- Right to rectification:** You have the right to request that data concerning you be completed or that inaccurate data concerning you be rectified, in accordance with the law.
Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data concerning you be erased without delay or, alternatively, to request restriction of the processing of the data in accordance with the law. - You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to demand that it be transferred to another person responsible.
- Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.