Privacy Policy

1. The Controller

Name and address of the controller

The controller, within the meaning of the General Data Protection Regulation and other national data protection laws of the member states and provisions pertaining to data protection, is:

18ZEHN. design-kommunikation UG
(haftungsbeschränkt)
Marco Volk
Benedikt-Schwarz-Straße 2
76275 Ettlingen
Mail: info@18-zehn.de
Web: www.18-zehn.de

2. Definitions

This Privacy Policy uses terms which were used by the European regulator upon the enactment of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). This Privacy Policy should be easy to read and understand. To ensure this, important terms are explained below:

2.1 Personal data means all information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Data subject means any identified or identifiable natural person whose personal data is processed by the controller.

2.3 Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4 Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

2.5 Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

2.6 The controller or the person responsible for processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.7 A processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.8 The recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

2.9 Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.10 Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Use of cookies

No cookies are set.

4. SSL encryption

Our website uses SSL encryption if confidential or personal data is transmitted. This encryption is used, for example, for payment transactions and enquiries to us via this website. You need to monitor your own computer to ensure that this encryption is actually active. Encryption status can be monitored in the browser, which changes from “http: //” to https: // where encryption is active. When encryption is active, your data cannot be read by third parties. If encryption is not active, please contact us confidentially via another contact option.

5. Google WebFonts

This site uses web fonts provided by Google so as to be able to uniformly display fonts. However, we have integrated web fonts locally, so that no data is transferred to Google or other third parties.

6. Rights of the data subject

If your personal data is processed, you are a data subject under the GDPR and you have the following rights with respect to the controller under Section 1:

- Right to be informed
- Right to rectification
- Right to restrict processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object to processing
- Right to withdraw consent under data protection law
- Right to withdraw consent under data protection law
- Right not to apply an automated decision
- Right to lodge an appeal to a supervisory authority

6.1  Right to be informed

You can ask the controller to confirm whether we are processing your personal data. If processing has taken place, you can request information from the controller at any time free of charge as to the personal data stored about you, and about the following information:

• the purposes for which the personal data is processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
• the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
• the existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the controller or a right to object to this processing;
• the existence of a right of appeal to a supervisory authority;
• all available information about the origin of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to be informed as to whether your personal data will be transmitted to a third country or an international organisation. In this regard, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in relation to transfer.

6.2 Right to rectification

You have a right to rectification and/or completion of data with respect to the controller if your processed personal data is incorrect or incomplete.

6.3 Right to restrict processing

You can require the immediate restriction of processing of your personal data by the controller under the following circumstances, :

• if you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose erasure of the personal data and instead request the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or
• if you object to the processing in accordance with Art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be processed – with the exception of its storage – with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or a Member State. If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

6.4 Right erasure

You may ask the controller to erase personal data concerning you without delay if one of the following reasons applies:

• The personal data concerning you is no longer required for the purposes for which it was collected or otherwise processed.
• You withdraw your consent, upon which processing in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR was based, and there is no other legal basis for its continued processing.
• You object in accordance with Article 21(1) GDPR, and there are no overriding legitimate reasons for its continued processing, or you submit an objection to its processing in accordance with Article 21(2) GDPR.
• Your personal data has been unlawfully processed.
• Your personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the controller is subject.

Your personal data has been collected in relation to services offered by information society services pursuant to Article 8(1) GDPR.

If the controller has made your personal data public and is required to erase it in accordance with Art. 17(1) GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested the erasure of all links to such personal data and all copies or replications of such personal data.
The right to erasure does not exist insofar as the processing is necessary

• to exercise the right to freedom of expression and information;
• to fulfil a legal obligation which requires the processing under Union or Member State law to which the controller is subject, or to perform a task which is in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health in accordance with Article 9(1)(h) and Art. 9(3) GDPR;
• for archiving, scientific, or historical research purposes in the public interest or for statistical purposes in accordance with Article 89(1) GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
• to assert, exercise or defend legal claims.

6.5 Right to information

If you have exercised your right to require the controller to rectify, erase, or restrict processing, the controller is required to inform all recipients of your personal data of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed as to these recipients by the controller.

6.6 Right to data portability

You have the right to obtain a copy of your personal data provided to the controller in a structured, commonly-used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by the controller who was initially provided with the personal data, provided that

• processing is based on consent in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on the basis of a contract in accordance with Article 6(1)(b) GDPR and
• the processing is carried out using automated procedures
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You may contact the controller at any time to assert your right to data portability.

6.7 Right to object

You have the right to object to the processing of your personal data at any time for reasons arising from your specific situation, carried out in accordance with Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
In order to exercise the right to object, you may contact the controller directly.

6.8 Right to withdraw consent under data protection law

You have the right to withdraw your consent under data protection law at any time. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its revocation. You can contact the controller to this end.

6.9 Rights relating to automated decision-making in individual cases including profiling

You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has a legal bearing on you, or that significantly affects you in a similar manner. This does not apply if the decision

• is necessary for the conclusion or performance of a contract between you and the controller,
• is permitted by Union or Member State legislation to which the controller is subject, and this legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
• is made with your express consent.

However, such decisions may not be based on special categories of personal data pursuant to Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including as a minimum the right to obtain the intervention of a person on the part of the controller, to state a position and to challenge the decision.

If you wish to assert rights with regard to automated decisions, you may contact the controller at any time.

6.10 Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you contravenes the GDPR. The supervisory authority to which the appeal is submitted will inform you about the status and results of the appeal, including the possibility of a judicial remedy in accordance with Article 78 GDPR. The supervisory authority responsible for us is:

18ZEHN. design-kommunikation UG
(haftungsbeschränkt)
Marco Volk
Benedikt-Schwarz-Straße 2
76275 Ettlingen
Mail: info@18-zehn.de
Web: www.18-zehn.de

7. Collection of general information when visiting our website

Nature and purpose of processing:

When you access our website, i.e., when you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like. This is exclusively information that does not allow any conclusions to be drawn about your person.

In particular, they are processed for the following purposes:

• Ensuring a smooth connection setup of the website,
• Ensuring a smooth use of our website,
• evaluation of system security and stability, and
• for other administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us, if necessary, in order to optimize our website and the technology behind it.
Legal basis: The processing is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients:
Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website.

Storage period:
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended.

Provision prescribed or required:
The provision of the aforementioned personal data is not required by law or contract. However, without the IP address, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited. For this reason, an objection is excluded.

8. Changes to these guidelines
We reserve the right to change our data protection practices and this policy to adapt it to any changes in relevant laws and/or regulations or to better meet your needs. We will notify you of possible changes to our data protection practices here. Please note the current version date of this privacy policy.

9. Cookies
No Cookies