Was interessiert dich?
Aktuell beliebte Beiträge

Privacy Policy

In this privacy policy, I explain what personal data I process, to what extent this is done, and for what purpose. This applies to my online presence, i.e. this website and all associated subpages, functions and content, as well as to my external online profiles, such as my social media profiles (hereinafter collectively referred to as the “online presence”).

I use terms such as ‘processing’ and ‘controller’ in accordance with the definitions set out in Article 4 of the General Data Protection Regulation (GDPR).

Data controller

Stefan Groenveld
Otzenstrasse 38
22767 Hamburg
Telephone: +49 151 11524671
Email: me@stefangroenveld.com
Legal notice: https://stefangroenveld.de/impressum/

The address of my website is: https://stefangroenveld.com

Types of data processed:

– Personal details (e.g., names, addresses).
– Contact details (e.g., email addresses, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., websites visited, content interests, access times).
– Meta/communication data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the website (hereinafter, I will collectively refer to these individuals as “users”).

Purpose of processing

– To provide the online service, its features and content
.- To respond to enquiries and communicate with users
.- Security measures
.- Audience measurement/marketing

Key terminology used

Below are some explanations of terms that do not necessarily relate to this website.

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The term ‘controller’ refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Data processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal basis

In accordance with Article 13 of the GDPR, this privacy policy sets out the legal basis for my data processing activities. Unless otherwise stated in specific cases, the following applies:

The legal basis for obtaining consent is Article 6(1)(a) in conjunction with Article 7 of the GDPR. The processing of your data for the purpose of providing my services, carrying out contractual obligations and responding to enquiries is based on Article 6(1)(b) of the GDPR. Where I process personal data to comply with legal obligations, this is done on the basis of Article 6(1)(c) of the GDPR. Where processing is carried out to safeguard my legitimate interests, I rely on Article 6(1)(f) of the GDPR.

Where the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) of the GDPR constitutes the relevant legal basis.

Safety measures

In accordance with Article 32 of the GDPR, I shall implement appropriate technical and organisational measures to ensure a level of security for personal data appropriate to the risk involved. In doing so, I shall take into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing. The assessment shall also take into account the likelihood and severity of any risk to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data. This encompasses controlling physical access to the data, as well as controlling access, data entry, data disclosure, ensuring availability and the separate processing of data. I have also put procedures in place to enable data subjects to exercise their rights, delete data, and respond appropriately to data security threats.

Furthermore, I take the protection of personal data into account from the outset, in the development and selection of hardware, software, and processes. In doing so, I adhere to the principle of data protection by design and by default in accordance with Article 25 of the GDPR.

Cooperation with data processors and third parties

If, in the course of processing personal data, I disclose data to other individuals or organisations (data processors or other third parties), transfer it to them or otherwise grant them access to data, this is done only on a legal basis. This is the case, for example, where the disclosure is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR (such as to payment service providers), where you have given your consent, where a legal obligation requires it, or where I rely on my legitimate interests (for example, when using service providers such as web hosts).

If I engage third parties to process data under a so-called data processing arrangement, this is done on the basis of a data processing agreement in accordance with Article 28 of the GDPR.

Transfers to third countries

Where I process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or use the services of third parties in such countries, this will only take place if it is necessary to fulfil my pre-contractual or contractual obligations, you have given your express consent, there is a legal obligation, or I can rely on my legitimate interests.

No personal data will be transferred to third countries without your explicit consent or a corresponding browser setting you have provided.

Subject to any statutory or contractual authorisations, I will only process personal data in a third country if the specific conditions set out in Articles 44 et seq. of the GDPR are met. This means, in particular, that processing will only take place if there are specific safeguards ensuring an adequate level of data protection, such as an adequacy decision officially recognised by the EU or the use of officially recognised specific contractual obligations (so-called ‘standard contractual clauses’).

Rights of data subjects

You have the right to request confirmation as to whether I am processing personal data relating to you. If this is the case, you may, in accordance with Article 15 of the GDPR, request access to this data, as well as further information and a copy of the data.

Under Article 16 of the GDPR, you have the right to request that data concerning you be completed or that inaccurate data be corrected.

In accordance with Article 17 of the GDPR, you may request that personal data relating to you be erased without delay. Alternatively, in accordance with Article 18 of the GDPR, you may request that the processing of this data be restricted.

Furthermore, under Article 20 of the GDPR, you have the right to receive the data you have provided to me in a structured, commonly used and machine-readable format, and to request that it be transferred to another controller.

You can find links to manage your individual cookie settings in the header of this website.

Finally, under Article 77 of the GDPR, you have the right to lodge a complaint with the relevant supervisory authority.

Right of withdrawal

You have the right to withdraw any consent you have given in accordance with Article 7(3) of the GDPR with effect from the future.

Right to object

You may object at any time to the future processing of your personal data in accordance with Article 21 of the GDPR. In particular, you may object to the processing of your data for direct marketing purposes.

Cookies and the right to object to direct marketing

Cookies are small files that are stored on your device. Various types of information can be stored in these files. The primary purpose of a cookie is to store information about you or your device during or after your visit to my website.

There are different types of cookies: Temporary cookies, known as ‘session cookies’ or ‘transient cookies’, are deleted as soon as you leave my website and close your browser. These cookies may, for example, store the contents of a shopping basket or your login status. ‘Permanent’ or ‘persistent’ cookies remain stored even after you close your browser. This allows your login status to be retained, for example, if you visit the website again a few days later. Furthermore, such cookies may store users’ interests, for instance, for audience measurement or marketing purposes. The term “third-party cookies” refers to cookies set not by me, as the data controller, but by other providers; if only my own cookies are set, these are referred to as “first-party cookies”.

I use both temporary and permanent cookies, and I provide information about this in this privacy policy and via the cookie consent and management tool.

If you do not want cookies to be stored on your device, you can disable this feature in your browser’s settings. You can also delete any cookies that have already been stored at any time. Please note that disabling cookies may cause some features of my website to stop working properly.

You can submit a general objection to the use of cookies for online marketing purposes – particularly for tracking – for many services via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. You can also prevent cookies from being stored by adjusting your browser settings. However, in this case, you may no longer be able to make full use of all the features of my website.

If you leave a comment on my website, your name, email address and website may be stored in cookies with your consent. This is for your convenience, so that you do not have to re-enter this information when leaving future comments. These cookies are usually stored for one year.

I also set a temporary cookie to check whether your browser accepts cookies. This cookie does not contain any personal data and is deleted as soon as you close your browser.

Posts on my website may contain embedded content (e.g. videos, images, posts, etc.). This embedded content behaves as if you were visiting the other website directly. These external websites may collect data about you, use cookies, integrate additional third-party tracking services, and record your interactions with embedded content – including whether you have an account there and are logged in.

To manage the cookies and similar technologies (e.g. tracking pixels, web beacons) that I use, as well as the associated consents, I use the “Borlabs Cookie” consent tool provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg.

When you first visit my website, the Borlabs Cookie banner allows you to accept or decline the storage of certain cookies and/or the use of certain technologies. These settings are saved for each device and browser.

When you use Borlabs Cookie, technically necessary cookies are set to store the consents and withdrawals you have provided. These cookies contain a randomly generated ID (cookie ID) and information about your choices.

The legal basis for the processing of personal data in connection with the use of the “Borlabs Cookie” and the management of cookies is Article 6(1)(c) of the GDPR (compliance with a legal obligation) and Article 6(1)(f) of the GDPR (legitimate interest). My legitimate interest lies in documenting and managing the cookies and similar technologies used, as well as your consent in this regard, in a legally compliant manner.

Providing your personal data is neither a contractual requirement nor necessary for the conclusion of a contract. You are not obliged to provide personal data. However, if you do not do so, I will not be able to manage your consents individually; in this case, you may not be able to access all the convenient features of my online service.

You can adjust and manage your personal cookie settings at any time using the fingerprint-style icon located at the bottom left of this website.⁠

Deletion of data

I will erase personal data or restrict its processing in accordance with Articles 17 and 18 of the GDPR. Unless otherwise expressly stated in this privacy policy, the data stored by me will be erased as soon as it is no longer necessary for the purpose for which it was collected and there are no legal obligations to retain it.

If data is not deleted because it is still required for other, legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

In accordance with German legal requirements, data is retained as follows: for 10 years in accordance with Sections 147(1) of the German Fiscal Code (AO) and Sections 257(1)(1) and (4), (4) of the German Commercial Code (HGB) (e.g. books, records, management reports, accounting vouchers, trading ledgers, documents relevant for taxation) and for 6 years in accordance with Section 257(1)(2) and (3), (4) of the German Commercial Code (HGB) (e.g. business correspondence).

In accordance with Austrian law, records must be retained for 7 years in particular, pursuant to Section 132(1) of the Federal Tax Code (e.g. accounting records, receipts/invoices, accounts, business documents, statements of income and expenditure), for 22 years in relation to real estate, and for 10 years in the case of documents relating to electronically supplied services, telecommunications, radio and television services to non-business customers in EU Member States for which the Mini One-Stop Shop (MOSS) is used.

Comments and posts

When users leave comments or other posts on my website, I may store their IP addresses for up to 7 days on the basis of my legitimate interests under Article 6(1)(f) of the GDPR. This is for my own protection in the event that unlawful content is published in comments or posts (for example, insults or unauthorised political propaganda). In such cases, I myself may be held liable for this content and therefore have a legitimate interest in tracing the author’s identity.

I also reserve the right to process the information provided by users on the basis of my legitimate interests under Article 6(1)(f) of the GDPR to detect and prevent spam. Visitor comments may be checked by an automated spam detection service.

I generally store the data provided in connection with comments and posts permanently, unless you object or there are legal grounds preventing its deletion.

Comment subscriptions

You can subscribe to follow-up comments on a post with your consent in accordance with Article 6(1)(a) of the GDPR. When you set up a comment subscription, you will first receive a confirmation email to verify that you are the owner of the email address provided. You can cancel your comment subscription at any time; instructions are included in the confirmation email.

To confirm your consent, I will store the time of your registration and your IP address. This information will be deleted as soon as you unsubscribe from comments.

You can unsubscribe from the comment feed at any time and thereby withdraw your consent. I may retain unsubscribed email addresses for up to three years on the basis of my legitimate interests before deleting them, in order to be able to prove that consent was previously given in the event of a dispute. The processing of this data is limited to the purpose of potentially defending against claims. At your request, individual early deletion is possible at any time, provided you confirm that you previously gave your consent.

Getting in touch

If you contact me (for example, via a contact form, by email, by phone, or via social media), I will process your details to handle and respond to your enquiry and to deal with the matter in question. The legal basis for this is Article 6(1)(b) of the GDPR.

Newsletter

The following information explains the content of my newsletter, the subscription and distribution process, statistical analysis, and your rights to object. By subscribing to my newsletter, you agree to receive it and to the procedures described.

Contents of the newsletter: I send newsletters, emails and other electronic communications containing promotional information (hereinafter “newsletters”) only with your consent or on the basis of a legal authorisation. Where the contents of the newsletter are specifically described during the registration process, these details form the basis for your consent. In addition, my newsletters contain information about my services and about myself.

Double opt-in and logging: Subscription to my newsletter is carried out using the so-called double opt-in procedure. This means that after you subscribe, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else’s email address. Subscriptions are logged to provide evidence of the subscription process in accordance with legal requirements. This includes storing the subscription and confirmation times, as well as your IP address. Changes to your data stored with the mailing service provider are also logged.

Subscription details: To subscribe to the newsletter, simply enter your email address. You can also choose to provide your name so that I can address you personally in the newsletter.

Legal basis: The sending of the newsletter and the associated performance measurement are carried out on the basis of your consent in accordance with Article 6(1)(a) and Article 7 of the GDPR in conjunction with Section 7(2)(3) of the German Unfair Competition Act (UWG), or on the basis of the statutory authorisation under Section 7(3) of the UWG. The logging of the registration process is carried out on the basis of my legitimate interests pursuant to Article 6(1)(f) of the GDPR. My interest lies in using a user-friendly and secure newsletter system that meets both my commercial interests and the expectations of users, whilst also enabling me to provide evidence of consent given.

Unsubscribe/Withdrawal: You can stop receiving my newsletter at any time and thereby withdraw your consent. You will find an unsubscribe link at the bottom of every newsletter. I may retain unsubscribed email addresses for up to three years on the basis of my legitimate interests before deleting them, in order to be able to prove that consent was previously given in the event of a dispute. The processing of this data is limited to the purpose of potentially defending against claims. At your request, individual early deletion is possible at any time, provided you confirm that you previously gave your consent.

Newsletters and emails

If you have subscribed to my newsletter (mailing list), you will likely receive emails from me.

I will only send you emails if you have given your explicit consent or if they relate to the services I offer you.

I use the name and email address you have provided to send you the newsletter. In addition, my website records your IP address when you sign up to prevent misuse.

My website can send emails via the MailPoet sending service. This service allows me to track whether emails are opened and which links are clicked. I use this information to improve the content of my newsletter.

Apart from your email address, no other personally identifiable information is stored outside this website.

Hosting

The hosting services I use provide the technical infrastructure for this website. These include, in particular, infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance, all of which are necessary for the operation of this website.

In this context, I or my hosting provider process customer, contact, content, contractual, usage, metadata and communication data relating to customers, prospective customers and visitors to my website. This is done on the basis of my legitimate interest in the efficient and secure provision of this online service in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a data processing agreement).

Collection of access data and log files

I, or my hosting provider, collect data on every access to the server hosting this website (so-called server log files) on the basis of my legitimate interests under Article 6(1)(f) of the GDPR. This access data includes the name of the webpage accessed, the file accessed, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version used, the user’s operating system, the previously visited page (referrer URL), the IP address and the requesting provider.

For security reasons (for example, to investigate cases of misuse or fraud), log file information is stored for up to 7 days and then deleted. Data that needs to be retained for evidential purposes is exempt from deletion until the relevant incident has been fully resolved.

Integration of third-party services and content

As part of my online offering, I use content and services provided by third parties on the basis of my legitimate interests under Article 6(1)(f) of the GDPR – specifically, for the analysis, optimisation, and commercial operation of my website. This includes, for example, embedded videos or fonts (hereinafter collectively referred to as ‘content’).

In order for this content to be displayed in your browser, it is technically necessary for the relevant third-party providers to process your IP address, as they would be unable to deliver the content to your browser without this information. The IP address is therefore necessary for the display of this content. Where possible, I ensure that I only use content whose providers use the IP address solely to deliver the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. These pixel tags can be used, among other things, to analyse visitor traffic on my website’s pages. The pseudonymous information generated in this process may be stored in cookies on your device and includes, for example, technical details about your browser and operating system, the referring website, the time of your visit, and further information regarding your use of my online service. This data may, where applicable, be combined with information from other sources.

YouTube and Vimeo

I embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

I also embed videos from the “Vimeo” platform, provided by Vimeo.com, Inc. When you visit a page on which a Vimeo video is embedded, a connection is established with Vimeo’s servers. In doing so, Vimeo may receive and store your IP address and other technical information (e.g., the browser used, the operating system, the time of the visit). If you are logged in to Vimeo, Vimeo can directly link your browsing behaviour to your personal profile.

The legal basis for this integration is your consent, provided you have given your consent via the cookie banner. No data will be transferred to Vimeo or to third countries without your explicit consent or the relevant browser settings.

For further information on the handling of personal data, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy.

Cookies and traffic statistics

I use “session cookies” provided by VG Wort, Munich, to measure traffic to text content and track the likelihood that this content is copied. Session cookies are small pieces of data that are stored in your computer’s RAM. A session cookie contains a randomly generated unique identifier, known as a session ID. The cookie also contains information about its origin and storage duration. Session cookies cannot store any other data.

The measurements are carried out by Kantar Germany GmbH in accordance with the Scalable Central Measurement Method (SZM). They are used to determine the likelihood that individual texts will be copied, to calculate the statutory remuneration claims of authors and publishers.

I use the session cookies required for this purpose without requiring separate consent, as I have a legitimate interest in participating in the statutory distributions made by VG Wort and in receiving appropriate remuneration for the use of my texts under copyright law (Article 6(1)(f) of the GDPR).

The data collected as part of the SZM process is processed exclusively in anonymised or pseudonymised form; I am unable to identify you personally.

Some of my pages contain JavaScript code that reports page views to the collecting society VG Wort. This enables authors to receive a share of VG Wort’s distributions, which ensures the statutory remuneration for the use of copyright-protected works in accordance with Section 53 of the German Copyright Act (UrhG).

Privacy Policy regarding the use of the Scalable Central Measurement System

My website and mobile site use the ‘Skalierbares Zentrale Messverfahren’ (SZM), developed by Kantar Germany GmbH, to calculate statistical metrics and thereby determine the likelihood of text duplication.

Only anonymous data is collected. To identify computer systems, the process uses either a session cookie or a signature generated from various pieces of automatically transmitted browser information. IP addresses are processed only in anonymised form.

The process has been developed with strict adherence to data protection regulations. Its sole purpose is to determine the likelihood of individual texts having been copied.

Individual users are never identified; your identity remains protected at all times. You will not receive any advertising via this system.

General note

You can still use my website without cookies. Most browsers are set by default to accept cookies automatically. However, you can disable cookies in your browser settings or choose to be notified whenever cookies are set.

On my website, I use technically necessary cookies that are essential for the operation and basic functionality of the site (e.g. to save your cookie settings or for security features).

Furthermore, I use cookies and similar technologies to measure visitor numbers as part of the Scalable Central Measurement System (SZM) operated by Kantar Germany GmbH in collaboration with VG Wort. These measurements enable me to participate in the statutory remuneration scheme for authors under Section 53 of the German Copyright Act (UrhG). I base this use on my legitimate interests pursuant to Article 6(1)(f) of the GDPR, as without this measurement, no appropriate remuneration could be paid for the use of my texts.

In addition, I only use other functional cookies (in particular for embedded content such as videos from YouTube or Vimeo) if you have given your express consent to their use beforehand. Unless you have given your consent, no such cookies will be set, and only a placeholder will be displayed in place of the content. Only once you have given your active consent will the content be loaded and the necessary cookies set.