Privacy Policy
Data protection information according to Art. 13 and 21 GDPR for the website of Jana Koss
I. General
1. Controller
Jana Koss takes the protection of your personal data and the legal obligations that serve to ensure this protection very seriously. The legal provisions require comprehensive transparency in all issues regarding the processing of personal data. Only if the processing is traceable for you as the person concerned (data subject), you can be deemed to be sufficiently informed about the intention, purpose and scope of the processing. This data protection declaration therefore explains to you in detail which so-called personal data is processed by us when you use the www.koss-jana.de website.
Controller in terms of the General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz – German Federal Data Protection Act (BDSG) as well as other data protection regulations is
Jana Kosova
Harpener Weg, 44629 Herne, Germany
+49 (0) 157 318 712 85
mail@koss-jana.com
www.koss-jana.de
referred to hereinafter as or „controller“ oder „we“.
Please note that links on our website may lead you to other webpages which are not operated by us but by third parties. Such links are either clearly identified by us or can be identified by a change in the address line of your browser. We are not responsible for compliance with the applicable data protection regulations and safe handling of your personal data on these third-party websites.
2. Definitions
2.1 From the GDPR
This data protection declaration uses the terms defined in the legal text of the GDPR. These definitions (Art. 4 GDPR) can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
2.2 Cookies
Cookies are text files that are stored or read by a website on your end device. They contain combinations of letters and numbers and are used to recognize the user and their settings when they reconnect to the website that set the cookie, to enable the user to remain logged in to a customer account, or to statistically analyze a specific user behavior.
2.3 Categories of data
When we specify in this privacy policy which categories of data we process, we are referring in particular to the following data: Master data (e.g. names, addresses, dates of birth), contact details (e.g. e-mail addresses, telephone numbers, messenger services), content data (e.g. text entries, photographs, videos, contents of documents/files), contract data (e.g. subject of the agreement, terms, customer category), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain content, access times) and connection data. (e.g. device information, IP addresses, URL referrer).
3. Information about data processing
We process personal data only to the extent permitted by law. Personal data will be passed on to third parties only in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption).
Unless we are legally obliged to store or pass on personal data to third parties (in particular law enforcement agencies), the decision as to which personal data we process, how long we process it for and the extent to which we disclose it to others depends on which functions of the website you use in each individual case.
4. Duration of storage
Personal data shall be deleted as soon as the purpose for which it was processed no longer exits or a prescribed retention period expires, unless we need to continue storing the personal data in order to conclude or fulfill a contract. If we use cookies that are not absolutely necessary to provide the service you requested, we inform you about the functional duration of these cookies at the end of this privacy policy.
5. Automated individual decision-making including profiling
We do not use automated individual decision-making including profiling to reach decisions pursuant to Art. 22 Para. 1, 4 GDPR.
6. Rights of the data subject
As the data subject, you have the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restrict processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR. The restrictions from Sections 34, 35 BDSG apply to the right of access and the right to erasure. You have the right to lodge a complaint with a supervisory authority for data protection matters (Article 77 GDPR in conjunction with Section 19 BDSG). The supervisory authority to which we are subject is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestrasse 2-4, 40213 Düsseldorf, Germany. However, you are free to lodge a complaint with any supervisory authority for data protection matters of your choosing
7. Notification obligations of the controller
We will notify all recipients to whom your personal data has been disclosed of any rectification or deletion of your personal data or any restriction of processing pursuant to Art. 16, Art. 17 Para. 1 and Art. 18 of the GDPR, unless such notification is impossible or involves disproportionate effort. Upon your request, we will inform you of who received this notification.
8. Obligation to provide information
Unless otherwise explained below in the legal bases under II or III, you are not obliged to provide personal data. However, in the cases described in Art. 6 Para. 1 Lit. b) of the GDPR, the personal data is necessary for the performance or conclusion of a contract. If you do not provide this personal data, it is not possible to fulfill or conclude the contract. If you do not provide personal data in the cases described in Art. 6 Para. 1 Lit. a) and f) of the GDPR, it is not possible to use the parts of our website in question.
9. Right to object and revoke consent
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6 Para. 1 Lit. f) of the GDPR. Where personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.
Pursuant to Art. 7 Para. 3 Clause 4 of the GDPR, you also have the right to revoke your consent to future processing at any time. Such a revocation does not affect the lawfulness of processing carried out before the revocation. You can revoke your consent by mail or e-mail without the need for a specific form. If you object, we will cease to process your personal data unless another (legal) basis permits the processing. If, however, you revoke your consent and there is no other basis that permits the processing, the personal data must be deleted immediately pursuant to Art. 17 Para. 2 Lit. b) of the GDPR.
No specific form is required to lodge an objection or revoke consent. Such communications should be addressed to:
Jana Kosova
Harpener Weg, 44629 Herne, Germany
+49 (0) 157 318 712 85
mail@koss-jana.com
II. Data processing in connection with use of the website
1. Using the website for informational purposes
Purpose of processing: If you access our website and use it purely for informational purposes, i.e. without using additional functions such as contact forms or social media plugins, we automatically collect personal data for the purpose of optimizing and ensuring the proper functioning of our website, as well as to ensure the security of our information technology systems.
Legal basis: Art. 6, Para. 1, Lit. f) GDPR
Categories of data: Usage data, connection data
Recipient of the data: IT service providers
Intended transfer to third countries: None
Does providing your consent mean that we store or read information on your device? No
2. Google Fonts
Purpose of processing: Personalizing the design of our website using fonts loaded from Google servers.
Legal basis: Art. 6, Para. 1, Lit. f) GDPR
Categories of data: Usage data, connection data
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland
Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).
Does providing your consent mean that we store or read personal information on your device? No
3. Google Maps
Purpose of processing: Integrating interactive maps and map functions of Google Maps.
Legal basis: Art. 6, Para. 1, Lit. f) GDPR
Categories of data: Usage data, connection data, location data
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland
Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).
Does providing your consent mean that we store or read personal information on your device? No
5. Google Analytics
Purpose of processing: Statistical evaluation of how you use the website. We collect your IP address before it is anonymized by Google through truncation before being permanently stored on their servers.
Legal basis: Art. 6, Para. 1, Lit. a) GDPR
Categories of data: Usage data, connection data
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland
Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).
Does providing your consent mean that we store or read information on your device? Yes, see the list at the end of this privacy policy.
12. Contacting us (e-mail, telephone, contact form)
Purpose of processing: Replying to your inquiry in the contact form on our website, your e-mail or your callback request.
Legal basis: Art. 6 Para. 1 Lit. f) GDPR; Art. 6 Para. 1 Lit. b) GDPR (if your inquiry concerns the conclusion of a contract or an existing contract); Art. 88 Para. 1 GDPR in conjunction with Section 26 Para. 1 BDSG (if you send us documents in connection with an application)
Categories of data: Master data, contact details, content data, usage data (if applicable), connection data, contract data (if applicable)
Recipient of the data: Affiliated companies within the d.velop group in individual cases.
Intended transfer to third countries: None
Does providing your consent mean that we store or read information on your device? No
13. Customer account
Purpose of processing: Use of a customer account (also a prerequisite for orders in our online shop), ensuring the security of our information technology systems.
Legal basis: Art. 6, Para. 1, Lit. a), b) and f) GDPR
Categories of data: Master data, contact details, usage data, connection data, contract data, payment data
Recipient of the data: None
Intended transfer to third countries: None
Does providing your consent mean that we store or read personal information on your device? No
14. Online shop
Purpose of processing: Processing and delivering your orders, ensuring the security of our information technology systems.
Legal basis: Art. 6, Para. 1, Lit. b) and f) GDPR
Categories of data: Master data, contact details, usage data, connection data, contract data, payment data
Recipient of the data: None
Intended transfer to third countries: None
Does providing your consent mean that we store or read personal information on your device?: No
17. Blog with comment function
Purpose of processing: Implementing a blog and a comment function, direct exchange with you, ability to comment on our services, ensuring the security of our information technology systems.
Legal basis: Art. 6, Para. 1, Lit. f) GDPR
Categories of data: Master data (if you comment), contact details (if you comment), content data (if you comment), usage data, connection data
Recipient of the data: None
Intended transfer to third countries: None
Does providing your consent mean that we store or read personal information on your device? No
18. Requesting advertising materials or quotations
Purpose of processing: Sending advertising materials you requested and generating and sending quotations you requested.
Legal basis: Art. 6 Para. 1 Lit. f) GDPR; Art. 6 Para. 1 Lit. b) GDPR (if your inquiry concerns the conclusion of a contract or an existing contract)
Categories of data: Master data, contact details, connection data, contract data (if applicable)
Recipient of the data: Affiliated companies within the d.velop group in individual cases; postal service providers.
Intended transfer to third countries: None
Does providing your consent mean that we store or read information on your device? No
19. E-mail newsletter
Purpose of processing: Managing our distribution list and sending the newsletter you requested, personalizing our newsletter based on your usage behavior and documenting your consent to receive the newsletter.
Legal basis: Art. 6, Para. 1, Lit. a) GDPR
Categories of data: Contact details, master data, usage data, connection data
Recipient of the data: HubSpot European Office, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland / HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA
Intended transfer to third countries: To the USA in individual cases (according to Decision (EU) 2016/1250 – “EU-US Data Protection Shield”).
Does providing your consent mean that we store or read personal information on your device? Yes, see the list at the end of this privacy policy.
IV. Information about the cookies we use
Below is a list of the names and functional durations of the cookies used by the above mentioned plugins and services – provided you consent to their use – with the following pattern: [name of the service]: [name of the cookie] ([functional duration]).
A cookie can only be accessed from the Internet address at which the cookie was set. This means that we have no access to the cookies used by the providers (above). They also have no access to our cookies. Third parties have access neither to our cookies nor to those of the providers. Third parties can only access these cookies by means of technical attacks, which we cannot control and for which we are not responsible.
Google Analytics: (2 years)
V. Processing of customer and supplier data
Purpose of processing: Identification as contact person, making professional contact, especially when executing contracts with your company; if necessary, use as test data for software development (in this case, exclusively in a specially secured IT environment and only for the duration of the software test).
Legal basis: Art. 6, Para. 1, Lit. b) and f) GDPR
Categories of data: Master data, contact details, content data, contract data, payment data
Recipient of the data: Our subsidiaries (if applicable), IT service providers
Intended transfer to third countries: None