- Name and Address of the Controller
Yusra Mardini (hereinafter “website owner/controller”)
c/o Christian Timm
- Collection, Processing and Erasure of Personal Data
The use of this website is basically possible without any indication of personal data. Should a processing of personal data, e.g. name, address, e-mail address or telephone number of the user, nevertheless become necessary in the context of the use of the website, the processing takes place according to the regulations of the valid data protection law (GDPR).
The website owner/controller processes and stores the personal data provided by the user only for the period of the usage relationship. After expiration of that period, the corresponding personal data is routinely deleted unless there is a longer period of storage for personal data, which must be observed by law or regulation (statutory retention period) to which the website owner/controller is subject.
- Legal Basis for the Collection and Processing of Personal Data
If the processing of personal data will become necessary, the legal basis for the processing of personal data, provided by the user, by the website owner/controller is based on Art. 6 (1a-c) GDPR.
On the one hand, it is possible that the website owner/controller obtains the user’s consent to the processing of personal data concerning him for one or more specific purposes (e.g. answering a request from the user without concluding a contract afterwards).
On the other hand, the processing is necessary for the fulfilment of a contract to which the user is or becomes a party or for the execution of pre-contractual measures which are taken at the user’s request (e.g. reply to inquiries, delivery of goods or the provision of another service or consideration). If the user does not provide the personal data which are necessary to fulfil the contract, the contract with the user cannot be concluded.
- Rights of the User
The user can contact the website owner/controller directly regarding the following rights:
- Right of Information
The user has the right to request confirmation from the website owner/controller as to whether the personal data provided will be processed. In addition, the user has the right of information about the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where appropriate, the website owner’s/controller’s intention to transfer the personal data to a third country or international organisation and the existence or absence of a Commission adequacy decision or, in the case of transfers pursuant to Art. 46, 47 or 49 (1) and (2) GDPR, a reference to the appropriate or appropriate safeguards and means of obtaining a copy of them or where available;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the website owner/controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Right of Rectification
The user has the right to obtain from the website owner/controller without undue delay the rectification of inaccurate personal data concerning the user. Taking into account the purposes of the processing, the user shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right of Restriction of Processing
The user has the right to obtain from the website owner/controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the user, for a period enabling the website owner/controller to verify the accuracy of the personal data.
- the processing is unlawful and the user opposes the erasure of the personal data and requests instead the restriction of their use instead.
- the website owner/controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims.
- the user has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the website owner/controller override those of the user.
- Right to Data Portability
The user has the right to receive the personal data provided in a structured, commonly used and machine-readable format in order to transmit this data to another controller, provided that the processing is based on a consent pursuant to Art. 6 (1a) or Art. 9 (2a) GDPR or on a contract pursuant to Art. 6 (1b) GDPR and the processing is carried out by automated means. The rights and freedoms of other persons may not be impaired by the data transmission.The user has the right to demand from the website owner/controller that the personal data be transmitted directly to another controller, as far as this is technically feasible.
- Automated Individual Decision-Making, including Profiling
The user has the right not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect on the user or significantly impairs it in a similar manner, provided that the decision is not necessary for entering into, or performance of, a contract between the user and a the website owner/controller or is authorised by Union or Member State law to which the website owner/controller is subject and which also lays down suitable measures to safeguard the user’s rights and freedoms and legitimate interests or is based on the user’s explicit consent.If the decision to conclude or fulfil a contract between the user and the website owner/controller is necessary or if the decision was made with the express consent of the user, the website owner/controller shall implement suitable measures to protect the rights and freedoms as well as the legitimate interests of the user, including at least the right to obtain human intervention on the part of the website owner/controller, to express his or her point of view and to contest the decision.The website owner/controller does not use automatic decision-making or profiling on this website.
- Right to Erasure (“Right to be Forgotten”)
The user has the right to obtain from the website owner/controller the erasure of personal data concerning him or her without undue delay and the website owner/controller has the obligation to erase personal data without undue delay where one of the following grounds applies and processing is not necessary (e.g. to exercise the right to freedom of expression and information; for reasons of public interest):
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- the user withdraws his consent, on which the processing was based according to Art. 6 (1a) or Art. 9 (2a) GDPR, and there is no other legal basis for the processing
- the user files an objection against the processing in accordance with Art. 21 (1) and (2) GDPR and there are no overriding legitimate reasons for the processing
- the personal data have been processed unlawfully
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the website owner/controller is subject
- the personal data have been collected in relation to the offer of information society services in accordance with Art. 8 (1) GDPR.
- Right to object
The user has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 (1e) and (1f) GDPR, including profiling based on those provisions.Where personal data are processed for direct marketing purposes, the user has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the user objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the user may exercise his or her right to object by automated means using technical specifications.Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, the user, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
- Right to Withdraw Data Protection Consent
Should the user have given consent to the website owner/controller to process the personal data provided, he can withdraw this consent at any time. The user can send the withdrawal informally by post, telephone, fax or e-mail directly to the website owner/controller without giving reasons.
- Right of Information
- Anonymised Data Collection and Data Processing
As far as log file data (date and time, the browser type and the operating system of the user’s PC and the pages viewed by the user) are automatically collected on the server of the website owner/controller and stored in an internal log file and communicated via the user’s browser to the website owner/controller, the website owner/controller will collect and process these data in anonymised form, i.e. they cannot be assigned to a particular person. The purpose of the data collection and data processing is the analysis for internal system-related and statistical purposes. This means that no conclusions are drawn about the user, since this data is stored separately from the other personal data provided by the user.
- Google Analytics
- Social Media Plug-Ins
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland)
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Use of YouTube
- Mobile Devices
As a precaution, the website owner/controller points out that when using this website by means of so-called mobile devices (smartphones, mobile phones, tablets, etc.) precise location data may be collected, used and forwarded, including the geographical location of the user’s mobile device. In addition, further data may be collected, processed and used within the framework of the usage conditions of the user’s respective telecommunications provider.
- Technical Gaps in Security
The website owner/controller has implemented comprehensive technical and organisational measures to ensure the safest possible protection of personal data processed through this website.The website owner/controller explicitly points out that security gaps can occur with regard to data transmission on the Internet, e.g. during e-mail correspondence, and that there is no complete protection against access by third parties. For this reason, every user is free to transmit personal data to the website owner/controller by telephone, fax or mail.
- Use of the Contact Data of the Website Owner Details & Imprint