Privacy Policy
Preamble
With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the course of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as the “online offering”).
The terms used are not gender-specific.
Status: March 20, 2025
Table of Contents
Preamble Controller Overview of Processing Applicable Legal Bases Security Measures Rights of Data Subjects Business Services Provision of the Online Offering and Web Hosting Use of Cookies Contact and Request Management
Controller
Mario Raetzel Hindenburgdamm 86 12203 Berlin
Authorized representative: Mario Raetzel
Email: kontakt@mario-raetzel.com
Imprint: https://mario-raetzel.com
Overview of Processing
The following overview summarizes the types of data we process, the purposes for which they are processed, and the categories of data subjects.
Types of Data Processed
Inventory data Payment data Contact data Content data Contract data Usage data Meta, communication, and procedural data Log data
Categories of Data Subjects
Service recipients and clients Interested parties Communication partners Users Business and contractual partners
Purposes of Processing
Provision of contractual services and fulfillment of contractual obligations Communication Security measures Office and organizational procedures Organizational and administrative procedures Feedback Provision of our online offering and user-friendliness Information technology infrastructure Business processes and economic procedures
Applicable Legal Bases
Applicable legal bases under the GDPR: Below is an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that national data protection provisions in your or our country of residence or business location may also apply in addition to the GDPR. If more specific legal bases are relevant in individual cases, we will inform you in this privacy policy.
Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
National data protection regulations in Germany: In addition to the GDPR, national data protection laws apply in Germany, in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG includes specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers as well as automated decision-making on an individual basis including profiling. In addition, data protection laws of individual federal states may apply.
Note on applicability of the GDPR and the Swiss Data Protection Act (DSG): These privacy notices are intended to provide information under both the Swiss DSG and the GDPR. Therefore, the terminology of the GDPR is used for broader applicability and clarity. In particular, instead of the terms used in the Swiss DSG such as “processing” of “personal data,” “overriding interest,” and “sensitive personal data,” we use the GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data.” However, the legal meaning of the terms is determined in accordance with the Swiss DSG where applicable.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
These measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, ensuring availability, and separation of data. We have also established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Additionally, we consider the protection of personal data when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection by design and by default.
Securing online connections via TLS/SSL encryption technology (HTTPS): To protect the data transmitted via our online services from unauthorized access, we use TLS/SSL encryption. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the foundation of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between servers), thus protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transfers comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the presence of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and in encrypted form.
Rights of Data Subjects
Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular those outlined in Articles 15 to 21 GDPR:
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed, and, where that is the case, to access the personal data and receive further information and a copy of the data in accordance with legal requirements.
Right to rectification: You have the right, in accordance with legal requirements, to request the completion of incomplete data or the correction of inaccurate data concerning you.
Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request the immediate deletion of personal data concerning you or, alternatively, to request restriction of processing of the data.
Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to request transmission of that data to another controller where legally required.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.
Business Services
We process data of our contractual and business partners, such as customers and interested parties (hereinafter collectively referred to as “contractual partners”), within the framework of contractual or similar legal relationships, related measures, and communication with contractual partners (including pre-contractual communication), for example, to respond to inquiries.
We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedying warranty and service issues. Furthermore, we process the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations as well as company organization. Additionally, we process the data based on our legitimate interests in proper and efficient business management and in implementing security measures to protect our contractual partners and our business operations from misuse, risks to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). According to legal requirements, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. We inform our contractual partners of any other types of processing, such as for marketing purposes, in this privacy policy.
We inform contractual partners about the data required for the aforementioned purposes before or during the collection process, e.g., in online forms, by special markings (e.g., colors) or symbols (e.g., asterisks), or in person.
We delete the data once the legal warranty and similar obligations expire, typically after four years, unless the data is stored in a customer account — for example, if it must be retained for legal archiving purposes (e.g., for tax reasons, usually ten years). Data that has been disclosed to us by the contractual partner as part of an order will be deleted in accordance with the order terms and, as a rule, after the order has ended.
Provision of the Online Offering and Web Hosting
We process user data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to deliver content and functionality of our online services to the user’s browser or device.
Types of data processed include usage data (e.g., page views, session duration, click paths, interaction intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved individuals); log data (e.g., login records or access times); and content data (e.g., text or image messages and related author or timestamp information).
Categories of data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Providing our online services and enhancing usability; managing IT infrastructure (operation and provision of information systems and technical equipment such as computers, servers, etc.); implementing security measures.
Retention and deletion: Data is deleted according to the information provided in the section “General Information on Data Storage and Deletion.”
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Additional notes on processing, procedures, and services:
Hosting our online offering using rented storage:
To host our online services, we use rented storage space, computing capacity, and software from a third-party provider (also known as a “web host”).
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Collection of access data and log files:
Access to our online offering is logged in the form of so-called “server log files.” These log files may include the address and name of retrieved websites and files, date and time of access, transferred data volume, access success message, browser type and version, user operating system, referrer URL (previously visited page), and — generally — IP addresses and the requesting provider. These log files are used, on the one hand, for security purposes (e.g., to prevent server overload, particularly in the case of abusive attacks known as DDoS attacks), and on the other hand, to ensure server stability and performance.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Deletion of data: Log file information is stored for up to 30 days and then deleted or anonymized. Data required for evidence purposes is exempt from deletion until the respective incident is finally resolved.
Email transmission and hosting:
The web hosting services we use also include email sending, receiving, and storage. For this purpose, we process recipient and sender addresses, other data related to email delivery (e.g., providers involved), and the contents of each email. These data may also be processed to detect spam.
Please note that emails on the internet are generally not transmitted in encrypted form. While they are typically encrypted in transit, they are not encrypted on the servers unless end-to-end encryption is used. We therefore cannot take responsibility for the transmission path between the sender and our server.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
ALL-INKL:
Service provider for the provision of IT infrastructure and related services (e.g., storage and/or computing resources).
Provider: ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://all-inkl.com/
Privacy policy: https://all-inkl.com/datenschutzinformationen/
Data processing agreement: Provided by the service provider
Use of Cookies
The term “cookies” refers to functions that store and retrieve information on users’ devices. Cookies may be used for a variety of purposes, such as ensuring functionality, enhancing security and usability of online offerings, and analyzing user behavior. We use cookies in compliance with legal regulations. Where required, we obtain prior consent from users. If consent is not necessary, we rely on our legitimate interests. This applies when storing and retrieving information is essential for providing content and functions that users explicitly request — for example, saving settings or ensuring security and basic functionality. Consent can be revoked at any time. We provide clear information about the scope of cookie use and the specific cookies used.
Legal basis for data protection: Whether we process personal data via cookies depends on user consent. If consent is given, it forms the legal basis. Without consent, we rely on our legitimate interests, as described above and in the context of the respective services and processing procedures.
Retention period: Regarding how long cookies are stored, we distinguish the following types:
Temporary cookies (also known as session cookies): These cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile app).
Persistent cookies: These cookies remain stored even after the device is closed. For example, login status may be saved or preferred content may be displayed directly when the user visits the site again. Data collected through cookies may also be used for reach measurement. If we do not explicitly specify the type and duration of cookies (e.g., when obtaining consent), users should assume cookies may be stored for up to two years.
General instructions on withdrawal and objection (opt-out): Users can revoke their previously given consent at any time. They may also object to processing in accordance with legal requirements — for example, via browser privacy settings.
Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, individuals involved)
Data subjects: Users (e.g., website visitors, users of online services)
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), Consent (Art. 6(1)(a) GDPR)
Processing of Cookie Data Based on Consent
We use a consent management solution that obtains user permission for the use of cookies and similar technologies, as well as the providers and procedures listed in the consent settings. This process serves to collect, document, manage, and revoke consent — particularly with regard to cookies and comparable technologies used to store, read, and process information on users’ devices.
Through this process, we collect user consent for the use of cookies and the associated processing of information, including the specific processes and providers listed in the consent tool. Users can also manage and revoke their consent at any time. Consent declarations are stored in order to avoid repeated requests and to comply with legal documentation requirements. This storage takes place on the server and/or in a cookie (known as an “opt-in cookie”) or using similar technologies, so that consent can be assigned to a specific user or device.
Unless otherwise specified regarding the consent management providers, the following applies: consent is stored for up to two years. A pseudonymous user ID is created and stored along with the time of consent, the scope of the consent (e.g., categories of cookies or service providers), as well as browser, system, and device information.
Further information: A unique user ID, language preferences, the types of consent given, and the time they were granted are stored both on the server and in a cookie on the user’s device.
Real Cookie Banner
To manage cookies and similar technologies (e.g., tracking pixels, web beacons) and the related user consent, we use the consent tool “Real Cookie Banner.” Details about how Real Cookie Banner works can be found at: https://devowl.io/de/rcb/datenverarbeitung/
Legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.
Our legitimate interest lies in the administration of the cookies and the associated user consents.
Note: The provision of personal data is not legally or contractually required and is not necessary for the conclusion of a contract. You are not obligated to provide this data. If you do not provide the data, we cannot manage your consents.
Contact and Request Management
When you contact us (e.g., by post, contact form, email, telephone, or via social media) or in the context of existing user or business relationships, we process the information provided by the person making the request, insofar as this is necessary to respond to the contact inquiry and any requested measures.
Types of data processed:
Inventory data (e.g., full name, home address, contact information, customer number)
Contact data (e.g., postal and email addresses, telephone numbers)
Content data (e.g., text or image messages and contributions as well as associated information such as authorship or creation timestamp)
Usage data (e.g., page views and session duration, click paths, usage frequency, device types and operating systems used, interactions with content and features)
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, individuals involved)
Data subjects: Communication partners
Purposes of processing: Communication, organizational and administrative procedures, feedback (e.g., gathering feedback via online forms), provision of our online offering, and usability
Retention and deletion: Data is deleted in accordance with the section “General Information on Data Storage and Deletion.”
Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR)
Further notes on processing, procedures, and services:
Contact form:
When users contact us via contact form, email, or other means of communication, we process the personal data provided to respond to and handle the request. This typically includes information such as name, contact details, and possibly additional information necessary for appropriate handling. We use this data solely for the stated purpose of contacting and communicating.
Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR)
Created using the free privacy policy generator by Dr. Thomas Schwenke