Privacy Policy

This website can generally be used without providing Personal Data. Once you wish to access my services via this website, however, Processing of your Personal Data may become necessary. Should there be no legal basis for this, I will obtain your consent. Any Processing of your Personal Data – in particular your name, address, e-mail address, and/or telephone number – will always be in accordance with the European Union’s General Data Protection Regulation as well as with applicable country-specific data protection regulations. Be assured that I take data protection seriously.

In my function as the Controller (i.e. the personal responsible for the processing of Personal Data; see definitions below), I have implemented appropriate technical and organizational measures to ensure full protection of Personal Data processed through this website. However, as internet-based data transmission can always have security gaps, it is impossible to guarantee absolute protection. You are free, however, to transmit your personal data to me by other means (e.g. by telephone).

The purpose of this Privacy Policy is to inform you about the type, scope, and purpose of my collecting, using, and Processing Personal Data, as well as about your related rights.

  1. Definitions
    This Privacy Policy uses the terms specified by the European legislator when adopting the Union’s General Data Protection Regulation (GDPR). Below is a brief explanation.

    1. Personal Data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject” or “you”). An identifiable natural person is a person who can be identified directly or indirectly – in particular by assigning a name, an ID number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
    2. Data Subject means any identified or identifiable natural person whose personal data is Processed by the Controller (i.e., the person responsible for Processing).
    3. Processing is any operation (automated or not) or set of operations performed on Personal Data, including its collection, recording, organization, structuring, storage, adaptation or modification, retrieval, querying, use, its disclosure by transmission, dissemination or other means of making it available, as well as its alignment or combination, restriction, erasure or destruction.
    4. Restriction of Processing refers to the marking of stored Personal Data with the aim of limiting its future Processing.
    5. Profiling is any automated Processing of Personal Data with the aim of evaluating, analyzing, or predicting certain personal aspects relating to a natural person (in particular aspects relating to his or her job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or relocation
    6. Pseudonymization is the processing of Personal Data in such a way that it can no longer be attributed to a specific Data Subject without using additional information, the underlying assumption being that such additional information is stored separately and that technical and organizational measures are taken to ensure that the data in question will not be attributable to an identified or identifiable natural person.
    7. Controller refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data. Where the purposes and means of such processing are governed by Union or Member State law, the Controller or the criteria for his/her/its nomination may be provided by Union or Member State law.
    8. Processor refers to a natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller.
    9. Recipient refers to a natural or legal person, public authority, agency, or other body to whom/which Personal Data is disclosed – no matter whether or not that Recipient is a third party. An exception applies to public authorities that may receive Personal Data in the context of a specific inquiry under Union or Member State law: these authorities are not considered Recipients.
    10. Third Party refers to any natural or legal person, public authority, agency, or body other than the Data Subject, the Controller, the Processor, and the individuals authorized to process Personal Data under the Controller’s or Processor’s direct responsibility.
    11. Consent refers to any specific, informed, and unambiguous expression of the Data Subject’s intent that is given freely by way of a statement or by clear affirmative action, and by which the Data Subject expresses his/her agreement to the processing of his/her Personal Data.
  2. Name and Adress of the Controller
    The Controller (as under the European Union’s General Data Protection Regulation) and the person responsible in accordance with any other data protection laws applicable in the European Union’s Member States, or any other provisions of a data protection nature, is:

    Jutta Scherer
    Eichenstraße 3
    D-20259 Hamburg (Germany)
    Phone: +40 3009 3777
    E-mail: mail@jutta-scherer.de
    URLs:  jutta-scherer.de / js-textworks.de

  3. Collection of General Data and Information
    This website collects a range of general data and information each time it is accessed, whether by a person or an automated system. This collected data is stored in the server log files. It may include the following:

    1. the browser types and versions used
    2. the operating system used by the accessing system
    3. the website from which an accessing system is referred to this website (so-called referrer)
    4. any sub-websites (pages) of this website that are accessed via an accessing system
    5. the date and time of access
    6. the internet protocol address (IP address)
    7. the internet service provider of the accessing system, and
    8. other data and information of a similar nature that are used for security purposes in the event of attacks on IT systems.

    This general data and information is not used to draw any conclusions on the Data Subject. Rather, it is needed to

    1. correctly display the content of this website
    2. optimize the content of this website and any related advertising measures
    3. ensure the long-term functionality of the IT systems and technology used on this website, and
    4. provide law enforcement authorities with the information needed for prosecution in the event of a cyber attack.

    This general data and information, which is collected anonymously, may be analyzed statistically to enhance the data protection and security of my business activities. Note that the anonymous data stored in the server log files are kept separate from all other Personal Data transmitted.

  4. Contact Options via this Website
    This website contains the information required by law enabling you to get in touch and communicate with me quickly, including an e-mail address. If you e-mail me, the Personal Data transmitted will automatically be stored. The sole purpose is to process your request and contact you – your data will not be passed on to third parties.
  5. Routine Deletion and Blocking of Personal Data
    In my function as Controller, I will process and store your Personal Data only for the period needed to achieve the purpose of such storage, or as permitted by applicable law (be it the laws of the European or another legislator). Once the purpose of the storage no longer applies or a legal storage period (as under European or another applicable law) expires, the Personal Data will routinely be blocked or deleted in accordance with statutory provisions.
  6. Data Subjects’ Rights
    1. Right to Confirmation: Any Data Subject has the right, as granted by the European legislator, to obtain from the Controller the confirmation as to whether or not any Personal Data pertaining to him or her is being processed.
      Should you wish to exercise this right, contact me at any time.
    2. Right to Access: Any Data Subject has the right, as granted by the European legislator, to obtain from the Controller information on the Personal Data stored about him/her, as well as a copy of said information, at any time and free of charge. Furthermore, the European legislator grants the Data Subject access to the following information:
      • the purposes of the Processing
      • the categories of Personal Data processed
      • the Recipients or categories of Recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations
      • where possible, the period envisaged for the storage of the Personal Data, or if not possible, the criteria for determining that period
      • the existence of his/her right to request from the Controller rectification or erasure of his/her Personal Data, or to restrict the Processing of his/her Personal Data or object to such processing
      • the existence of his/her right to lodge a complaint with a supervisory authority
      • if the Personal Data are not collected directly from the Data Subject: all available information about the origin of the data
      • the existence of any automated decision-making, including Profiling, as referred to in Article 22(1) and (4) of the GDPR and, at minimum in those cases where it applies, meaningful information about the logic involved, as well as the significance and expected consequences of such Processing for the Data Subject.

      Furthermore, the Data Subject has a right to be informed as to whether his/her Personal Data has been transferred to a third country or to an international organization. If this is the case, the Data Subject also has the right to be informed about appropriate safeguards in connection with the transfer.

      Should you, as the Data Subject, like to exercise this right to information, you can contact me at any time.

      .

    3. Right to Rectification: The European legislator grants to Data Subjects the right to obtain from the Controller immediate rectification of any inaccurate Personal Data concerning him or her. Furthermore, the Data Subject also has the right to have incomplete Personal Data completed, taking into account the purposes of its Processing, for instance by providing a supplementary statement.
      Should you, as a Data Subject, wish to exercise this right to rectification, feel free to contact me at any time.
    4. Right to Erasure (‘Right to be Forgotten’): The European legislator grants to Data Subjects the right to obtain from the Controller the erasure of their Personal Data without undue delay, provided one of the following grounds applies and Processing is not otherwise required:
      • The Personal Data have been collected or processed for purposes for which they are no longer needed.
      • The Data Subject withdraws his/her consent on which the Processing is based, as under point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, and there is no other legal ground for the processing.
      • The Data Subject objects to the Processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the Processing of the data, or the Data Subject objects to the Processing pursuant to Article 21(2) of the GDPR.
      • The Personal Data has been processed unlawfully.
      • The Personal Data must be erased to comply with a legal provision in Union or Member State law to which the controller is subject
      • The Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

      If one of the above-mentioned conditions applies and you as the Data Subject wish to request the erasure of your Personal Data stored by me, you can contact me at any time. I will comply with your request without undue delay.

      If I have publicized your Personal Data and if I, as the Controller, am obliged to delete your Personal Data pursuant to Art. 17 para. 1 GDPR, I will take appropriate measures, including technical ones (taking into account available technologies and the implementation costs) to inform other Controllers processing your Personal Data that you as the Data Subject have requested the deletion of all links to (or copies of) your Personal Data from these other Controllers – unless such Processing is necessary.

    5. Right to Restriction of Processing: Each Data Subject shall have the right granted by the European legislator to demand from the Controller the restriction of processing his/her Personal Data where one of the following applies:
      • The accuracy of the Personal Data is contested by the data subject for a period sufficient to enable the Controller to verify the accuracy of said Personal Data.
      • Processing is unlawful and the Data Subject opposes the erasure of his/her Personal Data, instead requesting the restriction of their use.
      • The Controller no longer needs the Personal Data for the purposes of Processing, but the Data Subject requires them to establish, exercise, or defend legal claims.
      • The Data Subject has objected to Processing pursuant to Article 21(1) of the GDPR, and verification as to whether the Controller’s legitimate grounds override those of the Data Subject is still pending.

      Should one of the aforementioned conditions apply and you, as the Data Subject, wish to request that the Processing of your Personal Data that I have stored be restricted, you are free to contact me at any time. I will immediately restrict Processing as requested.

    6. Right to Data Portability: The European legislator grants to all Data Subjects the right to obtain their Personal Data which they have provided to a Controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another Controller without being hindered by the Controller to whom they have first provided their Personal Data – provided that
      – the Processing of their Personal Data is based on their consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or subject to a contract pursuant to point (b) of Article 6(1) of the GDPR, and
      – such Processing is carried out by automated means,
      – such Processing is not required to perform a task that is in the public interest or in the exercise of official authority vested in the Controller.
      Furthermore, in exercising their right to data portability pursuant to Article 20(1) of the GDPR, Data Subjects have the right to have their Personal Data transmitted directly from one Controller to another, where technically feasible, provided that this will not adversely affect the rights and freedom of others.
      If you, as the Data Subject, wish to assert this right to data portability, you are free to contact me at any time.
    7. Right to Objection: The European legislator grants to Data Subjects the right to object at any time to the Processing of their Personal Data as carried out pursuant to Article 6(1)(e) or (f) of the DS-GVO, and to do so on grounds relating to their particular situation. This also applies to any Profiling performed in accordance with these provisions. In the event of such an objection, I will no longer process your data, unless I can present compelling legitimate grounds for its Processing which override your interests, rights, and freedoms, and unless the Processing of your data is necessary to establish, exercise, or defend legal claims. Should I process your Personal Data for direct-marketing purposes, you as the Data Subject have the right to object at any time. This also includes Profiling, to the extent that it is linked to said direct-marketing purposes. Should you, as the Data Subject, object to the Processing of your Personal Data for direct-marketing purposes, I will immediately cease to do so.
      In addition, as the Data Subject, you also have the right to object to the Processing of your Personal Data for statistical purposes pursuant to Art. 89 (1) GDPR on grounds relating to your specific situation, unless such Processing is required to perform a task that is in the public interest. Should you, as the Data Subject, wish to exercise your right to object, you are free to contact me directly at any time.
      Furthermore, you are also free to exercise your right to object in the context of using information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures that use technical specifications.
    8. Right to Withdraw the Consent Given Under Data Protection Law: The European legislator grant to Data Subjects the right to withdraw at any time their consent to the Processing of their Personal Data. Should you, as the Data Subject, wish to exercise this right to withdraw consent, you are free tp contact me at any time.
  7. Legal basis for The Processing of Data
    In the context of my business activities, the legal basis for any Processing operation for which I obtain consent related to a specific Processing purpose, is Art. 6 I lit. a GDPR.
    If the Processing of your Personal Data is necessary in order to fulfill a contract I have with you – such as with the Processing operations required to provide my services – the legal basis for such Processing is Art. 6 I lit. b GDPR. The same applies to any Processing operations required for pre-contractual activities, such as the handling of inquiries about my services.
    Where I am under a legal obligation to Process Personal Data – such as for the purpose of meeting tax obligations –, the legal basis for such Processing is Art. 6 I lit. c GDPR.

    In rare cases, the Processing of Personal Data may become necessary to protect the vital interests of Data Subject or other natural persons. This would be the case, for example, if someone were injured on my business premises and their name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. In this case, the Processing of that individual’s Personal Data would be pursuant to Art. 6 I lit. d GDPR. Any Processing operations not covered by any of the legal bases mentioned here will follow Art. 6 I lit. f GDPR, and will only happen on the condition that such Processing is required for serving my legitimate interests or those of a third party, and that such interests are not overridden by the Data Subject’s (i.e., your) interests or fundamental rights and freedoms. The European legislator has specifically referred to Processing operations of this type, taking the view that “such legitimate interest could exist, for example, where there is a relevant and appropriate relationship between the Data Subject and the Controller in situations such as where the Data Subject is a client or in the service of the Controller.” (Recital 47 Sentence 2 GDPR).

  1. Legitimate interests, Pursued by the Controller or a Third Party, in the Processing of Personal Data
    To the extent that the Processing of Personal Data is based on Article 6 I lit. f GDPR, my legitimate interest is the pursuit of my business activities.
  2. Duration of Storage of Personal Data
    The duration of storage of Personal Data will follow the statutory retention period. Upon expiry of that period, the data will be deleted, provided it is no longer required in order to fulfill or initiate a contract.
  1. Legal or Contractual Regulations Concerning the Provision of Personal Data; Necessity for Contract Conclusion; Data Subject’s Obligation to provide Personal Data; Possible Consequences of Non-Provision
    Please note that the provision of Personal Data may be legally required (e.g., under tax regulations) or may result from contractual provisions (e.g., details on the contractual partner). To conclude a contract, it may be necessary for a Data Subject to provide me with his/her Personal Data which I then need to process. For example, you are obliged to provide me with your Personal Data when we intend to enter into a contract. Not providing these Personal Data would result in the contract not being concluded.
  1. Use of Automated Decision-Making
    In the context of my business activities, no automatic decision-making or profiling procedures are used.

***

This Privacy Policy has been generated using and adapting – including translating – the Privacy Policy Generator provided by the German Association for Data Protection, in cooperation with privacy law experts from the law firm WILDE BEUGER SOLMECKE based in Cologne, Germany.