Kontaktieren Sie uns für Ihre Anliegen

Privacy Policy

Preamble: With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to simply as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offering”).

Controller Frauke Logermann
Heidenheimerstraße 111, 73462 Unterkochen, Germany

Authorized representative: Frauke Logermann, Email address: hellowind@web.de

Overview of Processing Activities: The following overview summarizes the types of data processed and the purposes of their processing and refers to the affected persons. The terms used are gender-neutral.

Types of Data Processed

• Inventory data

• Contact data

• Content data

• Usage data

• Meta, communication, and procedural data

Purposes of Processing

• Organizational and administrative procedures

• Feedback

• Provision of our online offering and user-friendliness

• Public relations

• Communication

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in this privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.

• Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject requiring the protection of personal data do not override those interests.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions, in particular regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. In addition, the data protection laws of the individual German federal states may apply.

Note on the applicability of the GDPR and Swiss FADP: These data protection notices serve to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, please note that due to the broader territorial application and better comprehensibility, the terminology of the GDPR is used. In particular, instead of the terms used in the Swiss FADP such as “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data,” the GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used. However, the legal meaning of these terms continues to be determined in accordance with the Swiss FADP within its scope of application.

Security Measures: In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability safeguards, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development or selection of hardware, software, and processes in accordance with the principle of data protection by design and by default.

General Information on Data Storage and Deletion: We delete personal data processed by us in accordance with legal requirements as soon as the underlying consents are withdrawn or no further legal bases for processing exist. This applies to cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions apply where statutory obligations or special interests require longer retention or archiving.

In particular, data that must be retained for tax law reasons or whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons must be archived accordingly. Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing operations. Where multiple retention periods or deletion deadlines are specified, the longest period shall always apply. If a period does not expressly begin on a specific date and is at least one year in length, it shall automatically begin at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the date on which termination or other termination of the legal relationship becomes effective. Data that is retained not for the originally intended purpose but due to statutory requirements or other reasons is processed exclusively for the reasons justifying its retention.

Retention Periods under German Law: The following general retention and archiving periods apply under German law:

• 10 years – Books and records, annual financial statements, inventories, management reports, opening balance sheets, and the working instructions and other organizational documents necessary for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO; § 14b para. 1 UStG; § 257 para. 1 no. 1 in conjunction with para. 4 HGB).

• 8 years – Accounting documents such as invoices and expense receipts (§ 147 para. 1 nos. 4 and 4a in conjunction with para. 3 sentence 1 AO; § 257 para. 1 no. 4 in conjunction with para. 4 HGB).

• 6 years – Other business documents, such as received and sent commercial or business correspondence and other documents relevant for taxation (§ 147 para. 1 nos. 2, 3, 5 AO; § 257 para. 1 nos. 2 and 3 HGB).

• 3 years – Data required to consider potential warranty and damage claims or similar contractual claims and rights, stored for the regular statutory limitation period (§§ 195, 199 BGB).

Rights of Data Subjects: Under the GDPR, data subjects have the following rights in particular pursuant to Articles 15 to 21 GDPR:

• Right to object

• Right to withdraw consent

• Right of access

• Right to rectification

• Right to erasure and restriction of processing

• Right to data portability

• Right to lodge a complaint with a supervisory authority

Contact and Inquiry Management: When contacting us (e.g., by post, contact form, email, telephone, or via social media), as well as within the scope of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to respond to the contact inquiries and any requested measures.

Legal bases: Legitimate interests (Art. 6 para. 1 lit. f GDPR); performance of a contract and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR).

Social Media Presences: We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to provide information about us.We point out that user data may be processed outside the European Union, which may pose risks for users, for example making it more difficult to enforce their rights. For further details, we refer to the privacy policies of the respective network operators.

Changes and Updates: We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you if changes require your cooperation (e.g., consent) or other individual notification.