DATA PRIVACY
Summary
Melinsky is committed to respecting and protecting your personal data. The General Data Protection Regulations require us to handle personal data fairly and lawfully. This means that you have a right to know how we intend to use the data you provide to us.
General
Personal data (hereinafter mostly referred to as “data”) is only processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.
According to Article 4(1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following privacy policy, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others on the purposes and means of processing. In addition, we inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.
Our privacy policy is structured as follows
I. Information about us as the controller
II. rights of users and data subjects
III. Information on data processing
I. Information about us as the controller
The responsible provider of this website in terms of data protection law is
Melinsky
Melanie Zimmer
Kesselbergstr.9
81539 Munich
Phone: +49 155 60 08 20 44
E-Mail: design@melinsky.de
Hereinafter referred to as “controller” or “we”.
II Rights of users and data subjects
With regard to the data processing described in more detail below, users and data subjects have the right
-
to confirmation as to whether data concerning them is being processed
-
to information about the processed data
-
to further information about the data processing
-
to copies of the data (cf. also Art. 15 GDPR) to rectification or completion of inaccurate or incomplete data (see also Art. 16 GDPR) to the immediate erasure of the data concerning them (see also Art. 17 GDPR) or, alternatively, if further processing is required in accordance with Art. 17 para. 3 GDPR
-
to the restriction of processing in accordance with Art. 18 GDPR;
to receive the data concerning them and provided by them and to transmit this data to other providers/controllers (cf. also Art. 20 GDPR) to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection regulations (see also Art. 77 GDPR).
In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out on the basis of Articles 16, 17 (1), 18 GDPR. However, this obligation does not apply if this notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Users and data subjects also have the right to object to the future processing of data concerning them in accordance with Art. 21 GDPR, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permitted.
III. Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory storage obligations and no other information is provided below on individual processing procedures.
Subscription to contributions
If you publish contributions on our website, we also offer you the option of subscribing to any follow-up contributions from third parties. We process your email address in order to be able to inform you about these follow-up posts by email.
The legal basis for this is Art. 6 para. 1 lit. a) GDPR. You can revoke your consent to this subscription at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. All you have to do is inform us of your revocation or click on the unsubscribe link contained in the respective email.
Cookie Manager
The provider uses a cookie manager to obtain consent for the use of technically unnecessary cookies on the website.
When the website is accessed, a cookie with the settings information is stored on the user's end device so that the query regarding consent does not have to be made on a subsequent visit.
The cookie is required to obtain the user's legally compliant consent.
The user can prevent or terminate the installation of cookies by changing the settings in their browser.
Cookies
a) Session cookies/session cookies
We use so-called cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your end device by the Internet browser you use. These cookies are used to process certain information about you, such as your browser or location data or your IP address, on an individual basis.
This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.
The legal basis for this processing is Art. 6 para. 1 lit. b.) GDPR, insofar as these cookies are processed for contract initiation or contract processing.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis in this case is Art. 6 para. 1 lit. f) GDPR.
These session cookies are deleted when you close your Internet browser.
b) Third-party cookies
Our website may also use cookies from partner companies with whom we cooperate for the purposes of advertising, analysis or the functionalities of our website.
Please refer to the following information for details, in particular the purposes and legal basis for processing such third-party cookies.
c) Removal option
You can prevent or restrict the installation of cookies by changing the settings in your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.
However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.
Contact requests / contact option
If you contact us via the contact form, e-mail or telephone, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time. The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Newsletter subscription
If you register for our free newsletter, the data requested from you for this purpose, i.e. your e-mail address and - optionally - your name and address, will be transmitted to us. At the same time, we store the IP address of the Internet connection from which you access our website as well as the date and time of your registration. As part of the further registration process, we will obtain your consent to send you the newsletter, describe the content in detail and refer you to this privacy policy. We use the data collected in this process exclusively for sending the newsletter - in particular, it is therefore not passed on to third parties.
The legal basis for this is Art. 6 para. 1 lit. a) GDPR.
You can revoke your consent to receive the newsletter at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. All you have to do is inform us of your revocation or click on the unsubscribe link contained in every newsletter.
Server data
For technical reasons, in particular to ensure a secure and stable website, data is transmitted to us or to our web space provider by your Internet browser. These so-called server log files include the type and version of your Internet browser, the operating system, the website from which you have switched to our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of the respective access and the IP address of the Internet connection from which our Internet presence is used.
The data collected in this way is stored temporarily, but not together with other data about you.
This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data will be deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data is excluded from deletion in whole or in part until an incident has been finally clarified.
Contract processing
The data transmitted by you to make use of our range of goods and/or services is processed by us for the purpose of contract processing and is necessary in this respect. The responsible provider of this website in terms of data protection law isb) Third-party cookies
Our website may also use cookies from partner companies with whom we cooperate for the purposes of advertising, analysis or the functionalities of our website.
Please refer to the following information for details, in particular the purposes and legal basis for processing such third-party cookies.
Calendly
We use the appointment scheduling tool Calendly in our services to arrange appointments with you. You can use the Calendly appointment scheduling tool with its integrated online calendar to request and select an appointment for a consultation. “Calendly” is an offer from Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States.
If you click on the corresponding button in our services or if you wish to make an appointment via a link sent by us (e.g. in an e-mail), you will be automatically connected to our Calendly appointment account. After selecting your appointment, confirming it and entering your contact details and concerns, you will receive an email from Calendly confirming your appointment. Further information about Calendly and data protection at Calendly can be found here: https://calendly.com/pages/privacy. If Calendly transfers this data to a third country (e.g. the USA), this will only be done on a case-by-case basis, on the basis of an order processing contract concluded with Calendly and in accordance with standard contractual clauses agreed with Calendly and other security measures permitted by the GDPR, which guarantee the security of the processing of your personal data with a level of protection identical to that in the EU.
Your details from the Calendly form, including the data you provide there, will be stored by us for the purpose of processing your request or for the purpose of processing a corresponding contractual relationship. If your inquiry has been answered or the purpose no longer applies (e.g. the contractual relationship ends), we will delete your data promptly, subject to contractual or statutory retention options. If you would like your data to be deleted prematurely, you can ask us to delete it or revoke your consent to its storage. Mandatory statutory provisions - in particular retention periods - remain unaffected. Our legal basis for using the appointment scheduling tool Calendly results from Art. 6 para. 1 lit. f GDPR (legitimate interest), as we can fully automate appointment scheduling with Calendly and thus make the process for corresponding appointment requests and meetings more efficient. In addition, the legal basis for data processing using Calendly is Art. 6 para. 1 lit. b GDPR, insofar as appointment scheduling is carried out as part of our contractual relationships.
As far as possible, we try to use Calendly only with your express consent (e.g. via an opt-in). In this case, the legal basis for the integration of Calendly results from Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. If you do so, we will no longer use Calendly to communicate with you.
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Bēhance
This website uses functions of the Behance network. Behance Inc (“Behance”) is an online platform on which members of the creative professions can present their work and view the creative works of others. Behance is a wholly owned subsidiary of Adobe Systems Incorporated and is hosted exclusively in the United States and operated from Behance's offices in New York, NY. Behance is accessible directly on the Internet at www.behance.net or for Adobe Creative Cloud (“Creative Cloud”) subscribers from various points within Creative Cloud.
Further information on this can be found in Behance's privacy policy at: http://www.adobe.com/de/privacy/policies/behance.html
Instagram
We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.c) Removal option
This agreement, which sets out the mutual obligations, is available at the following link
https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of personal data that takes place as a result and is described below is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales and advertising of our products and services.
The legal basis may also be the user's consent to the platform operator in accordance with Art. 6 para. 1 lit. a GDPR. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 para. 3 GDPR.
When our online presence is accessed on the Instagram platform, user data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU.
This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Instagram based on their interests. If the user is logged into their Instagram account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.
If the user contacts us via Instagram, the user's personal data entered on this occasion will be used to process the request. The user's data will be deleted by us if the user's inquiry has been conclusively answered and there are no legal obligations to retain the data, e.g. in the case of subsequent contract processing.
Facebook Ireland Ltd. may also set cookies to process the data.
If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.
For more information on the processing activities, their prevention and the deletion of data processed by Instagram, please refer to Instagram's data policy:
https://help.instagram.com/519522125107875
It cannot be ruled out that processing by Facebook Ireland Ltd. also takes place via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
LinkedIn
We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, subsequent access to user data may be made more difficult. We also have no access to this user data. The access option lies exclusively with LinkedIn.
Conclusion and execution of the contract are not possible without the provision of your data.Instagram
We operate a company presence on the Instagram platform to promote our products and services and to communicate with interested parties or customers.
We are jointly responsible for this social media platform with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The data protection officer of Instagram can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR.This agreement, which sets out the mutual obligations, is available at the following link
We also have no access to this user data. The access option lies exclusively with Pinterest.
You can find Pinterest's privacy policy at
https://policy.pinterest.com/de/privacy-policy
General links to third-party profiles
The provider uses a link on the website to the social networks listed below.
The legal basis for this is Art. 6 para. 1 lit. f GDPR. The provider has a legitimate interest in improving the quality of use of the website.
The plugins are integrated via a linked graphic. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.
Once the customer has been redirected, the respective network collects information about the user. This is initially data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the information collected about the user's specific visit to the user's personal account. If the user interacts via a “Share” button of the respective network, this information can be stored in the user's personal user account and published if necessary. If the user wishes to prevent the information collected from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.
The following social networks are linked by the provider:
Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Privacy policy: https://help.instagram.com/519522125107875
LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Pinterest
Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA.
Privacy policy: https://policy.pinterest.com/de/privacy-policy
Zoom
We use the online communication tool “Zoom” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. based in the USA. Various types of data are processed when “Zoom” is used. The scope of the data also depends on the data you provide before or when participating in an “online meeting”. The categories of data taken into account here are master data, contact data, content data, usage data if applicable, connection data and contract data if applicable. If Zoom transfers this data to a third country (e.g. the USA), this will only be done on a case-by-case basis, on the basis of an order processing contract concluded with Zoom and in accordance with standard contractual clauses agreed with Zoom and other security measures permitted by the GDPR, which ensure the security of the processing of your personal data with a level of protection identical to that in the EU. As additional protective measures, we have also set up our Zoom configuration in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”. Our legal basis for the use of Zoom for online meetings results from Art. 6 para. 1 lit. a GDPR (your consent). Before using Zoom for an online meeting between us, we will ask you for your consent to do so. With Zoom, we want to fully digitize the communication between us. A video conferencing tool such as Zoom should enable us to get a personal impression of each other in the online meeting, which is essential for a trusting contractual relationship, among other things, and so that we can make the entire communication process more efficient. Please note that the use of Zoom is currently not GDPR-compliant. Therefore, please consider carefully whether or not you consent to the use of Zoom.
Google Analytics
We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
We maintain an online presence on Pinterest to present our company and our services and to communicate with customers/prospects.Pinterest is a service of Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA. In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA.
This may result in increased risks for users in that, for example, subsequent access to user data may be made more difficult.We also have no access to this user data.
This function allows Google to shorten the IP address within the EU or EEA.
The data collected in this way is in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.
Google states that it will not associate your IP address with any other data. In addition, Google keeps under
https://www.google.com/intl/de/policies/privacy/partners
for further information on data protection law, including, for example, the options for preventing the use of data.
Google also offers at
https://tools.google.com/dlpage/gaoptout?hl=de
offers a so-called deactivation add-on along with further information on this. This add-on can be installed with the most common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. Of course, you can also find out whether and which other web analysis services we use in this privacy policy.
Payment processing
We offer various payment methods for processing payment claims. We use the payment service providers described below for this purpose. We do this for the purpose of providing our services properly and in line with requirements. The data processed in this context is usage data, connection data, master data, payment data, contact data or contract data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. The data entered is only processed by the payment service providers and stored by them. We do not receive any account or credit card-related information, only information about the confirmation or negative information about the payment. Under certain circumstances, your data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers. The legal basis for the use of payment service providers results from Art. 6 para. 1 lit. b GDPR. We can only provide the services promised to you with our services and thus fulfill our contractual obligations if we use third parties, such as payment service providers, to process payment transactions. We have concluded an order processing agreement with each of the payment service providers so that the security of the processing of your data is guaranteed at all times.
Use of PayPal as a payment method
It is possible to process the payment process with the online payment service PayPal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal. This regularly involves the following data:
Name, address, company, e-mail address, telephone and mobile number, IP address. The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may also pass on your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of PayPal. You can view PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, as the processing of the data is necessary for payment with PayPal and thus for the execution of the contract.
Google AdSense
We use Google AdSense on our website to integrate advertisements.This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.Google AdSense stores cookies and so-called web beacons on your end device via your Internet browser. This enables Google to analyze your use of our website.In addition to your IP address and the advertising formats displayed to you, the information collected in this way is transferred to Google in the USA and stored there. Google may also pass this information on to contractual partners. However, Google declares that your IP address will not be merged with other data about you. If you have given your consent for this processing, the legal basis is Art. 6 para. 1 lit. a GDPR. The legal basis may also be Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser.Details on this can be found above under “Cookies”. In addition, Google offers underhttps://policies.google.com/privacyhttps://adssettings.google.com/authenticatedfor further information, in particular on the options for preventing the use of data. Newsletter via WhatsAppYou can also receive our free newsletter via the instant messaging service WhatsApp.WhatsApp is a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of WhatsApp Inc, 1601 Willow Road, Menlo Park, California 94025, USA, both hereinafter referred to as “WhatsApp”.
WhatsApp also offers the following at
https://www.whatsapp.com/legal/#privacy-policy
for further data protection information
To receive our newsletter via WhatsApp, you need a WhatsApp user account. You can find details about which data WhatsApp collects during registration in the aforementioned WhatsApp data protection information.
If you then register to receive our newsletter via WhatsApp, the mobile phone number you entered during the registration process will be processed by WhatsApp. In addition, your IP address and the date and time of your registration will be stored. As part of the further registration process, your consent to the sending of the newsletter will be obtained, the content will be described in detail and reference will be made to this privacy policy.
The legal basis for sending the newsletter and the analysis is Art. 6 para. 1 lit. a.) GDPR.
You can revoke your consent to receive the newsletter at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. All you have to do is inform us of your revocation. You can also block the receipt of newsletters by making a setting in the WhatsApp software on your device.
WhatsApp contact
The provider enables the customer to contact us via the WhatsApp messenger service. WhatsApp is a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as WhatsApp, a subsidiary of Facebook.
When the user communicates with the provider via WhatsApp, both the provider and WhatsApp receive the user's mobile phone number and the information that the user has contacted the provider.
The aforementioned data is also forwarded by WhatsApp to Facebook servers in the USA and processed by WhatsApp and Facebook in accordance with the WhatsApp Privacy Policy, which also includes processing for their own purposes, such as improving the WhatsApp service.
_____________________
However, in the opinion of the data protection supervisory authorities, the USA does not currently have an adequate level of data protection. However, there are so-called standard contractual clauses:
https://faq.whatsapp.com/general/about-standard-contractual-clauses
However, these are agreements under private law and therefore have no direct impact on the access options of the authorities in the USA.
_____________________
For more information on the purpose and scope of data collection and the further processing of this data by WhatsApp and Facebook, as well as related rights and privacy settings options, please refer to WhatsApp's privacy policy:
https://www.whatsapp.com/legal/#privacy-policy.
The legal basis for this processing and the transmission to WhatsApp is Art. 6 para. 1 sentence 1 b. GDPR, insofar as the contact relates to an existing contractual relationship or serves to initiate such a contractual relationship. If the contact is not made for the aforementioned purposes, the legal basis is Art. 6 para. 1 lit. f GDPR. The provider has a legitimate interest in improving the quality of service.
Order processing
If we use external service providers to process your data, we will carefully select and commission them. If the services provided by these service providers are order processing within the meaning of Art. 28 GDPR, the service providers are bound by our instructions and are regularly monitored. Our order processing contracts comply with the strict requirements of Art. 28 GDPR and the requirements of the German data protection authorities.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you can request the following information from the controllerthe purposes for which the personal data are processed
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
all available information about the origin of the data if the personal data is not collected from the data subject
the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the rectification without undue delay.
Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you
if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies
The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you has been processed unlawfully.
The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply if the processing is necessary for exercising the right of freedom of expression and information
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
for the establishment, exercise or defense of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
5.8 Right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The processing is lawful until your revocation - the revocation therefore only affects the processing after receipt of your revocation. You can declare your revocation informally by post or e-mail. Your personal data will then no longer be processed, unless otherwise permitted by law. If this is not the case, your data must be deleted immediately after revocation in accordance with Art. 17 para. 2 GDPR. Your right to withdraw your consent subject to the above-mentioned conditions is guaranteed.
Your revocation should be addressed to:
Melinsky
Melanie Zimmer
Kesselbergstr.9
81539 Munich
Phone: +49 155 60 08 20 44
E-Mail: design@melinsky.de
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Automated decisions in individual cases including profiling
Automated decisions are not made in individual cases, including profiling.
Notification obligations of the controller
If your personal data has been disclosed to other recipients (third parties) on legal grounds
we will inform them of any rectification, erasure or restriction of processing of your personal data (Art. 16, Art. 17 (1) and Art. 18 GDPR). The notification obligation does not apply if it involves a disproportionate effort or is impossible. We will also inform you of the recipients upon request.