Privacy policy

General Data Protection Regulation (GDPR)

I am very pleased about your interest in my company. Data protection has a particularly high priority for me. If it is necessary to process personal data and there is no legal basis for such processing, I generally obtain the consent of the person concerned.

The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the basic privacy policy and in compliance with the country-specific data protection regulations applicable to my company. By means of this privacy policy, I would like to inform my customers about the type, scope and purpose of the personal data that I collect, use and process. Furthermore, this privacy policy informs affected persons about the rights they are entitled to.

1. Definitions

This privacy policy is based on the terminology used by the European legislator for directives and regulations when the basic privacy policy (GDPR) was adopted. My privacy policy should be easy to read and understand for my customers and business partners. To ensure this, I would like to explain the terms used in advance.

I use the following terms in this privacy policy among others:

  • (a) personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as 'data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • (b) the person concerned

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

  • (c) Processing

Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • (d) Restriction on processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

  • (e) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

  • (f) Responsible person or responsible for the processing

The responsible person or processing controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or national law, provision may be made for the responsible person to be designated in accordance with Union or national law.

  • (g) Job processor

The job processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible person.

  • (h) Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union or national law, shall not be considered as recipients.

  • (i) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the responsible person, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

  • j) Consent

Consent shall mean any informed and unequivocal expression of the data subject's free will in a specific case, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

2. The name and address of the person responsible for processing

The responsible person within the meaning of the basic privacy policy, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature

Maria Jana Hack

ES-Y4994073M

Apartado Correos 19

07630 Campos (Illes Balears, Mallorca)

Tel.: +34 684411625

E-Mail: hello@mariajana.solutions

3. The name and address of the privacy policy delegate

The Privacy Policy Supervisor of the responsible person is:

Maria Jana Hack

ES-Y4994073M

Apartado Correos 19

07630 Campos (Illes Balears, Mallorca)

Tel.: +34 684411625

E-Mail: hello@mariajana.solutions

Every person concerned can contact my Privacy Policy Supervisor directly at any time with all questions and suggestions concerning data protection.

4. Routine deletion and blocking of personal data

The data controller shall process and store personal data relating to the data subject only for the period of time necessary to achieve the purpose of storage or where provided for by European directives and regulations or by any other law or regulation to which the data controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

5. Rights of the data subject

  • (a) Right to confirmation

Every data subject has the right, granted by the European Directives and Regulations, to obtain confirmation from the data controller as to whether personal data relating to him are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the responsible person.

  • (b) Right to information

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain at any time and free of charge from the responsible person information on the personal data stored about him or her and a copy of this information. Furthermore, the European Directive and Regulation Giver has granted the data subject access to the following information:

  • the processing purposes
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organisations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right of rectification or erasure of personal data concerning him or her or of a right to have the processing limited by the responsible person or to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject: All available information on the origin of the data
  • the existence of automated decision making including profiling in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject

The data subject shall also have the right to obtain information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in relation to the transfer.

If a data subject wishes to exercise this right of access, he or she may at any time contact an employee of the responsible person.

  • (c) Right of rectification

Every person concerned by the processing of personal data has the right, granted by the European legislator, to request the rectification without delay of inaccurate personal data concerning him. The data subject shall also have the right to obtain the completion of incomplete personal data, including by means of a supplementary declaration, having regard to the purposes of the processing.

If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of the staff of the controller.

  • (d) Right of cancellation (right to be forgotten)

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain from the responsible person, without undue delay, the erasure of personal data relating to him or her, where one of the following reasons applies and provided that the processing is not necessary

  • The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
  • The data subject withdraws the consent on which the processing was based in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
  • The data subject lodges an objection to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate reasons for processing, or the data subject lodges an objection to processing pursuant to Article 21(2) of GDPR.
  • The personal data were processed unlawfully.
  • The deletion of personal data is necessary to comply with a legal obligation under Union or national law to which the responsible person is subject.
  • The personal data were collected in relation to information society services offered in accordance with Article 8 (1) of the GDPR.

If one of the above reasons applies and a person concerned wishes to have personal data stored by me deleted, he or she can contact me at any time to have the data deleted immediately.

If the personal data have been made public by me and I am obliged as a data controller to delete the personal data in accordance with Article 17 (1) of the GDPR, I shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary. I will arrange for the necessary action in individual cases.

  • (e) Right to limit processing

Any person affected by the processing of personal data has the right granted by the European Directives and Regulations to request the responsible person to limit the processing if one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period of time which allows the responsible person to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted.
  • The responsible person no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to assert, exercise or defend legal claims.
  • The data subject has lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the responsible person outweigh those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored with me, he/she may contact me at any time to have the processing restricted.

  • (f) Right to data portability

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to receive the personal data concerning him/her provided by the data subject to a responsible person in a structured, common and machine-readable format. He/she also has the right to have this data communicated to another responsible person without hindrance by the responsible person to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR and that the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person.

Furthermore, when exercising his or her right to data transferability in accordance with Art. 20 Paragraph 1 GDPR, the data subject has the right to request that personal data be transferred directly from one responsible person to another responsible person, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected.

To assert the right to data transferability, the data subject may contact me at any time.

  • (g) Right of objection

Every person concerned by the processing of personal data has the right, granted by the European legislator, to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

In the event of objection, I shall no longer process the personal data unless I can prove compelling reasons for processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.

Where I process personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is connected with such direct marketing. If the data subject objects to my processing for the purposes of direct marketing, I shall no longer process the personal data for those purposes.

In addition, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out at my premises for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right of objection, the data subject may contact me directly. The data subject shall also be free to exercise his right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving technical specifications.

  • h) Right to withdraw data protection consent

Every person affected by the processing of personal data has the right granted by the European Directives and Regulations to revoke his or her consent to the processing of personal data at any time.

If the person concerned wishes to exercise his or her right to withdraw consent, he or she can contact me at any time.

6. The legal basis of the processing

Art. 6 I lit. a GDPR serves me as a legal basis for processing operations for which I obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the supply of goods or provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about my products or services. If I am subject to a legal obligation which makes the processing of personal data necessary, for example to fulfil tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor on my property were to be injured and his name, age, health insurance details or other vital information were subsequently to be passed on to a doctor, hospital or other third party. The processing would then be based on Article 6 I lit. d GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations which are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest on my part or on the part of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Such processing operations are permitted to me in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the responsible person (Recital 47 sentence 2 GDPR).

Cookies

Cookies" are small files that are stored on the user's computer. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online shop or a login status can be stored. Cookies are described as "permanent" or "persistent" if they remain stored even after the browser is closed. For example, the login status can be saved if the user visits it after several days. Likewise, the interests of the users can be stored in such a cookie, which are used for range measurement or marketing purposes. Third-party cookies" are cookies that are offered by providers other than the person responsible for the online offer (otherwise, if it is only their cookies, it is called "first-party cookies").

We may use temporary and permanent cookies and provide information on this in our privacy policy.

If we ask users to consent to the use of cookies (e.g. in the context of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a. GDPR. Otherwise, the users' personal cookies will be processed in accordance with the following explanations within the framework of this data protection declaration on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) or insofar as the use of cookies is necessary for the provision of our contract-related services, in accordance with Art. 6 Para. 1 lit. b. GDPR, or insofar as the use of cookies is necessary for the performance of a task which is in the public interest or in the exercise of official authority, in accordance with Art. 6 Para. 1 lit. e. GDPR, processed.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, especially in the case of tracking on the

american site:
http://www.aboutads.info/choices/

or the EU-site:
http://www.youronlinechoices.com/

Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.

7. Legitimate interests in the processing pursued by the responsible person or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, my legitimate interest is to carry out my business activities for the protection of my company.

8. The duration for which the personal data are stored

The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of a contract.

9. Legal or contractual provisions making the personal data available; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of nonprovision

I would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject makes personal data available to me, which must subsequently be processed by me. For example, the person concerned is obliged to provide me with personal data if I conclude a contract with him/her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the person concerned makes personal data available, the person concerned must contact me. I will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

10. The existence of automated decision making

As a responsible company, I refrain from automatic decision making or profiling.

11. Contact

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user's details will be used to process the contact request and its handling in accordance with Art. 6 Para. 1 lit. b. (within the framework of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other inquiries) GDPR are processed. User data may be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation.

We will delete the requests if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

12. Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not combined with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

Where we ask users to give their consent (e.g. in the context of a cookie consent), the legal basis for this processing is Article 6(1)(a). GDPR. Otherwise, the personal data of the users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) will be processed.

Insofar as data is processed in the USA, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby assures that it complies with European data protection law:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can find more information about Google's use of data, setting and objection possibilities, in the privacy policy of Google:

https://policies.google.com/privacy

and in the settings for the display of advertisements by Google

https://adssettings.google.com/authenticated

The personal data of users will be deleted or made anonymous after 14 months.

13. Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.

We point out that user data may be processed outside the European Union. This may result in risks for the users, because the enforcement of the users' rights could be made more difficult. With regard to US providers certified under the Privacy Shield, we would like to point out that they thereby undertake to comply with the data protection standards of the EU.

Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interest in effective information of users and communication with users in accordance with Art. 6, Paragraph 1, Letter f. GDPR. If the users are asked by the respective providers of the platforms to give their consent to the aforementioned data processing, the legal basis for the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

For a detailed presentation of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the providers.

Also in the case of requests for information and the assertion of user rights, we would like to point out that these can most effectively be asserted with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.

14. Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to cooperate (e.g. to give your consent) or to receive other individual notification.

As of: 18.05.2020

© 2026 Maria Jana
M@il me
close slider

    Don`t copy text!
    en_GB
    de_DE en_GB