Privacy Notice
1. Data Protection at a Glance
1. Data Collection on This Website
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section "Note on the responsible party".
2. How Is Your Data Collected?
Your data is collected in part by you providing it to me. This may include data you enter into a contact form, for example. Other data is automatically collected by IT systems when you visit the website or after you give consent. This mainly concerns technical data (e.g., internet browser, operating system, or the time of the page view). This data is collected automatically as soon as you enter the website.
3. Why Do I Use Your Data?
Some of the data is collected to ensure the proper functioning of the website. Other data may be used for analyzing your user behavior.
4. What Rights Do You Have Regarding Your Data?
You have the right to receive information free of charge about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have consented to data processing, you can withdraw this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request the restriction of processing your personal data. You also have the right to lodge a complaint with the competent supervisory authority. You can contact me at any time for more information on data protection or any other questions regarding the subject.
5. Analysis Tools and Third-Party Tools
Your browsing behavior may be statistically evaluated when you visit this website. This is mainly done using analysis programs. Detailed information about these analysis programs can be found in the following sections.
2. Hosting
1. All-Inkl
I host my website at All-Inkl. The provider is ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter referred to as All-Inkl). For details, please refer to the All-Inkl privacy policy: All-Inkl Privacy Information. The use of All-Inkl is based on Art. 6 para. 1 lit. f GDPR. I have a legitimate interest in a reliable presentation of my website. If consent has been requested, processing will only take place based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as consent relates to the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as defined in the TTDSG. Consent can be withdrawn at any time.
2. Contract Processing
I have entered into a contract for processing (AVV) with the above-mentioned provider. This is a legally required contract that ensures that the provider processes the personal data of my website visitors only in accordance with my instructions and in compliance with the GDPR.
3. General Information and Mandatory Information
1. Data Protection
The operator of these pages takes the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. These notes explain which data I collect and how I use it. They also explain how and for what purpose this occurs. I point out that data transmission over the Internet (e.g., when communicating via email) may have security vulnerabilities. A complete protection of data from third-party access is not possible.
2. Information on the Responsible Party
The responsible party for data processing on this website is:
Michael Köllner
Ferdinand-Kopf-Str. 5
79117 Freiburg
Germany
Phone: +49 761 48924318
E-mail: info@touched-to-be.de
The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
3. Retention Period
Unless a more specific retention period is stated in this privacy policy, your personal data will remain with me until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or withdraw consent for data processing, your data will be deleted unless I have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after these reasons no longer apply.
4. General Information on the Legal Basis for Data Processing on This Website
If you have consented to data processing, I process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed as defined in Art. 9 para. 1 GDPR. If you have given explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing will also take place based on § 25 para. 1 TTDSG. Consent can be withdrawn at any time. If your data is necessary for the performance of a contract or to take steps prior to entering into a contract, I process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, I process your data if this is necessary for compliance with a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also take place based on my legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The specific legal basis for data processing is provided in the following sections.
5. Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can withdraw consent that you have already given at any time. The legality of data processing carried out until the withdrawal remains unaffected by the withdrawal.
6. Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)
If data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your specific situation. This also applies to profiling based on these provisions. The relevant legal basis for processing is provided in this privacy policy. If you object, I will no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (objection under Art. 21 para. 1 GDPR). If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes. This applies also to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21 para. 2 GDPR).
7. Competent Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR). In Baden-Württemberg, the responsible authority is:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)
Lautenschlagerstraße 20, 70173 Stuttgart
Phone: +49 711 615541-0
Web: baden-wuerttemberg.datenschutz.de
An overview of the supervisory authorities in Germany can be found at the BfDI: List of Data Protection Authorities.
8. Right to Data Portability
You have the right to request that data which I process automatically based on your consent or to fulfill a contract be provided to you or to a third party in a structured, commonly used, and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place if technically feasible.
9. Access, Deletion, and Rectification
You have the right to request information free of charge about your stored personal data, its origin, recipients, the purpose of data processing, and, if applicable, the right to rectification or deletion of this data. You can contact me at any time for more information about personal data.
10. Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact me at any time for this purpose. The right to restrict processing applies in the following cases: If you dispute the accuracy of your personal data stored by me, I usually need time to verify this. During this review, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data was unlawful, you can request the restriction of data processing instead of deletion. If I no longer need your personal data but you need it to assert, exercise, or defend legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion. If you have filed an objection under Art. 21 para. 1 GDPR, a balance must be struck between your interests and mine. While it is not clear whose interests outweigh the other, you have the right to request the restriction of processing your personal data. If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another person or for reasons of important public interest of the European Union or a member state.
11. SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to me as the site operator. A secure connection can be recognized by the fact that the browser’s address bar changes from "http://" to "https://" and by the lock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to me cannot be read by third parties.
12. Automated Decision Making
Automated decision-making, including profiling, as defined in Art. 22 GDPR, does not take place.
4. Data Collection on This Website
1. Cookies
My websites use so-called "cookies". Cookies are small text files and do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them yourself or they are deleted automatically by your web browser. In some cases, third-party cookies may also be stored on your device when you visit my site (third-party cookies). These allow me or you to use specific services from the third-party provider (e.g., cookies for payment services).
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them. Other cookies are used to evaluate user behavior or display advertisements. Cookies that are necessary for conducting electronic communication, providing certain desired features, or optimizing the website are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. I have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of my services. If consent has been requested for the storage of cookies and similar recognition technologies, processing is carried out solely on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be withdrawn at any time.
You can set your browser to inform you about the use of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. If cookies from third-party companies or for analysis purposes are used, I will inform you separately in this privacy policy and may request your consent.
2. Server Log Files
The provider of the pages collects and stores automatically information in so-called server log files, which your browser automatically transmits to me. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
A merger of these data with other data sources is not made. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. I have a legitimate interest in the technically error-free presentation and optimization of my website – to achieve this, the server log files must be collected.
3. Contact Form
If you send inquiries via the contact form, your information from the inquiry form, including the contact details you provide there, will be stored with me for the purpose of processing the request and in case of follow-up questions. These data will not be passed on without your consent. The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or necessary for taking pre-contractual measures. In all other cases, the processing is based on my legitimate interest in the effective handling of inquiries directed to me (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if requested; consent can be withdrawn at any time. The data you enter in the contact form remains with me until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., after processing your inquiry). Mandatory statutory provisions – especially retention periods – remain unaffected.
4. Calendly Integration (Appointment Booking)
If you choose an appointment through the online booking on my site, you use the service Calendly (Provider: Calendly LLC, 115 E Main St, Ste A1B, Buford, GA 30518, USA). Calendly processes the data you enter (e.g., name, email address, phone number, appointment requests) to enable the booking. With this integration, your IP address and technical information (e.g., browser, operating system) may be transmitted to Calendly servers in the USA. Data transfer to the USA takes place based on the EU Commission's Standard Contractual Clauses (SCC). Legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment). If you do not wish to use the embedding, you can alternatively contact me by phone or email. More information: Calendly Privacy.
Purposes: Appointment booking and appointment management.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract/preliminary negotiations) for booking data; non-essential technologies for loading the embedded widget are only used after consent is given
(Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG), which can be given directly in the embedded Calendly banner.
Recipient/Third-country transfer: Calendly LLC (USA). The transfer is based on the EU Standard Contractual Clauses (SCC). If and to the extent certification under the EU-US Data Privacy Framework is available, the transfer can also be based on that.
Retention period: Booking data will be stored until the appointment is processed and according to legal retention obligations. Technical logs of the widget will be deleted by Calendly according to their guidelines (see Calendly privacy notices).
Alternative: If you do not wish to load the embedding, you can also arrange appointments by phone or email.
5. CDNs and Fonts (Bootstrap, jQuery, Font Awesome, Google)
To present my website reliably and attractively, I use Content Delivery Networks (CDNs). These load stylesheets and libraries (Bootstrap, jQuery, Font Awesome) from external servers (e.g., NetDNA/StackPath and Google). When you visit my pages, your IP address is transmitted to these providers. It cannot be ruled out that processing may occur on servers outside the EU (e.g., in the USA). The use of these CDNs is in my legitimate interest for the fast and stable provision of my website (Art. 6 para. 1 lit. f GDPR). If you do not wish this, you can use browser add-ons such as “NoScript” or “uBlock”. However, the page may not be displayed fully in that case.
Further information:
Bootstrap CDN: Privacy Policy
Google Hosted Libraries: Google Privacy
Font Awesome: Font Awesome Privacy
6. E-Mail Communication (Posteo)
If you write to me via email, your information is stored with the provider Posteo e.K., Berlin. Posteo processes personal data (e.g., sender address, content) exclusively according to the strict German data protection laws and encrypts both transmission and storage. Legal basis is Art. 6 para. 1 lit. b GDPR (communication within the scope of an inquiry or contract). I have a contract for data processing with Posteo. More information: Posteo Privacy Information
7. Inquiry by Email, Phone, or Fax
If you contact me by email, phone, or fax, your inquiry, including all personal data arising from it (name, request), will be stored and processed by me for the purpose of processing your request. This data will not be passed on without your consent. The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or necessary for taking pre-contractual measures. In all other cases, the processing is based on my legitimate interest in the effective handling of inquiries directed to me (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if requested; consent can be withdrawn at any time. The data you send to me via contact requests remains with me until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., after processing your inquiry). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.