Privacy Policy
This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the related websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). Regarding the terms used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Ballach Lifestyle UG
Eichendorff Strasse 41
68167 Mannheim Email: sales@alexejballach.com
Types of Data Processed:
Inventory data (e.g., names, addresses). Contact data (e.g., email, telephone numbers). Content data (e.g., text entries, photographs, videos). Usage data (e.g., visited websites, interest in content, access times). Meta/communication data (e.g., device information, IP addresses). Purpose of Processing:
Provision of the online offering, its functions, and content. Responding to contact inquiries and communicating with users. Security measures. Reach measurement/marketing. Terms Used:
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. “Processing” refers to any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data. “Controller” refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
Relevant Legal Bases:
In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not explicitly mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing for the performance of our services and execution of contractual measures, as well as responding to inquiries, is Article 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR. If vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Security Measures:
We ask you to regularly review the content of our privacy policy. We will adapt the privacy policy as soon as changes in our data processing require it. We will inform you if the changes necessitate cooperation on your part (e.g., consent) or other individual notification.
Collaboration with Processors and Third Parties:
If we disclose data to other persons and companies (processors or third parties) within the framework of our processing, transmit it to them, or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as payment service providers, is required for contract fulfillment according to Article 6(1)(b) GDPR), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data based on a so-called “processing agreement,” this is done on the basis of Article 28 GDPR.
Transfers to Third Countries:
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs within the scope of the use of third-party services or disclosure, or transmission of data to third parties, this will only be done if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Articles 44 ff. GDPR are met. That means the processing takes place, for example, based on special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of Data Subjects:
You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with Article 15 GDPR. You have the right to request the completion of data concerning you or the correction of inaccurate data concerning you in accordance with Article 16 GDPR. You have the right, in accordance with Article 17 GDPR, to request that data concerning you be deleted immediately, or alternatively, in accordance with Article 18 GDPR, to request a restriction on the processing of the data. You have the right to request that the data concerning you that you have provided to us be received and transferred to other controllers in accordance with Article 20 GDPR. You also have the right, in accordance with Article 77 GDPR, to file a complaint with the competent supervisory authority.
Right to Withdraw Consent:
You have the right to withdraw consent granted in accordance with Article 7(3) GDPR with effect for the future.
Right to Object:
You can object to the future processing of data concerning you in accordance with Article 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Cookies and Right to Object to Direct Advertising:
“Cookies” are small files that are stored on users’ computers. Various information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. In such a cookie, for example, the contents of a shopping cart in an online store or a login status can be stored. “Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be stored if users revisit it after several days. Similarly, the interests of users can be stored in such a cookie, which is used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller who operates the online offering (otherwise, if it is only their cookies, they are referred to as “first-party cookies”). We may use temporary and permanent cookies and inform about this within our privacy policy. If users do not want cookies to be stored on their computers, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offering. A general objection to the use of cookies for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the settings of the browser. Please note that not all functions of this online offering may be available.
Deletion of Data:
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated within this privacy policy, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose, and there are no legal retention obligations to prevent its deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. That means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. In accordance with legal requirements in Germany, the retention is particularly for 10 years according to §§ 147(1) AO, 257(1) Nr. 1 and 4, (4) HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and 6 years according to § 257(1) Nr. 2 and 3, (4) HGB (commercial letters). According to legal requirements in Austria, the retention is particularly for 7 years according to § 132(1) BAO (accounting documents, receipts/invoices, accounts, vouchers, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
Hosting:
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space, and database services, security services, as well as technical maintenance services, which we use for the purpose of operating this online offering. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data