c/o von der haardt GmbH
Reinickendorfer Str. 17
13347 Berlin, Germany
+49 30 2843 42 00
I. Introduction and definitions
2.1 Personal data
"Personal data" is any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data where the identity is not immediately obvious, but can be determined by combining one's own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, your date of birth or user name, your IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
A "processing" is understood by Art. 4 No. 2 GDPR as any operation involving to personal data. This applies in particular to the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
II. Data controller and data protection officer
Responsible for data processing is:
Name: Federico Albanese ("me")
Address: c/o von der haardt GmbH, Reinickendorfer Str. 17, 13347 Berlin
Telephone: +49 30 2843 42 00
4. DATA PROTECTION OFFICER
I am not obliged to appoint a data protection officer for my business and artistic activities - such as this website. For questions and concerns about data protection, you can contact me using the aforementioned contact details.
III. Scope of processing
5. SCOPE OF PROCESSING: WEBSITE
Regarding the website, I process the personal data of you listed in detail below in section IV. I only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when when visiting my website.
Your data will be processed exclusively by me and will not be sold, lent or passed on to third parties. If I use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which I, as the client, am authorised to issue instructions to my contractors. For the operation of my website, I use external service providers for hosting, as well as for maintenance, care and further development. I host my website with the external provider One.com (One.com Group AB, Carlsgatan 3, 211 20 Malmö, Sweden) in the data centre location in Denmark. If further external service providers are used for individual processing operations listed in section IV, they will be named there.
As a matter of principle, I do not transfer data to third countries and I do not plan to do so. I will provide information about exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.
IV. The processing operations in detail
6. CONTACT FORM AND CONTACT BY E-MAIL
6.1 Description of processing
For contacting me, I have provided a contact form on my website. In this form, you are asked to enter your e-mail address, your name and a message to me. When you click the "Send" button, the data will be transferred to me using SSL encryption (see section 14). The contact form can only be transferred if you confirm that you have taken note of these data protection provisions by clicking on the corresponding checkbox. You can also contact me via the e-mail addresses provided on the website. In this case, the personal data transferred with the e-mail will be processed by me.
By providing a contact form on my website, I would like to offer you a convenient way to contact me. The data transferred with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
6.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 6.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 para. 1 lit. b DSGVO).
6.4 Storage period
The data will be deleted by me as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when the circumstances indicate that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention period.
7.1 Description of the processing
I send out a newsletter at irregular intervals. The newsletter informs you about news, offers and publications from me. You will only receive my newsletter if you actively subscribe to my mailing list. To subscribe to the newsletter, you only need to enter your e-mail address. All other details (such as your first name and surname) are voluntary and are used solely to personalise the e-mails. We use the so-called double opt-in procedure to carry out and verify newsletter registrations. Registration takes place in several steps. First, you register for the newsletter on my website. You will then receive an e-mail from me at the e-mail address you provided. In this e-mail, I ask you to confirm that you have actually registered for the newsletter and wish to receive it. Confirmation takes place by clicking on a confirmation link in the e-mail. Only after a successful confirmation will I include you in my newsletter distribution list and send you future e-mails. As part of the double opt-in process, I save the date, time and your IP addresses both during registration and confirmation.
The processing takes place in order to offer the newsletter function and to be able to send newsletter emails to subscribers. The collection and storage of date, time and IP addresses when subscribing to the newsletter serves to document consent given and to protect against the misuse of email addresses.
7.3 Legal basis
The processing takes place on the basis of consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can access the declaration of consent on my website at any time at https://www.federicoalbanese.com/mailing-list. Your consent is voluntary. The collection and storage of date, time and IP addresses during newsletter registration is necessary to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 7.2.
7.4 Storage period and withdrawal of consent
If you do not confirm your subscription to my newsletter within 24 hours of receiving the corresponding registration email, your data will be automatically deleted. I process your personal data for the duration of your newsletter subscription. You can cancel your subscription to my newsletter at any time by withdrawing your consent. A simple declaration is sufficient (by e-mail to firstname.lastname@example.org or by post to Federico Albanese, c/o von der haardt GmbH, Reinickendorfer Str. 17, 13347 Berlin). It is also possible to unsubscribe from the newsletter by clicking on the unsubscribe link in every newsletter e-mail or here https://4121024f.sibforms.com/serve/MUIEAJjjnwN4-JBzCEMwbsMUXyOAMJ6AlcFqmKppaSvcYRyCKOyUJcZv9kfb2jukYGG3wTuHeVZJoprAWWZjm7l-9hf9aMaOtDsnFwsUDwCMTWYoKj-zw4TgWlSFI2DJrViO_by96ZoRP8vZQF4dKXjRWl0ffmxZv3a_Otf7ic0SZI6OY1gOJpvQRIQxtco829s_qwmiLfhAO9dv. With the withdrawal of your consent, you will no longer be sent newsletters and your personal data will be removed from my active distribution list.
7.5 Recipients and transfer to third countries
I use the services of the newsletter provider Sendinblue (formerly Newsletter2Go) to manage my newsletter distribution list and to send the emails. This is done within the framework of order processing. Sendinblue is a service provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Further information on data protection at Sendinblue can be found at https://de.sendinblue.com/datenschutz-uebersicht/.
8. SOCIAL NETWORKS
8.1 Description of the processing
My website does not use so-called social media plugins. The logos or designations of Facebook, Twitter, YouTube and Instagram displayed on my website are merely linked to my corresponding profiles on the social networks. A data transfer to the social networks does not take place with the integration of the logos or linking. If you click on one of the logos, you will only be redirected to the external website of the respective social network.
However, my profiles within the social networks constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with my profile, e.g. comment on a post, "share", "like", "retweet" or similar, this information will also be stored in your user account. As a rule, your interactions with my profile can also be viewed by me.
On the social networks Facebook and Instagram, I have the possibility to receive statistical data about the use of my Facebook page or my Instagram profile via the so-called "Insights" function. These statistics are provided by Facebook and Instagram. The "Insights" function cannot be disabled. I cannot decide to turn this feature on or off. It is available to all Facebook fan page operators and all Instagram business account operators, regardless of whether they use the Insights function or not.
I am provided with the following data via Facebook Insights for a selectable period of time in anonymised form with regard to fans, subscribers, people reached and people interacting: Total page views, likes including origin, page activity, post interactions, reach, post reach (broken down into organic, viral and paid interactions), comments, shared content, replies and demographic analysis, i.e. country of origin, gender and age. In the Insights statistics, it is not possible for me to identify subscribers and fans of my page and view their profiles.
Furthermore, the Instagram insights provide me with anonymised data about the development and reach of my Instagram profile and the posts, stories and videos I post there. In the Instagram insights, I also receive statistical information about the place of origin, gender and age of the subscribers to my Instagram profile.
The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. Cookies are usually used for this purpose, which the social network stores on your end device. You have the right to object to the creation of these user profiles, for the exercise of which you must contact the social networks directly.
I maintain profiles on the aforementioned social networks for the purpose of public relations and communication with customers, fans and interested parties. I use the "Insights" function of Facebook and Instagram to evaluate the reach of my posts on the social network and to make them more appealing to my visitors in the future.
8.3 Legal basis
The legal basis for data processing in the context of my profiles on social networks is the protection of my overriding legitimate interests (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 8.2. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a DSGVO. The data processing with regard to my Facebook page and my Instagram page is also based on joint responsibility pursuant to Art. 26 DSGVO.
8.4 Recipients and transfer to third countries
The respective social networks are operated by the companies listed below. For further information on data protection with regard to my profile on the social networks, please refer to the linked data protection provisions.
The social networks also process your personal data in the USA.
9.1 Description of the processing
My website uses services from "YouTube" a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as "YouTube"). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. I use YouTube by posting individual videos on the platform and linking to them on my website. On my website, I only embed a still image from the video (so-called "still"), which is stored on YouTube's servers and from there is embedded on my website. This results in a data transmission to Google. By integrating a still from a Youtube video, it is transferred to Google which sub-page you have visited and from which video the still originates. Your IP address may also be transferred to Google. If you are logged in as a YouTube or Google user, Google will associate this information with your user account. Google stores your data as user profiles and uses them for advertising purposes, market research and/or to tailor Google's websites to your needs. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly. Further information on data protection at Google can be found at www.google.com/intl/de-DE/policies/privacy/.
The processing takes place in order to be able to link Youtube videos on my website in an appealing way.
9.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 9.2.
9.4 Recipients and transfer to third countries
By integrating still images from YouTube videos, personal data may be transferred to YouTube LLC or Google. Google also processes your personal data in the USA.
10.1 Description of the processing
My website uses services from "Vimeo" a video platform operated by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as "Vimeo"). I use Vimeo by posting individual videos on the platform and linking to them on my website. On my website, I only embed a still image from the video (so-called "still"), which is stored on Vimeo's servers and from there is embedded on my website. This results in a data transmission to Vimeo. By embedding a still image from a Vimeo video, it is transferred to Vimeo which sub-page you have visited and from which video the still image originates. Your IP address may also be transferred to Vimeo. If you are logged in as a Vimeo user, Vimeo assigns this data to your user account. Further information on data protection at Vimeo can be found at http://vimeo.com/privacy.
The processing is done in order to be able to link Vimeo videos on my website in an appealing way.
10.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 10.2.
10.4 Recipients and transfer to third countries
By integrating still images from Vimeo videos, personal data may be transferred to Vimeo LCC. Vimeo also processes data in the USA.
11.1 Description of the processing
My website uses services from "Vevo" a video platform operated by Vevo Germany GmbH, Rosenthaler Str. 51, 10178 Berlin, Germany as the responsible party (hereinafter referred to as "Vevo"). I use Vevo by posting individual videos on the platform and linking to them on my website. On my website, I only embed a still image from the video (so-called "Still"), which is stored on Vevo's servers and from there is embedded on my website. This results in a data transmission to Vevo. By embedding a still image from a Vevo video, it is transferred to Vevo which sub-page you have visited and from which video the still image originates. Your IP address may also be transferred to Vevo. If you are logged in as a Vevo user, Vevo will assign this data to your user account. Further information on data protection at Vevo can be found at http://hq.vevo.com/privacy-policy/.
The processing is done in order to be able to link Vevo videos on my website in an appealing way.
11.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 11.2.
11.4 Recipients and transfer to third countries
By integrating still images from Vevo videos, personal data may be transferred to Vevo. Vevo also processes your personal data in the USA, where applicable through the group company Vevo LLC, 4 Times Square, 25th Floor, New York, New York 10036, USA.
12. CONTENT DELIVERY NETWORK (CDN)
12.1 Description of the processing
12.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 12.2.
12.4 Recipients and transfer to third countries
13. GOOGLE WEBFONTS
13.1 Description of the processing
My website uses "Google Webfonts", a font substitution service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"). With Google Webfonts, the standard fonts of your end device are replaced by fonts from Google's catalogue when displaying my website. If your browser disables the integration of Google Web Fonts, the text of my website will be displayed in the standard fonts of your end device. The Google fonts are loaded directly from a Google server. For this to happen, your browser sends a request to a Google server. This may also transfer your IP address in connection with the address of my website to Google. However, Google Webfonts does not store any cookies on your terminal device. According to Google, data processed as part of the Google Webfonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be related to the use of other Google services such as the search engine of the same name or Gmail. Further information on data protection at Google Webfonts can be found at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google can be found at https://policies.google.com/privacy?hl=de-DE.
The processing is done in order to show you the text of my website in a more readable and aesthetically pleasing way.
13.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). My legitimate interest lies in the purpose named in section 13.2.
13.4 Recipients and transfer to third countries
Through the use of Google Web Fonts, personal data may be transferred to Google. Google also processes your personal data in the USA.
V. Security measures
14. Security measures
To protect your personal data from unauthorised access, I have provided my website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognise active SSL or TLS encryption by a small lock logo that is displayed on the far left of the browser's address bar.
VI. Your rights
15. Data subjects' rights
With regard to the data processing described above, you have the following data subject rights:
15.1 Right of access (Art. 15 DSGVO)
You have the right to request confirmation from me as to whether I am processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
15.2 Rectification (Art. 16 DSGVO)
You have the right to obtain from me without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed, including by means of providing a supplementary statement.
15.3 Erasure (Art. 17 DSGVO)
You have the right to obtain from me the erasure of your personal data without undue delay, and I shall have the obligation to erase your personal data without undue delay where one of the grounds under Art. 17 of the GDPR applies (e.g. if your data is no longer required for the purpose for which I was using it).
15.4 Restriction of processing (Art. 18 DSGVO)
You have the right to demand that I restrict the processing of your personal data, provided that one of the criteria specified under Art. 18 of the GDPR is met (e.g. if you dispute the accuracy of your personal data, its processing will be restricted for the period necessary for me to check its accuracy).
15.5 Data portability (Art. 20 DSGVO)
Subject to the criteria specified under Art. 20 of the GDPR, you have the right to be given your data in a structured, commonly used and machine-readable format.
15.6 Withdrawal of consent (Art. 7 (3) DSGVO)
You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have future effect but no retrospective affect).
15.7 Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data is in breach of the GDPR, you can complain to a supervisory authority. You can submit your complaint to a supervisory authority in the EU member state where you are habitually resident or work, or where the alleged breach took place.
15.8 Restraint on automated decision-making/profiling (Art. 22 DSGVO)
Decisions that have legal consequences for you or that could have a significant detrimental affect on you must not be based solely on the automated processing of personal data, including profiling. I do not apply any such processing or profiling to your personal data.
15.9 Right of objection (Art. 21 DSGVO)
Where I process your personal data on the basis of Art. 6 Par. 1f of the GDPR in pursuit of our overriding legitimate interests, you have the right subject to Art. 21 of the GDPR to object, provided your objection is based on grounds relating to your specific situation. Once you have objected, I will no longer process your personal data unless I demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Regardless of the aforementioned restrictions, and regardless of whether any special circumstances apply, you have the right to object at any time to the processing of your personal data for direct marketing purposes.
Status: April 2021