Data protection

1. Information on the person responsible

2. Information on the purpose of using personal data

3. Disclosure Information to Third Parties

4. Cookies

5. Analysetools, Apps

6. Social-Media Plugins

7. Rights of the data subject

8. Right to Object

9. Data Security

10. Timeliness

1. Who is responsible for collecting your data?

This data protection information applies to data processing by:

Responsible:

Constanze Arndt

Gletschersteinstraße 31

04299 Leipzig

Germany

kontakt@arndt-restaurierung.de

This homepage was created and maintained by me with the "1&1 IONOS MyWebsite Business" homepage editor from 1&1 IONOS SE. Thus, 1&1 IONOS SE is the technical service provider of my website by way of order data processing. There is no storage and processing of personal usage data beyond the extent described in this declaration.

2. What personal data is collected and stored and for what purpose?

a) When visiting the website (hosting 1&1 Ionos MyWebsite)

When you visit our website www.arndt-restaurierung.de, the browser used on your device automatically sends information to our website server. This information is temporarily collected anonymously in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

Referrer (previously visited website) Requested website or file Browser type and browser version Operating system used Device type used Time of access IP address in anonymous form (only used to determine the location of access)

The data mentioned are processed by us for the following purposes:

Ensuring a smooth connection to the website, ensuring comfortable use of our website, evaluating system security and stability and for other administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR.

Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations in Sections 4 and 5 of this data protection declaration.

b) For orders via our shop PastPerfect

You can either place orders as a guest via our online shop without registering, or register as a PayPal customer (www.paypal.com) in our online shop for future orders. Registering has the advantage for you that, in the event of a future order, you can log in to our online shop directly with your e-mail address and password without having to re-enter your data. Information on data protection from PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=de_DE

Your personal data is entered into an input mask and then transmitted to us. If you place an order via our shopping cart system, the following data will initially be collected, both in the case of a guest order and in the case of registration:

• Salutation, first name, last name,

• a valid email address,

• Address (street, zip code, city, country),

• possibly different delivery address

This data is collected

• to be able to identify you as our customer;

• to process, fulfill and process your order;

• to correspond with you;

• for invoicing;

• to process any liability claims that may exist and to assert any claims against you;

• to ensure the technical administration of our website;

• to manage our customer data.

As part of the ordering process, your consent to the processing of this data will be obtained.

The data processing takes place after your order and/or registration and is required according to Art. 6 Para. 1 S. 1 lit. b DSGVO for the stated purposes for the appropriate processing of your order and for the mutual fulfillment of obligations from the purchase contract.

The personal data collected by us for the processing of your order will be stored until the statutory retention period has expired and then deleted, unless we are required to store it under Article 6 (1) sentence 1 lit. c GDPR due to tax and commercial law retention requirements. and documentation obligations are obligated to store data for a longer period of time or you have consented to further storage in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR.

3. Will your data be passed on to third parties?

Your personal data will not be transmitted to third parties for purposes other than those listed below. A transfer takes place only in the context of contract processing:

a) in the case of direct debit payment, to the bank or savings bank involved.

b) when shipping, to the logistics company.

c) Due to processing via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal

we pass on your data to PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg as part of payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Address data, among other things, is included in the calculation of the score values. Further data protection information can be found in the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

In cases where your personal data is passed on to third parties, however, the scope of the transmitted data is limited to the necessary minimum.

We only pass on your personal data to third parties if:

You have given your express consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR, the disclosure is required in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR for the assertion, exercise or defense of legal claims and no There is reason to assume that you have an overriding interest worthy of protection in not disclosing your data in the event that there is a legal obligation for disclosure in accordance with Article 6 Paragraph 1 S. 1 lit Article 6 paragraph 1 sentence 1 lit. b GDPR is required for the processing of contractual relationships with you.

4. What are cookies and what are they used for?

We use cookies on our site. These are small files that your browser creates automatically and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not damage your end device and do not contain viruses, Trojans or other malware.

Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we are immediately informed of your identity.

On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific period of time. If you visit our site again to make use of our services, it will automatically be recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer (see Section 5). These cookies enable us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are required for the stated purposes to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

1&1 IONOS MyWebsite

Technically required cookies are used by default. In addition, MyWebsite uses tracking cookies based on Snowplow Analytics technology. This tool does not collect any personal data and is only used by 1&1 IONOS to improve the product range.

5. Notice on the use of analysis tools

Tracking-Tools

The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Web Analytics (1&1 IONOS MyWebsite)

Tracking and logging are enabled by default. The data is determined either by a pixel or by a log file. To protect personal data, WebAnalytics does not use cookies.

1&1 IONOS does not store any personal data from website visitors, so that no conclusions can be drawn about individual visitors. The following data is collected:

Referrer (previously visited website) Requested website or file Browser type and browser version Operating system used Device type used Time of access IP address in anonymous form (only used to determine the location of access)

In WebAnalytics, data is collected exclusively for statistical evaluation and technical optimization of the website. There are no data available to third parties.

6. Social Media Plug-ins

We set a link to the Facebook social network on our website based on Article 6 Paragraph 1 Sentence 1 lit. f GDPR in order to make us better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation is to be guaranteed by their respective providers.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's data protection information (https://www.facebook.com/about/privacy/ ).

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

7. What rights do you have with regard to your data?

You have the right:

Right to information according to Art. 15 GDPR to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if they were not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details; right to rectification in accordance with Art. 16 GDPR, request the immediate correction of incorrect or complete your to demand the erasure of personal data stored by us; the right to erasure (right to be forgotten) pursuant to Art Information required to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; Right to restriction of processing in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR; Right to data portability in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible; right of objection in accordance with Art. 7 Para. 3 GDPR your E revoke your consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future and have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our place of business.

8. How can you exercise your right to object?

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this, which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.

If you would like to make use of your right of revocation or objection, an e-mail to: kontakt@arndt-restaurierung.de is sufficient

9. How is data security guaranteed?

When you visit our website, we use the widespread SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Updating and changing this data protection declaration

This data protection declaration is currently valid and has the status of June 2020.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.arndt-restaurierung.de/datenschutz/.