This privacy policy clarifies the kind, scope and purpose of the processing of personal data (hereafter referred as “data”) within my online presence and the related websites, features and content, as well as external online products, e.g. my Social Media Profiles (collectively referred to as the “online presence”). With regard to the terminology used, e.g. “processing” or “responsible” I refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Responsible
Ewa Jermakowicz
Beim Goldenen Loewen 10
4052 Basel
Switzerland
E-Mail-Address: ewajermakowicz@gmail.com
Types of processed data:
– Inventory data (e.g., names, addresses)
– Contact data (e.g., e-mail addresses, telephone numbers)
– Content data (e.g., text input, images, videos)
– Usage data (e.g., websites visited, interest in content, access times)
– Meta and communication data (e.g., device information, IP addresses)
Categories of data subjects
Visitors and users of the online presence (In the following, I also indicate the data subjects as “users”)
Purpose of processing
– Providing the online presence, its features and content
– Answering contact requests and communicating with users
– Activity for security
– Audience measurements
Definition of used terms
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing” means any process performed with or without the application of automated procedures or any such process associated with personal data. The term meaning is far and includes virtually every handling of data.
“Responsible person” means the natural or legal person, public authority, institution or other service location that alone or together with others decides on the purposes and means of processing personal data.
“Processor” names a natural or legal person, public authority, agency or other service location that processes personal data on behalf of the controller.
Relevant legal bases
In accordance with Art. 13 GDPR, I inform you of the legal basis of my data processing procedure. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of my services and the execution of contractual measures as well as the answer to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing in order to fulfill my legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard my legitimate interests is Art. 6 (1) lit. f GDPR. In case that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) d GDPR as legal basis.
Security measures
In accordance with Art. 32 GDPR, I shall take appropriate technical measures, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. Furthermore, I have set up procedures that ensure the perception of data subject rights, the deletion of data and the reaction to the threat to data. Furthermore, I consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and privacy-friendly default settings (Art. 25 GDPR).
Collaboration with processors and third parties
If, in the course of my processing procedure, I relay data to other persons and companies (processors or a third party), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to a third party, as to payment service providers, pursuant to Art. 6 (1) b GDPR to fulfill the contract), you have consented to a legal obligation or on the basis of my legitimate interests (e.g. the use of agents, webhosters, etc.). If I entrust third parties with the processing of data on the base of a so called “order processing contract”, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If I process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure, or transmission of data to third parties, this will only be done if it is to fulfill my (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of my justified interests. Subject to legal or contractual permissions, I process or let the data in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. This means, for example, processing is based on specific guarantees, such as the officially recognized level of data protection (for example, the US by the Privacy Shield) or the observance of officially recognized special contractual obligations (so called “standard contract clauses”).
Rights of data subjects
You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR. You have accordingly to Art. 16 GDPR the right to demand the completion of the data relating to you or the correction of the incorrect data relating to you. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR. You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible. You have beyond that, in accordance to Art. 77 GDPR the right to to lodge a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to withdraw grant consents in accordance with. Art. 7 (3) GDPR with effect for the future.
Right to objection
You are allowed to object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may be made in particular against processing for direct marketing purposes.
Cookies and right to objection on direct marketing
“Cookies” are small files that are stored on users computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, e.g. the contents of a shopping cart in an online shop or a login status are saved. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status will be saved if users visit it after several days. Likewise, in such a cookie the interests of the users can be stored, which are used for range measurement or marketing purposes. A “third-party cookie” refers to cookies that are offered by providers other than the person responsible for the online service (otherwise, if it is only their cookies, this is called “first-party cookies”).
I use temporary and permanent cookies and disclose them in the context of this privacy statement with the following table:
Cookie | Content | Description / Validity |
---|---|---|
PHPSESSID | A random unique number or sequence of letters and numbers. | When you browse the pages of this website, the session cookie tells the site that you are the same person requesting the web pages and not a new visitor to each page. This cookie does not identify you personally and is not associated with any other information that I store about you. A session cookie that will be deleted as soon as the web browser is closed. |
devicePixelRatio | A number. | This cookie records the pixel ratio of your device. If your screen resolution is a Retina or Hi DPI screen, then the website can decide to provide higher resolution graphics. A session cookie that will be deleted as soon as the web browser is closed. |
euCookie | The text ‘set’. | This cookie is set by this website once you have seen and confirmed the cookie banner. A permanent cookie expires after 6 months. |
wordpress_test_cookie | The text ‘WP Cookie check’. | WordPress sets this cookie when navigating to the signup page. The cookie is used to check if your web browser accepts or rejects cookies. It is a session cookie that will be deleted as soon as the web browser is closed. |
wordpress_{x} | Login authentication details in an encrypted form. | WordPress uses these cookies to store your authentication details and their use is limited to the Admin console area. A session cookie that will be deleted as soon as the web browser is closed. |
wordpress_logged_in_{x}, wordpress_sec_{x} |
Access data in encrypted form. | WordPress uses these cookies for most interfaces to indicate when you are logged in and who you are. Session cookies that will be deleted as soon as the web browser is closed. |
wp-settings-{x}, wp-settings-time-{x} |
Text indicating your preferred settings. | WordPress uses these cookies to customize your view of the admin interface and possibly the user interface. Persistent cookies expire a little under a year from the date of their adoption. |
comment_author_{x}, comment_author_email_{x}, comment_author_url_{x} |
Your name, e-mail address and website address. | WordPress uses these cookies for the sake of usability in such a way that you do not need to retype all of your information if you want to leave another comment. Persistent cookies expire a little under a year from the date of their adoption. |
jetpack_blog_subscribe_{x}, jetpack_comments_subscribe_{x} |
A number. | This cookie will be used to save the status of checkboxes for post or comment subscriptions. Persistent cookies expire a little under a year from the date of their adoption. |
If you as a user don’t want to have cookies stored on your computer, I ask you to deactivate the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of a browser. The exclusion of cookies can lead to functional restrictions of this website.
A general explanation of objection to the use of cookies used for online marketing purposes can be found on the US side of many services, especially in the case of tracking http://www.aboutads.info/choices/ or the EU pagehttp://www.youronlinechoices.com/ . Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that you may not be able to use all features of this online offer.
SSL Encryption
To ensure the data security during transmission, I use state-of-the-art SSL (Secure Sockets Layer) encryption. If SSL encryption is enabled, the submitted data can hardly be seen by unauthorized persons.
Deletion of data
The data processed by me will be deleted or limited in their processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored in my account will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons. Furthermore, I reserve the right, based on my legitimate interests in accordance to Art. 6 (1) lit. f GDPR to process the information of users for the purpose of spam detection. The data given in the comments and contributions will be stored by me permanently until any objection by a user.
Akismet anti-spam check
Our website uses the “Akismet” service offered by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. With the help of this service, comments of real people are distinguished from spam comments. All comment information is sent to a server in the US, where it is analyzed and stored for four days for comparison. If a comment has been classified as spam, the data will be stored beyond that time. This information includes the name entered, the email address, the IP address, the comment content, the referrer, details of the browser used, the computer system and the time of the entry.
For more information about the collection and use of data by Akismet, see the Automattic Privacy Notice: https://automattic.com/privacy/.
Users are welcome to use pseudonyms, or to refrain from entering the name or email address. You can completely prevent the transfer of data by not using our commenting system. That would be a shame, but unfortunately we see no other alternatives that work equally effectively.
Retrieval of emojis and smilies
Within our WordPress blog, graphic emojis (or smilies), i. e. small graphical files that express feelings used by external servers. Here, the providers of the server, uses the IP addresses of the users. This is necessary so that the emojie files can be transmitted to the users’ browsers. The Emojis service is offered by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA. Automattic Privacy Notice: https://automattic.com/privacy/. The server domains used are sworg and twemoji.maxcdn.com, which to our knowledge are so-called content delivery networks, that is, servers that only provide fast and secure transmission of the files and users’ personal data be deleted after transmission.
The use of emojis is based on our legitimate interests, i. Interest in an attractive design of our online offer acc. Art. 6 para. 1 lit. f. GDPR.
Hosting and e-mailing
The hosting services I use for running the website are designed to provide the following services: infrastructure and platform services, computing capacity, data storage and database services, security and technical maintenance services. They are inalienable to operate this online service.
Furthermore I use my hosting provider to process inventory data, contact information, content data, contract data, usage data, meta and communication data of customers, intruders and visitors to this online service based on my legitimate interests in providing this online service efficiently and securely in accordance to Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing contract).
Collection of access data and log files
I, respectively my hosting provider, collects data on the basis of my legitimate interests in accordance to Art. 6 (1) f GDPR on every access to the server on which this service is located (so called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
Comments and posts
In case that users leave comments and/or other posts on the website, their IP addresses will be saved, based on my legitimate interests in accordance to Art. 3 (1) of GDPR. This for my protection, if someone leaves criminally relevant content (e.g. insults, prohibited political propaganda, etc.). In this case, I myself can be prosecuted for the comment or contribution and therefore I am interested in the identity of the author.
Comment subscriptions
The follow-up comments may be subscribed by users with their consent in accordance to Art. 6 (1) lit. a GDPR. Users will receive a confirmation email to verify that they own the email address they entered. Users can unsubscribe from running comment subscriptions at any time. The confirmation email will contain notes on the revocation options.
Profile pictures from Gravatar
I use the Gravatar service of Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA, within my online service and specifically on my blog.
Gravatar is a service that allows users to log in and submit profile pictures and their email addresses. If users leave posts or comments on other online sites (especially in blogs) with their e-mail address, their profile avatar can be displayed next to the posts or comments. For this purpose, the e-mail address communicated by the users to Gravatar is transmitted with in an encrypted form in order to check whether a profile is stored for it. This is the sole purpose of sending the e-mail address and it will not be used for other purposes, but will be deleted afterwards.
The use of Gravatar is based on my legitimate interests in accordance to Art. 6 (1) lit. f GDPR. With this tool I’m offering the post and comment writers the possibility to personalize their posts with a profile picture.
By displaying the avatar, Gravatar saves the IP address of the users, as this is necessary for communication between a browser and an online service. For more information about Gravatar’s collection and use of data, see the Automattic Privacy Notice: https://automattic.com/privacy/.
If users want to avoid the avatar displayed linked to their email address on Gravatar to appear in the comments, they should use a non-Gravatar email address to comment. I also point out that it is also possible to use an anonymous or even an unreal e-mail address if the users do not want their own e-mail address to be sent to Gravatar. Users can completely prevent the transfer of data by not using the commenting system on my online offer.
Jetpack (WordPress Stats)
On the basis of my legitimate interest (i.e. interest in the analysis, optimization and economic operation of my online service in accordance to Art. 6 (1) lit. GDPR) I use the Plugin Jetpack (here the subfunction “WordPress Stats”), which Includes Visitor Access Statistical Evaluation Tool, and Automattic, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. Jetpack uses so called cookies, text files that are stored on your computer and that allow an analysis of the use of the website by you. The operating company uses the tracking technology of Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.
Among other things, Jetpack allows the website operator an overview of the visitors to the site. By displaying related posts and publications, or sharing content on the page, it’s also possible to increase visitor numbers. In addition, security features are integrated into Jetpack so that a Jetpack-using website is better protected against various attacks. Jetpack also optimizes and speeds up the loading of images built into the website.
Automattic is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
The information generated by the cookie about your use of this online service will be stored on a server in the USA. On their servers, user profiles can be created from the processed data, wihich will being used only for analysis and not for advertising purposes. For more information, see the Automattic Privacy Policy: https://automattic.com/privacy/ und Hinweisen zu Jetpack-Cookies: https://jetpack.com/support/cookies/.
Furthermore, the data subject has the option to withdraw the generation of data by Automattic / Quantcast releated to the use of this website by the Jetpack-Cookie and to prevent any data collection. To achieve this, the data subject has to press the opt-out button at https://www.quantcast.com/opt-out/ to set an opt-out cookie. The opt-out cookie set against the opt-out will be deleted on the affected person’s system after an appeal, the subject data must revisit the link and set a new opt-out cookie.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called web site tags through one interface (including, for example, Google Analytics and other Google marketing services in our online offering). The tag manager itself (which implements the tags) does not process users’ personal data. With regard to the processing of users’ personal data, reference is made to the following information about Google’s services. Usage Policy: https://www.google.com/intl/en/tagmanager/use-policy.html.
Google Analytics
Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), Google Analytics uses a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users are usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to its use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools .google.com/dlpage/gaoptout?hl=en.
For more information about Google’s data usage, hiring and disparaging options, please read Google’s Privacy Policy (https://policies.google.com/technologies/ads) and Google’s Ads Ads Settings (https://adssettings.google.com/authenticated).
The personal data of users will be deleted or anonymized after 14 months.
Google Universal Analytics
We use Google Analytics in the design as “Universal Analytics”. “Universal Analytics” means a process of Google Analytics, in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”).
Social Media services
I maintain online profiles within different social networks and platforms in order to communicate with those who are interested and to inform them about my services. When loggin in in these social networks and platforms, the terms and conditions and the data processing guidelines of the neworks and platforms apply. Unless otherwise stated in this Privacy Policy, I will process user data, in case of writing comments into my social media profiles or send me messages.
Shariff-Sharing task
I offer the use of data-safe “Shariff” buttons on my website. “Sharif” was designed to enable more privacy on the web and to replace the usual “share” buttons on social networks. When using these buttons the user’s browser doesn’t connect the server of the social media platform but the server itself and asks for number of likes, etc. The user remains anonymous here. More information about the Shariff project can be found at the developers of the magazine c’t: www.ct.de.
Contact
When contacting me (e.g. by contact form, e-mail, telephone or via social media) the information by and about the data subject will be used to process the request in accordance to Art. 6 (1) lit. b GDPR. If you transmit a message via the contact form, your details, your data, the contact details you provided me with will be saved and stored to process the request. I will not share this information without your consent. The processing of the data entered into the contact form is therefore exclusively based on your consent. You have the option to withdraw this consent at any time by via informal e-mail.
Integration of services and contents of third parties
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of my online offer within the meaning of Art. 6 (1) lit. GDPR), I make use of content or services offered by third-party providers in order to provide their content and services Services, such as Include videos or fonts (collectively referred to as “content”).
This always presupposes that the third-party providers of this content receive the IP address of the users, otherwise they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offer.
Youtube
I may embed the videos on the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy:https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Google fonts
I may incorporate the fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy:https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Google Maps
We may include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, users’ IP addresses and location data, but these are not collected without their consent (usually as part of the settings of their mobile devices). The data can be processed in the USA. Privacy Policy:https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
OpenStreetMap
We may integrate the maps of the service “OpenStreetMap” (https://www.openstreetmap.de), which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
To the best of our knowledge, OpenStreetMap uses users’ data solely for the purpose of displaying map features and caching the selected settings. This data may include, but is not limited to, users’ IP addresses and location data, but they are not collected without their consent (usually as part of their mobile device settings).
The data can be processed in the USA. For more information, see the OpenStreetMap privacy policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
Typekit fonts from Adobe
On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), we set external type kit fonts of the provider Adobe Systems Software Ireland Limited, 4 -6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).