Data Protection Declaration

Data controller according to Art. 4 No. 7 GDPR:

Dipl.-Translator Sarah Di Fausto
Up de Worth 15
22927 Grosshansdorf, Germany

Contact:
Phone: +49 157-30410129
Email: info@words-on-point.com

VAT ID No. according to §27a of the German Value Added Tax Act (UStG): DE289354754

Data subject within the meaning of Art. 4 No. 1 GDPR:

This data protection declaration is addressed to all persons whose personal data we process both within our business operations and when visiting our website (“data subjects”). Personal information is any information relating to an identified or identifiable individual.

The protection of your personal data is a matter of serious importance to us. In the following, we would like to inform you about how we process your data.

  1. Data subject categories
  • Clients
  • Applicants and co-workers
  • Prospective customers of our services and/or products
  • Visitors to our website
  • Subscribers to our blog
  • Subscribers to our Newsletter
  1. Data categories processed by us:
  • First name and surname
  • Email address
  • Phone number
  • IBAN
  • Tax ID
  • etc.
  • When visiting our website

Ø    Information about the type of browser and the version used

Ø    The user’s operating system

Ø    The user’s internet service provider

Ø    The user’s IP address

Ø    Date and time of accessing the site

Ø    Websites from which the user’s system accesses our website

Ø    Websites accessed by the user’s system through our website

The data that is collected when you visit our website is stored in our system’s log files. We do not store this data together with the user’s other personal data. The data is deleted at the end of the session, or at the latest after seven days.

  1. Legal basis for the processing of your data
  2. Insofar as the processing of personal data is based on prior consent, the legal framework for this can be found in Art. 6 para. 1 lit. a GDPR.

This includes:

  • Blog subscription
  • Newsletter subscription
  • Advertising via email
  • etc.
  1. If the processing of personal data takes place for contractual or pre-contractual purposes, the legal framework for this is Art. 6 para. 1 lit. b GDPR.

This includes:

  • Fulfilment of our contractual obligations to you
  • Commencement of contract negotiations initiated by you
  • etc.
  1. If the processing of personal data takes place because the data processor is subject to a legal obligation, the legal framework for this is set out in Art. 6 para. 1 lit. c GDPR.

This includes:

  • Fulfilment of our tax obligations to the tax office
  • etc.
  1. If the processing of your personal data takes place by virtue of our legitimate interest and your interests or your fundamental rights and freedoms are not clearly outweighed by our interest in such processing, Art. 6 para. 1 lit. f GDPR shall constitute the legal framework for such processing.

This includes:

  • Advertising via regular post

In doing so, our legitimate interest lies in conducting direct marketing of our products and/or services.

  • Delivery of our website to the user’s computer

Our legitimate interest here is to deliver our website to the user’s computer.

  • Use of technically necessary cookies for the provision of our website

It is our legitimate interest to ensure the functionality and security of our website. This also serves the purpose of presenting our products and/or services to our customers or interested parties.

  • Use of cookies to analyse user behaviour on our website

Our legitimate interest lies in analysing our online presence and improving and updating our offers.

  1. Cookies, social plug-ins and comment function used on our website
  2. Cookies that are technically necessary pursuant to Art. 6(1) lit. f GDPR

We use technically necessary cookies to guarantee the functionality and security of our website. Cookies are text files that are stored by the internet browser on the user’s computer. When you call up our website, a cookie is stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. The following data is stored and transmitted:

  • Log-in information
  • Session settings

The use of technically necessary cookies serves our legitimate interest, which lies in ensuring the functionality and security of our website, and finds legal justification under Art. 6(1) lit. f GDPR in consideration of the interests and rights of the data subjects.

It is possible to block the use of technically necessary cookies by changing the settings in your internet browser. However, if cookies are blocked, there is a risk that our website may not be fully or completely usable.

  1. Use of Google Analytics pursuant to Art. 6(1) lit. f GDPR

Pursuant to our legitimate interest pursuant to Art. 6(1) lit. f GDPR, we use cookies to analyse your usage behaviour whilst visiting our website. Our legitimate interest lies in analysing our online offer and improving and updating our range of services. We use the tracking services of Google Analytics for this purpose, whereby Google Analytics acts as an order processor. The information generated by the cookie about your visit to our website and the use of our online services is stored on a Google server. However, we operate using the anonymisation of IP addresses, i.e. your IP address is shortened within the European Union and only transferred anonymously to servers in the USA. In addition, Google has been certified under the EU-US Privacy Shield Agreement to maintain a high standard of data protection comparable to the European Data Protection Standard.

The following personal data is collected:

  • Anonymised IP address
  • Information about the usage behaviour on our website

Visitors to our website can block the use of cookies at any time by changing their browser settings.

We also refer you to the data protection regulations of the tracking service provider, Google Analytics (if applicable): …………………………………

  1. Social Plug-Ins

We use the “Twitter Social Plug-In” and the “LinkedIn Social Plugin”. We use the privacy-friendly 2-click solution with a layered process, whereby plug-ins are only loaded when requested by website visitors. When you visit our website, your browser does not immediately connect to LinkedIn or Twitter servers. It is only when you click on the corresponding plug-in icon that the script is requested and loaded by LinkedIn or Twitter. A connection is then established between you and the LinkedIn or Twitter servers. To execute your “Share2”, a second click on the plug-in icon is required.

Since we have no influence on the amount of data that LinkedIn or Twitter collects by requesting this plug-in, we would like to refer you to the privacy policies for LinkedIn (https://www.linkedin.com/legal/privacy-policy?_l=de_DE) and Twitter (https://twitter.com/de/privacy).

However, LinkedIn and Twitter are both certified under the EU-US Privacy Shield Agreement to maintain a high standard of data protection comparable to the European Data Protection Standard.

  1. Comment function

As part of our blog, we regularly publish articles and give interested parties the opportunity to voluntarily comment on them with their opinions via a comment function. You can make use of this by means of the ” comment” function.  We only assume consent in accordance with Art. 6(1) lit. a GDPR if you declare your consent to the processing and publication of your personal data by placing a check mark (opt-in procedure). We then process the following personal data and display it visibly below the corresponding blog article:

  • First name and surname
  • Your comments
  • IP address (without public disclosure)

If you would like your name to be anonymised when making comments, please let the blog administrator know. If you do not agree to the transmission of your IP address, you can prevent this in your settings.

  1. Origin of the data
  • You have provided us with the data during the course of contacting us

Applies to:

Ø  Customers

Ø  Prospective customers of our services and/or products

Ø  Visitors of our website

Ø  Blog subscribers

Ø  Newsletter subscribers

  • We have collected the data from you within the context of a contractual or pre-contractual relationship.

Applies to:

Ø  Customers

Ø  Prospective customers of our services and/or products

Ø  Visitors of our website

Ø  Blog subscribers

Ø  Newsletter subscribers

  • We have collected the data during your visit to our website

Applies to:

Ø  Customers

Ø  Prospective customers of our services and/or products

Ø  Visitors of our website

Ø  Blog subscribers

Ø  Newsletter subscribers

  1. Recipients or categories of data recipients

Under certain circumstances, your personal data collected in conjunction with our business may also be passed on to third parties. These are also subject to the requirements of the European data protection standard according to GDPR.

These are external service providers such as:

  • Accountants
  • etc.
  1. Recipients or categories of recipients of data in third countries with the appropriate guarantees

Under certain circumstances, your personal data from our communication network may also be forwarded to third parties outside the European Union and processed by them. These are not necessarily subject to GDPR. Therefore, we only select those third parties who guarantee a level of protection for your data comparable to the European data protection standard as external service providers or contract processors. This guarantee is based on the provisions of Art. 44 et seq. GDPR. This is the case with the following providers:

Google LLC, Mountain View, California, USASecure level of protection established by EU-US Privacy Shield following EU Commission decision of 12 July 2016
Please add provider yourself if applicableSecure level of protection established by EU Commission adequacy decision pursuant to Art. 45 GDPR
Please add provider yourself if applicableSecure level of protection established by suitable guarantees such as standard contractual clauses in accordance with Art. 46 GDPR
Please add provider yourself if applicableSecure level of protection established by binding internal data protection regulations pursuant to Art. 47 GDPR
  1. Order processing within the meaning of Art. 28, 29 GDPR

Processors named below process your data on our behalf and under our instructions. These have been carefully selected by us and are also subject to GDPR. If the data is processed outside the European Union, a standard of protection equivalent to the European Data Protection Standard is guaranteed by the guarantees mentioned under “6”.

  • Tracking via Google Analytics
  • Cloud Computing via Debitoor GmbH
  • Hosting via1&1 Telecommunication SE
  1. Storage time

In accordance with the purpose limitation principle, we only store your data for as long as the purpose for processing exists and then delete it immediately thereafter. However, storage of data beyond this may occur if so required by statutory storage obligations under the German Tax Code, tax laws, the German Commercial Code or other laws.

  1. Rights of the data subjects

If you are affected by our data processing (“data subject” within the meaning of Art. 4 No. 1 GDPR), you have the following rights, which you can assert against us:

  1. Right of access pursuant to Art. 15 GDPR

As the data subject, you have the right to information about the processing of your personal data.

Specifically, this includes:

  • the right to confirmation of any processing of your data carried out by the data controller (us)
  • in the case of existing processing, the right to information on:

Ø   the purposes of the processing

Ø   the categories of personal data processed

Ø   the legal basis of the processing

Ø   the recipients or categories of recipients to whom your personal data has been or will be disclosed

Ø   the planned duration for which the personal data will be stored or, if this is not possible, the criteria for establishing the duration

Ø  if the personal data has not been collected from you, all available information about the origin of the data

  1. Right to rectification pursuant to Art. 16 GDPR

As the data subject, you have the right to demand that the data controller (us) immediately correct any incorrect personal data concerning you.

  1. Right to cancellation (“right to be forgotten”) pursuant to Art. 17 GDPR

As the data subject, you have the right to demand immediate deletion of the personal data concerning you by the data controller (us) under the following conditions:

In particular:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed
  • the data subject withdraws his/her consent on which the processing was based and no other legal basis for the processing exists
  • the data subject objects to the processing by virtue of a legitimate interest pursuant to Article 21(1) GDPR, and there are no overriding legitimate reasons on the part of the data controller for the processing, or the data subject objects to the processing for the purpose of direct marketing pursuant to Article 21(2) GDPR
  • the personal data has been processed unlawfully
  • the deletion of personal data is necessary to fulfil a legal obligation under Union or national law, to which the data controller is subject
  1. Right to limitation of processing pursuant to Art. 18 GDPR

As the data subject, you have the right to demand that the data controller (us) restrict the processing of your personal data under the following conditions:

In particular:

  • if the accuracy of the personal data is disputed by you, for a period of time that allows the data controller (us) to verify the accuracy of the personal data
  • if the processing is unlawful and you, as the data subject, refuse to delete the data and instead demand that the use of the personal data be restricted
  • if the purpose of the processing no longer exists, but you as the data subject require your data for the assertion, exercise or defence of legal claims
  • if you, as the data subject, have objected to the processing referred to under Article 21(1), until it has been established whether the data controller’s legitimate reasons of  the processing outweigh yours
  • A data subject who has obtained a restriction on processing shall be informed by the data controller before the restriction is lifted.
  1. Right to data transfer pursuant to Art. 20 GDPR

Right to data transfer pursuant to Art. 20 GDPR

As the data subject, you have the right to request a copy of your personal data that is the subject of processing in a structured, common and machine-readable format from the data controller (us), if the processing is based on consent in accordance with Art. 6(1) lit. a of GDPR or if it is carried out for the purpose of contract execution in accordance with Art. 6(1) lit. b GDPR and the processing is carried out using automated procedures.

  1. Right of objection pursuant to Art. 21 GDPR

For reasons arising due to your particular situation, you have the right at any time to object to the processing of your personal data processed by us by virtue of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. After objection, we will only continue to process your personal data if we can prove compelling and justified reasons which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise and defence of legal claims.

You can send your objection at any time to:

Sarah Di Fausto

info@transkreativ.com

  1. Right of appeal to the supervisory authority pursuant to Art. 77 GDPR

You have the right to complain to the competent supervisory authority at any time, if you are of the opinion that the processing of your personal data by us violates applicable law.
The competent supervisory authority is:

The Federal Commissioner for Data Protection and Freedom of Information

P.O. Box 7116

24171 Kiel, Germany

0431/988 12 00

mail@datenschutzzentrum.de

  1. Technical and organisational measures pursuant to Art. 32 GDPR

We hereby affirm that we will use appropriate technical and organisational measures within the meaning of Art. 32 GDPR when processing your data, in order to guarantee a level of protection appropriate to the risk to the rights and freedoms of the data subjects.