Privacy policy.

Responsible

Name/Company: Michael Meißler
Street No.: Maximilianstr. 30
ZIP, City, Country: 86150 Augsburg, Germany
Phone number: +49 (0)821-50871860
Email adress: info@style-crafters.com

Date: 03.11.2021

1. Basic information on data processing and legal bases

1.1. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offer and the websites, features, and content associated with it (hereinafter collectively referred to as "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online offer is executed.

1.2. Regarding the terms used in this privacy policy, such as "personal data" or its "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Specifically,

Personal data: all information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject: any identified or identifiable natural person whose personal data is processed by the controller.

Processing: any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.3. The personal data of users processed in the context of this online offer includes usage data (e.g., the websites of our online offer visited, interest in our services) as well as meta and communication data (device IDs, IP addresses, location data).

1.4. The term "user" encompasses all categories of persons affected by data processing. This includes our business partners, patients, interested parties, and other visitors to our online offer. The terms used, such as "patients", are gender-neutral.

1.5. We process users' personal data only in compliance with the relevant data protection provisions (General Data Protection Regulation (GDPR) and in accordance with the applicable country-specific data protection regulations. This means that users' data is only processed if there is a legal basis under Art. 6 GDPR, especially if:

the data subject has given consent to the processing of their personal data for one or more specific purposes (Art. 6 para. 1 lit. a and Art. 7 GDPR);

the processing is necessary for the performance of our contractual or pre-contractual services (e.g., processing of orders) as well as online services (Art. 6 para. 1 lit. b GDPR);

the processing is necessary for compliance with a legal obligation or is required by law (Art. 6 para. 1 lit. c GDPR);

the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 para. 1 lit. e GDPR);

or the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (i.e., interest in analyzing, optimizing, and operating our online offer in an economically viable manner, especially in terms of reach measurement, creation of profiles for advertising and marketing purposes, and collection of access data and use of third-party services) (Art. 6 para. 1 lit. f GDPR).

2. Security measures

2.1. We take organizational, contractual, and technical security measures according to the state of the art to ensure that the provisions of data protection laws are complied with and thus protect the data processed by us against accidental or intentional manipulation, loss, destruction, or against access by unauthorized persons.

2.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server (e.g., SSL via HTTPS).

3. Transmission of data to third parties and third-party providers

3.1. Data is only passed on to third parties within the framework of legal requirements. We only pass on users' data to third parties if, for example, it is necessary based on Art. 6 para. 1 lit. b) GDPR for contractual purposes or due to legitimate interests according to Art. 6 para. 1 lit. f. GDPR in the economical and effective operation of our business.

3.2. If we use subcontractors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data according to the relevant provisions.

3.3. If, within the scope of this privacy policy, content, tools, or other means are used by other providers (hereinafter referred to as "third-party providers") and their registered office is located in a third country, it can be assumed that data will be transferred to the countries of these third-party providers. The term "third country" refers to countries in which the GDPR is not directly applicable law. This includes, for example, the USA and other countries outside the EU.

4. Collection of Access Data and Log Files

4.1. Based on our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we collect data about every access to the server where this service is located (so-called server log files).

This includes, first and foremost, the access logs of the web server. The access data includes the name of the retrieved webpage, file, date and time of access, amount of data transferred, report on successful retrieval, browser type along with its version, the user's operating system, referrer URL (the previously visited page), anonymized IP addresses, and the requesting provider. Access logs are stored in an anonymized form, making it impossible to trace back to individual persons. To this end, the last three digits of the IP address are removed.

Secondly, we store the error logs of the web server to record faulty page accesses. Error logs are automatically deleted after seven days.

4.2. When using this log file data, we do not draw any conclusions about the individual in question. Instead, this information is needed to correctly deliver the content of our website, to optimize the content of our website and its advertising, to ensure the continuous functionality of our IT systems and the technology of our website, and to provide law enforcement agencies with the necessary information for prosecution in the event of a cyber attack. Thus, this anonymously collected data and information are evaluated by us both statistically and, furthermore, with the aim of increasing data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by an individual.

5. Cookies & Reach Measurement

5.1. Cookies are pieces of information transmitted by our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage. We use cookies only with the explicit consent of the user (Opt-in).

5.2. We use functional cookies to enable certain features of the website, such as saving personalized cookie settings. These cookies cannot store other data.

Name: Cookiesettings Purpose: Saving cookie settings Cookie Name: cookiesettings Duration: 10 days

5.3. Users are informed about the use of cookies for pseudonymous reach measurement within this privacy policy.

5.4. We only use cookies with the explicit consent of the user (Opt-in). Once the use of cookies has been agreed to, the affected person can object to the setting of cookies by our website at any time using the appropriate setting. You can find the relevant settings in the footer of the website under the "Cookie Settings" section. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the affected person deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

5.5. The affected person can prevent the setting of cookies by our website at any time by means of an appropriate setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers.

5.6. You can object to the use of cookies, which are used for reach measurement and advertising purposes, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

6. Integration of Third-party Services and Content

6.1. Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online service as per Art. 6 Para. 1 lit. f. GDPR), we incorporate content or service offers from third-party providers within our online service to integrate their content and services, such as videos or fonts (collectively referred to as "content"). This always requires that third-party providers of this content perceive the IP address of users since they cannot send the content to their browser without the IP address. The IP address is thus necessary for displaying this content. We endeavor to use only content whose respective providers use the IP address solely for delivering the content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through the "pixel tags," visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring web pages, visit time, and other information about the use of our online service, as well as being linked to such information from other sources.

6.2. The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in part, already mentioned, opt-out options:

6.3. Google Maps for Map Display
This website uses – upon your consent through opt-in – the Google Maps API, a map service from Mapbox Inc., to display an interactive map. By using Google Maps, information about your use of this website (including your IP address) can be transmitted to a server by Google in the USA and stored there. Google Maps is operated by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). By using Google Maps, data is transferred to Google and stored on Google servers.

6.4. Use of Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool with which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies, and does not conduct independent analyses. However, it only serves to manage and play out the tools integrated via it. However, Google Tag Manager does capture your IP address, which can also be transferred to Google's parent company in the United States. The use of Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on his website. If the appropriate consent has been requested, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) in the sense of the TTDSG. Consent can be revoked at any time.

6.5. Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter: Google). Google Analytics uses so-called "cookies", which are text files saved on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is typically transmitted to and stored on a server of Google in the USA. Due to the activation of IP anonymization on these websites, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The purpose of data processing is to evaluate the use of the website and compile reports on activities on the website. Based on the use of the website and the internet, further related services will then be provided. The processing is based on the legitimate interest of the website operator.

You can prevent the storage of cookies by selecting the appropriate settings on your browser software; however, we would like to point out that, in this case, you may not be able to use all the functions of this website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-on to deactivate Google Analytics.

Additionally, or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and this browser in the future, as long as the cookie remains installed in your browser.

7. Rights of the Data Subject

7.1. Every data subject has the right to request confirmation from the controller as to whether personal data concerning them is being processed.

7.2. Every data subject affected by the processing of personal data has the right, under the GDPR, to obtain at any time and free of charge from the controller information about their personal data stored and a copy of this information. This right of access includes: the purposes of processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially in third countries or international organizations; if possible, the planned duration for which the personal data will be stored, or if that is not possible, the criteria used to determine that duration; the existence of a right to correction or deletion of personal data concerning them, or to restrict processing by the controller, or a right to object to such processing; the existence of a right to complain to a supervisory authority; if the personal data is not collected from the data subject: all available information about the source of the data; the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject. Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

7.3. Any person affected by the processing of personal data has the right under the GDPR to request the immediate correction of incorrect personal data concerning them. Moreover, the data subject has the right, considering the purposes of the processing, to request the completion of incomplete personal data - including by means of a supplementary statement.

7.4. Every person affected by the processing of personal data has the right under the GDPR to request the controller to delete personal data concerning them immediately, provided that the personal data was collected or processed in other ways for purposes for which they are no longer necessary. Furthermore, the data subject has the right to revoke their consent, upon which the processing was based according to Article 6(1)(a) GDPR or Article 9(2)(b) GDPR, and there is no other legal basis for processing; the data subject objects to processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for processing; the data subject objects to processing in accordance with Article 21(2) GDPR; the personal data was processed unlawfully; the deletion of personal data is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject; and insofar as processing is not necessary.

If the personal data has been made public by us and our company is obliged to delete it in accordance with Article 17(1) GDPR, we will take reasonable measures, including technical ones, to inform other data controllers who process the published personal data, that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data, unless processing is necessary.

7.5. Any person affected by the processing of personal data has the right, under the GDPR, to request the controller to restrict processing if one of the following conditions applies: the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the deletion of the personal data and requests instead the restriction of its use; the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the assertion, exercise, or defense of legal claims; the data subject has objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the controller's legitimate reasons outweigh those of the data subject.

7.6. Every person affected by the processing of personal data has the right, under the GDPR, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided the processing is based on consent in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract in accordance with Article 6(1)(b) GDPR and processing is carried out using automated procedures, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising their right to data portability in accordance with Article 20(1) GDPR, the data subject has the right to have the personal data transferred directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

7.7. Every person affected by the processing of personal data has the right, under the GDPR, to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them, which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

We will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

7.8. Furthermore, the data subject has the right to revoke a consent at any time, generally with effect for the future.

8. Data Deletion

8.1. The data stored with us will be deleted as soon as they are no longer required for their intended purpose and no statutory retention obligations oppose their deletion. If the user's data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.

8.2. According to legal requirements, storage is carried out for 6 years in accordance with § 257 (1) HGB (commercial books, inventories, opening balances, annual financial statements, business letters, booking receipts, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, booking receipts, commercial and business letters, documents relevant for taxation, etc.).

9. Right to Object

Users can object to the future processing of their personal data in accordance with legal requirements at any time. The objection can be made, in particular, against processing for the purposes of direct advertising.

10. Changes to the Privacy Policy

10.1. We reserve the right to change the privacy policy in order to adapt it to changed legal situations or in case of changes to the service as well as data processing. However, this only applies with respect to statements on data processing. If user consent is required or if parts of the privacy policy contain provisions of the contractual relationship with the users, changes will only be made with the users' consent.

10.2. Users are asked to regularly inform themselves about the content of the privacy policy.

Objection to Advertising Emails The use of contact data published as part of the obligation to provide an imprint for the sending of unsolicited advertising and informational materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.