Juliane Byrenheid

(formerly Bergemann)

Classical Guitar

Privacy Policy

The following privacy policy serves to inform you about which kinds of your personal data (hereafter also briefly referred to as “data”) are processed for which purposes and to what extent. The privacy policy applies to all instances of processing of your personal data carried out by me, both in the context of providing my services and, in particular, on my website.

Terms used within the policy are not gender-specific.

As of: 27 October 2019

Controller

Juliane Byrenheid

Hohe Straße 70

01187 Dresden, Germany

Email address: info@julianebyrenheid.de

Legal notice: https://julianebyrenheid.de/impressum/

Terms and Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are borrowed from law and are defined primarily by article 4 of the GDPR. The legal definitions are binding. The following explanations, however, are mainly intended to aid in understanding the privacy policy. The terms are arranged in alphabetical order

  • Controller: “Controller” refers to the natural or legal person, public authority, agency, or other entity which alone or in concession with others determines the purposes and means of the processing of personal data.
  • Personal Data: “Personal data” refers to any information relating to an identified or identifiable natural person (hereafter referred to as “data subject”); an identifiable natural person is one who can be identified, either directly or indirectly, in particular by reference to an identifying quantity such as a name, an identification number, location data, an online identifier (e.g. a cookie), or one or more distinctive characteristics that reveal the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Processing: “Processing” refers to any operation or set of operations carried out upon personal data, either by automatic means or otherwise. The term is wide-ranging and covers virtually all processing of data, be it collection, analysis, storage, transmission, or deletion.

Overview on the Data Processes

The following overview summarises the kinds of data processed as well as the purposes of its processing and refers to the data subjects.

Kinds of Data Processed

  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. visited websites, interest in contents, access times).

Categories of Data Subjects

  • Users (e.g. website visitors, users of online services).

Purposes of Processing

  • Providing of online services and ease of use.

Security measures

SSL encryption (https): To protect the data you transmitted via my online offer, I use SSL encryption. You can identify such encrypted connections by the prefix “https://” in the address field of your browser.

Providing the Online Offer and Web Hosting

In order to provide my online offer securely and efficiently, I use the services of WebhostOne GmbH, from whose servers (or from servers managed by them) the online offer can be accessed. For these purposes I may utilize infrastructure and platform services, computing capacity, storage space, and database services as well as security and technical maintenance services.

The data processed within the scope of the hosting offer may include all data relating to the users of my online offer that is generated in the course of use and communication. This usually includes the IP address, which is necessary to deliver the contents of online offers to browsers.

Email Delivery and Hosting: The web hosting services utilized also include the transmission, reception, and storage of emails. For these purposes, the email addresses of recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of spam detection. Please note that emails sent over the internet are generally not encrypted. As a general rule, emails are encrypted during transit, but (unless a so-called end-to-end encryption method is used) not on the servers that send or receive them. Therefore, no responsibility can be assumed for the email’s transit route between the sender and the reception on our server.

Collection of Access Data and Log Files: I (or our web-hosting provider) will collect data on every server access (so-called server-log files). Server-log files may include the address and name of the web pages and files accessed, date and time of access, transferred data volumes, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider.

The server-log files may be used for security purposes, e.g. to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks) as well as to ensure the utilization of the servers and their stability.

  • Kinds of Data Processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses)
  • Data Subjects: Users (e.g. website visitors, users of online services)
  • Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR)

Plugins and Embedded Functions and Contents

Into my online offer I integrate functional and content elements that are retrieved from the servers of their respective providers (hereafter referred to as “third-party providers”). These may for instance be images, videos, or social-media interfaces and contributions (hereafter uniformly referred to as “content”).

The implementation always requires that the third-party providers of this content process the users’ IP address, as without the IP address the content could not be sent to their browsers. The IP address is thus required to display these contents or functions. I make every effort to utilize only such content, whose respective providers use the IP address solely for the purpose of delivering the content. Moreover, third-party providers may use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. By means of these “pixel tags”, information such as visitor traffic on the pages of this website can be analysed. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring web pages, access time, and other details about the use of our online offer and may also be connected to such information from other sources.

Notes on legal bases: If I ask users for their consent for the use of third-party providers, the legal basis for the processing of data is their consent. In all other cases, the users’ data will be processed on the basis of my legitimate interests (i.e. interest in efficient, economic and user-friendly services). To this end, I would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Kinds of Data Processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses)
  • Data Subjects: Users (e.g. website visitors, users of online services)
  • Legal Basis: Consent (Art. 6(1)(a) GDPR), Performance of a Contract and Pre-contractual Inquiries (Art. 6(1)(b) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR)

Implemented Services and Service Providers:

Deletion of Data

The data processed by me will be deleted in accordance with the legal requirements as soon as the consent granted for processing is revoked or other permissions cease to apply (e.g. if the purpose for processing this data ceases to apply or if it is not necessary for the purpose).

If the data is not deleted, because it is required for other and legally permissible purposes, its processing is limited to these particular purposes. This means that the data is locked and will not be processed for other purposes. This applies, for instance, to data that must be retained for reasons of commercial or tax law, or whose preservation is necessary for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person.

Further information on the deletion of personal data may also be given in the individual data protection notes of this privacy policy.

Rights of the Data Subjects

As data subjects, you are entitled to various rights under the GDPR, which in particular arise from articles 15 through 18 and 21 GDPR:

  • Right to Appeal: You have the right to appeal at any time, for reasons arising from your particular situation, against the processing of your personal data on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these regulations. If your personal data is processed for the purpose of direct marketing, you have the right to appeal at any time against the processing of your personal data for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing.
  • Right to Revocation of Consent: You have the right to revoke any consent given at any time.
  • Right to Information: You have the right to obtain confirmation as to whether the data in question is being processed and to be given access to such data and to receive further information and copies of the data in accordance with the law.
  • Right to Rectification: In accordance with the law, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.
  • Right to Deletion and Restriction of Processing: In accordance with the law, you have the right to request that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with the law.
  • Right to Data Transferability: In accordance with the law, you have the right to receive data concerning you that you have provided to us in a structured, common, and machine-readable format or to request that it be transferred to another responsible party.
  • Complaint to a Supervisory Authority: In accordance with the law, you further have the right to appeal to a supervisory authority, specifically in the member state of your habitual residence, your workplace, or the location of the presumed infringement, if you consider the processing of personal data concerning you to be in violation of the GDPR.

Relevant Legal Bases

Hereafter, I will inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which I process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence and seat.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Performance of a Contract and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) – The processing is necessary for the performance of a contract of which the data subject is a party or for the purposes of carrying out pre-contractual actions taken at the request of the data subject.
  • Legitimate Interests (Art. 6 (1)(f) GDPR) – The processing is necessary to protect the legitimate interests of the controller or of a third party, insofar as the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This in particular includes the law on protection against the misuse of personal data in data processing (Bundesdatenschutzgesetz—BDSG). The BDSG specifically contains special regulations on the right of information, the right of deletion, the right of appeal, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision making in individual cases, including profiling. Furthermore, it regulates the processing of data for purposes of the employment relationship (§ 26 BDSG), with particular regard to the establishment, implementation, or termination of employment relationships as well as the consent of employees. Moreover, federal state data protection laws of the individual federal states may apply.