Privacy policy

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, features, and content, as well as external online presences, such as our social media profiles (collectively referred to as “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller for Data Protection:

Marek Schwiesau
Die Beratungsmanufaktur
Unterberg 9
06108 Halle (Saale)
datenschutz@dieberatungsmanufaktur.de

Types of Processed Data:

Inventory data (e.g., names, addresses).
Contact details (e.g., email, phone numbers).
Content data (e.g., text entries, photographs, videos).
Usage data (e.g., visited websites, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).

Categories of Data Subjects:

Visitors and users of the online offering (hereinafter collectively referred to as “users”).

Purpose of Processing:

Provision of the online offering, its features, and content.
Response to contact inquiries and communication with users.
Security measures.
Reach measurement/marketing.

Terminology Used:

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” is any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data.

As the “controller,” a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, is referred to.

Relevant Legal Bases:

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. If the legal basis is not explicitly mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR, the legal basis for processing to fulfill our services and carry out contractual measures as well as respond to inquiries is Article 6(1)(b) of the GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. In cases where the processing of personal data is necessary for the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

Cooperation with Data Processors and Third Parties:

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is required in accordance with Article 6(1)(b) GDPR for the performance of the contract), if you have consented, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “data processing agreement,” this is done on the basis of Article 28 of the GDPR.

Transfers to Third Countries:

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure, or transfer of data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow data to be processed in a third country only if the special requirements of Article 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of Data Subjects:

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data and further information and a copy of the data in accordance with Article 15