de en

Privacy Policy

General Information

The use of our sites is possible in a limited form without providing personal data. If personal data (such as name, address, date of birth, or email addresses) is collected on our sites or forms, this is always done on a voluntary basis.

We would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible. We have implemented technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security procedures are regularly reviewed and adjusted to technological advancements.

We only process the personal data that we voluntarily receive from you in the course of your visit to our sites or through your other submissions.


Analysis Tools & Third-Party Tools

It may occur that within our online offerings, content from third parties, such as videos from YouTube, Facebook links, maps from Google Maps, or graphics from other websites, as well as analysis tools, are embedded. This generally requires that the providers of this content (hereinafter referred to as "third parties") recognize the IP address of the users. However, we have no influence over whether third parties store the IP address for statistical purposes. To the best of our knowledge, we inform users about this.

Some of the mentioned third parties may be located outside your country or outside the EU, or process your personal data there. The level of data protection in other countries may not correspond to that of your country. For example, companies in the USA are required to disclose personal data to security authorities without the possibility for affected individuals to take legal action against it. We only transmit your personal data to countries within the EU or to those for which the EU Commission has decided that they have an adequate level of data protection, or we implement measures, where possible, to ensure that an adequate level of data protection is in place. In the case of your explicit consent to the data transfer to third countries, the data processing is also based on Article 49(1)(a) of the GDPR. If the data transfer is necessary to fulfill a contract, your data will be processed based on Article 6(1)(b).


Hosting

Hosting Provider: Worldsoft AG, Summelnweg 91, 8808 Pfäffikon SZ, Switzerland

Order Processing

Data that you provide to us in the course of any order or for order processing will be used solely for this purpose—without your consent—and only passed on to involved parties (partners, suppliers, etc.) to the necessary extent for the fulfillment of this contract.


General Information & Mandatory Information

Notice on the Responsible Party

The responsible party within the meaning of the General Data Protection Regulation (GDPR) is:

Tanja Matschi

Dorfstraße 3

83626 Valley

Deutschland

0170 / 90 12 007

info@tanja-matschi.com


Retention Period

In the event that no specific retention periods are stated in this privacy policy, we will retain your personal data as long as necessary for the duration of the entire business relationship in accordance with statutory retention periods and documentation obligations, or as long as a legitimate interest in processing exists. Legally required retention periods may also arise from civil or commercial laws.

Legal Basis for Data Processing

We process your data to fulfill contractual obligations (Article 6(1)(b) of the GDPR), within the scope of your consent/registration (Article 6(1)(a) of the GDPR), and, where applicable, to fulfill legal obligations (Article 6(1)(c) of the GDPR). Furthermore, we may process your data to protect legitimate interests (Article 6(1)(f) of the GDPR) for advertising or market and opinion research, provided you have not objected to such use under Article 21 of the GDPR. In the case of your explicit consent for the transfer of personal data to third countries, the data processing is also based on Article 49(1)(a) of the GDPR.


Rights of the Affected

Withdrawal of your consent to data processing / Right to object to data collection (Article 21) / Right to lodge a complaint with the competent supervisory authority / Right to data portability / Right to information, rectification & deletion / Right to restriction of processing

You are entitled to (i) verify whether and which personal data we have stored about you and to obtain copies of this data, (ii) request the correction, completion, or deletion of your personal data that is inaccurate or unlawfully processed, (iii) request that we restrict the processing of your personal data, and (iv) under certain circumstances, object to the processing of your personal data or withdraw your previously given consent for processing, (v) request data portability, (vi) know the identity of third parties to whom your personal data is transferred, and (vii) lodge a complaint with the competent authority, which is the data protection authority responsible for your habitual residence, workplace, or the location of the alleged violation.

For this and any further questions regarding personal data, you can contact us at the above-mentioned contact address at any time.


SSL and TLS Encryption on the Website

For security reasons and to protect the transmission of confidential content, we use SSL and TLS encryption.

You can recognize an encrypted connection by the change in the browser's address bar from "http://" to "https://" and by the padlock symbol in your browser’s address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.


Objection to Advertising Emails

The use of published contact data for the purpose of sending unsolicited advertising and informational materials is hereby rejected. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.


Cookies & Server

Cookies


Our sites partially use so-called cookies. Cookies are small files that allow specific device-related information to be stored on the user’s access device (PC, smartphone, etc.). Cookies do not harm your computer and do not contain viruses. They serve to enhance the user-friendliness of websites for users (e.g., storing login data). Additionally, they help collect statistical data on website usage, which can be analyzed to improve the offering. Users can influence the use of cookies.

Most of the cookies we use are known as "session cookies." They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser during your next visit. You can configure your browser to be informed about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, as well as to activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of our sites may be limited.

If cookies from third parties or for analytical purposes are used, you will be informed of this in this privacy policy or separately, and your consent will be requested if necessary.


Here’s the translation:

**The following cookies and their respective retention periods are present:**

- PHPSESSID – Session – 2 hours
- Vc – Statistics – 30 days
- wsw-logger-session-id – Statistics & Session – 2 hours
- wbs_widget_session – Session / Forms – 2 hours

Server Log Files

Our hosting provider automatically collects and stores information that your browser automatically transmits to us in so-called server log files. This includes:

- Browser type / browser version
- Operating system used
- Referrer URL (the previously visited page)
- Hostname or anonymized IP address of the accessing computer
- Time of the server request
- IP address

These data cannot be attributed to specific individuals. No consolidation of this data with other data sources takes place. We reserve the right to review this data retrospectively if we become aware of concrete indications of unlawful use.


Contact Form, Email, Phone, Fax, Chatbot

If you contact us via email or any other means, your information, including the contact details and attachments you provide, will be processed for the purpose of handling your inquiry and stored for 3 months in case of follow-up questions. After this period, the data will be deleted unless a contractual relationship arises from it, or you request us to delete it beforehand or revoke your consent to storage. We will not share this data without your consent.

Registration on the Website

To the extent that personal data (such as name, address, date of birth, or email addresses) is collected on our sites or forms, or you complete a registration, this is always done on a voluntary basis.

The data entered electronically or physically during contact or collected in the course of initiating or carrying out our business relationship will be used for the purposes of utilizing the offering. This typically includes:

- First and last name
- Email address
- Phone number
- Other contact details


Social Media

Facebook


Our sites integrate plugins from the social network Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can recognize the Facebook plugins by the Facebook logo or the "Like" button on our pages. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.

When you visit our pages, a direct connection between your browser and the Facebook server is established via the plugin. This allows Facebook to receive the information that you have visited our page with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This enables Facebook to associate your visit to our pages with your user account. We would like to point out that, as the operators of the pages, we have no knowledge of the content of the transmitted data and how it is used by Facebook. For more information, please refer to Facebook's privacy policy at http://de-de.facebook.com/policy.php.

The data collected by this service is transmitted to a third country (USA). Your explicit consent constitutes the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

You have the option to revoke your consent to data processing at any time.

If you do not wish for Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook account beforehand.

You can find the agreement we have concluded with Facebook under https://www.facebook.com/legal/controller_addendum, according to which we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website.

The data transfer to the USA is based on the EU standard contractual clauses.

For more information, visit: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.


Instagram

Our sites include the Instagram service. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram icon. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the operators of the pages, we have no knowledge of the content of the transmitted data or how it is used by Instagram. For more information, please refer to Instagram's privacy policy: http://instagram.com/about/legal/privacy/.

The data collected by this service is transmitted to a third country (USA). Your explicit consent constitutes the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

You have the option to revoke your consent to data processing at any time.

You can find the agreement we have concluded with Facebook under https://www.facebook.com/legal/controller_addendum, according to which we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website.

The data transfer to the USA is based on the EU standard contractual clauses.

For more information, visit: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.


Twitter

Our sites include the Twitter service. This service is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

The data collected by this service may be transmitted to a third country (USA). Your explicit consent constitutes the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

You have the option to revoke your consent to data processing at any time.

The data transfer to the USA is also based on the EU standard contractual clauses. For more information, visit: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

For further information, please refer to Twitter's privacy policy at: https://twitter.com/de/privacy.


LinkedIn

Our sites include the LinkedIn service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

When using the service, LinkedIn collects, among other things, your IP address as well as any additional information that may be stored in cookies on your PC. This information is used to provide us, as operators of the LinkedIn pages, with statistical information about the usage of the LinkedIn page.

For more information, please visit: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

The data collected in this context is processed by LinkedIn Inc. and may be transferred to countries outside the EU. The data usage policies are available at: https://www.linkedin.com/legal/privacy-policy.

When accessing a LinkedIn page, the IP address assigned to your device is transmitted to LinkedIn. According to LinkedIn, this IP address is anonymized and deleted after 90 days.

If you are currently logged into LinkedIn, a cookie containing your identifier is stored on your device. This allows LinkedIn to track that you visited this page and how you used it.

If you want to avoid this, you should log out of LinkedIn beforehand, deactivate the “stay logged in” function, delete the cookies stored on your device, and restart your browser.

The data collected by this service may be transmitted to a third country (USA). Your explicit consent constitutes the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

You have the option to revoke your consent to data processing at any time.

For information on how to delete or manage the information stored about you, please visit: https://www.linkedin.com/legal/privacy-policy.


Xing

We use the services of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (“Xing”) on our sites.

By using Xing, your personal data is collected, transmitted, stored, disclosed, and used by New Work SE, which may involve the transfer and storage of your data in third countries, regardless of your place of residence. New Work SE may also process any voluntarily provided data, such as your name, username, email address, and phone number.

For analysis purposes, New Work SE may use analytical tools. We have no influence over the use of such tools by New Work SE. You can restrict the processing of your data in the general settings of your Xing account and under the "Privacy" section.

The data collected by this service may be transmitted to a third country (e.g., USA). Your explicit consent constitutes the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

You have the option to revoke your consent to data processing at any time.

For more information, please refer to Xing's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.


Newsletter Data

By voluntarily signing up for the newsletter, you consent to the processing of your provided personal data by the data controller for marketing purposes regarding its goods and services, and you agree to be contacted for this purpose via email. Your related data will be stored with us until you unsubscribe from the newsletter. You can revoke your consent at any time using the contact address provided above. The legality of the processing carried out based on your consent until the revocation is not affected by the revocation.


YouTube

Our sites include features from the video service YouTube, provided by Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit one of our webpages that includes YouTube, a connection to the YouTube servers is established. This informs the YouTube server which of our pages you have visited.

Additionally, YouTube may store various cookies on your device or use similar technologies for recognition (e.g., device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience, and prevent fraudulent activities.

If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of optimally presenting our online offerings. This constitutes a legitimate interest in accordance with Article 6(1)(f) of the GDPR.

The data collected by this service may be transmitted to a third country (USA). Your explicit consent also serves as the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

You have the option to revoke your consent to data processing at any time.

For more information, please visit: https://policies.google.com/privacy?hl=de


Vimeo

We use the functions of the Vimeo service, provided by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, for publishing videos.

When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. This informs the Vimeo server which of our pages you have visited. Additionally, Vimeo obtains your IP address. This applies even if you are not logged into Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you enable Vimeo to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or similar recognition technologies (e.g., device fingerprinting) to recognize website visitors.

The use of Vimeo is in the interest of optimally presenting our online offerings. This constitutes a legitimate interest in accordance with Article 6(1)(f) of the GDPR.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests."

The data collected by this service may be transmitted to a third country (USA). Your explicit consent also serves as the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

You have the option to revoke your consent to data processing at any time.

For more information, please visit: https://vimeo.com/privacy


Google Fonts

Our pages use the Google Fonts function. The provider is Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The purpose is to provide the fonts needed by the web browser to display the website. This data is only processed for the duration necessary to select and deliver the fonts. The individual fonts are stored on the servers of our technical provider.

The legal basis for data processing is, on one hand, the legitimate interest (technical necessity for the provision and delivery of our "website") in accordance with Article 6(1)(f) of the GDPR.

If there is any further independent processing of data by Google Fonts, Google is the sole responsible party.

The data collected by this service may be transmitted to a third country (USA). Your explicit consent also serves as the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

Further information as well as Google's privacy policy can be found at: https://www.google.de/policies/privacy/


Google Maps

Our pages use the mapping service Google Maps. The provider is Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the features of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer. When Google Maps is activated, Google may use Google Web Fonts for uniform font representation. When you access Google Maps, your browser loads the required web fonts into its cache to correctly display texts and fonts.

The use of Google Maps is in the interest of providing an appealing presentation of our online offerings and ensuring easy findability of the locations indicated on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

The data collected by this service may be transmitted to a third country (USA). Your explicit consent also serves as the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on how user data is handled can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de


Google reCAPTCHA

Our pages use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA"). The provider is Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

reCAPTCHA is used to verify whether the data entry on these pages (e.g., in a contact form) is done by a person or an automated program. To do this, reCAPTCHA analyzes the visitor's behavior based on various characteristics. This analysis begins automatically as soon as the visitor accesses the website. For analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the website visit, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of the data is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scraping and spam.

The data collected by this service may be transmitted to a third country (USA). Your explicit consent also serves as the legal basis for this data transfer according to Article 49(1)(a) in conjunction with Article 6(1)(a) of the GDPR. We have informed you prior to your consent that the USA currently does not provide a level of data protection that meets EU standards. For this reason, the European Court of Justice has declared the "Privacy Shield" (Adequacy Decision under Article 45 of the GDPR) invalid.

For more information on Google reCAPTCHA, please refer to Google's privacy policy and terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de


E-Commerce & Payment Providers

Processing of Customer and Contract Data


Within our company, employees who need your data to fulfill contractual, consented, or legal obligations, or legitimate interests, have access to it. Additionally, we share your data with contracted processors, partner companies, and partners, provided they need the data to fulfill their respective contractual services. All processors and partners are contractually obligated to treat your data confidentially and only process it within the agreed framework.

Some of the mentioned recipients (e.g., partners, processors) may be located outside your country or the EU, or may process your personal data there. The level of data protection in other countries may not correspond to that of your country. For example, companies in the USA are required to disclose personal data to security authorities without those affected being able to take legal action against it. We only transmit your personal data to such recipients for the purpose of fulfilling a contract. In the case of your explicit consent to data transfer to third countries, the data processing is also based on Article 49(1)(a) of the GDPR. If the data transfer is necessary for the fulfillment of a contract, your data will be processed based on Article 6(1)(b) of the GDPR.

If there is a legal or regulatory obligation, public authorities and institutions may be recipients of your personal data.

Data may be used to analyze or predict the behavior of users of our services. However, the data will not be used for automated decision-making.