I. Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Thomas Langnickel-Stiegler, Tea Seminars & Business Consulting
Falkenweg 41
50829 Cologne
Germany
Email: info@thomastalkstea.com
Telephone: +49 176 23903998
Website: https://thomastalkstea.com/
II. Name and address of the data protection officer
The data protection officer of the person responsible is:
Thomas Langnickel-Stiegler
Falkenweg 41
50829 Cologne
Germany
Email: info@thomastalkstea.com
Telephone: +49 176 23903998
Website: https://thomastalkstea.com/
III. General information on data processing
1. Scope of processing of personal data
In principle, we only process personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of our users’ personal data regularly only takes place with the user’s consent. An exception applies in cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
2. Legal basis for processing personal data
If we obtain the consent of the data subject for processing personal data, Article 6 Paragraph 1 Letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject.
The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites that are accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. To do this, the user’s IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. The data also serves us to technically optimize the website and to ensure the security of our information technology systems. The data will not be evaluated for marketing purposes in this context.
These purposes also include our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f of the GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the users’ IP addresses are deleted or altered so that it is no longer possible to assign the calling client.
5. Possibility of objection and removal
The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object.
V. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again.
We use cookies to make our website work. Some elements of our website require that the accessing browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
(1) Language settings
(2) Items in a shopping cart
(3) Log-in information
We also use cookies on our website that enable analysis of users’ surfing behavior.
The following data can be transmitted in this way:
(1) Search terms entered
(2) Frequency of page views
(3) Use of website functions
When you access our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, a reference is also made to this data protection declaration.
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies for analysis purposes, if the user has given his consent, is Article 6 (1) (a) GDPR.
Otherwise, the legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to enable users to use websites. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.
The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can therefore continually optimize our offering.
For these purposes, our legitimate interest also lies in the subsequent processing of personal data in accordance with Article 6 Paragraph 1 Letter f of the GDPR.
4. Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted from the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the storage of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.
5. Cookie management with DSGVO Pixelmate
In order to make optimal use of the services we use and to respect your decision in accordance with legal requirements, we use DSGVO Pixelmate, developed by Christian Wedel (https://wp-dsgvo-plugin.com) and Sabrina Keese-Haufs (https://lawlikes.de/). When you visit our website, you can use Pixelmate to control which of the services we use you would like to consent to. Your decision will be stored separately for each service we use. You can change this setting at any time by using the “Cookies” link at the bottom left of the website. Pixelmate does not store any personal data.
6. Polylang (language switch cookie)
Polylang creates the functional cookie pll_language. It stores a language preference for the visitor to support multilingual websites. The provider is WP SYNTEX, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France.
Polylang is used for the purpose of presenting our online offering in an attractive manner.
For this purpose, our legitimate interest lies in the subsequent processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR.
The storage period is one year.
Polylang’s privacy policy can be found here: https://polylang.pro/privacy-policy/
VI. Newsletter
1. Description and scope of data processing
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask is transmitted to us.
Your consent will be obtained for the processing of data as part of the registration process and reference will be made to this data protection declaration.
In connection with data processing for sending newsletters, the data will not be passed on to third parties. The data is used exclusively for sending the newsletter.
2. Legal basis for data processing
The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 Para. 1 lit. a GDPR if the user has given his consent.
3. Purpose of data processing
The purpose of collecting the user’s email address is to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address is therefore stored as long as the subscription to the newsletter is active.
The other personal data collected as part of the registration process is usually deleted after a period of seven days.
5. Possibility of objection and removal
The subscription to the newsletter can be canceled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter.
This also makes it possible to revoke your consent to the storage of personal data collected during the registration process.
VII. Contact
1. Description and scope of data processing
There is a contact page on our website that lists various communication channels for contacting you. If a user takes advantage of one of these options, the user’s transmitted personal data will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b GDPR.
3. Purpose of data processing
The processing of personal data in the event of contact via email serves us solely to process the contact. This also gives rise to the necessary legitimate interest in processing the data.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and removal
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.
In this case, all personal data that was stored in the course of contacting us will be deleted.
VIII. Web analysis by AWStats and GoAccess
1. Scope of processing of personal data
We use the open source software tools AWStats and GoAccess on our website to analyze the surfing behavior of our users. These software tools evaluate the server log files. If individual pages of our website are accessed, the following data is stored:
(1) Three bytes of the IP address of the user’s accessing system
(2) The website accessed
(3) The website from which the user accessed the website accessed (referrer)
(4) The subpages that are accessed from the website accessed
(5) The length of time spent on the website
(6) The frequency of accessing the website
The software runs exclusively on the servers of our website. Users’ personal data is only stored there. The data will not be passed on to third parties.
The software is set so that the IP addresses are not saved completely, but rather the last byte of the IP address is masked (set to “0”). In this way, it is no longer possible to assign the IP address to the calling computer.
2. Legal basis for processing personal data
The legal basis for the processing of users’ personal data is Article 6 (1) (f) GDPR.
3. Purpose of data processing
The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continually improve our website and its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Article 6 Paragraph 1 Letter f of the GDPR. By anonymizing the IP address, the user’s interest in protecting personal data is sufficiently taken into account.
4. Duration of storage
The data will be deleted as soon as it is no longer required for our recording purposes. In our case this is the case after 7 days. The data stored in the log files will be deleted after three years at the latest.
IX. Integration of YouTube videos
1. Description of data processing
We integrate videos on our website via the “YouTube” platform of Google Ireland Limited. However, YouTube videos can only be viewed if cookies are allowed. If you have not agreed, the embedding of YouTube videos will be blocked and no data will be transferred. If you have agreed to activate YouTube for this website, data will be transmitted to YouTube and evaluated.
2. Legal basis for data processing
The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter a GDPR.
3. Purpose of data processing
The processing of personal data, if you give your consent, serves the effective presentation of media content (YouTube videos). This also gives rise to the necessary legitimate interest in processing the data.
4. YouTube’s privacy statement
Information on the type, scope and purpose of data processing by YouTube as well as the duration of storage can be found in YouTube’s privacy statement.
X. Online meetings, telephone conferences and webinars via “Zoom”
1. Description and scope of data processing
We use the “Zoom” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). “Zoom” is a service of Zoom Video Communications, Inc., which is based in the USA.
Note: If you access the “Zoom” website, the “Zoom” provider is responsible for data processing. However, to use “Zoom”, you only need to visit the website to download the software for using “Zoom”. You can also use “Zoom” if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the “Zoom” app. If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
When using “Zoom” different types of data are processed. The extent of the data also depends on what data information you provide before or when participating in an “online meeting”.
The following personal data are the subject of processing:
Information about the person using it: First name, last name, telephone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in with the telephone: information about the incoming and outgoing phone number, country name, start and end time. If necessary, additional connection data such as the IP address of the device can be saved.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your device and any video camera on the device are processed for the duration of the meeting. You can switch off or mute the camera or microphone at any time using the “Zoom” applications.
In order to take part in an “online meeting” or enter the “meeting room”, you must at least provide information about your name.
2. Legal basis for data processing
Our interest lies in the effective implementation of “online meetings”. If the meetings are carried out within the framework of contractual relationships, the legal basis for data processing when conducting “online meetings” is Article 6 Paragraph 1 Letter b) GDPR. If there is no contractual relationship, the legal basis is Article 6 Paragraph 1 Letter f) GDPR.
3. Purpose of data processing
The processing of personal data when contacting us via email serves us solely to effectively conduct telephone conferences, online meetings, video conferences and/or webinars. This also gives rise to the necessary legitimate interest in processing the data.
4. Duration of storage
We use “Zoom” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the “Zoom” app.
If necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we can also process the questions asked by webinar participants for the purposes of recording and following up on webinars.
If you are registered with “Zoom” as a user, then reports about “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored with “Zoom” for up to 12 months become.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
5. Recipients and transfer of data
Personal data processed in connection with participation in “online meetings” will generally not be passed on to third parties unless they are specifically intended to be passed on. Please note that content from “online meetings” as well as personal meetings are often used to communicate information with customers, interested parties or third parties and are therefore intended to be passed on.
Other recipients: The provider of “Zoom” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for within the scope of our order processing agreement with “Zoom”.
6. Data processing outside the European Union
“Zoom” is a service provided by a provider from the USA. Processing of personal data also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that meets the requirements of Art. 28 GDPR.
An adequate level of data protection is guaranteed, on the one hand, by concluding the so-called EU standard contractual clauses. Furthermore, the provider of Zoom is certified according to the so-called EU-U.S. Data Privacy Framework (DPF) certified. As additional protective measures, we have also configured our Zoom so that only data centers in the EU, the EEA or safe third countries such as Canada or Japan are used to conduct “online meetings”.
XI. Community server on the communication platform “Discord”
1. Description of data processing
We use the community platform Discord, which can be accessed at discord.com and is based in San Francisco (USA). If you use Discord, you agree to the provider’s terms of use. We have no influence on the processing of your data on Discord. If you join our Discord server after signing up for Discord, we will get access to the following information:
(1) Discord user ID
(2) Discord account name
2. Discord’s privacy statement
Discord has committed itself to complying with the EU data protection level through standard contractual clauses. For more information, see Discord’s privacy policy.
XII. Sales via the online sales platform “elopage”
1. Description of data processing
We use the online platform “elopage” to market our services as digital goods. “elopage” is a service of elopage GmbH, Potsdamer Straße 125, 10783 Berlin, Germany
2. elopage’s privacy statement
Information on the type, scope and purpose of data processing as well as the duration of storage can be found in elopage’s privacy statement.
XIII. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights towards the person responsible:
1. Right to information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
If such processing occurs, you can request information from the person responsible about the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have the right to request correction and/or completion from the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
3. Right to restriction of processing
You can request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have objected to the processing in accordance with Article 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You can request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing.
(3) You object to the processing in accordance with Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 Paragraph 2 of the GDPR.
(4) The personal data concerning you were processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 Para. 1 GDPR, he will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to ensure that the person responsible for data processing to inform those processing the personal data that you, as the data subject, have requested them to delete all links to that personal data or copies or replications of that personal data.
c) Exceptions
There is no right to deletion if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller became;
(3) for reasons of public interest in the area of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the law referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless: this turns out to be impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
(1) the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
(2) the processing takes place using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions.
The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
In connection with the use of information society services – regardless of Directive 2002/58/EC – you have the opportunity to exercise your right to object using automated procedures that use technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
9. Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision
(1) is necessary for the conclusion or fulfillment of a contract between you and the person responsible,
(2) is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or
(3) takes place with your express consent.
However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letters a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests .
With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express one’s own point of view and heard to challenge the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.