Privacy Policy

The following data protection declaration is intended to clarify which types of personal data (hereinafter “data”) are processed for which purposes and to what extent. The data protection declaration applies to all processing of personal data executed by me, whether within the scope of providing my services or, in particular, on my websites, in mobile applications or within external online presences, such as my social media profiles (hereinafter “online services”).

Updated: 2 September 2019

Content overview

I. Responsible
II. General information on data processing
III. Commercial and business services
IV. Contact
V. Online services and hosting
VI. Change and update of the privacy policy
VII. Rights of the persons concerned

I. Responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other regulations under data protection law is:

Thomas Wegner
Adolfstraße 19
13347 Berlin, Germany
E-Mail: tom@tomtrique.berlin
Imprint: tomtrique.berlin/en/imprint

II. General information on data processing

Type and extent of personal data processing

I process personal data only to the extent necessary to provide a functional website and my content and services. The processing of personal data takes place regularly only after consent of the persons concerned. An exception applies in those cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.

Types of processed data: inventory data, content data, contact data, meta/communication data, usage data, contract data, payment data.

Categories of persons concerned: business and contractual partners, interested parties, users of my services.

Purposes of processing: office and organisational procedures, contact enquiries and communication, range monitoring, tracking, contractual obligations and service, administration and responding on enquiries.

Insofar as I request the consent of the person concerned for the processing of personal data, Article 6(1)(a) EU General Data Protection Regulation (GDPR) provides the legal basis.

Article 6(1)(b) GDPR provides the legal basis for the processing of personal data required for the performance of a contract to which the person concerned is a party. This also applies to processing activities that are necessary for the execution of pre-contractual activities.

If the processing of personal data is necessary to fulfil a legal obligation to which my company is subject, Article 6(1)(c) GDPR provides the legal basis.

If the processing is necessary to uphold a legitimate interest of my company or a third party and if the interests, fundamental rights and freedoms of the persons concerned do not outweigh the first-mentioned interest, Article 6(1)(f) GDPR provides the legal basis for the processing.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Germany. These include in particular the Act on Protection against Abuse of personal data in data processing (Bundesdatenschutzgesetz - BDSG). In particular, the BDSG contains special provisions on the right of information, the right of deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transfer as well as automated decision-making in individual cases, including profiling. In addition, the data protection laws of the individual federal states may apply.

Security precautions

I take appropriate technical and organisational precautions in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, extent, conditions and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

Transfer and disclosure of personal data

Within the scope of my processing of personal data, it may happen that the data is transferred to other offices, companies, legally independent organizational entities or persons or that it is disclosed to them. The recipients of the data may include, e.g., payment institutes in the context of payment transactions, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such cases, I comply with the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of the data that shall ensure the protection of the data.

Data processing in non-EU countries

Insofar as I process data in a third-party country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only take place in accordance with the legal requirements.

Data deletion and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. However, the data may also be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which I am bound. The data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or performance of a contract. Further information on the deletion of personal data can also be found in the individual data protection statements of this data protection declaration.

III. Commercial and business services

I process data of my contractual and business partners, e.g. customers, interested persons and clients (hereinafter referred to as “contractual partners”) within the context of contractual and comparable legal relationships as well as associated actions. The same applies to the provision of the selection, the possibility of purchasing or commissioning the selected services or products as well as related activities and their payment and delivery or execution or provision.
The required data are marked as such within the context of the conclusion of the commission, order or comparable contract and include the data required for the provision of services and invoicing as well as contact information in order to hold any consultations.
I process these data in order to fulfil my contractual obligations, to protect my rights and for purposes of the administrative tasks associated with these data as well as the company organisation. In accordance with the current law, I only transfer data of the contractual partners to third parties insofar as this is necessary for the aforementioned purposes, to fulfil legal obligations or with the consent of the contractual partners (e.g. to involved telecommunication, transport and other assistance services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).
Insofar as I use third-party services or platforms to provide my services, the terms and conditions and data protection notices of the respective third parties or platforms will apply on the relationship between the users and the providers.

Types of processed data: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject of contract, term).
Persons concerned: interested parties, business and contractual partners.
Purposes of processing: contractual performances and services, contact enquiries and communication, office and organisational procedures, administration and handling of enquiries.
Legal basis: contract fulfilment and pre-contractual enquiries ( Article 6 (1) s. 1 lit. b. GDPR), legal obligation (Article 6 (1) s. 1 lit. c. GDPR), legitimate interests (Article 6 (1) s. 1 lit. f. GDPR).

IV. Contact

When contacting me (e.g. by e-mail, telephone or via social media), the data of the inquiring persons are processed insofar as this is necessary to answer the contact enquiries and any requested actions.
The response to contact enquiries within the context of contractual or pre-contractual relationships is made in order to fulfil my contractual obligations or to answer (pre)contractual enquiries and otherwise on the basis of the legitimate interests in answering the enquiries.

Types of processed data: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos).
Persons concerned: communication partners.
Purposes of processing: contact enquiries and communication.
Legal basis: contract performance and pre-contractual enquiries (Article 6 (1) s. 1 lit. b. GDPR), legitimate interests (Article 6 (1) s. 1 lit. f. GDPR).

V. Online services and hosting

In order to provide my online service in a secure and efficient way, I make use of the services of one or more hosting providers from whose servers my online service can be accessed. For these purposes I can use infrastructure and platform services, processing capacity, storage space and database services as well as security and technical maintenance services.
The data processed within the context of the provision of the hosting service may include all information relating to the users of my online service that is collected within the context of use and communication.

E-mail and hosting: The hosting services I make use of also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the sending of e-mails (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for SPAM detection purposes.
Please note that e-mails on the Internet are generally not sent encrypted. Usually e-mails are encrypted during transmission, but not on the servers from which they are sent and received (unless end-to-end encryption is used). Therefore, I cannot take any responsibility for the transmission path between the senders and the reception on my server.

Storage of access data and logfiles: My webhosting provider collects data for each access to the server (server logfiles). The server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL and usually IP addresses as well as the requesting provider.
The server log files can be used for security purposes, e.g. to avoid excessive server load (especially in the case of abusive attacks) and to ensure server load and stability.

Types of processed data: content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Persons concerned: users (e.g. website visitors, users of online services).
Legal basis: legitimate interests ( Article 6 (1) s. 1 lit. f. GDPR).

Services and service providers in use:
united-domains: united-domains AG, Gautinger Strasse 10, 82319 Starnberg, Germany
Website: https://www.united-domains.de/
Privacy policy: www.united-domains.de/unternehmen/datenschutz/
Netlify: Netlify, Inc., 2325 3rd Street, Suite 215, San Francisco, California 94107, USA
Website: www.netlify.com
Privacy policy: www.netlify.com/privacy/

Social networks

I run online identities within social networks to communicate with active users or to provide information about myself. I would like to point out that user data may be processed outside the European Union. This may entail risks for users as it could, e.g., make it more difficult to enforce the rights of users.
Regarding US providers* who are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, I want to point out that they commit themselves to complying with EU data protection standards.
Furthermore, the data of users of social networks are usually processed for market research and advertising purposes. For these purposes, cookies are usually stored on the user’s computer, in which the user’s behaviour and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users.
For a detailed description of the ways of processing and the possibilities of objection (opt-out) I refer to the data protection declarations and information of the providers of the respective networks. Also concerning requests for information and the assertion of rights of parties concerned, I like to remind you that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate actions and provide information.

Types of processed data: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Persons concerned: users (e.g. website visitors, users of online services).
Purposes of processing: contact enquiries and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, range monitoring (e.g. access statistics, recognition of returning visitors).
Legal basis: legitimate interests ( Article 6 (1) s. 1 lit. f. GDPR).

Services and service providers in use:
Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Website: www.instagram.com
Privacy Policy: instagram.com/about/legal/privacy
Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
Website: www.facebook.com
Privacy policy: www.facebook.com/about/privacy
Settings for advertisements: www.facebook.com/settings?tab=ads
Agreement on common processing of personal data on Facebook pages: www.facebook.com/legal/terms/page_controller_addendum
Privacy policy for Facebook pages: www.facebook.com/legal/terms/information_about_page_insights_data

VI. Change and update of the privacy policy

Please inform yourself regularly about the content of my data protection declaration. I will adapt the privacy policy as soon as the changes to the data processing I perform make this necessary. I will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

VII. Rights of the persons concerned

As a person concerned, you are entitled to various rights under the GDPR, which result in particular from Articles 15 to 18 and 21 GDPR:

Right of objection

You have the right, for reasons related to your particular situation, to object at any time to the processing of your personal data on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these regulations. The responsible parties will no longer process your personal data unless they can prove compelling justifiable reasons for the processing, which outweigh your interests, rights and freedoms, or the processing is used to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct marketing.If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the option, notwithstanding Directive 2002/58/EC, of exercising your right to object in relation to the use of information society services by means of automated procedures based on technical specifications.

Right of withdrawal for consents

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of your consent does not affect the legality of the processing carried out on the basis of your consent until revocation.

Right of information of third parties

You have the right to request confirmation on whether data concerning you is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal regulations. You have the right to be informed about whether the personal data concerning you is transferred to a non-EU country or to an international organisation. In this context, you may demand to be informed about the appropriate guarantees in accordance with Article 46 GDPR regarding the transfer.

Right to correction

You have the right, in accordance with the law, to demand the completion and/or correction of any incorrect data concerning you. The responsible parties are obliged to carry out the correction immediately.

Right to restrict processing

You have the right, in accordance with the legal regulations, to demand a restriction of the processing of the data concerning you.

Right of deletion

In accordance with the legal regulations, you can demand that the responsible parties delete your personal data immediately. If the responsible parties have made the personal data concerning you public and are obliged to delete them in accordance with Article 17 (1) GDPR, they are obliged to take appropriate actions, also technical ones, taking into account the available technology and the implementation costs, in order to inform the responsible parties who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data, copies or replications of this personal data.

Right to be informed

If you have claimed the right to correction, deletion or restriction of the processing from responsible parties, they are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction, deletion or restriction of the processing, unless this turns out to be impossible or requires a disproportionate effort.

Right of data portability

You have the right to receive the personal data concerning you that you have provided to those responsible parties in a structured, commonly used and machine-readable format.
Furthermore, you have the right to transfer these data to other responsible parties without being restricted by the responsible parties to whom the personal data have been provided, if the processing is based on a consent according to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract according to Article 6 (1) (b) GDPR and the processing is performed in an automated way.
In making use of this right, you also have the right to have the personal data concerning you transferred directly by one responsible party to another responsible party, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

Complaint to the regulatory authorities

Without limiting any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the EU member state in which you reside, at your place of work or at the place where the violation is alleged, if you consider that the processing of your personal data is a violation of the GDPR. The supervisory authority to which the complaint was submitted will inform the complainants of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.