Each online dialogue involves the transfer of data, even if it is only the e-mail address when you contact me. In addition, the use of certain services inevitably involves the transfer of data without which no Internet can function.
This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within my online offer and the websites, functions and contents connected with it as well as external online presences, such as my social media profiles (hereinafter jointly referred to as "online offer").
With regard to the terms used, such as "processing" or "controller", I refer to the definitions in Art. 4 of the European General Data Protection Regulation (GDPR).
Responsible person/ controller
Christian Geike
Bruno-Wille Street 95
12587 Berlin, Germany
Email: hi@christian-astrologie.de
Tel.: on request
Definition of terms
"Personal data" shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all data handling.
"Controller" shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Applicable legal basis
In accordance with Art. 13 GDPR I inform you about the legal basis of my data processing. If the legal basis is not mentioned in the privacy policy, the following applies:
- the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR,
- the legal basis for the processing of data for the purpose of fulfilling my services and carrying out contractual activities as well as answering inquiries is Art. 6 para. 1 lit. b GDPR,
- the legal basis for the processing of data in order to fulfill my legal obligation is Art. 6 para. 1 lit. c GDPR,
- the legal basis for the processing of data to protect my legitimate interests is Art. 6 para. 1 lit. f GDPR.
- In the event that vital interests of the person concernend or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Types of processed data
In the context of this online offer, personal data is processed, depending on whether you only surf on my website or also contact me. For the processing of this data there are strict regulations, about which the following texts of the privacy policy provide information.
There are different types of data that are collected:
- Inventory data (e.g. names, addresses),
- Contact data (e.g. email, phone numbers),
- Content data (e.g. text input, photographs, videos),
- Usage data (e.g. websites visited, interest in content, access times),
- Meta-/communication data (e.g. device information, IP addresses).
Persons concerned
Visitors and users of the online offer (in the following I refer to the persons concerned collectively also as "users").
Purpose of the processing
Data may only ever be collected for a specific purpose. The purpose of data collection here is:
- Provision of the online offer, its functions and contents,
- Responding to contact requests and communication with users,
- Compliance with security measures,
- Impact Measurement/Marketing.
Provision of contractual services
I process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling my contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.
When using my online services, I store the IP address and the time of the respective user action. The storage is based on my legitimate interests as well as for protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue my claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c GDPR.
The deletion of the data is carried out after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion is carried out after their expiry. Data in any customer account will be retained until it is deleted.
Deletion of data
The data processed by me will be deleted or limited in their processing in accordance with articles 17 and 18 GDPR. Unless expressly stated in this data protection/ privacy policy, the data stored by me will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any legal storage obligations. If the data are not deleted because they are required for other legally permissible purposes, their processing is restricted. This means that the data is locked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In accordance with legal requirements in Germany, the retention is to be carried our for a period of 6 years in accordance with Sec. 257 para. 1 German Commercial Code (commercial journals, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for a period of 10 years in accordance with Sec. 147 para. 1 German General Tax Code (journals, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).
Security measures
In accordance with Art. 32 GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying degrees of probability and seriousness of the risk to the rights and freedoms of natural persons, I shall take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
The measures include in particular the protection of the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as its access, input, disclosure, safeguarding of availability and its separation. Furthermore, I have established procedures to ensure that the rights of data subjects can be exercised, that data can be deleted, and that responses can be made to data threats. Furthermore, I take the protection of personal data already into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).
Cooperation with contract processors and third parties
If, in the course of my processing, I disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorization (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b GDPR), if you have given your consent, if a legal obligation provides for this or on the basis of my legitimate interests (e.g. when using agents, web hosts, etc.).
If I commission third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If I process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill my (pre-)contractual obligations, based on your consent, based on a legal obligation or based on my legitimate interests. Subject to legal or contractual permissions, I will only process or transfer the data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees such as the officially recognized confirmation of a level of data protection corresponding to that of the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of the persons concerned
- You have the right to request confirmation as to whether or not data in question is being processed and to receive information about this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR.
- In accordance with article 16 of the GDPR, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
- You have the right, in accordance with Art. 17 GDPR, to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, you have the right to demand that the processing of the data be restricted.
- You have the right to obtain the data concerning you that you have provided to me, in accordance with Art. 20 GDPR, and to request their communication to other responsible parties.
- You also have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR:
Berlin Commissioner for Data Protection and Freedom of Information.
Right of withdrawal
You have the right to revoke your consent in accordance with Art. 7 para. 3 GDPR with effect for the future.
Right of objection
You may object to the future processing of your personal data at any time in accordance with Art. 21 GDPR. The objection may in particular be made against processing for the purposes of direct advertising.
Cookies
This website only sets the technically necessary cookies that guarantee the trouble-free operation of the website.
SSL-Encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to me as site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser line.
The encryption ensures that data you transfer to me is not read by third parties.
Hosting
The hosting services I use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services, which I use for the purpose of operating this online offer.
In doing so, I, or my hosting provide Netcup, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested persons and visitors of this online offer on the basis of my legitimate interests for an efficient and secure provision of this online offer, according to Art. 6 para. 1 lit. f GDPR in connection with Art. 28 GDPR.
Gathering of access data and log files
I, or my hosting provider Netcup, gather data on the basis of my legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider.
Log file information is retained for seven days for security reasons (for example, in the event of abuse or fraud) and then deleted, unless retention is required for evidence purposes, in which case it is retained until the incident is resolved.
I have concluded a data processing agreement with my webhoster Netcup in accordance with Art. 28 GDPR.
Administration, financial accounting, office organization, contact management
I process data of customers, interested parties, business partners and website visitors to organize workflows in my company and to fulfill legal obligations. The processing concerns the same data that I process within the scope of providing my contractual services. The basis for processing is Art. 6 para. 1 lit. c. GDPR and Art. 6 para. 1 lit f. GDPR.
The purpose of the processing is to fulfil tasks that serve to maintain my business activities and to provide my services. The data will be deleted in accordance with the information provided for these processing activities.
In order to fulfill tax and management relevant tasks, I store information about suppliers, event organizers and other business partners based on my business interests, so that I can contact them at the appropriate time. These company-related data are only deleted when they are no longer needed by me.
Contact
When contacting me (e.g. via contact form, e-mail, telephone or via social media), the user's data will be processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b) GDPR. The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization. I will delete the inquiries if they are no longer required. I check the necessity every two years; furthermore, the statutory archiving obligations apply.
Comments and postings
If users leave comments or other postings, the chosen user name, date and time of the comment, e-mail address and the anonymized IP address will be saved on the basis of my legitimate interests as defined in Art. 6 Par. 1 lit. f. GDPR. This is done for our security in case someone leaves illegal content in comments and postings (insults, prohibited political propaganda, etc.).
Newsletter
In the following notes I inform you about the contents of my newsletter as well as the registration, distribution and statistical evaluation procedure and your rights of objection. By subscribing to my newsletter, you agree to receiving it and to the described procedures.
Content of the newsletter: I send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletter") only with the consent of the recipients or with a legal permission. If, in the course of registering for the newsletter, its contents are specifically described, they are decisive for the consent of the users. Furthermore, my newsletters contain information about my services and topics of astrology and self-realization.
Double-Opt-In und protocolling: The registration for my newsletter is carried out in a so-called Double-Opt-In procedure. That means you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with other people's email addresses. The registration for the newsletter is protocolled in order to be able to prove the registration process according to the legal requirements. This includes the storage of the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also documented.
Registration data: To subscribe to the newsletter, it is sufficient to enter your email address and your first name to address you personally in the newsletter.
The distribution of the newsletter and the associated measurement of success is based on the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Sec. 7 para. 2 No. 3 German law on unfair competition ("UWG") or on the basis of the legal permission in accordance with Sec. 7 para. 3 UWG.
The protocolling of the registration procedure is based on my legitimate interests according to Art. 6 para. 1 lit. f GDPR. My interest is directed towards the use of a user-friendly and secure newsletter system that serves my business interests and meets the expectations of the users.
Cancellation/ Revokation: You can cancel the subscription to my newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. I may store the unsubscribed e-mail addresses for up to three years on the basis of my legitimate interests before I delete them for the purpose of sending the newsletter, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.
Newsletter mailing service provider
The newsletters are sent by the newsletter mailing service provider Sendinblue GmbH, Köpenicker Street 126, 10179 Berlin, Germany. You can check the data protection regulations of this newsletter mailing service provider here: Privacy policy Sendinblue.
The newsletter mailing service provider is used on the basis of my legitimate interests in accordance with Art. 6 para. 1 lit f GDPR and a data processing agreement in accordance with Art. 28 para. 3 sent. 1 GDPR. The mailing service provider may use the data of the recipients in a pseudonym form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for technical optimization of the mailing and the display of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of my newsletter recipients to contact them itself or to pass the data on to third parties.
Newsletter - performance measurement
Newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from my server when the newsletter is opened or, if I use a mailing service provider, from their server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and the reading behavior based on their retrieval locations (which can be determined by means of the IP address) or access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither my intention nor, if used, that of the mailing service provider to observe individual users. The evaluations rather serve to recognize the reading habits of my users and to adapt my contents to them or to send different contents according to the interests of my users
Integration of third-party services and content
Within my online offer and on the basis of my legitimate interests (i.e. interest in the analysis, optimization and economic operation of my online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), I use content or service offers from third parties in order to integrate their content and services, such as videos (hereinafter uniformly referred to as "content"). This always requires that the third party providers of such content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore necessary for the display of this content.
I try to use only those contents whose respective providers use the IP address only to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring web pages, visiting time and other details about the use of my online offer, as well as being linked to such information from other sources.
Business sites in social media
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
I have created a business page on Facebook.
My website links to facebook via a simple html-Link. Viewing my website without clicking the link to Facebook does not transfer any data to Facebook.
When you click on the link, your browser establishes a direct connection to Facebook. I have no influence on the data requested by Facebook regarding the operation of its provided functionality. If you are logged in to Facebook when you click on the Facebook link, the operator can assign your visit to this website to your user account if you have one on Facebook.
With my business site I inform you about the latest blog articles, astrological constellations, events and offers. You can mark my business page with a "Like" to stay up to date. Depending on how you have configured your privacy settings, I can see that you have given me a "Like".
If you indicate on Facebook that you are attending an event of mine, this data is not automatically transferred to company resources.
When surveys are created on the site, I can use them for example to derive ideas for a new blog article or other services. But this is done completely without reference to a person. I do not collect any personal data from you via the platforms, neither automatically nor manually.
If you post comments, likes or other interactions on Facebook, you should be aware of the provider's privacy policy. Facebook as a platform operator processes personal data of its users and visitors, creates statistics and, if necessary, user profiles. As the operator of the business site, I have no influence on the processing of Facebook. Further information on the processing of data by Facebook can be found at: https://www.facebook.com/about/privacy/
If you contact me via the chat function of the platforms, I process your information for communication with you. The basis for data processing is a contract or a pre-contractual measure according to Art. 6 (1) lit. b. GDPR.
YouTube
On this website, videos of the plattform YouTube LLC , 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated.
The Youtube videos on this website are embedded with enhanced privacy mode. This means that YouTube no longer collects information about visitors when you enter the website - unless you are watching the video.
When you click and play the video, your IP address is sent to YouTube and YouTube learns that you have watched the video. If you are logged in to YouTube, this information is also associated with your account. If you want to prevent this from happening, please log out of YouTube before playing the video.
I have no knowledge of and no influence on the possible use of your data by YouTube. You can find more information in the YouTube privacy policy at www.google.de/intl/de/policies/privacy/.
Information about the payment processor PayPal
On my website a payment option via "Paypal" is integrated. Provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If the person concerned selects "PayPal" as a payment option on my website during the order process, data of the buyer will be transmitted to PayPal. By doing so, the person concerned agrees to the required transfer of personal data.
As a rule, first name, last name, address, email address, IP address, telephone number, cell phone number or other data necessary for payment processing are transmitted.
The transmission of data is used for payment processing and fraud prevention. The personal data transmitted may be transferred by PayPal to credit agencies for the purpose of identity and credit assessment.
If you choose PayPal as payment option, you have the possibility to revoke your consent to PayPal to handle your personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for the contractual payment processing.
All transactions are subject to PayPal's privacy policy, which you can find here:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Security measures
I kindly ask you to inform yourself regularly about the content of my privacy policy. I will adapt the privacy policy as soon as changes in the data processing I carry out make this necessary. I will inform you as soon as the changes make it necessary for you to take an action of cooperation on your part (e.g. consent) or another individual notification by me is to be given.