Privacy

I take the protection of your personal data seriously and adhere to the rules of the applicable data protection laws, in particular the EU Data Protection Basic Regulation (EU-DSGVO) and the Federal Data Protection Act (BDSG), as well as this data protection declaration. I process personal data of my users only to the extent necessary to provide a functional website as well as our contents, services, offers etc. Personal data is all information relating to an identified or identifiable natural person. The privacy policy gives you an overview of what kind of personal data is processed and for what purpose. Furthermore, this data protection declaration indicates how I ensure the protection of your personal data.

1. NAME AND CONTACT DETAILS OF THE PERSON RESPONSIBLE FOR THE PROCESSING
This privacy information applies to data processing by:
Susanne Stephan
Freiheit 9a
53721 Siegburg, Deutschland
E: s@susanne-stephan.com
M: +49 (0) 152 599 470 89
www.susanne-consulting.com

2. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
Susanne Stephan (see above)

3. COLLECTION AND STORAGE OF PERSONAL DATA AND THE NATURE AND PURPOSE OF THEIR USE
You can visit my website www.susanne-consulting.com without having to give me any information about your person (who you are). If you use my website for purely informational purposes, i.e. if you do not register or otherwise provide me with information about yourself, I only collect the personal data that your browser sends to the server. When you call up my website www.susanne-consulting.com, information is automatically sent to the server of my website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
·   IP address of the requesting computer
·   Date and time of access
·   Name and URL of the retrieved file
·   Website from which the access takes place (referrer URL)
·   the browser used and, if applicable, the operating system of your computer as well as the name of your access provider, language and version of the browser software

The above mentioned data will be processed by me for the following purposes:
·   To ensure a smooth connection of the website
·   Ensuring a comfortable use of my website
·   Evaluation of system security and stability and
·   for further administrative purposes, as far as this is necessary for the execution of the contract and the operation of this site.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f) EU-DSGVO. Our legitimate interest follows from the above-mentioned purposes for data collection. Under no circumstances will I use the data collected for the purpose of drawing conclusions about your person. Furthermore, I use cookies when visiting my website. Cookies do not damage your computer and do not contain viruses. You will find more detailed explanations under point 4 of this data protection declaration.

Processing based on legitimate interests
As this is necessary for my business purposes, I process your data - apart from the initiation or fulfilment of a contract and your express consent - in order to safeguard the legitimate interests of my independence, unless a weighing up in individual cases shows that your legitimate fundamental rights and freedoms, which require the protection of personal data, outweigh this (cf. Art. 6 Para. 1 lit. f) EU-DSGVO).

Among the legitimate interests of my self-employment
direct mail, unless you have objected to the use of your personal data.

4. TRANSFER OF DATA TO THIRD PARTIES
Your personal data will not be transferred to third parties for purposes other than those listed below. In particular, no data will be passed on to third parties, e.g. for advertising purposes, without your express consent. I will only pass on your personal data to third parties if:
·   you give your consent according to Art. 6 para. 1S. 1 lit. a) EU-DSGVO you have given your express consent
·   this in accordance with Article 6(1)S. 1 lit. b) EU-DSGVO for the processing of contractual relationships with you, e.g. to credit institutions for the processing of contractually agreed payments, to shipping and transport companies for the purpose of transporting goods including tracking and tracing, and in the event of non-performance of contractually agreed payments for the purpose of legal enforcement to lawyers and legal service companies;
·   in the event that there is a legal obligation to pass them on in accordance with Art. 6 para. 1 sentence 1 lit. c) EU-DSGVO; or
·   the disclosure pursuant to Art. 6 (1) sentence 1 letter f) EU-DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

5. cookies
I use cookies on my site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone or similar) when you visit my site. Cookies do not cause any damage on your device, do not contain viruses, trojans or other malware. Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that I will be informed of your identity immediately. The use of cookies serves on the one hand to make the use of my offer more pleasant for you. For example, I use so-called session cookies to recognize that you have already visited individual pages of my website. These are automatically deleted after leaving my site. In addition, I also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain specified period of time. If you visit my site again in order to use my services, it is automatically recognized that you have already been with me and which entries and settings you have made so that you do not have to enter them again. The data processed by cookies are for the purposes mentioned above to protect my legitimate interests as well as those of third parties in accordance with Art. 6 Par. 1S. 1 lit. f) EU-DSGVO. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of my website.

6. STORAGE DURATION AND DATA DELETION
In particular, your personal data will be deleted as soon as they are no longer necessary for the purposes for which they were collected or otherwise processed. Thereafter, the data shall be erased unless the storage is necessary for the fulfilment of a legal obligation to which the processing relates under Union or national law to which the controller is subject or in order to pursue, exercise or defend legal claims. A legal obligation is represented by the statutory storage obligations, which are, for example, 10 years (for accounting data including order and payment data, payroll accounting) or 6 years (for commercial correspondence). For the duration of the storage obligations, the data is blocked, after which it is deleted.

7. RIGHT OF DATA SUBJECTS
You have the right,
·   in accordance with Art. 7 Para. 3 EU-DSGVO to revoke your once given consent to me at any time. As a result, I may no longer continue the data processing based on this consent in the future. The lawfulness of the data processing that took place up to the revocation remains unaffected by your revocation.
·   to request information about your personal data processed by me in accordance with Art. 15 EU-DSGVO. You may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected from me, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details thereof
·   in accordance with Art. 16 EU-DSGVO, to demand without delay the correction of incorrect or incomplete personal data stored by me
·   in accordance with Art. 17 EU-DSGVO, to demand the deletion of your personal data stored with me, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims
·   pursuant to Art. 18 EU DSGVO, to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and I no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to Art. 21 DSGVO
·   in accordance with Art. 20 EU-DSGVO, to receive your personal data that you have made available to me in a structured, common and machine-readable format or to request that it be transferred to another responsible party
·   complain to a supervisory authority in accordance with Art. 77 EU-DSGVO. The competent supervisory authority is the state data protection commissioner of the federal state in which our company is based. An overview of the state data protection commissioners and their contact details is available at BfDI.

8. RIGHT OF OBJECTION
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f) EU-DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for doing so arising from your particular situation. In the event of your justified objection, I will examine the facts of the case and either stop or adapt the data processing or show you my compelling reasons worthy of protection on the basis of which I will continue the processing. This does not apply if the processing is for direct marketing purposes. In this case I will not process your personal data further for this purpose. If your personal data are processed by me for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of direct marketing. If you wish to exercise your right of withdrawal or objection, it is sufficient to send an e-mail to s@susanne-consulting.com.

9. DATA SECURITY
I use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. My security measures are continuously improved according to technological development. I also use SSL or TLS encryption (SSL = Secure Sockets Layer; TLS = Transport LayerSecurity; SSL is the previous name of TLS) within your website visit. You can tell whether a single page of my website is encrypted when the address line of your browser changes from "http://" to "https://", and also by the lock symbol in your browser line. If SSL or TLS encryption is activated, data that you transmit to me cannot be read by third parties.

10. STATUS AND POSSIBLE CHANGES TO THIS DATA PROTECTION DECLARATION
This data protection declaration is valid as of February 2020 and may have to be amended due to technical developments and/or changes in legal or official requirements. You can recognize whether changes have been made by the fact that the "status" of the document has been updated in the first paragraph of this section 9. You can access and print out the current data protection declaration at any time on my website at www.susanne-consulting.com.

11. PRIVACY POLICY FOR THE USE OF GOOGLE ANALYTICS
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: Google Browser-Plugin

12. INFORMATION AND DELETION
You have the right to receive information free of charge at any time about your stored personal data, its origin and recipients and the purpose of data processing, as well as the right to correct, block or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact me at any time via the website operator's address given in the imprint.

13. MY ONLINE PRESENCE ON SOCIAL MEDIA PLATFORMS
My presences on social networks and platforms serve a better, active communication with my customers and interested parties. I inform there about my projects and offers. When you visit my online presence in social media, your data may be automatically collected and stored for market research and advertising purposes. From these data, so-called user profiles are created using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. The visitor behaviour and interests of the users are stored in these cookies. This is in accordance with Art. 6 Para. 1 lit. f. DSGVO, this serves to protect my prevailing legitimate interests in an optimised presentation of my offer and effective communication with my customers and interested parties. If you are asked by the respective social media platform operators for consent (permission) to data processing, e.g. with the help of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a DSGVO. As far as the aforementioned social media platforms have their headquarters in the USA, the following applies: The European Commission has issued an adequacy finding for the USA. This goes back to the EU-US Privacy Shield. A current certificate for the respective company can be viewed at https://www.privacyshield.gov/list. For detailed information on the processing and use of data by the providers on their websites, as well as a contact option and your rights and settings options for the protection of your privacy, in particular opt-out options, please refer to the providers' data protection notices linked below. Should you nevertheless require assistance in this regard, please contact us.

Privacy Policy LinkedIn
Privacy Policy Xing

Possibilities of appeal (Opt-Out):
LinkedIn
Xing

14. ACCESS DATA AND HOSTING
You can visit my web pages without giving any information about your person. Whenever you call up a website, the web server merely automatically saves a so-called server log file, which contains e.g. the name of the requested file, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. For the purpose of a shorter loading time, we also use a so-called ContentDelivery Network ("CDN") for some offers, in which web assets are delivered via the web server of a CDN provider who works for us within the scope of order processing. Access data is also collected accordingly on the web servers of the provider. We use a CDN provider based in the USA. An adequate level of data protection is guaranteed. This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the site and improving our offer. This serves to protect my predominant legitimate interests in a correct presentation of my offer within the framework of a balancing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. All access data will be deleted at the latest seven days after the end of your site visit. Hosting services by a third party providerThird party providers provide the hosting and presentation services for my website as part of processing on my behalf. We use the following service providers for the hosting of the respective website:

https://www.webflow.com

If a service provider is based in the USA, it is certified under the EU-US Privacy Shield. A current certificate can be viewed here. On the basis of this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield. We have agreed EU standard data protection clauses with other service providers based in a state outside the EU or EEA in order to provide suitable guarantees in accordance with Art. 46 Para. 2 lit. c DSGVO EU standard data protection clauses. All data collected in the course of using these web pages or in forms provided for this purpose as described below are processed on the servers of the respective service provider. Any processing on other servers will only take place within the scope described here.