Thank you for visiting my website. Ensuring the secure handling of your data is of utmost importance to me. I would like to inform you in detail about the use of your data when visiting my web presence.
In these data protection notices, you will be informed about the processing of personal data of individuals who use this website.
I. Data processor
The data processor is me, Marcello Curto. You can contact me via email at firstname.lastname@example.org. I am responsible for the processing of your personal data. You can find additional contact information in the Imprint.
Personal data refers to any data that could personally identify you. This includes details such as your name or contact information, like phone number, address, and email address, as well as your network address (IP address).
The EU General Data Protection Regulation governs permissible processing of this data. In the following, the General Data Protection Regulation is abbreviated as GDPR. The official abbreviation is GDPR, but it is a bit more cumbersome.
II. What data is collected on this website?
1. Access data and log files
When using this website for purely informational purposes, meaning if you do not register or otherwise provide me with information, only such data is collected that your browser transmits to my server for technically necessary reasons. When you access my website, the following data is particularly collected, which is technically necessary to display the website to you:
- IP address (network address)
- Address of the website from which you came
- Address of the accessed files (access address = URL)
- Date and time of access
- As well as the operating system and browser version of your device (User-Agent)
Collecting data means that I (usually just my server) can factually become aware of this data. Collecting does not mean that data is saved. However, some of the aforementioned data is stored in log files without specific reason. This does not include the IP address. It is logged only when necessary, for instance, when there are so many accesses in a short time that one might assume misuse or an attack (e.g., Denial of Service).
IP addresses, if stored at all, are saved only for specified purposes and for a specified duration. Unless otherwise stated, the duration is a maximum of five days. The purposes are only those in my legitimate interest to ensure the operation of this website. This includes warding off malicious attacks or excessive use of my services.
I do not draw any conclusions about your person when using this data. The collected information is primarily needed for the following purposes:
- Ensuring a smooth connection setup of the website
- Ensuring comfortable use
- Ensuring system security and stability
- Other administrative purposes
The statistical evaluation of anonymized data sets remains reserved. For example: I'd like to know which post on my website was accessed how many times.
What I don't do is so-called fingerprinting, as it would equate to tracking your activities. Fingerprinting refers to evaluating your digital fingerprint, which can be derived from the data mentioned above transmitted when visiting a website.
The legal basis for my data processing is Art. 6 Para. 1 f GDPR. The legitimate interest arises from the purposes of data collection listed above. The data from server log files are always stored separately from any personal data you provide. Merging them is not possible.
No cookies, neither session nor persistent, are used on my website for any tracking or user data storage purposes.
3. Website Hosting
As part of processing on my behalf, a third-party provider located within a country of the European Union provides services for hosting and displaying the website, offering infrastructure services, computing capacity, storage space, database services, maintenance services, and security services. In this context, I or my hosting provider process all data that arises during the use of my website. This includes inventory data, content data, usage data, meta and communication data from interested parties and visitors to my online offer.
4. Communication via Email
If you have contacted me via email, the collection of your email address is for technically necessary reasons and thus due to a legitimate interest. The same applies if I contact you and have received your email address either from you or from a public or authorized source.
Your email address and the content of your email are not passed on to third parties, unless this is appropriate for the occasion, desired by you, explicitly permitted, or arises from another legal regulation.
III. How long are your data stored?
The data I process is handled by me in accordance with Art. 17 and Art. 18 GDPR and is deleted or its processing is restricted. I generally only store your personal data arising from the use of this website as long as it is necessary for the stated purposes. However, if legal retention obligations oppose deletion, the data processing is merely restricted; the data is thus locked for further use and cannot be processed for other purposes.
The following evidence and retention obligations are particularly relevant: 6 years according to § 257 Para. 1 HGB (for commercial books, inventories, opening balances, annual financial statements, commercial letters, booking receipts, etc.), 10 years according to § 147 Para. 1 AO (books, records, booking receipts, commercial and business letters, documents relevant for taxation, etc.). It may also happen that personal data is stored for the period in which claims can be made against me (statutory limitation period of three or up to thirty years).
IV. Why do I process your data (purpose of processing) and on what legal basis?
I process the data resulting from visiting this website or using the contact options offered in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG). Depending on the matter for which you contact me via the website, there are different legal bases for this. The specific legal basis for data processing depends on the context and purpose for which I receive your data. As a rule, the legal basis for data processing results from the following possibilities:
Art. 6 Para. 1 a GDPR serves as the legal basis for processing operations for which I need your consent for a specific processing purpose. You can revoke any given consent at any time.
If the processing of personal data is necessary for the fulfillment of a contract of which you are a party, the processing is based on Art. 6 Para. 1 b GDPR.
If I am subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 Para. 1 c GDPR.
Finally, processing operations could be based on Art. 6 Para. 1 f GDPR. This legal basis covers processing operations that are not covered by any of the aforementioned legal bases if processing is necessary to protect my legitimate interests or those of a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail.
V. Sharing of Personal Data with Third Parties
IP addresses are automatically transmitted to the server providing a website when you visit it. Sharing these IP addresses with third parties inevitably occurs when a third-party component (a script, an image, a font, or any other digital resource) is embedded on the website. The components embedded on this website are listed in these data protection notes. From this, the recipients of your IP address or categories of recipients can also be derived.
I only share your personal data with third parties under the following conditions:
- You have given your express consent in accordance with Art. 6 Para. 1 a GDPR,
- The transfer is necessary according to Art. 6 Para. 1 f GDPR for the assertion, exercise, or defense of legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- There is a legal obligation for the transfer according to Art. 6 Para. 1 c GDPR, and
- This is legally permissible and necessary according to Art. 6 Para. 1 b GDPR for the processing of contractual relationships with you.
VI. What Data Protection Rights Do I Have?
You have the right to:
- Request information about your personal data processed by me in accordance with Art. 15 GDPR. Specifically, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from me, as well as the existence of automated decision-making including profiling and possibly meaningful details about it;
- Request the immediate correction of incorrect or completion of your personal data stored with me in accordance with Art. 16 GDPR;
- Request the deletion of your personal data stored with me according to Art. 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;
- Request the restriction of the processing of your personal data according to Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion, and I no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection to the processing according to Art. 21 GDPR;
- Receive your personal data that you provided to me in a structured, common, and machine-readable format or request its transfer to another responsible party in accordance with Art. 20 GDPR;
- Revoke your given consent to me at any time according to Art. 7 Para. 3 GDPR. As a result, I may no longer continue data processing based on this consent for the future;
- In accordance with Art. 77 GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at the place of the alleged infringement if you believe that the processing of personal data concerning you violates the GDPR.
VII. Revocation of Consent You Have Given
Consent given can be revoked at any time. You can find options for revocation at the relevant place (e.g., for the newsletter or where consent is given). If you cannot find a consent query (often referred to as a "cookie banner"), there are no processes legitimized by it on the website.
Please note that the revocation only applies to the future. Processes that took place before the revocation are not affected by it.
VIII. Changes to These Data Protection Notes
I reserve the right to change these data protection notes if the legal situation, this online offer, the type of data collection changes. However, this only applies to statements about data processing. If the user's consent is required or if parts of the data protection notes contain a regulation of the contractual relationship with users, the data protection notes will only be changed with the user's consent.
Please inform yourself as needed about these data protection notes, especially if you share personal data.