Privacy Policy

I. Contact information
Vanessa Janina Stöhr, Johann-Baptist-Zimmermannstr. 19, 83629 Weyarn responsible for the website and data processing.

II. Data protection officer
Under certain conditions, the General Data Protection Regulation (GDPR) requires you to appoint a data protection officer (DPO). You must check whether you are obliged to appoint a DPO and enter the contact details of that person here. In the United Kingdom, for example, you can check in Section 38 of the Data Protection Act 1998 whether you are obliged to appoint a data protection officer.

III. Data processing
Your privacy policy is a kind of personal letter directly to your website visitors and customers and should mention all the services (data processing activities) you offer. Please note that this may also include services offered or performed by other parties you use, such as Jimdo.

Provision of online services and web hosting
Description: Our website is hosted by a special website hosting provider that uses cloud-based servers within the EU to provide a stable and secure hosting platform. Our website is distributed via a content delivery network with servers around the world to ensure fast and secure delivery of our website.

Types of data processed:
Usage data: e.g. websites visited, access times, all entries within our online offering or from websites
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Provision of a stable and secure online offering that is easy to use.
Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
Recipients or categories of recipients: Website hosting providers, SSL certificate providers, content delivery network providers.
Data transfer to third countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in the section on transfers to third countries.
Retention periods or criteria used to determine retention periods: For more information, please refer to the section on retention periods.

Collection of log files
Description: We store log files for the purpose of analysing and maintaining the technical operation of the servers, as well as to support anti-abuse measures and to protect the security of the hosting platform.
Types of data processed:
Usage data: e.g. websites visited, access times.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (website visitors).
Purpose of processing: Improving stability and functionality of our website.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interest is to ensure the stability and functionality of the website.
Recipients or categories of recipients: Website hosting providers, website analysis providers.
Data transfer to third countries: Your personal data will be processed within the EU.
Retention periods or criteria used to determine retention periods: The log files are stored for up to 3 months and then deleted.

Contact form description:
We offer a contact form function on our website that allows you to contact us by entering your contact details and your request and clicking on ‘Submit’.
Types of data processed:
Usage data: Name, email address and content of the message, websites visited, access times
Communication data: e.g. IP addresses, browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Processing of contact and pre-contractual enquiries via our website.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR), performance of a contract and/or pre-contractual enquiries (Art. 6(1)(b) GDPR). Our legitimate interest is to respond to your enquiry.
Recipients or categories of recipients: Website hosting providers, providers of transactional emails.
Data transfer to third countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in the section Transfer to third countries.
Retention periods or criteria used to determine retention periods: Further information can be found in the section Retention periods.

Captcha
Description: We have implemented a third-party captcha tool in the contact form to check whether the entries in the contact form originate from human visitors to this website or from machines or automated programmes (also known as ‘bots’).
Types of data processed:
Usage data: e.g. website accessed and date and time of access
Communication data: e.g. IP addresses, browser type, operating system, IP addresses
Data subjects: Users (e.g. website visitors, users of online services).
Purpose of processing: Securing the contact form with spam protection.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR). Our legitimate interest is to prevent misuse of our contact form.
Recipients or categories of recipients:

ReCaptcha by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Website hosting provider, captcha provider.
Data transfer to third countries: Your personal data will be processed within the EU.
Retention periods or criteria used to determine retention periods: For more information, please refer to the section on retention periods.

Website analysis (Jimdo statistics)
Description: When you visit our website, we collect information about your use of our website using a web analytics function developed by our website hosting provider and store it in pseudonymised form. This tool collects your IP address and user agent, combines them, and truncates and stores this data using a hash function. In this way, we generate a visitor ID that is encrypted with a random value, known as SALT, which changes every 24 hours. This ensures that your IP address cannot be recovered from the visitor ID we store and that you cannot be personally identified. Furthermore, we do not combine this data with other data and only store it on the website hosting provider's server. We also process web analytics, HTTP data and web analytics profile data. The web analytics function we use creates and stores the web analytics profile. This contains information about the use of our website, in particular page views, frequency of visits and length of stay on visited pages, as well as the client user agent of your end device.
Types of data processed:
Usage data: e.g. websites visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Analysis of user behaviour in aggregated form.

Website analysis (Google Analytics)
Description: When you visit our website, we collect information about your use of our website using a web analysis function developed by our website hosting provider and store it in pseudonymous form. This tool collects your IP address and user agent, combines them, and truncates and stores this data using a hash function. In this way, we generate a visitor ID that is encrypted with a random value, known as SALT, which changes every 24 hours. This ensures that your IP address cannot be recovered from the visitor ID we store and that you cannot be personally identified. Furthermore, we do not combine this data with other data and only store it on the website hosting provider's server. We also process web analytics, HTTP data and web analytics profile data. The web analytics function we use creates and stores the web analytics profile. This contains information about the use of our website, in particular page views, frequency of visits and length of stay on visited pages, as well as the client user agent of your end device.
Types of data processed:
Usage data: e.g. websites visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Analysis of user behaviour in aggregated form to improve our website, including its presentation and content.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Recipients or categories of recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Website hosting provider
Data transfer to third countries: Your personal data will be processed within the EU.
Retention periods or criteria used to determine retention periods: For more information, please refer to the section on retention periods.

Map content (Google Maps)
Description: We embed maps on this website using a plugin from a map service provider to enable an appealing presentation of our online offerings and to make it easy to find the locations we specify on the website. Once you have given your consent via the consent level or cookie banner, the map element is loaded and the data is transferred to the map provider's servers.
Types of data processed:
Usage data: e.g. websites visited, access times.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (e.g. website visitors, users of online services).
Purpose of processing: Appealing presentation of our online offerings and easy location of the places specified by us on the website.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Recipients or categories of recipients:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Data transfer to third countries: Your personal data will be processed within the EU.
Retention periods or criteria used to determine retention periods: For more information, please refer to the section on retention periods.

Video content (Vimeo, YouTube, Dailymotion)
Description: We embed video content on our website to provide you with an appealing presentation of our online offerings. Once you have given your consent via the consent level or cookie banner, the video content is loaded and the data is transferred to the servers of the video hosting provider.
Types of data processed:
Usage data: e.g. websites visited, access times.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offerings through the use of video content.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Recipients or categories of recipients:

Optional: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA, https://vimeo.com/features/video-privacy
Optional: YouTube by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Optional: Dailymotion, 140 boulevard Malesherbes, 75017 Paris, France, https://legal.dailymotion.com/en/privacy-policy/
Data transfer to third countries:

Vimeo: Your personal data will be transferred to the above-mentioned processors in the United States for this purpose. Information on the transfer of personal data to third countries can be found in the section Transfer to third countries.
Optional: YouTube: Your personal data will be processed within the EU.
Optional: Dailymotion: Your personal data will be processed within the EU.
Retention periods or criteria used to determine retention periods: For more information, please refer to the section on retention periods.

External services via Powr.io
Jimdo offers you the option of integrating third-party services into your Jimdo Creator website via a third-party tool. Once website visitors have given their consent, a connection to the third-party provider's servers is established. The legal basis for this is consent (Art. 6(1)(a) GDPR). Once website visitors have given their consent, the integration app stores cookies on their devices that store data so that you can implement specific third-party apps/services on your website.

Powr.io
Description: Powr.io is a third-party tool that enables the integration of third-party services on a website.
Types of data processed:
Usage data: e.g. websites visited, access times.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offerings through the use of third-party content.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Recipients or categories of recipients:
Powr.io, POWR HQ, 44 Tehama Street, San Francisco, California 94105, USA, https://www.powr.io/privacy
Data transfer to third countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in the section Transfer to third countries.
Retention periods or criteria used to determine retention periods: Further information can be found in the section Retention periods.

IV. Retention periods
In general, we process and store your personal data for the duration required for the respective purpose of use. This may also include the periods of contract initiation (pre-contractual legal relationship) and contract execution. On this basis, personal data is regularly deleted in the course of fulfilling our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

Fulfilment of statutory retention obligations (commercial or tax law)
Retention of evidence, taking into account the limitation periods
Assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.

V. Transfer to third countries
We ensure that your data is processed within the EU or the European Economic Area. If this is no longer possible and the data must be transferred to a third country, Jimdo will, after prior review, ensure that the country to which the data is transferred maintains an adequate level of data protection that meets the requirements of the Court of Justice of the European Union and the European Commission.
In such cases, the data will be transferred on the basis of an adequacy decision by the European Commission or the standard contractual clauses for the transfer of personal data to third countries in their currently valid version. These can be viewed here.
Data may also be transferred to a third country on the basis of your consent. Details of this will be communicated to you separately, if necessary.

VI. Rights of data subjects
Access to information
You may request access to information about your personal data that we process.
Rectification
If your data is not (or no longer) correct, you may request that your data be rectified. If your data is incomplete, you may request that it be completed.
Erasure
You have the right to request the erasure of your data in accordance with applicable data protection laws. Please note that a request for erasure may depend on whether there is a legitimate reason and whether there is no legal reason that obliges us to retain your data.
Restriction of processing
You have the right to request the restriction of the processing of your data. Please note that a request for restriction of processing depends on the existence of a legitimate reason.
Objection
You have the right to object to the processing of your data for reasons relating to your particular situation. In the event of a legitimate objection, we will no longer process your data.
Objection to the processing of your data for direct marketing purposes
You have the right to object to the processing of your data for direct marketing purposes at any time. This also applies to profiling in connection with direct advertising. You can send us your objection informally, preferably to the contact details above, stating the keyword ‘Objection to the processing of my personal data for advertising purposes’.
Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority if you do not agree with the processing of your data.
Data portability
You have the right to receive personal data that you have provided to us in an electronic format.
Withdrawal of your consent
You have the right to withdraw your consent at any time. The easiest way to withdraw your consent is to send an email to the contact details above. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.