privacy policy

introduction

The following privacy policy is here to help you understand which kind of personal data (subsequent labled as ‘data’) we collect and in which capacity and purpose process. This privacy policy applies to all conducted processing of personalized data in service procession and more particularily on our websites, in mobile apps and in external online precence, e. g. our social media profiles (subsequent labled as ‘online presence’).

effective: 31. August 2019

table of contents

  • introduction
  • person in authority
  • overview of processing
  • essential legal bases
  • safety precautions
  • transmission and disclosure of personalized data
  • data processing in third countries
  • usage of cookies
  • blogs and publication media
  • deployment of online presence and webhosting
  • online marketing
  • presence in social networks
  • deletion of data
  • revision and updating of the privacy policy
  • rights of affected subjects

person in authority

Marina Wöltche
Waldstr. 2
97717 Sulzthal
Germany

E-Mail-adress: info@fish-blog.com

copyright page: https://www.fish-blog.com/de/impressum/

overview of processing

The following overview summarizes the kinds of processed data and the capacities and purposes of said data. It also refers to the affected figures.

types of processed data

  • personal data (e. g. names, adresses).

  • content data (e. g. text input, photographies, videos).

  • contact data (e. g. e-mail, phone numbers).

  • meta & communications data (e. g. device informations, IP-adresses).

  • usage data (e. g. visited website, interest in topics, acces times).

  • contract data (e. g. contract objects, duration, category of customers).

types of affected figures

  • interested parties

  • user (e. g. website visitors, user of online services).

purposes of data processing

  • visitor analysis.

  • feedback (e. g. collecting feedback via online forms).

  • demand and behavior marketing.

  • contact requests and communication.

  • mesurment of marketing effiency.

  • profiling.

  • remarketing.

  • mesurment of range (e. g. range of access, recognission of reoccuring visitors).

  • safety measurements.

  • tracking (e. g. usage of cookies).

  • contractual capacities and service.

  • maintaining and replying of inquiries.

 

essential legal bases

The following part discloses the legal bases of the General Data Protection Regulation (GDPR) on which basis we process personal data. Please note that additional regulations of the GDPR and/or national regulations in your or our home countries might apply.

  • consent (art. 6 (1)  p. 1 lit. a GDPR) – Processing shall be lawful only if and to the extent that at least one of the following applies: the data subject has given consent to the processing of his or her personal data for one or more specific purpose.

  • contract (art. 6 (1)  p. 1 lit. b GDPR) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  • vital interests (art. 6 (1)  p. 1 lit. e GDPR) – processing is necessary in order to protect the vital interests of the data subject or of another natural person.

  • legitimate interests (art. 6 (1)  p. 1 lit. f GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

national privacy policy of Germany: In addition to the GPDR the national privacy policy of Germany applies. Hereto belongs the law of protection of misuse of personalized data by data processing (Bundesdatenschutzgesetz – BDSG). The BDSG notibly includes special regulations of right of disclosure, right of deletion, right of objection, regulations of specific categories of personal data, regolations of processing of data for other purposes and of transmission plus automatic decisioning in indiviual cases including profiling. Furtermore it regulates data processing for purpose of employment relationships (§ 26 BDSG), particularily the justification, execution or termination of employment relationships as well as employee consent. Further regulations of single states can apply.

safety precautions

We take precautions in accordence with the statutory provisions considering the state of the art, the cost of implementation and the manner and extent of circumstances and conditions of the purposes of data processing as well as diverse probability of occurrence and the extent of threat to rights and liberties to natural persons in terms of suitable technical and organisational measures to lower the risks and ensure an appropriate level of protection.

To said measurements belong especially the protection of confidentiality, integrity and availability of data through control of physical and electronic access to data as well as their relating access, input, transfer, safety of availability, segregation and extermination. Further we consider the protection of personalized data as early as at development or selection of hardware, software and proceedings of data protection, through technical configuration and through privacy friendly presettings.

transmission and disclosure of personalized data

In accordence of our policy of personalized data the transmission to other authorities, companies, legally autonomous organizational units or people might occur. The recipients might belong to e. g. payment institutes in context of payments, IT-service contractors or providors who offer services for websites. In cases like these we follow the legal specifications and arrange contracts or agreements that will protect your personal data.

data processing in third countries

Provided we process data in a thrid country (i. e. outside of the European Union (EU), the European Econoic Area (EEA)) or allow procession of data as part of use of services of third parties or allow disclosure or transmission of data to other persons, parties or companies we will follow the contries laws.
Subject to explicit approval or contractually or legally necessary transmittion we only allow data procession or storage in thrid countries with a recognized data privacy standard, e. g. the ‘privacy-shield’ certificate given out by US-contractors, or on foundation of particular warranties, e. g. contractual obligations through so-called standard safeguard clauses of the European Commission, the presence of certificates or mandatory internal data protection legislations (Art. 44 to 49 DSGVO, Information from the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection).

usage of cookies

‘Cookies’ refer to small files that get saved on the device of the user. Through cookies various information can get saved. Those information are e. g. language settings on a website, the status of a log-in, a shopping cart or the time of a watched video.

Cookies usually also are used when single websites save the interests or behaviour (e. g. watching of various content, usage of functions) in a user profile. These profiles are used to e. g. show content that is interesting. This process is also called ‘tracking’, which is the tracing of user interests. Further the term of cookies also is used for technology that has the same function as a cookie (e. g. when the data of users get collected by pseudonym online-tags, also called ‘user-IDs’.)

Provided we use cookies or ‘tracking’-technology we will inform you separately in the privacy policy.

Reference of legal basis: If we process your personal data with help of cookies we will ask you for consent. When you agree to the usage of cookies the legal basis to processing your data is the given approval. Otherwise the data processed with the help of cookies is used for either legitimate interest or to fulfill contractual oblication.

Withdrawal and opt-out: Separately if the processing is based upon approval or legal permission there is always a possibility to withdraw or opt-out the processing of your data through cookie-technology.

You can primarily withdraw in your browsers setting, e. g. deactivation the usage of cookies (by this the functionality of our online presence might be restricted).

You can find explanations to withdrawl for the usage of cookies for purpsoe of online marketing, especially in case of tracking, here on the US-page http://www.aboutads.info/choices/ oder the EU-page http://www.youronlinechoices.com/ oder a general explanation on http://optout.aboutads.info.

  • processed forms of data: user data (e. g. visited websites, content interest, access time), meta & communication data (device informations, IP-adresses).

  • subject: user (e. g. website visitors, user of online services).

  • legal basis: consent (art. 6 (1) p. 1 lit. a GDPR), legitimate interests (art. 6 (1) p. 1 lit. f. GDPR).

blogs and publication media

We use blogs or similar ways of online communication and publication (subsequent ‘publication media’). The data of readers in terms of the publication media will only be processed in purpose of communication between author and reader and for terms of safety. Incidentally we refer to the informations to process data of users of our publication media in terms of this privacy policy.

comments and posts: When users comment or post we can save their IP-adress on terms of legitimate interests. This is for our safety in case that illegal and / or unlawful comments or posts are made (insutls, illegal politic propaganda, etc.). In this case we could be prosecuted and therefore are interested in the identity of the author.

Additionally we will save the information of users on beahlf of legitimate interest of spam recognition and detection.

On the same terms we will save IP-adresses and use cookies in case of surveys and / or polls for the duration of those to avoid multiple voting.

The in comments and posts disclosed information of subjects, possible even contact and website informations as well as substantial information and statements will be saved until the user withdraws permanently.

Retrival of WordPress-emojis and -smilies: Within our WordPress-blogs we use graphic emojis (or smileys) for the purpose of efficient inclusion, this means we use small graphic data that express emotions sourced from external servers. The provider of those servers collect the IP-adresses of users. This is necessary for the transmission of the data to the users browser.

  • processed data types: personal data (e. g. names, adresses), contact data (e. g. e-mail, phone numbers), content data (e. g. text input, photographies, videos), usage data (e. g. visited websites, content interest, access time), meta / communication data (e. g. devide informations, IP-adresses), contract data (e. g. contract topic, terms, runtime, customer categories).

  • subjects: user (e. g. website visitors, user of online services)

  • purposes of data processing: contactual capacieties and service, feedback (e. g. collecting feedback via online forms), safety measurements, contact requests and communication.

  • legal bases: contract (art. 6 (1) p. 1 lit. b. GPDR), legitimate interests (art. 6 (1) p. 1 lit. f. GPDR), consent (art. 6 (1) p. 1 lit. a DSGVO), vital interests (art. 6 (1) p. 1 lit. d. DSGVO).

used services and service providers:

deployment of online services, online presence and webhosting

To deploy our online presence safe and efficent we use the services of one or more webhosting providers. From their servers (or their administrated servers) the onlince presence will be accessed. For this purpose we use infrastructure and platform services, computing capacity, memory, storage space and database services as well as safety services and maintenance services.

The deployed processed data given to hosting services might be any information that arise with the usage of communication. Thereto belongs habitually the IP-adress which is essential for delivering online services and all of our website or online service input to the users browser.

Gathering of acces data and logfiles: We (or our webhosting provider) raises data of every acces to the server (called serverlogfiles). To said serverlogfiles belonge adress and name of the acessed website and files, date and time of the accesing, broadcasted quantity of files, report of access sucess, browser type with version, the operating system of the user, referrer URL (of the prior visited website) and in principle IP-adress and enquiring privider.

The serverlogfiles can be used for the purpose of safety, e. g. to prevent a server overload (especially in case of abusive attacks, called DDoS-attacks) and for the purpose of ensuring a decent workload and stability of the server.

  • gathered types of data: contant data (e. g. text input, photographies, videos), usage data (e. g. visited website, content interest, access time), meta & communication data (e. g. device informations, IP-adresses).

  • subjects: user (e. g. website visitors, user of online services).

  • legal bases: legitimate interests (art. 6 (1) p. 1 lit. f. GPDR).

online marketing

We process peronal data for purpose of online marketing, especially the portrayal of adverticed and other contents (in short ‘content’) with the aid of potential interests as well as measuring their effectivity.

For this so called user profiles will be created and saved in a file (called ‘cookie’) or similar processings will be used to render displays of beforesaid relevant content from users. To these information and content belong e. g. viewed contents, visited websites, used online networks and services, used browser, used operating system as well as specified usage and access times. When users allowed access to location than that data can also be processed.

The IP-adresses of users will also be saved. However we are using a so called IP-masking-proceeding (which means pseudonymization through shortening the IP-adress) for protection of the users. In general no clear data of users will be processed for the means of online marketing (e. g. e-mail-adresses or names) but pseudonyms, which means we as well as the providers of online marketing processings do not know the actual identity of users and only the in the profiles saved information.

The information in profiles usually gets saved by cookies or through similar processings. Those cookies can generally later get used on other websites that use the same online marketing proceeding, read out for purpose of displaying contents for analytics as well as supplementing with further data and get saved on the server of the online marketing processings providor.

Exceptionally clear data can get matched to profiles. This is the case when users are for example members of a social networks which uses the same online marketing proceedings as we do and matches the profile of the user in the beforesaid data. Please note that users that are members to said networks can have additional agreements, e. g. by accepting their terms and conditions by registrating.

We usually only have access to pooled information over the sucess of our advertisement. However we can in terms of so called conversion mesurements examine which of our online marketing proceedings lead to a so called conversion, that means to a contract closing with us. The conversion measurement will only be used to analyze our sucess of marketing measurements.

reference to legal notice: Provided we ask users to give consent to the usage of third party providers the legal base for processing data is the given approval. Otherwise the data processed is used for legitimate interest (e. g. interest for efficient, economic and recipient friendly services). In this conext we want to refer to the information about cookie usage in this privacy policy.

  • gathered types of data: contant data (e. g. text input, photographies, videos), usage data (e. g. visited website, content interest, access time), meta & communication data (e. g. device informations, IP-adresses).

  • subjects: user (e. g. website visitors, user of online services).

  • purposes of data processing: tracking (e. g. profiling of interests and habits), remarketing, visitor evaluation, interest based and habitual based marketing, profiling (generating user profiles), conversion measurements (mesuring efficiency of marketing measurements), range measurements (e. g. access data, recognition of reoccuring visitors).

  • safety measurements: IP-masking (pseudonymization of IP-adresses).

  • legal bases: consent (art. 6 (1) p. 1 lit. a DSGVO), legitimate interests (art. 6 (1) p. 1 lit. f. GPDR).

  • withdrawal and opt-out: We refer to the privacy policy of the respective thrid party members as well as their withdrawal and opt-out options. If no explicit opt-out option is given the possibility of opt-out through your browser by disabling cookies is given. By this the functionality of our online presence might be restricted. We therefore recommend aditionally these following opt-out options for the respective areals: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) other areals: http://optout.aboutads.info.

used services and service providers:

presence in social networks

We maintain online presence in social networks to actively communicate with users and give information about us.

We want to state that by that the data of users can be processed outside of the European Union. Thereby users can access risks, for example the enforcements of user rights can be more complicated and aggravated. US-providers that function under the privacy-shield or use similar warranties of privacy certificates are obligated to hold the data protection privacies of the European Union.

Further the data of users within social networks usually get processed for purpose of marketing and advertisement. By processing behaviour and interests so called user profiles can be created to for eample show advertisements in and outside of social networks that alledgedly show interests of users. For this purpose usually cookies get saved on the device of the users where interest and behaviour are processed. Further in those profiles data can get saved impartially of used devices (especially if said user is a member of the network and logged in).

For more details we refer to the privacy policy and information statements of the respective social networks as well as their withdrawal and opt-out options.

Furthermore in case for disclosure inquiries and assertion of data subject rights we refer to the respective providers. Only the providers have access to user data and can directly pursue action and give disclosure. If you still need help you can turn to us.

  • processed data types: personal data (e. g. names, adresses), contact data (e. g. e-mail, phone numbers), content data (e. g. text input, photographies, videos), usage data (e. g. visited websites, content interest, access time), meta / communication data (e. g. devide informations, IP-adresses), contract data (e. g. contract topic, terms, runtime, customer categories).

  • subjects: user (e. g. website visitors, user of online services)

  • purposes of data processing: contactual capacieties and service, tracking (e. g. profiling of interests and habits), usage of cookies, remarketing
  • legal bases: legitimate interests (art. 6 (1) p. 1 lit. f. GPDR).

used services and service providers:

deletion of data

The by us processed data will be deleted by abiding the statutory provisions, as soon as the given consent is withdrawn or other permissions fall away (e. g. if the purpose of processing said data falls away or is not essential anymore).

Provided that the data can’t get deleted because it is necessary for statutory and other provisions the processing will be limited to those purposes and said data will be disabled for other intentions. This includes for example data that needs to be saved for commercial and fiscal reasons or data that includes assertment, exertion or advocacy of legal interest or for protection of rights of natural or juristic subjects.

Further references to withdrawal and opt-out of personal data can be found in statements of this privacy policy.

revision and updating of the privacy policy

We advice that you regularily educate yourself on the content of this privacy policy. We will adjust the privacy policy when alterations are required through e. g. our data processing. We will inform you if changes are made that change your participation rights (e. g. consent) or if an additional individual notification is necessary.

rights of affected subjects

As affected subjects you have the following rights through GPDR, especially art. 15 – 18 and 21 GPDR:

  • Right of objection: You have the right, as result of your specific situation, at all times to object against the processing of your affected personalized data, processed because of art. 6 (1) lit. 3 or f GPDR; this also qualifies for profiling clauses based on it. If the affected personalized data gets used for personalized advertizement you have the right to object the processing of said data; this also affects profiling that is related to said personalized advertizement.
  • right of objection of consent: You have the right to take back any given consent at all times.
  • right of disclosure: You have the right to demand a confirmation if affected data gets processed and you have the right to get disclosure about these data as well as further informations and a copy of your data corresponding with statutory provisions.
  • right of rectification: You have the right in correlation with statutory provisions to rectificate or complete affected data or demand adjustment of inaccurate data.
  • right of deletion and limitation of processing data: You have the right in correlation with statutory provisions to demand that affected data promplty gets deleted or alternatively in correlation with statutory provisions limit the processing of data.
  • right of data transferability: You have the right to demand in correlation with statuory provisions to obtain data that you provided to us in a structured, machine-readable format or to submit said data to another person of authority.
  • right to complain at controlling institutions: You further have the right in correlation with statuory provisions to complain at a controlling institution, especially in your state of residence or the area of a alleged violation if you have the opinion that the processing of your affected data is in infringement with the GPDR.

Created by Datenschutz-Generator.de | Dr. jur. Thomas Schwenke
Translated from German by Marina Wöltche