Maurice Croissier

Controller and responsible for data protection for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Maurice Croissier
Urbanstraße 67
10967 Berlin
Tel.: +49 (0)30 69515572
mail@maurice-croissier.de


As of May 2018


Data privacy statement at a glance


I appreciate your visit to my website and your interest in me and my work. The use of my internet pages is possible without any indication of personal data. If you contact me by e-mail, telephone or letter, the processing of your personal data shall always be confidential and in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to me. I will handle your specified contact details such as your name, address, email address, phone number and all other personal information carefully and will not pass them on to third parties without your explicit consent.

By means of this data protection declaration, I would like to inform you of the nature, scope, and purpose of the personal data I collect, use and process. Furthermore, you are informed, by means of this data protection declaration, of the rights to which you are entitled. I am giving you a short overview here, you'll find the details in the sections below.

When accessing this website, data is stored temporarily and anonymously for statistical purposes as log files on the server on which these pages are stored.

I do not use social media tools to like and share on my website nor do I use cookies. No mechanisms are used for automatic decision-making or profiling.

I take the protection of your personal data very seriously. Therefore I have implemented technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, you are free to transfer personal data to me via alternative means.


Basic information and legal basis for the data processing


I only process personal data of users in compliance with the relevant data protection regulations. This means that user data will only be processed if a legal permission has been obtained.

The term user covers all persons affected by data processing - business partners, interested parties and visitors to my website.

The purpose of the processing includes the provision of the functions and contents of this website, answering contact inquiries (vai email) and communication with users, security measures and statistical evaluations.

Point (a) of Art. 6(1) of the GDPR serves as the legal basis for processing operations for which I obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on point (b) of Article 6(1) of the GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning my products or services. Is my company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on point (c) of Art. 6(1) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured at my workplace and her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on point (d) of Art. 6(1) of the GDPR. Finally, processing operations could be based on Article point (f) of 6(1) of the GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by my company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

An overview of the terms used here, which are based on those in the GDPR, can be found further down on this page.


Performance of contractual services


I process inventory data (for example names, addresses and contact data of users, contract data, names of contact persons, payment information) for the purpose of fulfilling my contractual obligations pursuant to point (b) of Art. 6(1) of the GDPR.

I clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that you, as a data subject, provide me with personal data, which I must subsequently process. You would, for example, be obliged to provide me with personal data when I sign a contract with you. The non-provision of the personal data would have the consequence that the contract with you could not be concluded.


Contacting


When contacting me (e.g. by e-mail), the information provided by users for processing the contact enquiry and its handling will be processed in accordance with point (b) of Art. 6(1) of the GDPR.


Safety measures


I provide state-of-the-art technical organizational security measures to ensure compliance with data protection laws and to protect data processed by me from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

Security measures include the encrypted transfer of data between your browser and the server hosting my website. Furthermore, I secure stored data (inventory data and contact data of business partners, e-mail correspondence) by encryption, secure password management according to the state of the art and control of physical access to the storage media.


Hosting, collection of access data and log files


My website, respectively my hosting provider, collects on the basis of my legitimate interests in terms of point (f) of Art. 6(1) of the GDPR a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the log files on the server where this website is located.

Collected may be the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system reaches my website (so-called referrers), the sub-websites, the date and time of access to the Internet site, an Internet protocol address (IP address), the Internet service provider of the accessing system, and any other similar data and information that may be used in the event of attacks on my information technology systems.

When using these general data and information, I do not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of my website correctly, optimize the content of my website, ensure the long-term viability of my information technology systems and website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, I analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of the enterprise, and to ensure an optimal level of protection for the personal data I process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.


Disclosure of data to third parties


Data will only be passed on to third parties within the framework of legal requirements. I will only pass on user data to third parties on the basis of point (b) of Art. 6(1) of the GDPR for contractual purposes or on the basis of justified interests pursuant to point (f) of Art. 6(1) of the GDPR in economic and effective operation of my business.

If I use subcontractors to provide my services, I take appropriate legal precautions as well as technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

If content, tools or other means from other providers (hereinafter jointly referred to as "third party providers") are used within the scope of this data protection declaration and their named registered office is in a third country, it is to be assumed that data is transferred to the countries in which the third providers have their registered office. Third countries are countries in which GDPR is not directly applicable law, i.e. in principle countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if an appropriate level of data protection, user consent or other legal permission is available.


Integration of services and contents of third parties


I use external code of the JavaScript framework jQuery, provided by the third-party vendor jQuery Foundation.


Rights of users


Each data subject shall have certain rights granted by the European legislator which are listed below. In order to exercise these rights, the data subject may, at any time, contact the controller, i.e. me.

You, as a user, have the right to obtain from me the confirmation as to whether or not I process personal data concerning you (acc. to Art. 15 of the GDPR).

You, as a user, have the right to obtain from me free information about your stored personal data and a copy of this information (acc. to Art. 15 of the GDPR).

You, as a user, have the right to obtain from me without undue delay the rectification of inaccurate personal data concerning you, and possibly to have incomplete personal data completed (acc. to Art.16 of the GDPR).

You, as a user, have the right (acc. to Art. 17 of the GDPR) to obtain from me the erasure of personal data concerning you without undue delay as long as the processing is not necessary.

You, as a user, have the right (acc. to Art. 18 of the GDPR) to obtain from me restriction of processing.

You, as a user, have the right to data portability. You shall have the right (acc. to Art. 20 of the GDPR) to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from me.

You, as a user, have the right (acc. to Art. 21 of the GDPR) to object, at any time, to future processing of personal data concerning you. This also applies to profiling based on these provisions. The objection may be lodged in particular against processing for direct marketing purposes.

You, as a user, have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you.

You, as a user, have the right (acc. to Art. 7(3) of the GDPR) to withdraw your consent to processing of your personal data at any time.

You, as a user, have the right (acc. to Art. 77 of the GDPR) to file a complaint with a supervisory authority in the event of the assumption of unlawful data processing.


Routine erasure of personal data


I shall process and store personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which I am subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.


Changes to this privacy policy


I reserve the right to change the data protection declaration in order to adapt it to changed legal situations or changes in the service and data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are asked to inform themselves regularly about the contents of this privacy policy.


Definitions


My data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). It should be legible and understandable for you, as well as my customers and business partners. To ensure this, I would like to explain the foloowing terms used:

a) Personal data means any information relating to an identified or identifiable natural person (“data subject” or “you”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c) Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.



This Privacy Policy has been generated using the Privacy Policy Generator of the German Association for Data Protection that was developed in cooperation with RC GmbH, which sells used IT and the Privacy Lawyers from WILDE BEUGER SOLMECKE, Cologne.

References:
dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de
www.diegutewebsite.de
www.youngdata.de
www.e-recht24.de
www.disclaimer.de