Privacy Policy

German Version

1. data protection
Of course, I will treat your data confidentially and in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (new) (BDSG).

In order to ensure an adequate level of protection, I have taken appropriate technical and organizational measures, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Mega, right?

1.1 Responsible for data collection/processing:
That would be me:
Christopher Lorenz
Taunusstrasse 62
35510 Butzbach, Germany

Definitions

2. Definitions
Let’s take a look at how the GDPR and the German Federal Data Protection Act define the following terms:

2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter „data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The data subject agrees to the processing of the personal data concerned.

2.3 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

2.4 Processor
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.5 Recipient
The recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. 2Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

2.6 Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

2.7 Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data collection

3. Data collection when accessing the website

3.1 Cookies
This website sets the technically necessary session cookie – it is somehow necessary for you to be able to access the website. The cookie is a small text file that is exchanged between my website and your browser. It ends up on your computer and contains the session ID. When you close your browser, the cookie disappears again. Since no other (permanent or third-party) cookies are set, I can spare you and myself the cookie notice on the homepage.

3.2 Server log files
When you access my website, my host’s server systems collect the data listed below. The collection of this data is technically necessary to display the site to you and to ensure stability and security.

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Operating system of the user
  • Language and version of the browser

Your IP address is 100% anonymized in the server log files and replaced by 127.0.0.1. Strong! This data is not merged with other data sources. The purpose of this collection is the provision and correct display of my website in your browser. In addition, this data is used to optimize and secure the systems. An evaluation of this data (marketing etc.) does not take place. The legal basis for the processing is my legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing you with an optimized website and enabling communication between my server system and your end device.

3.3 E-mail contact
When you contact me by e-mail, the personal data collected (name, e-mail address, etc.) will be stored and processed for the purpose of processing your request.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on my legitimate interest in the processing (Art. 6 para. 1 lit. f GDPR).
I delete the requests when they are no longer necessary. I review the necessity at the end of each year – i.e. once a year. In the case of legal archiving obligations, the deletion takes place after their expiry. Commercial law retention obligation 10 years. Tax retention obligations 6 years.

3.4 Analysis tools
I do not use any analysis tools on this site.

4. Rights

Rights of data subjects under the GDPR.
Under the European General Data Protection Regulation, you have the right to free information about your stored personal data, its origin and recipients and the purpose of data processing and, if applicable, a right to rectification, blocking or erasure of this data at any time.

4.1 Right to information of the data subject (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data is being processed. If this is the case, you have the right to the following information:

  • Purposes of processing.
  • Categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the existence of the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the data subject, any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in Article 22 (GDPR)(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

4.2 Right to rectification (Art. 16 GDPR)
You – as the data subject – have the right to obtain from me the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

4.3 Right to erasure (Art. 17 GDPR)
You have the right to obtain from me the erasure of your personal data without undue delay and I am also obliged to erase your personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2).
  • The personal data have been processed unlawfully.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

4.5 Right to data portability (Art. 20 GDPR)
You also have the right to receive your personal data that you have provided to me in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from me to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.

Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) (e or f). This also applies to profiling based on these provisions. I will no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Note: For inquiries of this kind, please contact hallo[at]poffer.de. Please note that for such requests I must ensure that you are actually the data subject.

5. (A)Social media

I would like to share my work with you and the world on various social media platforms. However, these providers have their own definitions of data protection and often do not comply with the GDPR. I have no influence on the processing of personal data on the respective platforms. These platform operators usually store cookies on your computer and use your data for market research and advertising purposes and also evaluate your usage and surfing behavior. This data processing may also affect users who are not registered with the respective platform. Some of these platform operators are based outside the European Union, which may make it more difficult to enforce your rights.
The processing of your personal data when you visit one of my dusty social media offerings is based on my legitimate interest in a diverse external presentation of my work and an effective means of providing information and communicating with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR. You may also have given your consent to data processing to a platform operator, in which case your legal basis is Art. 6 para. 1 lit. a GDPR. Art. 1 lit. a GDPR is the legal basis.

6. Cloud

6. Nextcloud
I use the self-managed cloud storage service Nextcloud for the transmission and provision of data (image and sound material, graphics, print data, etc.).

6.1 Processing of data When using Nextcloud, data is processed. The data is processed for the following purposes:

  • Administration of user rights and roles.
  • Technical provision of the service.
  • Security and functionality.

Your personal data is generally processed on the basis of your voluntary consent (Art. 6 (1a) GDPR). No data is stored in the cloud without your consent.

6.2 Provision of the service and creation of log files The following types of data are required for the provision and use of Nextcloud or result from its use:

  • User data (e.g. login name, password, role).
  • User-generated content and communication data (e.g. graphics, image and sound material).
  • Technical usage data (e.g. generated files, versions, error messages).
  • Automatically managed log data (IP address, date and time of the request, content of the request, access status/HTTP status code, amount of data transferred, website from which the request originated, user’s operating system, language and version of the browser software).

6.3 Cookies (Nextcloud)
Cookies are only used for the secure and simplified use of the website. No third-party cookies are set.

6.4 Duration of data storage
Your data is stored for as long as necessary. Backup files from Nextcloud are deleted after 6 months, log files are stored for 14 days and then automatically deleted. This does not apply to data for which longer retention periods are required by law. As a user of the cloud, you have the option of deleting your data yourself at any time.