Privacy policy

General information

Responsible for data processing on this website is:

Lena Sonecki Raumberatung
Lena Sonecki
Nagelsweg 24
20097 Hamburg, Germany

E-Mail: hello@soneckidesign.com

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Data acquisition and processing

When you visit our website, information about the access (date, time, page accessed) may be stored. This data is not personal data, but is anonymized.

 

General information on data processing

1) Scope of the processing of personal data

We collect and use our users' personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2) Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3) Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

 

Provision of the website, hosting and log files

This website is hosted by GoDaddy, a provider of hosting services. When you visit our website, the server automatically saves information in so-called server log files, which your browser automatically transmits. These are

• Website visited
• Time at the time of access
• Amount of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used

The server log files are automatically deleted after 90 days at the latest. The data is stored for security reasons, e.g. to be able to clarify cases of misuse. If data has to be retained for reasons of proof, it is excluded from deletion until the incident has been finally clarified.

Processing of data by GoDaddy

GoDaddy collects, stores and processes data within the scope of its contractual obligations and in accordance with the applicable data protection laws. GoDaddy has implemented extensive technical and organizational security measures to protect your data from loss, manipulation or unauthorized access.

We have concluded an order processing contract (AV contract) with GoDaddy, in which GoDaddy undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.

Further information on data collection and data processing by GoDaddy can be found in GoDaddy's privacy policy.

 

Use of cookies

1) Description and scope of data processing

Our website uses cookies. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

2) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR, unless another specific legal basis is specified.

3) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

We need cookies for the following applications:

• Transfer of language settings
• Remembering search terms
• Frequency of page views
• Use of website functions
• User behavior Google Analytics
• Information from Google Adwords
• Google Conversion Tracking
• Google Retargeting

The user data collected by technically necessary cookies is not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

4) Duration of storage, objection and removal options

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

 

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1) Right to information

You have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you can receive information about this personal data and certain other information (e.g. processing purpose, categories of personal data, categories of recipients, planned storage period) as well as a copy of your data.

2) Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.

3) Right to restriction of processing

Under certain circumstances, you have the right to request that we restrict the processing of your personal data.

4) Right to erasure

Under certain circumstances, you have the right to request that we delete your personal data immediately.

5) Right to information

If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing.

6) Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.

7) Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

8) Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9) Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10) Right to lodge a complaint with a supervisory authority

If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

 

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Video conferencing and use of Zoom

We use the Zoom service for online consultations. When using this service, personal data may be transferred to Zoom. The exact nature, scope and purpose of data processing can be found in Zoom's privacy policy.

 

Social media links and our presence on social networks

Our website contains links to our profiles on various social networks. These are not social media plugins, but merely linked buttons. This means that no data is automatically transferred to the respective networks when you visit our website. Only when you click on one of the buttons will you be redirected to the respective network and data may then be collected by this network.

Data processing by social networks:
We would like to point out that you use our social media pages and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating). When you visit one of our social media pages, data about your usage behavior and data provided to you by these platforms is processed. The provider of the social network processes your data for advertising purposes and creates usage evaluations. From these, we can obtain information about your visit to our social media pages.

Purpose of processing:
We process your data on the basis of our legitimate interest in making direct contact with our users and increasing our reach.

Legal basis:
The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.

Data protection guidelines of the social networks:
The detailed provisions on the processing of your data as well as your rights and setting options to protect your privacy can be found in the respective data protection guidelines of the providers:

• Facebook: https://www.facebook.com/about/privacy/
• Instagram: https://help.instagram.com/519522125107875
• Pinterest: https://policy.pinterest.com/de/privacy-policy

Please note that your data may also be processed in countries outside the European Union and the European Economic Area where the level of data protection may be lower than in the European Union. Your data may then be subject to access by local authorities without you being informed and without you having any legal remedies.

We recommend that you regularly check and adjust all setting options to protect your privacy, especially before using interactive functions.

 

Plugins, embedded functions and content

We use various plugins, embedded functions and content from third-party providers on our website. This enables us to integrate different types of multimedia content on our website and thus offer you a better user experience.

Data processing:
When you visit one of our pages that contains such a plugin or embedded content, a connection is established to the servers of the respective provider. This tells the provider that you have visited our site with your IP address. If you are logged in to the respective service (e.g. Google) at the same time, it can assign the visit to your user account. The interaction with these functions is also transmitted to the provider and stored there.

Purpose of processing:
The use of these plugins and embedded content enables us to offer you a comprehensive online experience and display various content. The data processing is based on our legitimate interest in an appealing presentation of our online offer.

Legal basis:
Data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

Use of Google Fonts:
We use Google Fonts on our website. These are fonts from Google that help to make online writing uniform worldwide. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This process informs Google that our website has been accessed via your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

Use of WordPress plugins
This website uses various WordPress plugins. These can collect and store data and link it to your WordPress account.

Contact form
If you send us inquiries via the contact form, your details, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.

 

Use of management tools, organization and support tools

As part of our business activities and to manage, organize and optimize our web presence, we use various management tools, organizational tools and auxiliary tools. These include, for example, content management systems, project management tools, analysis tools and customer communication tools.

Data processing:
The use of these tools may involve the processing of your data. This may be the case, for example, if you send us inquiries via a contact form, provide feedback or participate in one of our online services. Data such as your name, email address, IP address and the content of your inquiry may be collected and stored. Some of these tools also place cookies on your end device to improve the user experience or enable analysis.

Purpose of processing:
These tools help us to make our business processes more efficient, to communicate better with our customers and to constantly improve the use of our website and services. The focus here is always on the goal of tailoring our offering to the needs of our customers in the best possible way and offering high-quality services.

Legal basis:
Depending on the type of tool and the purpose of the data processing, the data is processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, for the performance of a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR or on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Objection and removal options:
You can usually control and prevent the setting of cookies in your browser settings. For information on objecting to data processing by individual tools or on deleting your data, please refer to the respective data protection declarations of the providers of these tools.

 

Google AdWords and Google Conversion Tracking

This website uses Google AdWords and conversion tracking as part of Google AdWords. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers.

Cross-device remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

Google Tag Manager

This website uses Google Tag Manager. This service allows us to manage website tags via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags, provided that these are implemented with the Google Tag Manager.

Google Analytics
This website uses Google Analytics. The service is offered by Google Inc. and is used to analyze website usage. Among other things, IP addresses and location data of the users can be recorded, but without this data being collected without their consent (usually via the settings of the mobile devices).

 

Payment methods: PayPal and instant bank transfer

For the processing of payments for our services, we offer the payment methods PayPal and Sofortüberweisung, among others. Both payment service providers are known for attaching great importance to data protection. Nevertheless, data is transferred to the respective providers during payment processing.

PayPal:
If you choose the PayPal payment method, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, cell phone number or other data necessary for payment processing. Personal data that is necessary for processing the purchase contract is also data that is related to the respective order.

The purpose of transmitting the data is to process payments and prevent fraud. The processing of your data is based on Art. 6 para. 1 lit. b GDPR, as it is necessary for the performance of a contract with you. For more information on PayPal's data protection practices, please refer to their privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Sofortüberweisung:
When using the Sofortüberweisung payment method, payment processing is handled by the payment service provider SOFORT GmbH. To confirm your ability to pay, SOFORT GmbH transfers your PIN and TAN to your bank. In addition, SOFORT GmbH sends further data on your financial situation to the bank in order to check your ability to pay. If your ability to pay is confirmed, the payment process will be executed. The data processing is carried out for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Further information on the data protection practices of SOFORT GmbH and the exact procedure for Sofortüberweisung can be found at: https://www.sofort.de/datenschutz.html.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by the respective payment service providers. It is strongly recommended that you inform yourself about the data protection provisions of a payment service provider before using it.

 

Amendment and updating of the privacy policy

Due to the constant further development of our website, offers and due to changes in legal or official requirements, it may become necessary to adapt this data protection declaration. We therefore recommend that you read this privacy policy regularly and inform yourself about the protection of the personal data processed by us.

The current version of the privacy policy can be accessed at any time on our website. We will inform you as soon as the change requires an act of cooperation on your part (e.g. consent) or other individual notification.