In accordance with the new General Data Protection Regulation (GDPR), we must inform you of the
following:

Your data is safe with us and will be protected in accordance with the law.

This privacy statement explains the nature, scope and purpose of the processing of personal data
(hereinafter referred to as “data”) within our online offering and the related websites, functions
and content, as well as external online presence, such as our Social Media Profile. (collectively
referred to as “online offer”).
With regard to the terms used, such as “personal data” or their “processing”, we refer to the
definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible for the data protection:

Company Karin Sebelin

Karin Sebelin
Heidestr. 35

71292 Friolzheim

Telephone: 0049 – 176 – 84545228
Email: info@karinsebelin.com

 

Type of processed data

x stock data (eg, names, addresses).

x contact information (eg, e-mail, telephone numbers).

x content data (eg, text input, photographs, videos).

x contract data (eg, subject matter, payment information, term, customer category).

x Usage data (eg, websites visited, interest in content, access times).

 

Processing of special categories of data (Article 9 (1) GDPR):

x No special categories of data are processed.

 

Categories of data subjects:

x customers / prospects / suppliers.

x visitors and users of the online offer.

x recipient of marketing activities

In the following, we also refer to the persons concerned as “users”.

 

Purpose of processing:

x Provision of the online offer, its contents and functions.

x provision of contractual services, service and customer care.

x Answering contact requests and communicating with users.

x Marketing, Advertising and Market Research.

x Security measures.

 

As of: 24.04.2018

 

1. Relevant legal bases

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing.
Unless the legal basis in the data protection declaration is mentioned, the following applies:
The legal basis for obtaining consent is Article 6 (1) lit.a and Art. 7 GDPR, the legal basis
for the processing for the performance of our services and the execution of contractual
measures as well as the response to inquiries is Art. 6 (1) lit.b GDPR, the legal basis for
processing in order to fulfill our legal obligations is Art. 6 (1) lit.c GDPR, and the legal
basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit.f GDPR.
In the event that vital interests of the data subject or another natural person require the
processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.

 

2. Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy.
We will adjust the privacy policy as soon as the changes to the data processing we make require it.
We will inform you as soon as the changes require your participation (e.g. consent) or other
individual notification.

 

3. Security measures

3.1. We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account
the state of the art, the implementation costs and the nature, scope, circumstances and purposes
of the processing as well as the different likelihood and severity of the risk to the rights and
freedoms of natural persons and organizational measure as to ensure a level of protection appropriate
to the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability
of data by controlling physical access to the data, as well as their access, input, disclosure,
availability and separation. In addition, we have established procedures that ensure the enjoyment
of data subject rights, data erasure and data vulnerability. Furthermore, we consider the protection
of personal data already in the development, or selection of hardware, software and procedures,
according to the principle of data protection by technology design and by privacy-friendly default
settings taken into account (Article 25 GDPR).

3.2. One of the security measures is the encrypted transfer of data between your browser and our
server.

 

4. Cooperation with contract processors and third parties

4.1. If, in the context of our processing, we disclose data to other persons and companies (contract
processors or third parties), transmit them to them or otherwise grant access to the data, this will
only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties,
as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract),
you have consented to a legal obligation or based on our legitimate interests (e.g. the use of agents,
webhosters, etc.).

4.2. If we commission third parties to process data on the basis of a so-called “contract processing
contract”, this is done on the basis of Art. 28 GDPR.

 

5. Transfers to third countries

If we process data in a third country (ie outside the European Union (EU) or the European Economic Area
(EEA)) or in the context of the use of third party services or disclosure or transmission of data to
third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the
basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we process or have the data processed in a third country
only in the presence of the special conditions of Art. 44 et seq. GDPR.
This means, for example, that the processing takes place on the basis of special guarantees, such as
the officially recognized level of data protection (e.g. for the USA through the “Privacy Shield”) or
compliance with officially recognized special contractual obligations (so-called “standard contractual
clauses”).

 

6. Rights of the persons concerned

6.1. You have the right to ask for confirmation as to whether the data in question is being processed
and for information about this data as well as for further information and a copy of the data in
accordance with Art. 15 GDPR.

6.2. You have accordingly Art. 16 GDPR the right to demand the completion of the data concerning you
or the correction of the incorrect data concerning you.

6.3. In accordance with Art. 17 GDPR, they have the right to demand that the relevant data be deleted
immediately or, alternatively, to require a restriction of the processing of data in accordance with
Art. 18 GDPR.

6.4. You have the right to demand that the data relating to you, which you have provided to us, be
obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.

6.5. You have in accordance with Art. 77 GDPR the right to file a complaint with the competent
supervisory authority.

 

7. Right of withdrawal

You have the right to grant consent in accordance with Art. 7 para. 3 GDPR with effect for the future.

 

8. Right of objection

You can object to the future processing of your data in accordance with Art. 21 GDPR at any time.
The objection may in particular be made against processing for direct marketing purposes.

 

9. Cookies and right to object in direct mail

We use temporary and permanent cookies, i.e. small files stored on users’ devices (explanation of term
and function, see last section of this privacy policy). In part, the cookies are used for security or
to operate our online offer (e.g, for the presentation of the website) or to save the user decision in
the confirmation of the cookie banner. In addition, we or our technology partners use cookies for
measuring reach and marketing purposes, which users are informed about in the course of the privacy policy.

A general contradiction to the use of cookies used for online marketing purposes can be found in a variety
of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/
or the EU site http://www.youronlinechoices.com/ be explained.
Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser.
Please note that not all features of this online offer may be used.

 

10. Deletion of data

10.1. The data processed by us are deleted or limited in their processing in accordance with Articles 17
and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as
they are no longer required for their purpose and the deletion does not conflict with any statutory storage
requirements. Unless the data is deleted because it is required for other and legitimate purposes, its
processing will be restricted. This means that the data is blocked and not processed for other purposes.
This applies, for example, to data that must be kept for commercial or tax reasons.

10.2. According to legal requirements, the storage takes place in particular for 6 years in accordance with
§ 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters,
accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, records, management
reports , Accounting documents, commercial and business letters, documents relevant to taxation, etc.).

 

11. Provision of contractual services

11.1. We process stock data (e.g., names and addresses as well as contact data of users), contract data (e.g.,
used services, names of contact persons, payment information) for the purpose of fulfilling our contractual
obligations and services in accordance with Art. 6 para. 1 lit b. GDPR.
The entries marked as obligatory in online forms are required for the conclusion of the contract.

11.2. We process usage data (e.g., the visited websites of our online offer, interest in our products) and
content data (e.g., entries in the contact form or user profile) for research purposes, to improve our online
offer.

11.3. The deletion takes place after expiry of legal warranty and comparable obligations, the necessity of
keeping the data is checked every three years; in the case of legal archiving obligations, the deletion takes
place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation);
Information in the customer account remains until its deletion.

 

12. Contact

12.1. When contacting us (e.g. by e-mail), the information provided by the user to process the contact request
and its processing acc. Art. 6 para. 1 lit. b) GDPR processed.

12.2. User information can be stored in our Customer Relationship Management System (“CRM System”) or similar
request organization.

12.3. We use Nimble’s CRM system, from Nimble Inc , 3122 Santa Monica Boulevard, Santa Monica, CA 90404,
based on our legitimate interests.
Nimble is certified under the Privacy Shield Agreement, which provides an additional guarantee to comply with
European data protection law
https://www.privacyshield.gov/participant?id=a2zt0000000GnmCAAS&status=Active ).

12.4. We delete the requests, if they are no longer required. We constantly check the necessity. In the case of
legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax
law (10 years) retention obligation).

 

13. Comments and posts

13.1. When you post a comment on our blog, your name will be saved.
This is for our safety, if someone writes in comments illegal content (insults, etc.).

 

14. Antispam Bee

14.1. This site uses the Antispam Bee service, a simple and highly effective antispam plugin to protect against
Trackback spam.

14.2. With the help of this service, comments of real people are distinguished from spam comments. If a comment
has been classified as spam, the data will be stored on our site and we will be notified.

14.3. For more information about the collection and use of data by Antispam Bee and the functionality of the
plugin, see: https://wordpress.org/plugins/antispam-bee/

 

15. Profile pictures from Gravatar

We use the service Gravatar, Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA, within our online
offering and specifically on the blog.

Gravatar is a service that allows users to log in and submit profile pictures and their email addresses. If users
with the respective e-mail address on other online sites (especially in blogs) leave posts or comments, so their
profile pictures can be displayed next to the posts or comments. For this purpose, the e-mail address communicated
by the users to Gravatar is transmitted encrypted in order to check whether a profile is stored for it. This is the
sole purpose of sending the e-mail address and it will not be used for other purposes, but will be deleted
afterwards.

The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 lit.f) GDPR, because
with the help of Gravatar we offer the post and comment writers the opportunity to personalize their posts with a
profile picture.

Automattic is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European
privacy legislation (
https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active
 ).

By displaying the images, Gravatar has learned the IP address of the users, as this is necessary for communication
between a browser and an online service. For more information about Gravatar’s collection and use of data, see the
Automattic Privacy Notice:

https://automattic.com/privacy/ .

If users do not want a user picture linked to their email address on Gravatar to appear in the comments, they
should use a non-Gravatar email address to comment. We also point out that it is also possible to use an
anonymous or even no e-mail address if the users do not want their own e-mail address to be sent to Gravatar.
Users can completely prevent the transfer of data by not using our commenting system.

 

16. Online presences in social media

16.1. We maintain online presence within social networks and platforms in order to communicate with customers,
prospects and users active there and to inform them about our services. When calling the respective networks and
platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

16.2. Unless stated otherwise in the context of our privacy policy, the data of the users are processed as far as
they communicate with us within the social networks and platforms, e.g. write articles on our online presence or
send us messages.

 

17. Cookies and reach measurement

17.1. Cookies are information transmitted from our web server or third-party web servers to users’ web browsers
and stored there for later retrieval. Cookies can be small files or other types of information storage.

17.2. We use “session cookies”, which are only stored for the duration of the current visit to our online presence.
In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition,
a cookie contains information about its origin and the retention period. These cookies can not save any other data.
Session cookies are deleted if you have finished using our online offer and log out or close your browser.

17.3. The use of cookies in the context of pseudonymous range measurement informs users in the context of this
privacy policy.

17.4. If users do not want cookies stored on their computer, they will be asked to disable the option in their
browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of
cookies can lead to functional restrictions of this online offer.

17.5. You may opt for the use of cookies for distancemeasurement and promotional purposes through the Network
Advertising Initiative’s opt-out page
http://optout.networkadvertising.org/ ) and the US website
http://www.aboutads.info/choices ) or the European website
http://www.youronlinechoices.com/uk/your-ad-choices/ ).

 

18. Newsletter

18.1. With the following information we inform you about the contents of our newsletter as well as the registration,
dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter,
you agree to the receipt and the procedures described.

18.2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising
information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the
contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally,
our newsletters contain information about our products, offers, promotions and our company.

18.3. Double opt-in and logging: Registration for our newsletter is done in a so-called double-opt-in procedure.
This means you will receive an e-mail after logging in to ask for confirmation of your registration. This
confirmation is necessary so that nobody can register with external e-mail addresses.
The registration for the newsletter will be logged in order to prove the registration process according to the legal
requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise,
changes to your data stored with the shipping service provider will be logged.

18.4. Shipping Service Provider : The newsletter is distributed via “MailChimp “,
a mailing list platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA.
The privacy policy of the shipping service provider can be viewed here: 
https://mailchimp.com/legal/privacy/
 .The Rocket Science Group LLC is certified under the Privacy Shield Agreement,
which provides a guarantee to comply with European data protection standards
(https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

18.5. Furthermore, the shipping service provider may, according to its own information, use this data in a pseudonymous
form, ie without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of
shipping and the presentation of newsletters or for statistical purposes in order to determine which countries the
recipients come from. However, the shipping service provider does not use the data of our newsletter recipients to
write them down or to pass them on to third parties.

18.6. Registration information: In order to subscribe to the newsletter, we need your first and last name, as well as
your e-mail address.

18.7. Success measurement – The newsletters contain a so-called “web beacon”, ie a pixel-sized file, which is called
up by the server of the shipping service provider when the newsletter is opened. This call will initially collect
technical information, such as information about the browser and your system, as well as your IP address and time of
retrieval. This information is used to improve the technical performance of services based on their specifications or
audience and their reading habits, based on their locations (which can be determined using the IP address) or access
times. Statistical surveys also include determining if the newsletters will be opened, when they will be opened and
which links will be clicked. For technical reasons, this information can be assigned to the individual newsletter
recipients. However, it is neither our endeavor nor that of the shipping service provider to observe individual
users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content
to them or to send different content according to the interests of our users.

18.8. The dispatch of the newsletter and the success measurement are made on the basis of a consent of the recipients
acc. Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG or on the basis of the statutory
permission pursuant to Art. § 7 Abs. 3 UWG.

18.9. The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para.
1 lit. f GDPR and serves as proof of consent to the receipt of the newsletter.

18.10. Termination / Revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent.
A link to cancel the newsletter can be found at the end of each newsletter. If the users have only subscribed to the
newsletter and terminated this registration, their personal data will be deleted.

18.11. In addition, newsletter recipients can subsequently correct their data (for example, their e-mail address).

18.12. Online Calling and Data Management: It may happen that we direct the newsletter recipients to the MailChimp
website. Our newsletters may contain a link that allows the newsletter recipients to retrieve the newsletters online
(for example, in the case of display problems).

18.13. We would like to point out that cookies are used on the websites of MailChimp and personal data is processed
by MailChimp, its partners and commissioned service providers (e.g. Google Analytics). Here we have no influence.

18.14. For more information, please refer to the privacy policy of MailChimp.

18.15. We particularly point out the possibilities of objecting to the collection of data for advertising purposes
on the websites

http://www.aboutads.info/choices/ and

http://www.youronlinechoices.com/ (for the European area)

18.16. We have completed a Data Processing Agreement with MailChimp.
In this contract, MailChimp commits itself to protect the user data, to process accordingly data protection regulations
on our behalf and, most importantly, not to pass them on to third parties.

18.17. Here is the privacy policy of MailChimp.

 

19. Shareaholic plugin

19.1. Our online offer uses Shareaholic’s Shareaholic Plugin.
Founded in 2009 in Boston, USA, the company has become a “commitment platform” for over 300,000 websites.

19.2. Shareaholic gives the user the choice to opt-out by placing a cookie in their own browser to display the choice.
However, if you make an opt-out, Shareaholic will place cookies in your browser for the purpose of carrying out the rest
of your own service.

19.3. Shareaholic supports ” Do Not Track (DNT) ” to gather as little information as possible.
Please read the information on the page .

 

20. Nimble Social CRM

20.1. To manage our contacts via social media, we use the CRM system from Nimble .

20.2. We can assure you that the data at Nimble is safe.

20.3. For more information about data security, please visit the Nimble Privacy Policy page.

 

21. Provider Strato

21.1. Our website is hosted by the provider Strato .

21.2. We have signed an order data processing contract with Strato.

21.3. Further information on data protection can be found here .

 

22. Integration of services and content of third parties

22.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our
online offer within the meaning of Art. 6 (1) lit. GDPR), we make use of content or services offered by third-party
providers in order to provide their content and services Integrate services such as videos or fonts (collectively
referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP
address of the users, since they could not send the content to their browser without the IP address. The IP address
is therefore required for the presentation of this content. We endeavor to use only content whose respective
providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel
tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags”
can be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited
to, technical information about the browser and operating system, referring web sites, visit time, and other
information regarding the use of our online offer.

22.2. The following presentation provides an overview of third-party providers as well as their contents, as well
as links to their privacy statements, which contain further notes on the processing of data and, in some cases
already mentioned here, possibilities of contradiction (so-called opt-out):

– Third-party platform YouTube videos – Google LLC, 1600 Amphitheater Parkway, Mountain
View, CA 94043, USA. Privacy Policy: 
https://policies.google.com/privacy
 , opt-out: 
https://adssettings.google.com/authenticated
 .

– Within our online offer functions of the service Instagram are involved.
These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States.
If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile
by clicking on the Instagram button.
This allows Instagram to associate the visit to our pages with your user account.
We point out that we as the provider of the pages do not receive knowledge of the content of the transmitted data
and their use by Instagram. Privacy Policy:
http://instagram.com/about/legal/privacy/.