Privacy policy

When you use this website, your personal data will be processed by me as the data controller and stored for the period required to fulfill the specified purposes and legal obligations. In the following, I will inform you about what data is involved, how it is processed and what rights you have in this regard.

According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject or user”).

NAME AND CONTACT DETAILS OF THE DATA CONTROLLER

This data protection information applies to data processing on the website www.sandrakarner.de by the controller:

Sandra Karner, Rhinower Straße 11, 10437 Berlin

Email: hello@sandrakarner.de

Phone: +49-177-9742469

You can contact me directly at any time if you have any questions about data protection law or the rights of data subjects.

PROCESSING OF PERSONAL DATA AND PURPOSES OF PROCESSING

WEBHOSTING
I use the web hosting service 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabauer (hereinafter referred to as “1&1”) to provide this website.

In order to offer a website, it is necessary to commission a web hosting service. The use of 1&1 takes place in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR due to our legitimate economic interest in making our offer available on this website. In connection with hosting, 1&1 processes personal data on my behalf that is generated when the website is used.

I have concluded an order processing contract with 1&1. Through this contract, the service provider ensures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.

WHEN VISITING THE WEBSITE
You can visit the website https://sandrakarner.de without having to disclose any information about your identity. The browser used on your device only automatically sends information to the server of my website (e.g. date and time of access, name and URL of the file accessed, browser type and version, website from which the access is made (referrer URL)).

This also includes the IP address of your requesting device. This is temporarily stored in a log file and automatically deleted after 90 days.

The IP address is processed for technical and administrative purposes of connection establishment and connection stability in order to ensure the security and functionality of our website and to be able to prosecute any illegal attacks on it if necessary.

The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f GDPR. My legitimate interest follows from the aforementioned security interest and the need to provide our website without disruption.

I cannot draw any direct conclusions about your identity from the processing of the IP address in the log file.

In addition, I use cookies and analysis services when you visit my website. You will find more detailed explanations in sections 4 and 5 of this privacy policy.

FOR NEWSLETTER REGISTRATION
If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, I will use your e-mail address to send you my newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an email address.

You can unsubscribe at any time by clicking on the “Unsubscribe” link at the end of the newsletter. Alternatively, you can also send your unsubscribe request to hello@sandrakarner.de by email at any time. This also revokes your consent for the future.

I use the service of the provider ActiveCampaign, The Oval, 160 Shelbourne Road, Dublin, D04 E7K5, Ireland (“ActiveCampaign”) to send the newsletter. The email addresses of the newsletter recipients are stored on ActiveCampaign’s servers on my behalf.

ActiveCampaign uses this information to send and analyze the newsletter on my behalf. I have concluded an order processing contract with ActiveCampaign for this purpose. Through this contract, ActiveCampaign ensures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.

I store the data until you unsubscribe from the newsletter.

WHEN USING THE CONTACT FORM
I offer you the opportunity to send me general inquiries using the contact form provided online. I collect the following mandatory information:

Salutation,
last name,
e-mail address and
Your personal message.
I need your title and surname to know who sent the request. I need your e-mail address to be able to answer your request.

This data processing takes place in the context of answering the contact request on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

The personal data collected by us for the use of the contact form will be deleted if your request has been finally answered and the deletion does not conflict with any statutory retention requirements.

WHEN BOOKING AN INITIAL CONSULTATION
I offer you the opportunity to arrange a free initial consultation with me online. I need the following information:

First name, last name
e-mail address
I need this data to identify you and to contact you to arrange an appointment. The data is processed on the basis of Art. 6 para. 1 lit. b GDPR for the fulfillment of a contract.

As long as you have not agreed to your data being stored for longer, I will delete your data after the appointment has been completed. You can revoke your consent at any time for the future.

TRANSFER OF DATA
Your personal data will not be transferred for purposes other than those listed below.

FOR CONTRACT AND PAYMENT PROCESSING
Insofar as this is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, your personal data will be passed on to third parties. This includes, in particular, the transfer to shipping companies for the purpose of delivering the goods and services you have ordered and the transfer of payment data to payment service providers or credit institutions in order to carry out a payment transaction. The data passed on may only be used by the third party for the stated purposes.

We offer payment processing via the payment service provider PayPal (Europe) S.a.r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg (“PayPal”). If you decide to use PayPal for your payment, you will be redirected to the PayPal website. There you can log in with your account details and instruct the payment. After being redirected to the PayPal website, we do not have access to the data collected by PayPal. Further information on data protection in connection with PayPal can be found here.

TO PROTECT AGAINST MISUSE OF OUR SYSTEMS
Our website uses Google reCAPTCHA, a service provided by Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). This is intended to ensure that certain offers are actually requested by a human being and that misuse via machine-generated entries is excluded as far as possible.

For this purpose, Google processes various pieces of information, including the IP address of the end device from which the request is made, but also other information that indicates the presence of a human action.

This data processing is carried out on the basis of a general balancing of interests within the meaning of Art. 6 para. 1 lit. f GDPR. The protection of our IT systems and specifically ensuring the functionality of our website is to be regarded as a legitimate interest within the meaning of the law.

By its own admission, Google does not merge the IP address transmitted as part of reCAPTCHA with data from other Google services. The processed data may be transferred to servers in the USA and other insecure third countries and processed there (see section 3c). Google relies on standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to that in the EU.

Further information on data protection in connection with reCaptcha can be found in Google’s privacy policy: https://policies.google.com/privacy.

DATA TRANSFERS TO THIRD COUNTRIES
A transfer of personal data to a third country or an international organization will only take place if we inform you of this and the requirements of Art. 44 et seq. GDPR are met.

A third country is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for this country in accordance with Art. 45 (1) GDPR, which confirms that there is adequate protection for personal data in the country.

The USA is a so-called unsafe third country. This means that the USA does not offer a level of data protection comparable to that in the EU. If personal data is transferred to the USA, the following risks exist: There is a risk that US authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programs based on Section 702 of the FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective legal protection against this access in the USA or the EU.

In this data protection information, we inform you when and how we transfer personal data to the USA or other insecure third countries. We only transfer your personal data if the recipient provides sufficient guarantees in accordance with Art. 46 GDPR for the protection of personal data,
you have expressly consented to the transfer after we have informed you of the risks in accordance with Art. 49 para. 1 lit. a) GDPR
the transfer is necessary for the fulfillment of contractual obligations between you and us
or another exception from Art. 49 GDPR applies.
Guarantees pursuant to Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient ensures that the data is adequately protected and thus guarantees a level of protection comparable to the GDPR.

FOR OTHER PURPOSES
In addition, we only pass on your personal data to third parties if

you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
in the event that there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.
COOKIES AND PIXEL TAGS
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

We use pixel tags (also known as tracking pixels) as part of our online offering. Pixels are small graphics that are integrated into the HTML code of our website. The pixel tag itself does not store or change any information on your end device, so pixels do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

The pixels send your IP address, the referrer URL of the website visited, the time at which the pixel was viewed, the browser used and previously set cookie information to a web server. This enables us to carry out reach measurements and other statistical evaluations which serve to optimize our offer.

On the one hand, the use of cookies serves to make our website technically available to you. Among other things, we use session cookies for this purpose. These cookies are technically necessary for the provision of our services. We therefore do not require your consent to set these cookies. The cookies are processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to make our website technically available.

In addition, to optimize user-friendliness, we use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again. We also use cookies to statistically record your visit and track your behavior on this site. We only use these cookies with your consent. We also process the data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time for the future via the consent management tool. You will find a link to the consent management tool at the end of the website.

WEB ANALYSIS
The tracking and targeting measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

Through the targeting measures used, we want to ensure that you only see advertising on your end devices that is based on your actual or perceived interests.

The respective data processing purposes and data categories can be found in the corresponding tracking and targeting tools.

GOOGLE ANALYTICS
We use Google Analytics on our website, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future via the consent management tool. In this context, pseudonymous user profiles are created and cookies are used.

Google processes the information on our behalf to evaluate the use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google ensures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The user data collected via cookies is automatically deleted after 14 months.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section: https://policies.google.com/privacy

Information on the use of data by Google can be found in their privacy policy.

The processed data may be transferred to servers in the USA and other insecure third countries and processed there. Google relies on standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to that in the EU. You can find more information on this under point 3c.

GOOGLE MAPS
We use the Google Maps service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) on our website to display an interactive map on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to offer you such map material.

Due to the implementation, Google collects device-related information, log data including the IP address and location-related information. The personal data collected by Google is transferred to a Google server in the USA and stored there. The USA are so-called unsafe third countries (see also section 3c). This means that no level of data protection is guaranteed in the USA that is comparable to that in the EU. We have concluded an order processing agreement with Google that includes the EU standard contractual clauses. This ensures that there is a level of protection comparable to that in the EU (see also section 3c on data transfer to the USA).

Google uses the personal data to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You can prevent any data transfer from the Google Maps application to Google’s servers by deactivating JavaScript in your browser. In this case, however, you will not be able to use the map display. Further information on data protection in connection with Google Maps can be found in Google’s privacy policy: https://policies.google.com/privacy

YOUTUBE
We use components (videos) of YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”), on our website. The implementation is based on Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website.

Here we use the “extended data protection mode” option provided by YouTube.

When you access a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

According to YouTube, in “extended data protection mode” your data – in particular which of our websites you have visited and device-specific information including your IP address – will only be transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.

If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Google transmits the information to Google servers in the USA. The transmitted data are only pseudonyms; it is not possible to draw conclusions about your name. We have concluded an order processing agreement with Google that includes the EU standard contractual clauses. This ensures that there is a level of protection comparable to that in the EU (see also section 3c on data transfer to the USA).

Further information on data protection in connection with YouTube can be found in Google’s privacy policy

WORDFENCE
We use the Wordfence service on this website, which is provided by Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter: Wordfence). It is used on the basis of our legitimate interest in preventing attacks, cyberattacks or other unlawful access to our website.

Wordfence uses cookies to perform performance tests and to prevent access to certain hidden URLs. To do this, Wordfence processes personal data such as your IP address.

The data is transmitted to servers in the USA and processed there. We have concluded an order processing agreement with Wordfence that includes the EU standard contractual clauses. This ensures that there is a level of protection comparable to that in the EU (see also section 3c on data transfer to the USA).

RIGHTS OF DATA SUBJECTS
You have the right:

in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller; and
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ART. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If you object to the processing of data for the purpose of direct marketing, we will cease processing immediately. In this case, it is not necessary to specify a particular situation. This also applies to profiling insofar as it is associated with such direct advertising.

If you wish to exercise your right to object, simply send an e-mail to hello@sandrakarner.de.

DATA SECURITY
All data transmitted by you personally is encrypted using the common and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognize a secure TLS connection by the s appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

UPDATING AND AMENDMENT OF THIS PRIVACY POLICY
This privacy policy is currently valid and was last updated in February 2021.

Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can access and print out the current privacy policy at any time on the website at sandrakarner.de/datenschutz.