privacy







Data Protection Statement

We greatly appreciate your interest in our company. Data protection is especially important to the company management of Jens Sachtleben Creative Factory e.K.. In principle, use of the Internet pages of Jens Sachtleben Creative Factory e.K. is possible without any disclosure of personal data. If a data subject would like to take advantage of special services offered by our business via our Internet site, however, processing of personal data may be necessary. If the processing of personal data is necessary and if no legal basis for such processing exists, we then seek the general consent of the data subject. The processing of personal data, such as the name, address, e-mail address and telephone number of a data subject, is always undertaken in line with the regulation "Datenschutz-Grundverordnung" [General Data Protection Regulation] and in agreement with the national data-protection provisions applicable to Jens Sachtleben Creative Factory e.K.. By means of this data protection statement our business would like to inform the public about the type, extent and purpose of personal data collected, used and processed by us. Furthermore, by means of this data protection statement we will explain to data subjects what rights they have. As the controller of the processing, Jens Sachtleben Creative Factory e.K. has implemented many technical and organizational measures in order to ensure the fullest level of protection of the personal data processed via this Internet site. Nevertheless, Internet-based data transfer can, in principle, have security shortcomings, so that absolute protection cannot be guaranteed. For this reason each data subject is free to transfer personal data to us even in alternative ways, such as by telephone.

1. Definition of Terms

The data protection statement made by Jens Sachtleben Creative Factory e.K. rests on the terms and concepts used by the European legislator for directives and regulations in issuing the regulation "Datenschutz-Grundverordnung" (DS-GVO [GDPR = General Data Protection Regulation]). Our data protection statement should be easy to read and easy to understand, both for the public and for our customers and business partners. To help ensure this we would therefore like to explain in advance the terms and concepts used. In this data protection statement we use, amongst others, the following terms:

a)    personal data

Personal data refers to all information that relates to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is seen as being identifiable if he or she can be directly or indirectly identified, particularly by means of allocation to an identifying characteristic such as a name, an identity number, location data, an online identification or one or more special characteristics that give insight to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

b)    data subject

A data subject is each identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c)    processing

The term "processing" refers to any procedure or series of procedures carried out, with or without the help of automated techniques, on personal data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, readout, questioning, use, disclosure by transmission, distribution or other form of provision, comparison or linking, limitation, deletion or destruction.

d)    limitation of processing

Limitation of processing is the marking of stored personal data with the aim of restricting its future processing.

e)    profiling

Profiling refers to all types of automated processing of personal data intended to use the personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.

f)     pseudonymization

Pseudonymization is the processing of personal data in a way in which, without the help of additional information, this personal data can no longer be assigned to a specific data subject, provided this additional information is kept separately and is subjected to technical and organizational measures that ensure that the personal data cannot be traced to an identified or identifiable natural person.

g)    controller / processing controller

The controller, or the processing controller, is the natural person or corporate body, public authority, organization or other body responsible for deciding, alone or together with others, the purposes and means of processing personal data. If the purposes and means of processing are prescribed by Union law or by the law of the member states, the controller - or the specific criteria for the controller's appointment - can be provided for in keeping with Union law or the law of the member states.

h)    processor

The processor is a natural person, a corporate body, a public authority, an organization or some other body that processes personal data at the order of the controller.

i)      recipient

The recipient is a natural person or a corporate body, a public authority, an organization or some other body to whom or to which personal data is disclosed, regardless of whether or not the recipient is a third party. Public authorities that may take receipt of personal data in the context of a particular investigation order, in keeping with Union law or the law of the member states, are not regarded as recipients.

j)      third party

A third party is a natural person or a corporate body, a public authority, an organization or some other body, except for the data subject, the controller, the processor or persons under the direct responsibility of the controller or of the processor, authorized to process personal data.

k)    consent

The term "consent" applies to a voluntary indication of willingness on the part of the data subject, with respect to a specific case in point, by means of which the data subject conveys, in an informed and unmistakable way - in the form of a declaration or some other clearly affirmative act - that he or she accepts the processing of the personal data in question.

2. Name and Address of the Processing Controller

The controller, in the sense of the Datenschutz-Grundverordnung [General Data Protection Regulation], other data protection laws applicable in the member states of the European Union and other provisions of a data-protection-law nature, is:

Jens Sachtleben Creative Factory e.K. Moorreye 104 22415 Hamburg Germany Tel.: +49 40 88883988 E-Mail: mail@zehzwo.com Website: www.zehzwo.com

3. Recording of General Data and Information

The Internet site of Jens Sachtleben Creative Factory e.K. records, with each call-up of the Internet site by a data subject or by an automated system, a series of general data and information. This general data and information is stored in the server's log files. Data that may be recorded includes (1) the type of browser used and the version, (2) the operating system used by the accessing system, (3) the Internet site from which an accessing system came to our Internet site (the so-called referrer), (4) the sub-websites that are routed to our Internet site via an accessing system, (5) the date and the time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to ward away danger in the event of attacks on our information-technology systems.

In its use of this general data and information, Jens Sachtleben Creative Factory e.K. makes no inferences to the data subject. The information is instead needed, (1) to deliver the contents of our Internet site correctly, (2) to optimize the contents of our Internet site and the advertising used for this, (3) to ensure the lasting functional capacity of our information-technology systems and the techniques of our Internet site, and (4) in the event of a cyber attack, to provide the criminal prosecution authorities with the information necessary for criminal prosecution. This anonymously collected data and information is therefore evaluated by Jens Sachtleben Creative Factory e.K. on the one hand statistically, but also with the aim of increasing the data protection and data security in our business in order to ensure, in the end, an optimal level of protection of the personal data processed by us. The anonymous data of the server log files is stored separate from all personal data given by a data subject.

4. Routine Deletion and Blocking of Personal Data

The processing controller processes and stores the data subject's personal data only for the period necessary for achievement of the purpose of the storage, or if this is provided for by the European legislators of directives and regulations or in the laws or provisions of another legislator to the jurisdiction of which the processing controller is subject. If the purpose of the storage ceases to apply or if a storage period prescribed by a European legislator of directives and regulations, or by another relevant legislator, expires, the personal data is routinely, and in accordance with the statutory provisions, blocked or deleted.

5. Rights of the Data Subject

a)    Right to Confirmation

Each data subject has been accorded the right, by the European legislator of directives and regulations, to demand confirmation from the processing controller as to whether the data subject's personal data is processed. If a data subject wishes to exercise this right to confirmation, he or she can contact an employee of the processing controller in this connection at any time.

b)    Right to Information

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to free information from the processing controller at any time on the personal data stored and relating to his or her person, as well as the right to a copy of this information. Furthermore, the European legislator of directives and regulations has accorded the data subject a right to information on the following:

the purposes of the processing the categories of personal data processed the recipients or categories of recipients, with respect to whom or which the personal data has been disclosed in the past or currently, particularly in cases of recipients in third countries or in cases of international organizations if possible, the planned period for which the personal data is to be stored, or, if this is not possible, the criteria determining this period the existence of a right to correction or deletion of the data subject's personal data, or to limitation of the processing by the controller, or a right to object to this processing the existence of a right to lodge a complaint with a supervisory authority the right to all available information on the origins of the data, if the personal data was not collected from the data subject the existence of an automated decision-making process, including profiling, in accordance with article 22, paragraphs 1 and 4 of DS-GVO [GDPR] and — at least in these cases — meaningful information on the logic involved and on the implications and the desired effects of such processing on the data subject. Furthermore, the data subject has a right to information on whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be given information on the appropriate guarantees made in connection with the transfer. If a data subject wishes to exercise this right to information, he or she can contact an employee of the processing controller in this connection at any time.

c)    Right to Correction

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to demand immediate correction of incorrect personal data relating to them. Furthermore, the data subject has the right, allowing for the purposes of the processing, to demand the completion of incomplete personal data — also by means of an additional explanation. If a data subject wishes to exercise this right to correction, he or she can contact an employee of the processing controller in this connection at any time.

d)    Right to Deletion (Right to be Forgotten)

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to demand from the controller that the personal data in question be immediately deleted, if one of the following grounds applies and provided the processing is not necessary:

the personal data was collected or processed for purposes that are no longer necessary. the data subject revokes his or her consent, on which the processing rests, in accordance with article 6, paragraph 1, letter a of DS-GVO [GDPR] or article 9, paragraph 2, letter a of DS-GVO [GDPR], and there is no other legal basis for the processing. the data subject objects to the processing, in accordance with article 21, paragraph 1 of DS-GVO [GDPR], and there are no overriding legitimate grounds in favour of the processing, or the data subject objects to the processing in accordance with article 21, paragraph 2 of DS-GVO [GDPR]. the personal data was unlawfully processed. the deletion of the personal data is necessary for the fulfilment of a legal obligation in keeping with Union law or the law of the member states to which the controller is subject. the personal data was collected with respect to information society services in accordance with article 8, paragraph 1 of DS-GVO [GDPR]. If one of the above-mentioned grounds applies and a data subject would like to arrange for the deletion of personal data that is stored by Jens Sachtleben Creative Factory e.K., he or she can contact an employee of the processing controller in this connection at any time. The employee of Jens Sachtleben Creative Factory e.K. will see to it that the demand for deletion is attended to immediately. If the personal data is made public by Jens Sachtleben Creative Factory e.K. and if our business, as a controller in accordance with article 17, paragraph 1 of DS-GVO [GDPR], is obliged to delete the personal data, Jens Sachtleben Creative Factory e.K. must also take appropriate measures, including technical measures, consideration being given to the available technology and the costs of implementation, to inform others processing the personal data published and controlling the data processing, that the data subject has demanded of these others controlling the data processing that all links to this personal data or to copies or replications of this personal data be deleted, if the processing is not necessary. The employee of Jens Sachtleben Creative Factory e.K. will, in the individual case in point, arrange the necessary measures.

e)    Right to Limitation of the Processing

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to demand that the controllers limit the processing, if one of the following preconditions exists: the correctness of the personal data is contested by the data subject over a period that allows the controller to check the correctness of the personal data. the processing is unlawful, but the data subject rejects the deletion of the personal data and demands, instead, limitation of the use of the personal data. the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for assertion, exercising or defence of legal claims. the data subject has objected to the processing, in accordance with article 21, paragraph 1 of DS-GVO [GDPR], and it is not yet clear whether the legitimate grounds of the controller override those of the data subject. If one of the above-mentioned preconditions applies and a data subject would like to demand limitation of the personal data stored by Jens Sachtleben Creative Factory e.K., he or she can contact an employee of the processing controller in this connection at any time. The employee of Jens Sachtleben Creative Factory e.K. will arrange the limitation of the processing.

f)     Right to Data Portability

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to be sent the personal data in question, which was previously disclosed to a controller by the data subject, in a structured, commonly used and machine-readable format. He or she also has the right to transfer this data to another controller without hindrance from the controller to whom the personal data was previously disclosed, provided the processing is based on consent, in accordance with article 6, paragraph 1, letter a of DS-GVO [GDPR] or article 9, paragraph 2, letter a of DS-GVO [GDPR] or on a contract in accordance with article 6, paragraph 1, letter b of DS-GVO [GDPR] and the processing can be undertaken with the help of automated procedures, and provided the processing is not necessary for the discharging of a task that is in the public interest, or in the exercising of official authority vested in the controller. Furthermore, in the exercising of his or her right to data portability, in accordance with article 20, paragraph 1 of DS-GVO [GDPR], the data subject has the right to have the personal data transferred directly from one controller to another, to the extent that this is technically feasible and provided no rights or freedoms of other persons are impeded as a result. For assertion of the right to data portability the data subject can at any time contact an employee of Jens Sachtleben Creative Factory e.K..

g)    Right of Objection

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, for reasons associated with their particular situation, to object at any time to the processing of personal data relating to them, based on article 6, paragraph 1, letters e or f of DS-GVO [GDPR]. This also applies to profiling based on these provisions. In cases of objection, Jens Sachtleben Creative Factory e.K. no longer processes the personal data, unless we can provide compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercising or defence of legal claims. If Jens Sachtleben Creative Factory e.K. processes personal data in order to undertake direct marketing, the data subject has the right to object at any time to the processing of the personal data for purposes of such advertising. This also applies to profiling, when it is associated with such direct marketing. If the data subject objects to processing by Jens Sachtleben Creative Factory e.K. for purposes of direct advertising, Jens Sachtleben Creative Factory e.K. will no longer process the personal data for these purposes. Furthermore, the data subject has the right, for reasons arising from his or her particular situation, to object to the processing of personal data relating to him or her, undertaken by Jens Sachtleben Creative Factory e.K. for scientific or historical research purposes, or for statistical purposes, in accordance with article 89, paragraph 1 of DS-GVO [GDPR], unless such processing is necessary for fulfilment of a task carried out in the public interest. To exercise the right to object, the data subject can contact an employee of Jens Sachtleben Creative Factory e.K. directly at any time. The data subject also has the possibility, in connection with the use of services of the information society – notwithstanding Directive 2002/58/EC – to exercise his or her right of objection by means of automated procedures for which technical specifications are utilized.

h)    Automatic Decisions in Individual Cases, Including Profiling

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, not to be subjected to decisions based on solely automatic processing — including profiling — that can give rise, with respect to him or her, to legal consequences or similar, significant detrimental affects, provided the decision (1) is not necessary for the conclusion or the fulfilment of a contract between the data subject and the controller, or (2) is permissible on the basis of statutory regulations of the Union or of the member states to which the controller is subject, and these statutory regulations contain appropriate measures for safeguarding the rights and freedoms of the data subject and his/her legitimate interests, or (3) is undertaken with the explicit consent of the data subject.
If the decision (1) is necessary for the conclusion or the fulfilment of a contract between the data subject and the controller, or (2) if it is taken with the explicit consent of the data subject, Jens Sachtleben Creative Factory e.K. will take appropriate measures to safeguard the rights and freedoms of the data subject and his/her legitimate interests, whereby this includes at least the right to involvement of a person on behalf of the controller, to present one's own standpoint, and to contest the decision. If the data subject wishes to enforce rights relating to automatic decisions, he or she can contact an employee of the processing controller, in this connection, at any time.

i)      Right to Revocation of Data-Protection-Law Consent

Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to revoke, at any time, consent previously given for the processing of personal data. If the data subject wishes to enforce his or her right to revoke consent, he or she can contact an employee of the processing controller, in this connection, at any time.

6. Legal Basis of the Processing

Article 6 I, letter a of DS-GVO [GDPR] serves our business as the legal basis for processing procedures for which we seek consent for particular processing purposes. If the processing of personal data is necessary for fulfilment of a contract to which the data subject is a contracting party, as in the case of processing procedures required for the delivery of goods, or for the provision of some other performance or counter-performance, the processing is then based on article 6 I, letter b of DS-GVO [GDPR]. The same applies to processing procedures that are necessary for implementation of pre-contractual measures, as in cases of matters about our products or performance. If our business is subject to a legal obligation for which the processing of personal data is necessary, as in the case of taxation obligations, the processing is then based on article 6 I, letter c of DS-GVO [GDPR]. In rare cases the processing of personal data could be necessary to protect vital interests of the data subject, or of another natural person. This would be the case, for example, if a visitor to our works was injured and his or her name, age, health-insurance data or other vital information had to be passed on to a doctor, a hospital or some other third party. In this case the processing would be based on article 6 I, letter d of DS-GVO [GDPR]. Finally, processing procedures might be based on article 6 I, letter f of DS-GVO [GDPR]. This serves as a legal basis for processing procedures that are not covered by any of the above-mentioned bases, if the processing is necessary for safeguarding a legitimate interest of our business or of a third party, provided the interests, basic rights and basic freedoms of the data subject do not override this. Such processing procedures are permitted for us in particular because they were specially mentioned by the European legislator. To this extent the latter took the view that a legitimate interest can be assumed if the data subject is a customer of the controller (consideration treatise 47, sentence 2 of DS-GVO [GDPR]).

7. Legitimate Interests in Processing, as Pursued by the Controller or by a Third Party

If the processing of personal data is based on article 6 I, letter f of DS-GVO [GDPR] our legitimate interest is the implementation of our business activities to the benefit of the well-being of all of our employees and our shareholders. 8. Period for which the Personal Data is Stored

The criterion for the period of storage of personal data is the respective statutory retention period. After expiry of the period the corresponding data is routinely deleted, provided it is no longer necessary for fulfilment of contract or preparation of contract.

9. Statutory or Contractual Regulations on the Preparation of Personal Data;

Necessity for Conclusion of Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Non-Provision We draw your attention to the fact that the provision of personal data is, in part, legally prescribed (e.g. tax regulations), or can be required by contractual regulations (e.g. disclosures to the contract partner). It can sometimes be necessary, for conclusion of contract, that a data subject provide us with personal data, that must then be processed by us. The data subject is, for example, obliged to provide us with personal data if our business is to conclude a contract with him or her. Non-provision of the personal data can have the consequence that the contract with the data subject cannot be concluded. Before the provision of personal data by a data subject the data subject must contact one of our employees. Our employee will explain to the data subject, in the context of the specific case in point, whether the provision of the personal data is prescribed by law or by contract, or whether it is necessary for conclusion of contract, whether an obligation to provide the personal data exists, and what consequences the non-provision of the personal data would have.

10. Existence of an Automated Decision-Making Process

As a responsible business we renounce the option of an automatic decision-making process and of profiling.

Parts of this privacy policy have been prepared by the privacy statement generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as external data protection officer Erlangen, in cooperation with the IT and data protection lawyer Christian Solmecke.