Privacy Policy


1. Data protection


Of course, I treat your data confidentially and in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-neu).

To ensure an adequate level of protection, I have taken appropriate technical and organizational measures, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. Nice!

1.1 Responsible for data collection/processing:

That would be me:

Christopher Lorenz 

Vogt-Kölln-Straße 45

22527 Hamburg

E-mail: hello[at]christopherlorenz.net

OpenPGP: link to open.pgp.org

Definition

2. Definition
At this point, let’s take a look at how the General Data Protection Regulation defines the following terms:

2.1 Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter „data subject“). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Processing
Processing shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.3 Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

2.4 Processor

Processor a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

2.5 Recipient
Recipient describes a natural or legal person, public authority, agency or other body to whom Personal Data are disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection legislation pursuant to the purposes of the processing.

2.6 Third party
A third party is a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

2.7 Consent
Consent is any indication of the data subject’s wishes given voluntarily for the specific case, in an informed manner and unambiguously, in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Collection

3. Data collection when calling up the website

3.1 Cookies
This site sets the technically necessary (transient) session cookie – it is just somehow necessary so that you can call the site. The cookie is a small text file that is exchanged between my site and your browser. It lands on your computer and contains the session ID. As soon as you close your browser, the cookie is gone. Since no other (peristent or third party) cookies are set, I can spare you and myself the cookie hint on the homepage.

3.2 Server-Logfiles
When you access my website, the server systems of our hoster collect the following data, which is technically necessary to display our websites to you and to ensure stability and security.

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Operating system of the user
  • Language and version of the browser software


Your IP address is 100% anonymized in the server log files and replaced by 127.0.0.1. Strong! This data is not merged with other data sources. The purpose of this collection is the provision and correct display of my website in your browser. Furthermore, this data is used to optimize and ensure the security of the systems. An evaluation of this data (marketing etc.) does not take place. The legal basis for the processing is my legitimate interest (Art. 6 para. 1 lit. f GDPR) to provide you with an optimized website and to enable communication between my server system and your terminal device.

3.3 E-mail contact
When contacting me via e-mail, all resulting personal data (name, e-mail address, etc.) will be stored and processed for the purpose of processing.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on my legitimate interest of processing (Art. 6 para. 1 lit. f GDPR).
I delete the requests if they are no longer necessary. I review the necessity all at the end of the year – so once a year. In the case of legal archiving obligations, the deletion takes place after their expiry. Retention obligation under commercial law 10 years. Tax law retention obligations 6 years.

3.4 Analysis tool
I do not use any analysis tools on this website.

Rights

4. Data subject rights according to GDPR
Within the framework of the European Data Protection Regulation, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. The GDPR regulates rights as follows:

4.1 Right of access by the data subjec (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data is being processed. If this is the case, you have the right to the following information:

  • the purposes of processing;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing;
  • The existence of a right of appeal to a supervisory authority;
    if the personal data are not collected from the data subject, any available information on the origin of the data;
  • The existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.


4.2 Right to rectification (Art. 16 GDPR)

You – as the data subject – have the right to demand that I correct any inaccurate personal data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

4.3 Right to erasure (Art. 17 GDPR)
You – as the data subject – have the right to request that I delete personal data in question without delay and, furthermore, I am obliged to delete your personal data without delay if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject withdraws the consent on which the processing was based pursuant to Article 6 (1) (a) or Article 9 (2) (a) and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2).
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
    The personal data have been collected in relation to information society services offered in accordance with Article 8 (1).


4.4 Right to restriction of processing (Art. 18 GDPR)


As a data subject, you may request from me the restriction of processing if one of the following conditions is met:

  • the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
  • the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defense of legal claims; or
  • the data subject has objected to the processing pursuant to Article 21 (1), as long as it is not yet established whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted in accordance with paragraph 1, such personal data may be processed, apart from being stored, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.


4.5 Right to data portability (Art. 20 GDPR)


You also have the right to receive your personal data that you have provided to me in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from me to whom the personal data has been provided, provided that the processing is based on consent or on a contract and the processing is carried out with the help of automated processes.

4.6 Right to object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data concerned which is carried out on the basis of Article 6 (1) (e or f). This also applies to profiling based on these provisions. I will not further process your personal data, unless I can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of your interests/grounds, or for the establishment, exercise or defense of legal claims.
If personal data are processed for the purposes of direct marketing, you have the right to object at any time to processing of your personal data for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

4.7 Right to complain to a supervisory authority
Any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes this regulation.

Comment:
For requests of this kind please contact me. Please note that for such requests I have to make sure that you are actually the person concerned.

Social Media

5. (A)Social media
On different social media platforms I would like to share my work with you and the world. However, these providers have their own data protection views. I have no influence on the processing of personal data of the respective platforms. These platform operators usually store cookies in your browser and use your data for market research and advertising purposes and also evaluate your usage and surfing behavior. This data processing may also affect users who are not registered with the respective platform. Some of these platform operators are located outside the European Union, which may make it more difficult to enforce your rights.

The processing of your personal data when visiting one of my great social media offers is based on my legitimate interest in a diverse external presentation of my work and an effective information option as well as communication with you. The legal basis for this is Article 6 para. 1 lit. f GDPR. Under certain circumstances, you may also have given a platform operator consent to data processing, in which case Article 6 para. 1 lit. a GDPR is your legal basis.

Cloud

6. Nextcloud
For the transmission and provision of data (image and sound material, graphics, print data, etc.) I use the self-managed cloud storage service Nextcloud.

6.1 Processing of data
When using Nextcloud, data is processed. In the process, the data is processed for the following purposes:

  • Administration of rights and roles of users
  • Technical provision of the service
  • Security and functionality

The processing of your personal data is usually based on your voluntary consent (Art. 6 para. 1a GDPR). No data will be stored in the cloud without your consent.

6.2 Provision of the service and creation of log files
The following types of data are required for the provision and use of Nextcloud or arise from its use:

  • User data (e.g. login name, password, role).
  • User-generated content and communication data (e.g., graphics, image and sound material)
  • Technical usage data (e.g. files generated, versions, error messages)
  • Automatically managed log data (IP address, date and time of the request, content of the request, access status/HTTP status code, respectively transmitted, amount of data, website from which the request comes, user’s operating system, language and version of the browser software)

6.3 Cookies (Nextcloud)
Only cookies are used for safe and simplified use of the website. There are no third party cookies here.

6.4 Duration of data storage
Your data will be stored as long as necessary. This is the case, for example, when using Nextcloud, or as long as consent to the processing of your data has not been objected to. Backup files of Nextcloud are deleted after 6 months, log files are kept for 14 days and then automatically deleted. Data for which applicable legal provisions stipulate longer retention periods is excepted.

As a user of the cloud, you have the option to delete your data yourself at any time.