Privacy Policy

Personal data (hereinafter referred to as "data") is processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Art. 4 No. 1 of Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter "GDPR"), "processing" means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we either alone or jointly with others decide on the purposes and means of processing. Furthermore, we inform you below about third-party components used by us for optimisation purposes and to increase the quality of use, insofar as third parties process data on their own responsibility as a result.

Our privacy policy is structured as follows:

I. Information about us as controllers
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as controllers

The responsible provider of this website in terms of data protection law is:

Thomas Surmann
Thema-erledigt.de
Friesickestr. 29
13086 Berlin, Deutschland

Phone: +49 (0)178 / 1737339
Email: info (at) thema-erledigt (dot) de

The contact details published here and in the imprint must not be used to send us unsolicited advertising or information material. We hereby expressly object to this.

II. Rights of users and data subjects

With regard to the processing of data described in more detail below, users and data subjects have the right

  • to confirmation as to whether data concerning them is being processed, to access the data being processed, to further information about the data processing and to copies of the data (see also Art. 15 GDPR);
  • to rectification or completion of inaccurate or incomplete data (see also Art. 16 GDPR);
  • to immediate erasure of data concerning them (see also Art. 17 GDPR), or, alternatively, insofar as further processing is necessary pursuant to Art. 17(3) GDPR, to restriction of processing in accordance with Art. 18 GDPR;
  • to receive the data concerning them which they have provided and to transfer this data to other providers/controllers (see also Art. 20 GDPR);
  • to lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in breach of data protection regulations (see also Art. 77 GDPR).

Furthermore, the provider is obliged to inform all recipients to whom data has been disclosed about any rectification or erasure of data or restriction of processing carried out pursuant to Articles 16, 17(1), 18 GDPR. This obligation does not apply insofar as such notification is impossible or involves disproportionate effort. Irrespective of this, the user has a right to information about these recipients.

Users and data subjects also have the right, pursuant to Art. 21 GDPR, to object to future processing of data concerning them, insofar as the data is processed by the provider pursuant to Art. 6(1)(f) GDPR. In particular, objection may be made to processing for direct marketing purposes.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage ceases to apply, provided that no statutory retention obligations prevent deletion and no different information is provided below for individual processing procedures.

Hosting

The operation of this website requires the use of an external service provider (host). All data collected by this website may be stored and processed by the host. This includes in particular data relating to website access, communication data, IP addresses and other data arising when visiting this website.

Our legitimate interest lies in providing a technically secure, stable and accessible website (Art. 6(1)(f) GDPR).

The host used for this website is "Heroku", a service by salesforce.com, inc. (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA). Heroku's server locations are exclusively within the European Union.

A data processing agreement (Data Processing Addendum) has been concluded with Heroku to ensure GDPR-compliant processing in accordance with Art. 28 GDPR. Further information on Salesforce's privacy practices can be found at https://www.salesforce.com/company/privacy/.

Database hosting

The service "Supabase" is used for storing and managing data of this website. The provider is Supabase Inc., 970 Toa Payoh North, #07-04, Singapore 318992, with European server locations. Supabase serves as a hosted PostgreSQL database platform through which entered or technically collected data (e.g. form entries or log data) can be stored and processed.

Processing is based on Art. 6(1)(f) GDPR, as there is a legitimate interest in secure, stable and performant data storage. Insofar as storage occurs in connection with a request, Art. 6(1)(b) GDPR (pre-contractual measures) may additionally apply.

A data processing agreement (Data Processing Agreement) pursuant to Art. 28 GDPR has been concluded with Supabase, ensuring an adequate level of data protection within the European Union. Further information on Supabase’s privacy practices can be found at https://supabase.com/privacy.

Cookies

a) Session cookies

We use so-called cookies with our website. Cookies are small text files or other storage technologies that are placed and stored on your device by the Internet browser you use. These cookies process specific information about you, such as browser or location data or your IP address.

This processing makes our website more user-friendly, effective and secure, as processing enables, for example, the display of our website in different languages or the provision of a shopping cart function.

The legal basis for this processing is Art. 6(1)(b) GDPR, insofar as these cookies process data for the initiation or fulfilment of a contract.

If processing does not serve the initiation or fulfilment of a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6(1)(f) GDPR.

These session cookies are deleted when you close your Internet browser.

b) Third-party cookies

Cookies from partner companies with which we cooperate for advertising, analysis or functional purposes may also be used with our website.

Please refer to the following information for details, particularly regarding the purposes and legal bases for processing such third-party cookies.

c) Removal options

You can prevent or restrict the installation of cookies through your Internet browser settings. You can also delete stored cookies at any time. The required steps depend on the specific browser you use. If you have questions, please use the help function or documentation of your browser or contact its manufacturer or support. Processing of so-called Flash cookies cannot be prevented through browser settings. Instead, you must change the settings of your Flash player. The required steps also depend on your Flash player. If you have questions, please use the help function or documentation of your Flash player or contact the manufacturer or support.

If you prevent or restrict the installation of cookies, this may lead to not all functions of our website being fully usable.

Requests and contact

If you contact us via form or email or submit a request, the data you provide (particularly name, email address and the description of your request) will be processed for the purpose of handling your inquiry. The data may be forwarded to a cooperating lawyer so that they can contact you, ask follow-up questions and provide you with an offer. No further transfer of your data takes place.

The legal basis for this processing is Art. 6(1)(b) GDPR (pre-contractual measures) as well as Art. 6(1)(f) GDPR (legitimate interest in efficient processing and follow-up of inquiries).

Data submitted in connection with a request will be stored for possible follow-up inquiries and deleted no later than one year after the request has been completed, unless statutory retention obligations prevent deletion.

Server data

For technical reasons, particularly to ensure a secure and stable website, data is transmitted to us or our web space provider by your Internet browser. These so-called server log files include, among other things, the type and version of your Internet browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) of our website you visit, date and time of access, and the IP address of the Internet connection from which the use of our website occurs.

The collected data is stored temporarily, but not together with other data about you.

This storage is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in improving, stability, functionality and security of our website.

The data will be deleted at the latest after seven days, unless further storage is required for evidence purposes. Otherwise, the data is wholly or partially exempt from deletion until an incident is fully resolved.

Plausible Analytics

We use the privacy-friendly analytics service Plausible Analytics (operated by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia). Plausible does not use cookies and does not process personal profiles.

The analysis is based on anonymised information, e.g. URLs of visited pages, referrers, browser and operating system used, as well as an approximate geographical assignment of the visit (e.g. country or city). This data does not allow any conclusion about individuals and serves exclusively for anonymous statistics to optimise our website.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in GDPR-compliant web analysis and the improvement of our website.

All processing takes place exclusively within the European Union. Further information can be found in Plausible's privacy policy: https://plausible.io/data-policy.

CloudFlare

To secure our website and optimise loading times, we use the CloudFlare service as a CDN (Content Delivery Network). This is a service provided by Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA, hereinafter "CloudFlare".

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure operation and optimisation of our website.

If you access our website, your requests are routed through CloudFlare’s servers. Statistical access data about the visit to our website is collected and a cookie is stored on your device via your Internet browser. Access data includes

  • Your IP address,
  • the page(s) of our website you access,
  • type and version of the Internet browser you use,
  • the operating system you use,
  • the website from which you accessed our website (referrer URL),
  • your time spent on our website and
  • the frequency with which you access our website.

CloudFlare uses this data for statistical evaluations of access as well as for security and optimisation of the service.

If you do not agree with this processing, you can prevent the installation of cookies via your browser settings. Details can be found above under "Cookies".

CloudFlare provides further information on data collection and use as well as your rights and privacy protection options at https://www.cloudflare.com/privacypolicy/.

Sample Privacy Policy by Law Firm Weiß & Partner