Hedonista

Deutsch

Privacy Policy

Information pursuant to Section 5 DDG

1. Controller

The controller responsible for data processing on this website is:

Elisa Carbo
c/o BesD e.V.
Odenwaldstraße 72
D-51105 Cologne, Germany
Email: meet@elisacarbo.com
Phone: +49 176 13486543

2. General Information on Data Processing

2.1 Scope of Processing of Personal Data

We generally only process personal data of our users to the extent necessary to provide a functional website and our content and services. The processing of personal data generally only takes place with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

2.2 Legal Basis for Processing Personal Data

Insofar as we obtain consent from the data subject for processing operations of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

2.3 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also occur if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for continued storage of the data for the conclusion or performance of a contract.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system accesses our website (referrer)
  • Websites accessed by the user’s system through our website

The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

3.2 Legal Basis

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3.3 Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. Storage in log files is done to ensure the functionality of the website. The data also helps us optimize the website and ensure the security of our information technology systems.

3.4 Storage Duration

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after seven days at the latest.

4. Hosting

4.1 DomainFactory

Our website is hosted by DomainFactory. The provider is DomainFactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany (hereinafter „DomainFactory“).

When you visit our website, DomainFactory collects various log files including your IP addresses. For details, please refer to DomainFactory’s privacy policy: https://www.df.eu/de/datenschutz/

The use of DomainFactory is based on Article 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information in the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG.

Data Processing Agreement: We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a data protection-required contract that ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

5. Cookies

5.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

We use the following types of cookies:

  • Technically necessary cookies: These cookies are absolutely necessary for the website to function. Without these cookies, certain services cannot be provided.
  • Functional cookies: These cookies enable the website to provide enhanced functionality and personalization.
  • Analytics cookies: These cookies are used to collect information about how visitors use our website (see WP Statistics section).

5.2 Cookie Management with Real Cookie Banner

We use the „Real Cookie Banner“ plugin to manage and obtain cookie consent. The provider is devowl.io GmbH, Syrlinstraße 16, 89073 Ulm, Germany.

Real Cookie Banner enables us to obtain your consent to the use of certain cookies and document this in accordance with data protection regulations. When you access our website, a connection to the Real Cookie Banner server is automatically established to display the consents and record your cookie settings. The following data is processed:

  • Your consents or the revocation of your consents
  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of your visit to the website

The use of Real Cookie Banner is intended to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

For more information, please refer to Real Cookie Banner’s privacy policy: https://devowl.io/de/datenschutzerklaerung/

5.3 Legal Basis for Data Processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Article 6(1)(a) GDPR when the user has given consent.

5.4 Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. The user data collected through technically necessary cookies is not used to create user profiles.

5.5 Storage Duration, Objection and Removal Options

Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all functions of the website to their full extent.

6. Web Analytics with WP Statistics

6.1 Scope of Processing Personal Data

We use the WordPress plugin „WP Statistics“ on our website for statistical evaluation of visitor access. The provider is Veronalabs, IBAN: GB21 REVO 0099 7017 9217 06.

WP Statistics does not use cookies and is GDPR-compliant. The plugin collects the following data:

  • Anonymized IP address (last digits are removed)
  • Date and time of visit
  • Pages visited
  • Referrer (referring page)
  • Browser and operating system
  • Device type (desktop, tablet, mobile)

The data is stored locally on our server and is not passed on to third parties. No profiling takes place.

6.2 Legal Basis for Processing Personal Data

The legal basis for the processing of user data is Article 6(1)(f) GDPR.

6.3 Purpose of Data Processing

The processing of user data enables us to analyze the browsing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Our legitimate interest in processing the data in accordance with Article 6(1)(f) GDPR also lies in these purposes. By anonymizing the IP address, the users‘ interest in protecting their personal data is adequately taken into account.

6.4 Storage Duration

The data is automatically deleted after 365 days.

6.5 Objection and Removal Options

You can prevent the collection and processing of your data by WP Statistics by deactivating the corresponding option in your cookie settings (Real Cookie Banner).

7. Newsletter

7.1 Description and Scope of Data Processing

On our website, it is possible to subscribe to a free newsletter. When registering for the newsletter, the following data is transmitted to us:

  • Email address
  • Optional: Name (if provided)
  • Time of registration
  • IP address at the time of registration

During the registration process, your consent to the processing of the data is obtained and reference is made to this privacy policy.

Double opt-in procedure: Registration for our newsletter takes place using a double opt-in procedure. This means that after your registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

7.2 Newsletter Dispatch with Mailjet

Our newsletters are sent using the service provider „Mailjet“. The provider is Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris, France.

Mailjet is a service that can be used to organize and analyze the sending of newsletters, among other things. The data you enter for the purpose of receiving the newsletter is stored on Mailjet’s servers in Germany and France.

Data analysis by Mailjet: With the help of Mailjet, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked on, if applicable. In this way, we can determine which links were clicked particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate).

This information is not related to individual newsletter recipients but helps us to recognize the reading habits of our users and adapt our content accordingly or send different content according to the interests of our users.

Mailjet’s privacy policy can be found here: https://www.mailjet.de/sicherheit-datenschutz/

7.3 Legal Basis for Data Processing

The legal basis for processing the data after registration for the newsletter by the user is Article 6(1)(a) GDPR if the user has given consent.

7.4 Purpose of Data Processing

The collection of the user’s email address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

7.5 Storage Duration

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. The user’s email address is therefore stored as long as the newsletter subscription is active. The other personal data collected during the registration process is generally deleted after a period of seven days.

7.6 Revocation and Removal Options

The subscription to the newsletter can be canceled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter. This also enables the revocation of consent to the storage of personal data collected during the registration process.

7.7 Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a data protection-required contract that ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

8. Contact Form and Email Contact

8.1 Description and Scope of Data Processing

A contact form („Open Questions“) is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. This data includes:

  • Name of the questioner
  • Email address of the questioner
  • Content of the question
  • Time of submission

At the time the message is sent, the following data is also stored:

  • The user’s IP address
  • Date and time of submission

During the submission process, your consent to the processing of the data is obtained and reference is made to this privacy policy.

Data submitted via the contact form is stored in the WordPress database and additionally forwarded by email to the specified email address (Gmail).

Alternatively, contact is possible via the email address provided. In this case, the user’s personal data transmitted with the email is stored.

In this context, the data is not passed on to third parties. The data is used exclusively for processing the conversation.

8.2 Legal Basis for Data Processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given consent. The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact aims to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

8.3 Purpose of Data Processing

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

8.4 Storage Duration

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the contact form’s input mask and data sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the submission process is deleted after seven days at the latest.

8.5 Objection and Removal Options

The user has the option at any time to revoke their consent to the processing of personal data. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

9. Embedded Content (iFrames)

9.1 Podcast Players (Buzzsprout)

We embed audio players from Buzzsprout on our website. The provider is Buzzsprout LLC, 5550 Tech Center Drive, Suite 400, Colorado Springs, CO 80919, USA.

When you visit a page with an embedded Buzzsprout player, a connection is established to Buzzsprout’s servers. Buzzsprout is thereby informed which of our pages you have visited. If you are logged into your Buzzsprout account, Buzzsprout can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Buzzsprout account.

The use of Buzzsprout is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

For more information, please refer to Buzzsprout’s privacy policy: https://www.buzzsprout.com/privacy

9.2 Spotify

Functions of the music service Spotify are embedded on our website. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden.

You can recognize the Spotify plugins by the green logo on our site. An overview of Spotify plugins can be found at: https://developer.spotify.com

As a result, when you visit our pages, a direct connection can be established between your browser and the Spotify server via the plugin. Spotify thereby receives the information that you have visited our site with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of our pages to your Spotify profile. This enables Spotify to associate visits to our pages with your user account.

We point out that when using Spotify, cookies are set by Spotify, the scope and purpose of which we have no influence over.

The use of Spotify is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG.

For more information, please refer to Spotify’s privacy policy: https://www.spotify.com/de/legal/privacy-policy/

If you do not want Spotify to be able to associate visits to our pages with your Spotify user account, please log out of your Spotify user account.

9.3 Apple Podcasts

Functions of Apple Podcasts are embedded on our website. The provider is Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

When embedding Apple Podcasts, a connection is established to Apple’s servers. Apple is thereby informed which of our pages you have visited. If you are logged into your Apple account, Apple can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Apple account.

The use of Apple Podcasts is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

For more information on handling user data, please refer to Apple’s privacy policy: https://www.apple.com/legal/privacy/de-ww/

10. Social Media

10.1 Links to Social Networks

Our website contains links to the following social networks:

  • X (formerly Twitter)
  • Instagram
  • Telegram
  • Spotify
  • Apple Podcasts
  • Deezer

These are simple links (hyperlinks), not social media plugins. No automatic data transfer to these services takes place unless you click on the corresponding links.

Only when you click on one of these links will you be redirected to the respective platform. From that point on, the privacy policies of the respective provider apply. We have no influence on data processing by these providers.

The linking is based on Article 6(1)(f) GDPR. Our legitimate interest lies in improving the quality of use of our website.

11. Rights of the Data Subject

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

11.1 Right of Access

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:

  • the purposes for which the personal data is being processed;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
  • the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage duration;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

11.2 Right to Rectification

You have the right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay.

11.3 Right to Restriction of Processing

Under the following conditions, you can request the restriction of the processing of personal data concerning you:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims, or
  • if you have objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.

11.4 Right to Erasure

You can request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following grounds applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
  • You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  • The personal data concerning you has been unlawfully processed.
  • The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union law or Member State law to which the controller is subject.

11.5 Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

11.6 Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means.

11.7 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

11.8 Right to Withdraw Data Protection Consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11.9 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

The supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Postfach 20 04 44
40102 Düsseldorf, Germany
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

12. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

13. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

14. Questions About Data Protection

If you have questions about data protection, please send us an email at: meet@elisacarbo.com

Cookie Consent mit Real Cookie Banner