Privacy policy
Personal data (hereinafter referred to as "data") are processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly Internet presence, including its contents and the services offered there.
Pursuant to Art. 4 item 1. of Regulation (EU) 2016/679, i.e. the Basic Data Protection Regulation (hereinafter referred to only as "DSGVO"), "processing" shall mean any operation or set of operations carried out with or without the aid of automated procedures in connection with personal data, such as collection, recording, organisation, filing, storage, adaptation or alteration, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, alignment or combination, restriction, deletion or destruction.
With the following data protection declaration we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others about the purposes and means of processing.
In addition, we inform you in the following about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.
Our privacy policy is structured as follows:
I. Information about us as responsible persons
II. Rights of users and affected persons
III. Information on data processing
I. Information about us as the responsible party
Responsible for this website is the provider of this website in terms of data protection law:
CARSTEN GOLLNICK DESIGN
Dipl. Ind. Designer Carsten Gollnick
Friedrich-Ebert-Strasse 37
D-14469 Potsdam
Germany
T +49(0)331 97 93 99 00
info [at] gollnick-design [dot] de
II Rights of users and data subjects
With regard to the data processing described in more detail below, users and data subjects have the right:
- to obtain confirmation as to whether or not data concerning them are being processed, information on the data processed, further information on data processing and copies of the data (see also Art. 15 DPA);
- to have incorrect or incomplete data corrected or completed (see also Art. 16 DPA);
- to have data concerning them deleted without delay (see also Art. 17 DSGVO), or, alternatively, where further processing is necessary pursuant to Art. 17(3) DSGVO, to restriction of processing in accordance with Art. 18 DSGVO;
- to receive data concerning them and provided by them and to transmit such data to other providers/responsible parties (cf. also Art. 20 DSGVO); - to lodge a complaint with the supervisory authority if they believe that data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 DSGVO). In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or the restriction of processing that is carried out on the basis of Articles 16, 17 (1), 18 FADP. However, this obligation does not apply if such notification is impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients. Likewise, in accordance with Art. 21 DSGVO, users and data subjects have the right to object to the future processing of data relating to them, provided that the data is processed by the provider in accordance with Art. 6 para. 1 letter f) DSGVO. In particular, an objection to data processing for the purpose of direct marketing is permitted.
III. Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, no legal storage obligations stand in the way of the deletion of the data and no other information on individual processing methods is provided in the following.
Server data For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider by your Internet browser. These so-called server log files are used to record, among other things, the type and version of your Internet browser, the operating system, the website from which you have switched to our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of the respective access and the IP address of the Internet connection from which our Internet presence is used. This data is temporarily stored, but not together with other data about you. This storage takes place on the legal basis of Art. 6 para. 1 lit. f) DSGVO.
Our legitimate interest lies in the improvement, stability, functionality and security of our Internet presence.
The data will be deleted after seven days at the latest, unless further storage is required for evidential purposes.
Otherwise, the data are completely or partially excluded from deletion until the final clarification of an incident.
Cookies
a) Session cookies/Session cookies We use so-called cookies with our Internet presence. Cookies are small text files or other storage technologies that are placed and stored on your end device by the Internet browser you use. Through these cookies, certain information about you, such as your browser or location data or your IP address, is processed to an individual extent. This processing makes our Internet presence more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our Internet presence in different languages or the offer of a shopping basket function. The legal basis for this processing is Art. 6 para. 1 lit. b.) DSGVO, insofar as these cookies process data for the purpose of contract initiation or contract implementation. If the processing does not serve the purpose of contract initiation or contract processing, our legitimate interest lies in the improvement of the functionality of our Internet presence. The legal basis is then Art. 6 Para. 1 lit. f) DSGVO. These session cookies are deleted when you close your Internet browser.
b) Third-party cookies Where applicable, cookies from partner companies with whom we cooperate for the purposes of advertising, analysis or the functionality of our Internet presence are also used with our Internet presence. Please refer to the following information for details on this, in particular on the purposes and legal basis for processing such third-party cookies.
c) Removal option You can prevent or restrict the installation of cookies by adjusting your Internet browser settings. You can also delete already stored cookies at any time. However, the steps and measures required for this depend on the Internet browser you are actually using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. With so-called Flash cookies, however, processing cannot be prevented by the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the Flash Player you are actually using. If you have any questions, please also use the help function or documentation of your Flash Player or contact the manufacturer or user support. Should you prevent or restrict the installation of cookies, however, this may mean that not all functions of our website can be used to their full extent.
d) Functional and necessary cookies If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:
_client_acloggedin
Purpose: Supports the login by the scheduling customer if the customer has an account.
Type: Cookie.
Duration: January 1, 2025.
algoliasearch-client-js
Purpose: Adds automatically filled out suggestions to address fields in Scheduling to help customers fill out forms faster.
Type: localstorage
Duration: Permanent
AWSALB, AWSALBCORS
Purpose: Improves performance in scheduling by using one server for the duration of the session.
Type: Cookie
Duration: 1 week
CART
Purpose: Indicates when a visitor adds a product to their shopping cart
Type: Cookie
Duration: 2 weeks
CHECKOUT_WEBSITE
Purpose:Identifies the correct website for checkout when checkout is disabled on your domain.
Type: Cookie
Duration: Session
Commerce-checkout-state
Purpose: Saves the status of checkout while the visitor completes his order in PayPal.
Type: sessionstorage
Duration: Session
Crumb
Purpose: Prevents Cross-Site Request Forgery (CSRF)
Type: Cookie
Duration: Session
hasCart
Purpose: Tells Squarespace that the visitor has a shopping cart
Type: Cookie
Duration: 2 weeks
Locked
Purpose: Prevents the password protection screen from being displayed when a visitor enters the correct password for entire website.
Type: Cookie
Duration: Session
PHPSESSID
Purpose: Securely authenticates a visitor during the payment process in Scheduling
Type: Cookie
Duration: 1 month
RecentRedirect
Purpose: Prevents redirection loops when a site has custom URL redirects. Forwarding loops are bad for SEO.
Type: Cookie
Duration: 30 minutes
remember_client
Purpose: Remembers the credentials of the scheduling client if they have an account.
Type: Cookie
Duration: 365 days
siteUserCrumb
Purpose: Prevents Cross-Site Request Forgery (CSRF) for logged in site visitors.
Type: Cookie
Duration: 3 years
SiteUserInfo
Purpose: Identifies a visitor who logs in to a customer account
Type: Cookie
Duration: 3 years
SiteUserSecureAuthToken
Purpose: Authenticates a visitor who logs in to a customer account
Type Cookie
Duration: 3 years
squarespace-announcement-bar
Purpose: Prevents the message bar from being displayed when a visitor closes it
Type localstorage
Duration: Permanently
squarespace-likes
Purpose: Shows you whether you have already marked a blog entry with a "Like".
Type: localstorage
Duration: Permanent
squarespace-popup-overlay
Purpose: Prevents the advertising pop-up from being displayed when a visitor closes it
Type: localstorage
Duration: Permanent
ss_sd
Purpose: Ensures that visitors to the Squarespace 5 platform remain authenticated during their sessions.
Type: Cookie
Duration: Session
Test
Purpose: Checks whether the browser supports cookies and prevents errors.
Type: Cookie
Duration: Session
TZ
Purpose: Enables the correct display of a scheduling customer's appointments based on the time zone settings.
Type: localstorage
Duration: Permanent
More About Squarespace Cookies: https://www.squarespace.com/cookie-policy
Squarespace
This website is hosted by Squarespace.
Squarespace Ireland Ltd.
Le Pole House Ship Street
Great Dublin 8
Ireland
Squarespace collects personal data when you visit this website.
This includes:
- Information about your browser, your network and your device
- web pages that you have visited before visiting this website
- your IP address
Squarespace needs the information to operate this website and to protect and improve its platform and services. Squarespace analyses the data in a de-personalized form.
Squarespace is certified according to the EU-US and Swiss-US Privacy Shield, which enables us to transfer personal data from the EU and Switzerland to the USA, including to our data centers in the USA, in a legally compliant manner.
You can find out more about Squarespace's Privacy Shield certifications here:
https://www.privacyshield.gov/participant?id=a2zt0000000GnjcAAC&status=Active.
Squarespace's privacy policy can be found at https://de.squarespace.com/datenschutz
We maintain an online presence at Pinterest to present our company and our services and to communicate with customers/interested parties. Pinterest is a service of Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, especially in the USA. This may result in increased risks for the user in that, for example, subsequent access to the user data may be made more difficult. We also have no access to this user data.
The access possibility lies exclusively with Pinterest. Pinterest Inc. is certified under the Privacy Shield and has thus committed itself to complying with European data protection standards https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active.
Pinterest's data protection information can be found at https://policy.pinterest.com/de/privacy-policy
To advertise our products and services and to communicate with interested parties or customers, we operate a corporate presence on the Instagram platform.
On this social media platform we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The data protection officer of Instagram can be reached via a contact form:
https://www.facebook.com/help/contact/540977946302970
We have regulated the joint responsibility in an agreement regarding the respective obligations in terms of the DSGVO.
This agreement, from which the mutual obligations arise, can be accessed via the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of personal data that is carried out and subsequently reproduced is Art. 6 para. 1 lit. f DSGVO.
We have a legitimate interest in the analysis, communication, sales and promotion of our products and services. The legal basis may also be the user's consent pursuant to Art. 6 para. 1 lit. a DSGVO to the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 Para. 3 DSGVO.
When our online presence is called up on the Instagram platform, user data (e.g. personal information, IP address etc.) are processed by Facebook Ireland Ltd. as the platform operator in the EU. This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as to create user profiles. For example, Facebook Ireland Ltd. may use these profiles to promote the interests of users inside and outside Instagram. If the user is logged into his or her account on Instagram at the time of access, Facebook Ireland Ltd. may also link the data to the respective user account. In the event that the user contacts Instagram, the personal data of the user entered on this occasion will be used to process the request. The user's data will be deleted by us, provided that the user's inquiry has been finally answered and no legal storage obligations, e.g. in the case of a subsequent execution of the contract, stand in the way. Facebook Ireland Ltd. may also use cookies to process the data. If the user does not agree with this processing, it is possible to prevent the installation of cookies by adjusting the browser settings accordingly. Already stored cookies can also be deleted at any time. The settings for this depend on the respective browser. In the case of flash cookies, processing cannot be prevented by the browser settings, but by the corresponding setting of the flash player. If the user prevents or restricts the installation of cookies, this can lead to the fact that not all Facebook functions can be used to their full extent. For more details on the processing activities, their prevention and the deletion of data processed by Instagram, please refer to Instagram's data policy:
https://help.instagram.com/519522125107875.
It is not excluded that processing by Facebook Ireland Ltd. may also be carried out via Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.
Facebook Inc. has subjected itself to the "EU-US Privacy Shield" and thereby declares compliance with the data protection regulations of the EU when processing data in the USA.
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Linking social media via graphic or text link We also advertise on our website presences on the social networks listed below. The integration is done via a linked graphic of the respective network. The use of this linked graphic prevents that when a website with a social media application is called up, a connection is automatically established to the respective server of the social network to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user forwarded to the service of the respective social network. After the user is forwarded, information about the user is collected by the respective network. It cannot be excluded that the data collected in this way is processed in the USA. This is initially data such as IP address, date, time and visited page. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the user's specific visit to the user's personal account. If the user interacts via a "share" button of the respective network, this information can be stored in the user's personal user account and published if necessary. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic.
It is also possible to configure the respective user account accordingly. The following social networks are integrated into our site through links:
Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA. Privacy Policy:
https://policy.pinterest.com/de/privacy-policy Certification EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active
Google Fonts
On our website we use Google Fonts to display external fonts. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google" only. Through the certification according to the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also adhered to when processing data in the USA.
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is called up. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the optimisation and economic operation of our internet presence. Through the connection to Google established when you call up our website, Google can determine from which website your enquiry has been sent and to which IP address the representation of the font is to be transmitted. Google offers further information at https://adssettings.google.com/authenticated https://policies.google.com/privacy, in particular regarding the possibilities of preventing the use of data.
Adobe Typekit
Type and purpose of processing: We use Adobe Typekit to visually design our website. Typekit is a service provided by Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; hereinafter "Adobe") which gives us access to a font library. To incorporate the fonts we use, your browser must connect to an Adobe server in the United States and download the font required for our website. This will provide Adobe with information that your IP address was used to access our website. Further information on Adobe Typekit can be found in Adobe's data protection notice, which can be accessed here:
https://www.adobe.com/de/privacy/policy.html
Legal basis: The legal basis for the integration of Adobe Typekit and the associated data transfer to Adobe is your consent (Art. 6 para. 1 lit. a DSGVO). Recipients: Calling up script libraries or font libraries automatically triggers a connection to the library operator. For information on the use of your data by Adobe Typekit Web Fonts, please visit https://typekit.com/ and refer to the Adobe Typekit Privacy Policy: https://www.adobe.com/de/privacy/policies/typekit.html. Storage period: We do not collect personal information through the inclusion of Adobe Typekit Web Fonts. Transfers to Third Countries: Adobe is certified under the Privacy Shield Agreement, which guarantees compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).
Required or necessary: We are not required by law or contract to provide personal information. However, it cannot be provided without the correct display of standard font content.
Vimeo
We use "Vimeo" on our website to display videos. This is a service of Vimeo, LL C, 555 West 18 th Street, New York, New York 10011, USA, hereinafter referred to as "Vimeo". In some cases, the processing of user data takes place on Vimeo servers in the USA. However, by being certified in accordance with the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active
Vimeo guarantees that the data protection requirements of the EU are also adhered to when processing data in the USA. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in improving the quality of our Internet presence. If you visit a page of our website in which a video is embedded, a connection to the Vimeo servers in the USA will be established to display the video. For technical reasons, it is necessary for Vimeo to process your IP address. In addition, the date and time of your visit to our website are also recorded. If you are logged in to Vimeo while visiting one of our Internet sites in which a Vimeo video is embedded, Vimeo may assign the information collected to your personal user account. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your Vimeo user account accordingly. For the purpose of functionality and usage analysis, Vimeo uses the web analysis service Google Analytics. Google Analytics stores cookies on your end device via your Internet browser and sends information about the use of our Internet pages in which a Vimeo video is embedded to Google. It cannot be ruled out that Google may process this information in the USA. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. You will find details on this above under the item "Cookies". The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in improving the quality of our Internet presence and in the legitimate interest of Vimeo to analyze user behavior statistically for optimization and marketing purposes. Vimeo offers additional information on the collection and use of data, as well as on your rights and options for protecting your privacy, at http://vimeo.com/privacy.
__
Source: Sample privacy policy of the law firm Weiß & Partner
https://www.ratgeberrecht.eu/leistungen/muster-datenschutzerklaerung.html