Privacy Notice
Here we explain to you how and wich data we collect about you and what happens with it.
1. Your contact person
1.1 Provider of the website reiki-energiemassagen.de including alle connected subdomains and services ("website") is Reiki und Energiemassagen, Adresse auf Anfrage, 39104 Magdeburg ("we", "us").
E-Mail: astrid.hass@my.com
You can find more contact data in our imprint.
1.2 We are responsible within the meaning of the EU General Data Protection Regulation (GDPR) for the collection, processing, storage and use of personal data from users of the website (hereinafter “User”) as described below.
1.3 If you have any questions about data protection or exercising your rights under data protection law (section 3), you can contact our data protection officer Mr. Leander Haß via email leander@byteway.dev or by post to the business address (see above).
If you would like an introduction to the topic of data protection and the General Data Protection Regulation, you can find it on the website of the Federal Data Protection Commissioner (www.bfdi.bund.de/DE/Home/home_node.html).
2. Processing of personal data
2.1 Using our website
When you use our website without providing any other data in fields, data is collected and stored for analysis purposes, threat analysis and to provide functions. The following data is collected each time a page is accessed (“page access data”):
2.1.1 To provide our website, we process IP addresses, time of access, information about the browser, operating system, language settings, screen resolution, the page or file accessed, and any errors that may have occurred. Data processing is technically necessary to enable the use of our website (Art. 6 Para. 1 lit. b GDPR). The personal data will be deleted after your visit to our website, unless individual data are further processed for the purposes stated in this privacy policy.
2.1.2 For threat analysis and defense, we process personal data including identification, connection or location data (including the IP address). This processing is necessary to protect our legitimate interest in taking protective measures against attacks (Art. 6 Para. 1 lit. f GDPR).
2.1.3 The personal data will be deleted no later than two (2) years after the end of your visit to our website, provided no attempted attack is detected. If an attempted attack is detected from your connection, the personal data will be further processed for technical and, if necessary, legal processing.
2.1.4 For the purpose of providing our website, we use the hosting service of Contabo GmbH, Aschauer Straße 32a, 81549 Munich based on an order processing agreement (Article 28 GDPR). Every visit to our website is processed or delivered via Contabo servers. Information, which may include IP addresses, system configuration information and other information about traffic to and from our website, is processed for the purpose of operating, maintaining and improving the service. This data can help detect new threats, identify malicious third parties, and provide more robust security protection. The processing of this data is technically necessary to enable the use of our website (Art. 6 Para. 1 lit. b GDPR).
2.1.5 We use cookies on our website. Cookies are small text files that are stored on your computer. They enable us to store specific, user-related information that is necessary for the use of our website. We use them to provide the website, prevent attacks, and store the user's (cookie) consent decisions. The use of these cookies is necessary to pursue our legitimate interest in offering visitors to our website a high level of performance and security (Art. 6 (1) lit. f GDPR).
2.2 Customer support
In order to process all support requests that reach us via email or telephone, we process the last name, first name, email address, telephone number and other personal data provided in the email, as well as content information Inquiry. The processing is necessary to process the request or concern (Art. 6 Para. 1 lit. b GDPR). Depending on the content of the request, processing is limited to the specific purpose of the request and will end immediately after processing of the request has been completed. The data will be deleted after all mandatory retention periods have expired.
3. Your rights as a person affected by data processing
3.1 You can exercise your rights as a person affected by data processing at any time in writing at the address or email address specified in Section 1.3 above. We ask you to note that we cannot process telephone requests regarding personal data because the identity of the caller cannot usually be determined with sufficient certainty.
3.2 You have the following rights with regard to personal data concerning you:
3.2.1 You can exercise your right to information (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to deletion (Art. 17 GDPR) and right to restriction of processing, i.e. blocking for certain purposes (Art. 18 GDPR) at any time if the respective legal requirements are met.
3.2.2 Your right to data portability (Art. 20 GDPR) also provides that, if the legal requirements are met, you can request that we - or, if technically feasible, another responsible person named by you - provide you with the personal data relating to you in a structured manner, common and machine-readable format.
3.2.3 You have the right to object to processing (Article 21 GDPR) for certain processing purposes, in particular advertising purposes. If we process your data on the basis of a balance of interests (according to Article 6 Para. 1 f GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. Such reasons exist in particular if these reasons give your interests particular weight and therefore outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account when balancing interests. You can object to the processing by sending us an email to the email address mentioned in section 1.3 and we will inform you about further options for objecting to each specific processing purpose mentioned in section 2.
3.2.4 You have the right to revoke your consent to the processing of your personal data (Art. 7 Para. 3 GDPR). You can revoke your consent at any time and without giving reasons, either in relation to all or only individual processing activities that are based on your consent. The revocation is effective immediately and for all future processing. The lawfulness of the processing of your personal data until revocation remains unaffected. You can withdraw your consent by sending us an email to the email address mentioned in paragraph 1.3 and we will inform you about further options for withdrawing your consent against each specific processing purpose mentioned in paragraph 2.
3.3 You also have the right to contact the relevant data protection supervisory authority if you have any questions or complaints regarding our processing of your personal data. Contact information for the supervisory authority of the state of Saxony-Anhalt can be found at datenschutz.sachsen-anhalt.de/datenschutz-in-sachsen-anhalt.
4. Data security and location of data processing
4.1 We maintain state-of-the-art technical measures to ensure data security. All security measures are continually adapted to technical progress.
4.2 Communication between your device and our web servers when using the website is exclusively SSL encrypted.
4.3 The service providers we use are strictly controlled by us and provide us with evidence of compliance with the guaranteed security standards through current certification evidence or comparable documentation. Your data is generally stored in a data center in Europe according to the highest security standards. Our server provider is the Contabo GmbH.
4.4 Insofar as there are points of contact with third countries in the cases described in this privacy policy, a technical security level is guaranteed that fully complies with European standards. In any case, any data processing in third countries will take place in compliance with the guarantees provided by law.
4.5 To secure input fields and forms on our website, in some cases we use the Turnstile service from the external service provider Cloudflare, 101 Townsend St., CA 94107 San Fransisco, USA. Turnstile prevents automated software (so-called bots) from carrying out abusive activities, i.e. it checks whether the entries made actually come from a human. To determine this, in addition to page access data, information about your input behavior (e.g. input speed in form fields) and telemetry data are automatically examined for suspicious patterns. The data mentioned is sent to Cloudflare in encrypted form. In the event that personal data is transferred to the USA, Cloudflare has agreed to the EU-US Privacy Shield. For more information, please see Cloudflare's privacy policy.
The legal basis for the use is Art. 6 Para. 1 lit. c GDPR, as we are legally obliged to take appropriate technical and organizational measures to protect your data (Art. 32 GDPR), Art. 6 Para. 1 lit. b GDPR because we need this to execute the contract and Art. 6 Para. 1 lit. f GDPR because we have a legitimate interest in ensuring the security of the website.
5. Sharing of your data
The data we process will generally only be passed on to external bodies if
- you have given your express consent in accordance with Art. 6 Para. 1 lit. a GDPR,
- the disclosure in accordance with Article 6 Paragraph 1 lit. f of the GDPR is necessary to assert, exercise or defend legal claims or otherwise to protect the legitimate interests of us or third parties and there is no reason to assume that there is an overriding, legitimate interest in not doing so,
- we are legally obliged to pass on data in accordance with Art. 6 Para. 1 lit. c GDPR or
- the transfer in accordance with Article 6 Paragraph 1 Letter b of the GDPR is necessary for the fulfillment of the contractual relationship with you or for the implementation of pre-contractual measures that are carried out at your request.
Some of the data processing described in this privacy policy can therefore be carried out by our service providers. In addition to the service providers mentioned in this data protection declaration, this may include, in particular, data centers that store our databases, IT service providers that maintain our systems, accounting systems and tax consultants as well as consulting companies. If we pass on data to our service providers, this data may only be used to fulfill their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects and are regularly checked by us.
In addition, disclosure may occur in connection with governmental requests, court orders and legal proceedings if it is necessary for the prosecution or enforcement of law.
Language: English
Last Update: November 2024
Spelling mistakes reserved.
We reserve the right to change this privacy policy anytime. You can view the current version of our privacy policy on our website.
This is just a translated version for accessibility and understanding. The legally binding version is in german.
Deutsche Version