data protection

Home / data protection

1) Information about the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Corinna Fleckenstein, Röderbergweg 61, 60314 Frankfurt, Deutschland, Tel.: 069 ???, E-Mail: hallo@fattonys.eu. The controller of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.B. orders or inquiries to the person responsible), this website uses an SSL or SSL. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website

When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

– Our visited website

– Date and time at the time of access

– Amount of data sent in bytes

– Source/reference from which you came to the site

– Browser used

– Operating system used

– IP address used (if necessary: in anonymous form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Cookies

In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

In some cases, the cookies are used to simplify the ordering process by storing settings (e.B. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we work with aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contact

When contacting us (e.B. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Use of Social Media: Videos

5.1 Use of Vimeo videos

Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA may be integrated into our website. When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to vimeo’s servers. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted directly from your browser to a Vimeo server in the USA and stored there.

If you are logged in to Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. If you interact with the plugins (such as .B pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there. The described data processing operations are carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Vimeo’s legitimate interest in market research and the needs-based design of the Vimeo service. If you do not want Vimeo to associate the data collected via our website directly with your Vimeo account, you must log out of Vimeo before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by Vimeo as well as your rights in this regard and setting options for the protection of your privacy can be found in Vimeo’s privacy policy: https://vimeo.com/privacy

Vimeo, Inc. based in the USA, it is certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

For videos from Vimeo that are integrated on our site, the tracking tool Google Analytics of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated. This is Vimeo’s own tracking to which we have no access and which cannot be influenced by our site. Google Analytics uses so-called “cookies” for tracking, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there, in which case it can also be transmitted to the servers of Google LLC. in the USA.

In the event of the transmission of personal data to Google LLC. based in the USA, Google LLC. certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

This processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Vimeo’s legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

5.2 Use of Youtube videos

This website uses the Youtube embedding function to display and play videos from the provider “Youtube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Here, the extended data protection mode is used, which, according to the provider, only initiates the storage of user information when the video(s) is played. If the playback of embedded Youtube videos is started, the provider “Youtube” uses cookies to collect information about user behavior. According to information from “Youtube”, these serve, among other things, to record video statistics, to improve user-friendliness and to prevent abusive actions. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google’s legitimate interests in the display of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. In the context of the use of Youtube, it may also lead to the transmission of personal data to the servers of Google LLC. in the USA. Regardless of the playback of the embedded videos, a connection to the Google network is established each time this website is accessed, which can trigger further data processing operations without our influence.

In the event of the transmission of personal data to Google LLC. based in the USA, Google LLC. certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy

6) Web analysis services

6.1 Google (Universal) Analytics

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server and stored there, and it can also be transmitted to the servers of Google LLC. in the USA.

This website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by shortening and excludes direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server LLC.in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): <a onclick=”alert(‘Google Analytics has been disabled’);” href=”javascript:gaOptout()” > Disable Google Analytics < /a>

In the event of the transmission of personal data to Google LLC. based in the USA, Google LLC. certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

Further information on Google (Universal) Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376

6.2 Jetpack (formerly WordPress.com-Stats)

This offer uses the web analysis service Jetpack (formerly WordPress.com-Stats), which is operated by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA, using the tracking technology of Quantcast Inc., 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA. With the help of Jetpack, pseudonymised visitor data is collected, evaluated and stored on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Jetpack uses so-called cookies, i.e. small text files that are stored locally in the cache of the website visitor’s Internet browser. These cookies serve, among other things, to recognize the browser and thus enable a more accurate determination of the statistical data. The data of the user’s IP address is also collected, but it is pseudonymized immediately after collection and before it is stored in order to exclude personal reference.

The information generated by the cookie about your use of this website (including the pseudonymised IP address) is transmitted to a server in the USA to safeguard the above-mentioned interests and stored there.

Automattic Inc. based in the USA, it is certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU.

In order to object to the collection and storage of your visitor data for the future, you can download an opt-out cookie from Quantcast under the following link, which means that no visitor data from your browser will be collected and stored by Jetpack in the future: https://www.quantcast.com/opt-out

The opt-out cookie is set by Quantcast.

7) Tools and Miscellaneous

7.1 – Google Web Fonts

This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the uniform presentation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google’s servers. This may also lead to a transmission of personal data to the servers of Google LLC. in the USA. In this way, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.

In the event of the transmission of personal data to Google LLC. based in the USA, Google LLC. certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

Further information on Google Web Fonts can be found under https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

7.2 Google reCAPTCHA

On this website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to distinguish whether an input is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in determining individual responsibility on the Internet and avoiding misuse and spam. As part of the use of Google reCAPTCHA, it may also lead to the transmission of personal data to the servers of Google LLC. in the USA.

In the event of the transmission of personal data to Google LLC. based in the USA, Google LLC. certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

8) Rights of the data subject

8.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

– Right to information pursuant to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to correction, Deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making, including profiling and, if applicable, meaningful information about the logic involved and the scope and envisaged effects of such processing concerning you, as well as your right to information, which guarantees exist in accordance with Article 46 GDPR for the transfer of your data to third countries;

– Right to rectification in accordance with Article 16 GDPR: You have the right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;

– Right to erasure in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 para. 1 GDPR. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

– Right to restriction of processing pursuant to Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data disputed by you is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data if you use your data for the purpose of asserting, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;

– Right to information pursuant to Article 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

– Right to data portability in accordance with Article 20 GDPR: you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, insofar as this is technically feasible;

– Right to revoke granted consent in accordance with Art. 7 para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the affected data immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;

– Right to lodge a complaint pursuant to Article 77 GDPR: If you believe that the processing of your personal data infringes the GDPR, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

8.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

9) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the purpose of the processing and – if relevant – additionally on the basis of the respective statutory retention period (e.B. commercial and tax retention periods).

When processing personal data on the basis of explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data will be stored until the data subject revokes his or her consent.

Are there statutory retention periods for data that are processed within the framework of legal or quasi-contractual obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, provided that they are no longer required for the fulfilment or initiation of the contract and/or that we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises his or her right of objection pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises his or her right of objection pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.