The privacy policy is structured as follows:
1. Ascertainment and saving of data as well as type and purpose of their usage
2. Controller of your data
3. Data transfer
4. Rights of the data subject
5. Cookies, Google Analytics, Social Media Plug-in and tools
6. Payment method provider
7. External profiles and Facebook
1. Ascertainment and saving of data as well as type and purpose of their usage
a) Type of handled data
• Inventory data (e.g. names, addresses).
• Contact data (e.g. e-mail, phone numbers).
• Utilisation data (e.g. accessed website content, time of access).
• Meta-/communication data (e.g. machine information).
b) While visiting the website
By visiting this website a log file will record data to ensure a secure and stable website. Your IP address will anonymised, meaning the collected data can not be associated with you.
For technical reasons, the following data sent by your internet browser to our server provider will be collected: the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on my site visited, the date and time of your visit,
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of the website. The data will be deleted, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
c) Contact via e-mail
In order for us to be able to reply, stating a valid e-mail is necessary. Any further information can be given voluntarily based on Art. 6 Para. 1 lit. a) GDPR. The data given by e-mail will be deleted automatically after the inquiry is done and there is no further legal obligation to store your data, such as an order or contract resulted therefrom.
2. Controller of your data
The party responsible for this website (the “controller”) for purposes of data protection law is:
Kristina Winter
Postfach 63 41 07
22323 Hamburg, Germany
Freelance Illustrator
Small firm according to §19 UStG
Finance Office Hamburg Oberalster
Mail: contact@pen-winter.com
3. Data transfer
Data transfer to third parties is not happening unless for the following reasons:
• You give your clear consent for us to do so, according to Art. 6 Para. 1 lit. a) GDPR,
• the transfer is necessary according to Art. 6 Para. 1 lit. f) GDPR, and there is no reason to assume you have a predominant interest of your data not being transferred,
• the controller is legally tied to transfer data according to Art. 6 Para. 1 lit. c) GDPR, and
• if transferring is legally permissible and required to process contractual relationships according to Art. 6 Para. 1 lit. b) GDPR.
4. Rights of affected persons
Persons affected by the processing of their personal data may have rights to obtain information about the personal data that affects them, or to have such data corrected or deleted (“right to be forgotten”), or to have the processing of that data restricted or its transferability modified.
a) Right of withdrawal
You have the right to withdraw your agreement at any given time. The withdrawal does not affect the legitimacy of the process prior of the withdrawal.
b) Right to object and right to appeal
Is the processing of your personal data required to perform a task of public interest (Art. 6 Para. 1 lit. e) GDPR), or required to keep our justified interests (Art. 6 Para. 1 lit. f) GDPR), you have the right to object. Furthermore you have the right to appeal to a regulatory authority if you believe that the processing of the personal data affecting you violates the GDPR.
5. Cookies, Google Analytics, Social Media tools
pen-winter.com only uses first-party functionality cookies, which do not require consent.
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the
website is loaded on your browser. These cookies help us make the website function properly, make the website more secure and
provide better user experience and do not collect any of your personally identifiable data.
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change
the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit
wikipedia.org/wiki/HTTP_cookie or www.allaboutcookies.org.
We do not use Google Adsense or Analytics.
6. Payment method provider
Payment for freelance and commission work will be handled by Paypal invoicing for international customers, or bank transfer for
national contractual customers.
PayPal is an online payment service provider used for fast, save and convenient money transfer. PayPal accepts trustee functions
and offers buyer protection services. The European operating company of PayPal is:
PayPal (Europe) S.à.r.l. & Cie. S.C.A.
22-24
Boulevard Royal
2449 Luxembourg, Luxembourg.
If the data subject chooses “PayPal” as the payment option during a commission ordering process, data of the data subject is
automatically transmitted to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data
required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address,
IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase
contract also requires such personal data, which are in connection with the respective order. The transmission of the data is aimed
at payment processing and fraud prevention.
PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is
necessary to fulfil contractual obligations or for data to be processed in the order. The data subject has the possibility to revoke
consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must
be processed, used or transmitted in accordance with (contractual) payment processing. Please see the
PayPal Privacy Policy for more
details.
7. External profiles and Facebook
On this website and subdomains, we link to social media profiles/pages like Facebook, Instagram, twitter, Youtube, inprnt and Etsy.
The promotional purposes of these pages are within our legitimate interest in accordance to the GDPR. The responsibility to comply
with the GDPR rests with the respective service provider.
If you visit our external profiles, your browser automatically sets up a connection to the server of the corresponding website. If you are in the
possession of an account or profile of these services, and logged in, the visit of our profile will be assigned to your account. For example, by
using the “like” and “share” buttons on Facebook, that data is directly transmitted and saved on servers of Facebook. In addition, that information
will be published on your Facebook profile and be visible to your Facebook friends. Likewise do twitter, Instagram and most social media
websites.
These external service providers can use the collected data for the purpose of advertisement, market research and personalised presentation of their
websites. Facebook, as example, can share your activity on our page with other Facebook users and use it to offer services connected to Facebook, by
creating usage, interest, and relationship profiles. If you do not wish this data to be collected and assigned to your accounts, you have to log out
of these before visiting my page. Purpose, usage and extent of data processing by Instagram can be found here: help.instagram.com
Twitter: twitter.com/en/privacy
As defined by the GDPR, combined responsible parties of my facebook page (https://www.facebook.com/MadeByPenWinter) are:
Facebook Ireland Ltd. (in following „Facebook“)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Irland
and the controller named in 1. of this privacy notice.
a) Information about my Facebook page
We run our page in order to gain attention for our services and products and to be able to communicate with you as a visitor of that site. As owner of that facebook page, we have no interest on gaining personal data or to handle personal data for analysing or marketing purposes. We operate our Facebook page, including the handling of personal data of its users, within our justified interests in a contemporary and widely supported means of information and interaction opportunity with our visitors and users according to art. 6 paragraph 1 lit. f GDPR.
b) Handling of personal data by Facebook
The European Court (EuGH) ruled on the 5th of June 2018 Facebook and the creator of a facebook page to be combined controller for the handling of personal data. To our knowledge Facebook is using personal data of users for the following purposes: advertising (analysis, creating personalised advertising), creating user profiles, market research.
Facebook is using cookies in order to save and handle these data. If the user possesses a Facebook account and is logged in,
these data is also collected across devices.
The privacy notice of Facebook holds more information on this topic:
facebook.com/about/privacy/
Your right to object (so called. Opt-Out) can be found here: facebook.com/settings?tab=ads and here youronlinechoices.com.
Facebook Inc., the US American mother company of Facebook Ireland Ltd. is certified with the EU-U.S. Privacy-Shield and thus
promises to act according to the European privacy policies. Further information of the state of the Privacy-Shield can be found
here: privacyshield.gov. The transfer and further handling of personal data of Facebook users to third party countries, like
the USA, and possible risks by this for the users can not be ruled out by me as owner of my facebook page.
c) Statistic data
Our Facebook page gives us access to so called “insights” of different categories (‘Follower’, ‘Liked’, ‘People Reached’
and ‘Engagement’) and a choosable timespan. Those statistics are generated and offered by Facebook. As the page owner we have
no impact on the creation and visualising of these. We can not turn off this function, nor stop this statistic data from being
created and spread.
The insights displayed are: Page views, page likes, post engagements, reach, video views, comments, shares, actions on page,
replies, clicks on shop, demographic data about people who liked my page based on age, gender, country and language provided
by their user profile. Due to the permanent development of Facebook, the accessibility and processing of data is a subject of
change, thus we refer to Facebooks privacy policy stated above.
d) User rights
If you want information, or if you have questions about your rights as a user, we recommend contacting Facebook directly, as
only Facebook has complete access to your user data. If you need help to contact Facebook, or if you have general questions,
feel free to email us. If you wish to end the data processing stated above, please use the function of recalling your “like” by
“unliking the page” and/or “unfollow this page”. This stops the connection of your profile data to a page’s insights.