top of page

Privacy Policy

What does it means?

With our privacy policy, we aim to clarify the types of personal data (hereafter referred to as "data") we collect, the purposes for which we process them, and the extent to which we do so. This statement pertains to all handling of personal data by us, encompassing the provision of services, our websites, mobile applications, and external online platforms like social media profiles (collectively referred to as "online services").

Our terminology is gender-neutral.

Last Updated: May 5th, 2024.

Controller

CLEMENCE DE LAFOSSE

GLOGAUER STRASSE 9

10999 BERLIN

GERMANY

Authorised Representative: Clémence de Lafosse

Email address: info@clemencedelafosse.com

Phone: +491794353259

Legal notice: https://www.clemencedelafosse.com

Summary of processing activities

The table below outlines the categories of data handled, the reasons for processing them, and the individuals whose data is involved.

Types of Processed Data

Processed Data Categories:

- Inventory information
- Payment details
- Contact information
- Content records
- Contractual data
- Usage statistics
- Metadata/communication logs
- Image and/or video footage

Data Subject Categories:

- Clients
- Staff
- Potential clients
- Communication counterparts
- Users
- Business and contractual associates

Processing Objectives

Processing Purposes:

- Delivering contractual services and customer assistance.
- Handling contact inquiries and communication.
- Implementing security protocols.
- Conducting direct marketing efforts.
- Analyzing web traffic.
- Targeted advertising.
- Managing office and organizational workflows.
- Monitoring conversion rates.
- Addressing and managing inquiries.
- Collecting feedback.
- Marketing initiatives.
- Creating user profiles.
- Providing online services and enhancing usability.
- Maintaining information technology infrastructure.

Legal Basis for Data Processing

Legal Basis for Data Processing:

- Consent (Article 6(1)(a) GDPR): Data subjects have consented to the processing of their personal data for specific purposes.
- Contractual Performance and Pre-contractual Requests (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract.
- Compliance with Legal Obligations (Article 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the data controller is subject.
- Legitimate Interests (Article 6(1)(f) GDPR): Processing is necessary for the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the rights and freedoms of the data subject.

Additionally, alongside the General Data Protection Regulation (GDPR), national data protection regulations are applicable, particularly in Germany. These include the Federal Data Protection Act (BDSG), which covers provisions related to access rights, erasure rights, objection rights, processing of special categories of personal data, processing for alternate purposes, transmission of data, automated decision-making (including profiling), and data processing in the context of employment relationships. Moreover, data protection laws of individual federal states may also apply.

Security Measures

We implement suitable technical and organizational measures to comply with legal obligations, considering technological advancements, implementation costs, and the nature of data processing. These measures aim to ensure an appropriate level of security, considering the potential risks to individuals' rights and freedoms.

Our security measures include:

  • Safeguarding data confidentiality, integrity, and availability through control of physical and electronic access, as well as data input, transmission, storage, and separation.

  • Implementation of procedures to uphold data subjects' rights, facilitate data erasure, and swiftly address data threats.

  • Considering data protection during the development or selection of hardware, software, and service providers, adhering to privacy by design and default principles.

  • Utilization of SSL encryption (https) to enhance the security of data transmitted through our online services. Encrypted connections are identifiable by the "https://" prefix in the browser's address bar.

Transmission of Personal Data

During our processing of personal data, it is possible that such data may be transferred to other entities, organizations, or individuals, or disclosed to them. Recipients of this data may include service providers responsible for IT tasks or providers of services and content integrated into a website. In such instances, we adhere to legal requirements, ensuring that appropriate contracts or agreements are established with data recipients to safeguard your data.

Data Processing in Third Countries

If we engage in data processing activities in a third country (outside the European Union (EU) or the European Economic Area (EEA)), or if data processing occurs in the context of utilizing third-party services, or if data is disclosed or transferred to other entities, organizations, or individuals, we ensure compliance with legal requirements.

Unless expressly consented to or mandated by contract or law, data processing in third countries is conducted only in jurisdictions with recognized levels of data protection. This is supported by special safeguards, such as contractual obligations established through standard protection clauses issued by the EU Commission, certifications, or internal data protection regulations. (Refer to GDPR Articles 44 to 49 for detailed provisions; for further information, visit the EU Commission's information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

.

Data Erasure

We adhere to statutory regulations regarding the erasure of processed data. Data will be promptly erased when processing is revoked or when other permissions are no longer applicable (e.g., if the purpose of processing no longer exists or if the data is no longer required for such purpose). If data cannot be deleted due to being necessary for other legally permissible purposes, its processing is restricted to these purposes. This means that data will be retained but restricted from processing for other purposes. This scenario typically applies to data required for commercial or tax-related purposes or for the assertion, exercise, or defense of legal claims, or to safeguard the rights of another individual or legal entity.

In our data processing information, we may provide users with additional details regarding the deletion and retention of data specific to each processing operation.

Cookie Usage

Cookies, which are small text files or data records, are utilized to store and retrieve information on end devices. They serve various purposes, such as maintaining login status in user accounts, retaining contents of shopping carts in e-commerce platforms, recording accessed content, and enhancing the functionality, security, and user experience of online services, including visitor flow analysis.

Consent Information: We adhere to legal requirements concerning cookie usage. Therefore, we obtain prior consent from users, unless it is legally exempt. Consent is unnecessary if storing and retrieving information, including cookies, is strictly essential to provide an explicitly requested information society service. Revocable consent is clearly communicated to users and contains details regarding cookie usage.

Legal Basis: The legal basis for processing users' personal data through cookies depends on consent. If consent is given, data processing is based on the user's declared consent. Otherwise, processing is conducted based on our legitimate interests (e.g., in operating our online services and enhancing usability) or to fulfill contractual obligations.

Retention Period: Cookies are categorized into temporary and permanent types. Temporary cookies are deleted when users close their browsers or mobile applications. Permanent cookies remain stored, allowing retention of login status or preferred content display. Unless explicitly stated otherwise, users should assume cookies are permanent, with storage durations of up to two years.

Revocation and Objection: Users can revoke consent and object to processing as per legal requirements outlined in Article 21 of the GDPR. Objection can also be made via browser settings, though this may limit online service functionality. For online marketing purposes, objection can be made through websites like https://optout.aboutads.info and https://www.youronlinechoices.com/.

Further Information on Processing: Cookie data processing is based on consent. We utilize a cookie management solution to obtain, manage, and revoke user consent. Consent declarations are stored to fulfill legal obligations and may be stored server-side or through cookies. Pseudonymous user identifiers are created and stored, along with consent details, browser information, and device data.

Service Provider: Cookiefirst, Cookie-Consent Manager; Provider: Digital Data Solutions B.V., Amsterdam, The Netherlands; Website: https://cookiefirst.com/; Privacy Policy: https://cookiefirst.com/legal/privacy-policy/; Stored Data: User IP address, date/time of consent, user agent, referral URL, anonymous encrypted key value, consent status. A vérifier

Business services

We handle data of our contractual and business partners, including customers and interested parties, within the scope of contractual and legal relationships, as well as associated communications and actions, either pre-contractually or to address inquiries.

This data processing serves to fulfill contractual obligations, such as providing agreed services, addressing warranty issues, and managing administrative tasks related to our obligations and company organization. Additionally, we process data to safeguard our rights and for proper business management and security measures to protect our partners and operations.

The data processed includes inventory data (e.g., names, addresses), payment data (e.g., bank details), contact data (e.g., email addresses), contract data (e.g., contract terms), usage data (e.g., website visits), and meta/communication data (e.g., IP addresses).

Customers, prospective customers, and business partners are the primary data subjects.

The processing purposes encompass providing contractual services, ensuring security, handling contact inquiries, managing organizational tasks, and responding to inquiries.

Legal bases for processing include the performance of a contract, compliance with legal obligations, and legitimate interests.

Regarding data retention, we delete data after the statutory warranty period, typically four years, unless longer retention is required by law.

For online shop and e-commerce activities, we process customer data to enable product selection, purchase, payment, and delivery. We may use third-party service providers for delivery and payment processing.

Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

For further details on processing methods, procedures, and services used, users are referred to the terms and conditions and privacy policies of relevant third-party providers or platforms.

Provision of Online Services and Web Hosting

To ensure the secure and efficient provision of our online services, we engage the services of one or more web hosting providers, whose servers or managed servers enable access to our online platforms. This involves utilizing infrastructure and platform services, computing resources, storage, database services, as well as security and technical maintenance services.

Data processed within the scope of hosting services may include user-related information collected during usage and communication of our online services. This typically includes IP addresses, necessary for delivering online content to browsers, and user interactions within our platforms or from external websites.

  • Processed Data Types:

  1. Content data (e.g., text, images, videos)

  2. Usage data (e.g., website visits, content engagement, access times)

  3. Meta/communication data (e.g., device details, IP addresses)

  • Data Subjects: Users, including website visitors and users of online services.

  • Processing Purposes:

  1. Provision of online services and enhancing usability

  2. Management of information technology infrastructure (operation and provision of IT systems and technical devices)

  • Legal Basis: Legitimate Interests (Article 6(1)(f) GDPR)

Additional Information on Processing:

  • Access Data and Log Files Collection:

Access data to the server, including server log files, are collected by us or our web hosting provider upon each server access.

Server log files may contain details such as accessed web pages and files, date and time of access, data transfer volumes, browser type, operating system, referrer URL, and IP addresses.

Log files serve security purposes, such as preventing server overload (e.g., DDoS attacks) and ensuring server stability and optimal load balancing.

Legal Basis: Legitimate Interests (Article 6(1)(f) GDPR)

Retention Period: Log file information is typically stored for a maximum of 30 days and then either deleted or anonymized. Data necessary for evidential purposes are retained until the respective incident is resolved.

Blogs and Publishing Platforms

We utilize blogs or similar online communication and publishing platforms (referred to as "publication medium"). Reader data is processed solely for purposes related to the publication medium, necessary for its presentation, communication between authors and readers, or for security measures. Additional information regarding visitor data processing within our publication medium is available in this privacy policy.

  • Processed Data Types:

  1. Inventory data (e.g., names, addresses)

  2. Contact data (e.g., email addresses, phone numbers)

  3. Content data (e.g., text, images, videos)

  4. Usage data (e.g., website interactions, content interests, access times)

  5. Meta/communication data (e.g., device details, IP addresses)

  • Data Subjects: Users, including website visitors and users of online services.

  • Processing Purposes:

  1. Provision of contractual services and customer support

  2. Feedback collection (e.g., via online forms)

  3. Provision of online services and enhancing usability

  4. Security measures

  5. Managing and responding to inquiries

  • Legal Basis: Legitimate Interests (Article 6(1)(f) GDPR)

Additional Information on Processing Methods:

  • Comment Subscriptions:

When users leave comments or contributions, their IP addresses may be stored based on our legitimate interests, particularly for security reasons if illegal content (e.g., insults, prohibited political propaganda) is posted.

We reserve the right to process user data for spam detection purposes based on our legitimate interests.

Similarly, for surveys, we may store user IP addresses for the survey duration and use cookies to prevent multiple votes.

Personal information provided in comments or contributions, including contact and website details, as well as content information, is retained by us until the user objects.

Legal Basis: Legitimate Interests (Article 6(1)(f) GDPR)

Contact and Inquiry Management

When individuals reach out to us (e.g., via contact form, email, telephone, or social media) or within existing user and business relationships, their information is processed to address contact inquiries and any requested actions.

We respond to contact inquiries and manage contact and inquiry data within contractual or pre-contractual relationships to fulfill our contractual obligations or address (pre)contractual inquiries. Additionally, we process this data based on legitimate interests in responding to inquiries and maintaining user or business relationships.

  • Processed Data Types:

  1. Contact data (e.g., email addresses, phone numbers)

  2. Content data (e.g., text, images, videos)

  3. Usage data (e.g., website interactions, content interests, access times)

  4. Meta/communication data (e.g., device details, IP addresses)

  • Data Subjects: Communication partners, including recipients of emails and letters.

  • Processing Purposes:

  1. Provision of contractual services and customer support

  2. Handling contact requests and communication

  3. Managing and responding to inquiries

  4. Collecting feedback via online forms

  5. Provision of online services and enhancing usability

  • Legal Basis: Performance of a contract and prior requests (Article 6(1)(b) GDPR); Legitimate Interests (Article 6(1)(f) GDPR)

Additional Information on Processing Methods:

  • Contact Form:

When users contact us through our contact form, email, or other communication channels, we process the provided data to address the communicated request.

Personal data is processed within pre-contractual and contractual business relationships as necessary for their fulfillment, and based on legitimate interests, as well as legal archiving requirements.

Legal Basis: Performance of a contract and prior requests (Article 6(1)(b) GDPR), Legitimate Interests (Article 6(1)(f) GDPR)

Communication via Messenger

We utilize messenger services for communication and request your attention to the following information regarding their functionality, encryption, metadata usage, and objection options.

Alternatively, you can contact us via other means such as telephone or email, using the provided contact options within our online services.

Regarding encryption of content, we ensure that communication content, including message content and attachments, is encrypted end-to-end, making it inaccessible even to the messenger service providers themselves. We recommend using a current version of the messenger service with activated encryption to guarantee message content encryption.

While messenger service providers cannot access message content, they may gather information about when communication partners interact with us and process technical data from the communication partner's device, including metadata and potentially location information.

  • Legal Basis Information:

When seeking permission before communication via messenger services, the legal basis of our data processing is based on consent from communication partners. If consent is not sought and communication is initiated voluntarily by the user, we use messenger services in dealing with contractual partners as a contractual measure or as part of contract initiation, and for other interested parties and communication partners based on legitimate interests in efficient communication.
Contact data provided to us is not transmitted to messenger service providers without consent.

  • Withdrawal, Objection, and Deletion:

Communication partners can withdraw consent or object to communication via messenger services at any time.
Messages are deleted following our general data retention policy, typically after the end of contractual relationships, archiving requirements, etc., and when it's assumed that any provided information has been addressed.
We reserve the right not to respond to messenger service inquiries for safety reasons, especially if contractual matters require confidentiality or if formal requirements are not met.

 

  • Processed Data Types:

  1. Contact data (e.g., email addresses, phone numbers)

  2. Usage data (e.g., website visits, content interests, access times)

  3. Meta/communication data (e.g., device information, IP addresses)

 

  • Data Subjects: Communication partners, including recipients of emails and letters.

 

  • Processing Purposes:

  1. Contact requests and communication

  2. Direct marketing (e.g., via email or postal)

 

  • Legal Basis: Consent (Article 6(1)(a) GDPR); Legitimate Interests (Article 6(1)(f) GDPR)

Cloud Services

We utilize Internet-accessible software services, known as "cloud services" or "Software as a Service," hosted on provider servers for various purposes such as document storage, calendar management, email delivery, spreadsheets and presentations, document exchange, and participation in chats, audio, and video conferences.

Personal data may be processed and stored on the provider's servers as part of communication processes with us or other activities outlined in this privacy policy. This may include master data, contact information, details of processes, contracts, and other relevant information. Cloud service providers also process usage data and metadata for security and service optimization.

When using cloud services to share documents and content or access publicly available websites and forms, providers may store cookies on users' devices for web analysis or to remember user settings.

  • Processed Data Types:

  1. Inventory data (e.g., names, addresses)

  2. Contact data (e.g., email, telephone numbers)

  3. Content data (e.g., text, images, videos)

  4. Usage data (e.g., website visits, access times)

  5. Meta/communication data (e.g., device information, IP addresses)

  6. Images and/or video recordings

 

  • Data Subjects:

  1. Customers

  2. Employees (e.g., applicants, staff)

  3. Prospective customers

  4. Communication partners (e.g., recipients of emails)

  5. Users (e.g., website visitors)

 

  • Purposes of Processing:

  1. Office and organizational procedures

  2. Information technology infrastructure

  3. Provision of contractual services and customer support

  4. Provision of online services and usability

 

  • Legal Basis:

  1. Performance of a contract and prior requests (Article 6(1)(b) GDPR)

  2. Legitimate Interests (Article 6(1)(f) GDPR)


Further information on processing methods, procedures, and services used:

  1. Adobe Creative Cloud: Applications and cloud storage for creative purposes.

  2. Apple iCloud: Cloud storage service provided by Apple Inc.

  3. Google Cloud Storage: Storage and application services by Google.

  4. Google Workspace: Cloud-based productivity tools by Google.

  5. Microsoft Cloud Services: Cloud storage and application software by Microsoft.

  6. one.com: Cloud infrastructure services provided by One.com Group AB.

  7. dropbox.com: Cloud infrastructure services provided by Dropbox, Inc.

bottom of page