With this Privacy Policy, I aim to inform you about how I process your personal data in accordance with the European General Data Protection Regulation (GDPR). This policy applies to all processing of personal data carried out by me, both on my website and on external online presences, such as my social media profiles (hereinafter collectively referred to as the “Online Offering”). The following privacy terms apply exclusively to the websites under the domain https://www.valops.de.
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations is:
Sascha Köhn
Pfälzerstraße 1a
83109 Großkarolinenfeld
Telephone: +49 151-70 81 77 81
Email: info@valops.de
This Privacy Policy is based on the terminology used in the General Data Protection Regulation (GDPR). To make things clearer, I would like to explain some key terms in this context:
All information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying.
A natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not regarded as recipients.
A natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
When you use my website for purely informational purposes without transmitting data to me in any other way (e.g., through registration or using the contact form), I collect technically necessary data via server log files that are automatically transmitted to my server. These include: Date and time of access; ip address; hostname of the accessing computer; website from which the website was accessed; websites accessed via the website; page visited on my website; amount of data transferred; information about the browser type and version used; operating system; access status (e.g., whether the website was successfully accessed or an error occurred); use of website functions; access frequency of individual pages; amount of data transferred; other websites visited from this website, either by clicking a link or by directly entering the domain in the address bar within the same browser window.
The temporary storage of this data is necessary to display my website to you, ensure the functionality of the website, and maintain the security of my IT systems. The legal basis for this processing is Art. 6 (1) sentence 1 lit. f GDPR, to guarantee the provision, security, and stability of my website.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For the provision of the website, this is the case when the respective session has ended. Log files are stored for a maximum of 24 hours and are accessible exclusively to administrators. After this period, they are only indirectly available through the reconstruction of backup tapes and are permanently deleted after a maximum of four weeks.
To provide my online offering, I use the services of Webflow Inc., 398 11th St Ste 2, San Francisco, CA 94103, which relies on the services of the server provider Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 (web host). In this process, personal data is transmitted to the United States. The European Commission has issued an adequacy decision under Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the U.S. that are appropriately certified are permitted. Both Webflow Inc. and Amazon Web Services Inc. are certified under the EU-U.S. Data Privacy Framework.
When you visit my website or a subpage for the first time and cookies are used, a “cookie banner” will be displayed. This banner provides detailed information about the cookies I use, including their name, provider, purpose, and storage duration.
Through the cookie banner, I inform you about the specific cookies I use and give you the option to decide whether you consent to the use of non-essential cookies. The following data is processed in this context: usage data (e.g., visited websites, access times); meta and communication data (e.g., ip address).
The legal basis for using the cookie banner is Art. 6 (1) sentence 1 lit. f GDPR. My legitimate interest lies in using the cookie banner to obtain the legally required consent for the use of non-essential cookies and to fulfill my information obligations regarding cookies.
The cookie banner saves your preferences until you adjust them again or reset them.
I use Google Analytics to analyze the usage of my website and to optimize both the website and my marketing efforts. Google Analytics is provided by Google and processes the data on my behalf. Google has contractually committed to ensuring the security and confidentiality of the data.
During your visit to the website, the following data is collected, among others: pages visited, achievement of “website goals” (e.g., contact inquiries); your behavior on the pages (e.g., time spent, clicks, scroll behavior); your approximate location (country and city); your IP address (in a shortened form, making precise identification impossible); technical information such as browser, internet provider, device type, and screen resolution; the source of your visit (i.e., the website or advertisement that directed you to my site).
Personal data such as your name, address, or contact details are not transmitted to Google Analytics.
Google Analytics stores cookies in your web browser for two years from your last visit. These cookies contain a randomly generated user ID to recognize you on future visits to the website.
The collected data is stored along with the randomly generated user ID to create pseudonymous user profiles. These user data are automatically deleted after 14 months. Other data remain stored in aggregated form indefinitely.
If you want to prevent Google Analytics from collecting your data, you can install the browser add-on to disable Google Analytics or decline cookies via my cookie settings dialog.
Personal data is also transferred to the United States. The European Commission has issued an adequacy decision under Article 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to U.S.-based organizations that are appropriately certified are permitted. Google is certified under the EU-U.S. Data Privacy Framework.
I use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface, enabling precise integration of services on my website.
Google Tag Manager allows me to flexibly integrate additional services to analyze user access on my website.
The use of Google Tag Manager is based on my legitimate interests, specifically the interest in optimizing my services, in accordance with Art. 6 (1) lit. f GDPR.
The specific storage duration of the processed data is beyond my control and is determined by Google Ireland Limited. For more information, please refer to the privacy policy for Google Tag Manager: Google Privacy Policy.
Personal data may also be transferred to the United States. The European Commission has issued an adequacy decision under Article 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to U.S.-based organizations that are appropriately certified are permitted. Google is certified under the EU-U.S. Data Privacy Framework.
On my website, I use Google Fonts to display external fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The legal basis for the use of Google Fonts is your consent in accordance with Art. 6 (1) lit. a GDPR.
To enable the display of certain fonts on my website, a connection to a Google server is established when accessing my website. This allows Google to determine which website your request originated from and to which IP address the font display should be delivered. For more information, please refer to Google’s privacy policy: Google Privacy Policy.
Personal data may also be transferred to the United States. The European Commission has issued an adequacy decision under Article 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to U.S.-based organizations that are appropriately certified are permitted. Google is certified under the EU-U.S. Data Privacy Framework.
I maintain publicly accessible profiles on various social networks. By visiting these platforms, a variety of data processing activities are carried out by the operators of the respective social network. This occurs even if you do not have a profile on the respective platform. The specific data processing activities and their scope vary depending on the operator of the social network and are not always fully transparent to me. For details on the collection and storage of your personal data, as well as the type, scope, and purpose of its use by the respective social network operator, please refer to their privacy policies.
As part of my processing of personal data, it may happen that this data is transmitted to other recipients or disclosed to them. Recipients of this personal data may include, for example, service providers tasked with IT-related tasks or providers of services and content integrated into my website. In such cases, I adhere to legal requirements and, in particular, conclude appropriate contracts or agreements to ensure the protection of your personal data.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to direct marketing. If you object, I will no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
The personal data I process will be deleted in accordance with legal requirements as soon as the consent granted for processing is revoked or other permissions cease to apply (e.g., if the purpose of processing the personal data no longer exists or the data is no longer necessary for that purpose). If the personal data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the personal data will be blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for commercial or tax law reasons or data whose storage is necessary for asserting, exercising, or defending legal claims or for protecting the rights of another natural or legal person.
My privacy policy also includes additional information regarding the retention and deletion of personal data, which take precedence for the respective processing activities.
This site includes an integration of the liability seal provided by Exali AG. The graphical element of the seal is loaded from the servers of Exali AG. Due to the technical structure of the internet, your IP address is processed to transmit the graphic to your browser.
If you click on this seal or any hyperlinks in the accompanying text, you will leave our site and be redirected to the servers of Exali AG.
For more information, please refer to the Exali privacy policy.
The legal basis for data processing is Art. 6 (1) lit. f GDPR (legitimate interest).
The data processing serves the purpose of providing proof of the legally required mandatory information on professional liability insurance pursuant to § 2 (1) No. 11 DL-InfoV in a visually appealing manner.
My legitimate interest in data processing arises from the purpose of providing an appealing online offering and fulfilling my information obligations in a visually appealing manner.
As a data subject, you have various rights under the GDPR, particularly those outlined in Articles 15 to 21 GDPR. If you wish to exercise any of your rights, please contact me using the contact details provided above.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this includes profiling to the extent it is related to direct marketing. If you object, I will no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
You have the right to request confirmation as to whether personal data concerning you is being processed. Additionally, you have the right to access this personal data and to obtain further information and a copy of the personal data in accordance with legal requirements.
You have the right, in accordance with legal requirements, to request the completion of your personal data or the rectification of inaccurate personal data concerning you.
You have the right to request that I delete personal data concerning you without undue delay if one of the legally stipulated reasons applies and insofar as processing or storage is not necessary.
You have the right to request that I restrict the processing of your personal data if one of the legal conditions is met.
You have the right to receive the personal data concerning you that you have provided to me, in a structured, commonly used, and machine-readable format, or to request the transfer of this data to another controller, in accordance with legal requirements.
You have the right to withdraw your consent at any time.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.
I update the privacy policy whenever changes to the data processing activities I perform make this necessary. I will inform you if such changes require any action on your part (e.g., consent) or any other individual notification.
If I further develop my website and its offerings or if legal or regulatory requirements change, it may be necessary to adjust this privacy policy. You can access the current version of the privacy policy here at any time.
Last updated: June 2024