DATA PROTECTION
This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within the framework of the provision of our services as well as within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller:
Áron Canyko, M.Eng, LL.M
Stresemannstraße 23,
10963 Berlin
info@berliner-entwicklung.de
Business Owner: Mr. Áron Canyko, M.Eng, LL.M
www.berliner-entwicklung.de
Types of Processed Data
– Inventory data (e.g., personal master data, names, or addresses).
– Contact data (e.g., email, telephone numbers).
– Content data (e.g., text inputs, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta-/communication data (e.g., device information, IP addresses).
Categories of Affected Persons
Visitors and users of the online offering (hereinafter collectively referred to as “users”).
Purpose of Processing
– Provision of the online offering, its functions, and content.
– Responding to contact inquiries and communicating with users.
– Security measures.
– Reach measurement/marketing.
Terminology Used
“Personal Data” are all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.
“Pseudonymization” is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
The “Controller” is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Applicable Legal Bases
In accordance with Article 13 of the GDPR, we inform you about the legal bases of our data processing activities. For users within the scope of the GDPR, i.e., the EU and the EEA, the following applies unless the legal basis is mentioned in the privacy policy:
The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR;
The legal basis for processing for the fulfillment of our services and the execution of contractual measures as well as responding to inquiries is Article 6(1)(b) GDPR;
The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR;
In cases where processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) GDPR.
The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR.
Processing of data for other purposes than those for which they were collected is determined by the provisions of Article 6(4) GDPR.
Processing of special categories of data (according to Article 9(1) GDPR) is determined by the provisions of Article 9(2) GDPR.
Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the different likelihood and severity of risks to the rights and freedoms of natural persons, in accordance with legal requirements.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transmission, availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, data deletion, and responses to data breaches. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and procedures, in line with the principles of data protection by design and by default.
Cooperation with Processors, Joint Controllers, and Third Parties
If we disclose, transmit, or otherwise grant access to data to other persons and companies (processors, joint controllers, or third parties) within the framework of our processing, this only occurs on the basis of legal permission (e.g., if data transmission to third parties, such as payment service providers, is necessary for the fulfillment of a contract), with the user’s consent, if a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).
If we disclose, transmit, or otherwise grant access to data to other companies within our corporate group, this occurs primarily for administrative purposes as a legitimate interest and additionally on a legal basis in accordance with statutory requirements.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or do so in the context of using third-party services or disclosing or transmitting data to other persons or companies, this only occurs if it is necessary for the fulfillment of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to explicit consent or contractually required transmission, we only process or allow data to be processed in third countries with an acknowledged level of data protection, including US processors certified under the “Privacy Shield” or based on special guarantees, such as contractual obligations through the so-called standard contractual clauses of the EU Commission, the existence of certifications, or binding internal data protection regulations (Articles 44 to 49 GDPR, EU Commission information page).
Rights of Data Subjects
You have the right to request confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and further information and copies of the data in accordance with legal provisions.
You have the right, in accordance with legal provisions, to request the completion of incomplete data concerning you or the correction of inaccurate data concerning you.
You have the right, in accordance with legal provisions, to request that personal data concerning you be deleted immediately or, alternatively, to request the restriction of data processing in accordance with legal provisions.
You have the right to receive the personal data concerning you that you have provided to us in accordance with legal provisions and to request their transmission to other controllers.
Furthermore, you have the right, in accordance with legal provisions, to lodge a complaint with the competent supervisory authority.
Right of Withdrawal
You have the right to withdraw any given consent with effect for the future.
Right to Object
You can object at any time to the future processing of personal data concerning you in accordance with legal provisions. The objection can, in particular, be against processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
“Cookies” are small files stored on users’ computers. Various information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. For example, such a cookie can store the contents of a shopping cart in an online shop or a login status. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, the login status can be stored so that users can access it after several days. Similarly, such a cookie can store users’ interests, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and inform about this within our privacy policy. A “ttcalc” cookie is used to store data from the calculator.
If we request users to consent to the use of cookies (e.g., as part of a cookie consent), the legal basis for this processing is Article 6(1)(a) GDPR. Otherwise, users’ personal cookies are processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering in the sense of Article 6(1)(f) GDPR) or, if the use of cookies is necessary for the provision of our contractual services, according to Article 6(1)(b) GDPR, or if the use of cookies is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, according to Article 6(1)(e) GDPR.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional limitations of this online offering.
A general objection to the use of cookies for online marketing purposes can be made for a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that not all functions of this online offering may be available as a result.
Deletion of Data
The data we process will be deleted or restricted in their processing in accordance with legal requirements. Unless expressly stated in this privacy policy, the data stored with us will be deleted as soon as they are no longer necessary for their intended purpose and no legal retention obligations oppose their deletion.
If data are not deleted because they are required for other legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to our data processing activities require it. We will inform you as soon as the changes require you to take action (e.g., consent) or require other individual notifications.
Google will use this information on our behalf to evaluate the use of our online offering by users, compile reports on activities within this online offering, and provide us with further services related to the use of this online offering and internet usage. In this context, pseudonymous user profiles may be created from the processed data.
We use Google Analytics only with activated IP anonymization. This means that the user’s IP address is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings; users can also prevent the collection of data generated by the cookie and related to their use of the online offering by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
If we request users to consent (e.g., as part of a cookie consent), the legal basis for this processing is Article 6(1)(a) GDPR. Otherwise, users’ personal data are processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering in the sense of Article 6(1)(f) GDPR).
If data are processed in the USA, we point out that Google is certified under the Privacy Shield agreement and thereby assures compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Further information about data usage by Google, settings, and objection options can be found in Google’s privacy policy (https://policies.google.com/privacy) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).
Users’ personal data will be deleted or anonymized after 12 months.