Privacy policy for the website and external pages of Zebra und Freunde UG (limited liability)

I. General

1. Responsible person

We take the protection of your personal data and the legal obligations related to this protection very seriously. Legal requirements demand comprehensive transparency regarding the processing of personal data. Only if you are sufficiently informed about the purpose, nature, and scope of the processing is it comprehensible to you as the data subject.

Our privacy policy therefore explains in detail which personal data we process when you use our website (findedeinyoga.org), all other websites that link to it, and in the other cases explained here.

The controller within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other data protection regulations is the

Andrej Telle

Tonhalderhof 4a

78576 Emmingen-Liptingen

Email: mail@findedeinyoga.org

Hereinafter referred to as " the controller " or " we ".

We have not appointed a data protection officer.

Please note that links on our website may lead to other websites operated by third parties. Such links are either clearly marked by us or identifiable by a change in your browser's address bar. We are not responsible for compliance with data protection regulations or the secure handling of your personal data on these third-party websites.

2. Definitions

From the GDPR

This privacy policy uses the terms defined in the GDPR. The definitions (Art. 4 GDPR) can be found, for example, at eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679 .

Additional definitions:

Cookies and similar technologies

Cookies are text files that are placed on your device by a website and read from it. They contain combinations of letters and numbers to, for example, recognize the user and their settings when reconnecting to the website that set the cookie, to enable users to remain logged into their customer account, or to statistically analyze certain usage patterns.

WebStorage technology allows variables and values to be stored locally in the user's browser cache. This technology includes both " sessionStorage ," which remains stored until the browser tab is closed, and " localStorage ," which is stored in the browser cache until the user clears it. LocalStorage technology, among other things, allows us to recognize the user and their settings when they visit our website.

Data categories

When we specify the categories of data processed, this includes, in particular, the following data: master data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers, messaging services), content data (e.g., text entries, photographs, videos, document/file content), contract data (e.g., subject matter of the contract, terms, customer category), usage data (e.g., history on our website, use of specific content, access times), connection data (e.g., device information, IP addresses, URL referrers), location data (e.g., GPS data, IP geolocation, access points); diagnostic data (e.g., crash logs, website/app performance data, other technical data for analyzing malfunctions and errors).

3. Information on data processing

We process personal data only to the extent permitted by law. Personal data is only shared in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g., pseudonymization, encryption).

Unless we are legally obliged to store or disclose data to third parties (especially law enforcement agencies), the decision as to which personal data we process, for how long, and to what extent we may disclose it depends on which functions of the website you use in each individual case.

4. Storage duration

Personal data will be deleted as soon as the purpose of processing ceases to apply or a prescribed retention period expires, unless further storage of the personal data is necessary for entering into or fulfilling a contract. Information regarding the storage period of cookies and similar technologies can be found at the end of this privacy policy.

Personal data that we process as part of an application (see below) will be stored for a period of six months after the application process has been completed.

5. Automated individual decision-making, including profiling

Automated decisions in individual cases, including profiling, do not take place.

6. Rights of data subjects

As a data subject, you have the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, and the right to data portability under Article 20 GDPR. The right to information and the right to erasure are subject to the limitations set out in Sections 34 and 35 of the German Federal Data Protection Act (BDSG).

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

The data protection supervisory authority responsible for us/our main office is:

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstrasse 219

10969 Berlin

However, you are free to lodge a complaint with another data protection supervisory authority.

A list of supervisory authorities can be found at: https://www.bfdi.bund.de/ (under Infothek/Addresses and Links)

7. Notification obligations of the controller

We will communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 of the GDPR to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. We will inform you about those recipients if you request it.

8. Obligation to provide

Unless otherwise stated below in the information on the legal bases, you are not obligated to provide personal data. However, in the cases referred to in Article 6(1)(b) GDPR, personal data is necessary for the performance of a contract or for entering into a contract. If you do not provide the relevant personal data, the performance of the contract or the conclusion of a contract is not possible. If you do not provide the data in the cases referred to in Article 6(1)(a) and (f) GDPR, you will not be able to use the relevant parts of our website.

9. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (f) of Article 6(1) of the GDPR. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing.

You can submit your objection informally to the contact details mentioned above.

10. Revocation of consent

In accordance with Article 7(3)(1) of the GDPR, you have the right to withdraw your consent at any time with effect for the future, informally by post or email. The lawfulness of the processing carried out on the basis of the consent until its withdrawal remains unaffected. Upon your withdrawal, we will delete the personal data processed on the basis of the consent if there is no other legal basis for its processing.

You can submit your cancellation informally to the contact details mentioned above.

You can also withdraw certain consent(s) by deactivating the respective data processing services directly in our consent tool. Please note that you must do this on every device on which you have visited our website and consented to data processing.

II. Data processing in connection with the use of our website

The use of the website and its functions regularly requires the processing of personal data.

Provision of the website

Purpose of processing: Functionality and optimization of the website, as well as ensuring the security of our information technology systems during purely informational use (without using additional functions such as contact forms or social media plugins) of our website.

Legal basis: Article 6(1)(f) GDPR

Data categories: Connection data

Recipients of the data: Data is only shared with third parties to the extent necessary for the operation of our website. For this purpose, personal data is transferred to the following recipients: In individual cases, IT service providers – discoverize GmbH

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Newsletter

Purpose of processing: Subscription to our newsletter with our news and offers; proof of your consent; ensuring the security of our information technology systems; measuring click and open behavior related to our newsletter; personalizing our newsletter.

Legal basis : Article 6(1)(a) GDPR

Data categories : possibly master data, contact data, usage data, connection data

Recipient of the data: Mailjet SAS, 13-13 bis, Rue de l'Aubrac, 75012 Paris, France

Intended transfer to third countries: If data processing takes place outside the EU (e.g. by technical sub-processors), this is done on the basis of the standard data protection clauses of the EU Commission pursuant to Art. 46 para. 2 letter c GDPR.

Do we store or read personal data on your device based on your consent? No

Application (application via email)

Purpose of processing: Processing your application and conducting the application process.

Legal basis : Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG

Data categories: Master data, contact data, content data, contract data, connection data (if applicable), usage data (if applicable) and special categories of personal data within the meaning of Article 9(1) GDPR (depending on the specific job posting; only the data relating to your application that you provide to us and that we are permitted to process in the context of applications will be stored).

Recipients of the data: None

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Login area

Purpose of processing: Use of an account (login area) to create and manage a (premium) entry in our portal; ensuring data and information security.

Legal basis : Art. 6 para. 1 letter b, f GDPR

Data categories: Master data, contact data, connection data, contract data and content data

Recipients of the data: None

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Booking premium listings

Purpose of processing: Booking and processing of your premium listing; ensuring data and information security.

Legal basis: Art. 6 para. 1 letter b, f GDPR

Data categories: Master data, contact data, connection data, content data, contract data,

Recipients of the data: Possibly payment service providers

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Contact

Purpose of processing: Processing your contact request and callback request.

Legal basis: Art. 6 para. 1 letter f GDPR; Art. 6 para. 1 letter b GDPR (depending on the circumstances)

Data categories: Contact details, master data, content data (depending on the type of request).

Recipients of the data: None

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Bug snag (error analysis)

Purpose of processing: Error analysis to improve the accessibility, stability and security of our website.

Legal basis: Article 6(1)(f) GDPR

Data categories: Usage data, content data, connection data

Recipient of the data: Bugsnag Inc., 110 Sutter Street, San Francisco, CA 94104, USA

Intended transfer to third countries: In individual cases, the USA and other third countries (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 letter c GDPR and on the basis of adequacy decisions, Art. 45 GDPR)

Do we store or read personal data on your device based on your consent? Yes (details can be found in the overview at the end of this statement).

Stackify (error analysis)

Purpose of processing: Error analysis to improve the accessibility, stability and security of our website.

Legal basis: Article 6(1)(f) GDPR

Data categories: Usage data, content data, connection data

Recipient of the data: Stackify Inc., 7171 Warner Ave, Suite B787, Huntington Beach, CA 92647, USA

Do we store or read personal data on your device based on your consent? Yes (details can be found in the overview at the end of this statement).

Cookie Consent

Purpose of processing: When you visit our website, certain information is stored on or read from your device if this is strictly necessary for the operation of our website. This includes information processed by the "Cookie Consent" service to ensure that only cookies that are technically essential for operating our website or to which you have consented are set or read. We selected the service provider based on data protection and technical criteria.

Legal basis: Art. 6 para. 1 letter c, f GDPR

Data categories: Usage data, connection data

Recipients of the data: IT service providers

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Meta (Social Media Button)

Purpose of processing: To enable users to share content from our website via the social networks "Facebook" and "Instagram" using so-called social media buttons; to personalize our website.

Legal basis: Article 6(1)(a) GDPR

Data categories: Connection data, usage data

Recipients of the data: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as joint controllers, Art. 26 GDPR – the essentials of the concluded agreement (including information on the implementation of your data subject rights) can be found at www.facebook.com/legal/controller_addendum; further information on the processing of personal data by Facebook, the legal basis on which Facebook bases the processing and on exercising data subject rights against Facebook can be found at www.facebook.com/about/privacy) or www.privacycenter.instagram.com/policy (for Instagram).

Intended transfer to third countries: In individual cases, the USA and other third countries (based on the standard data protection clauses of the EU Commission, Article 46 paragraph 2 letter c) GDPR or, if applicable, on the basis of adequacy decisions (Article 45 GDPR))

Do we store or read personal data on your device based on your consent? Yes (details can be found in the overview at the end of this statement).

Google Maps

Purpose of processing: Determination of geo-coordinates based on addresses

Legal basis: Article 6(1)(f) GDPR

Data categories: Address data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Google Analytics

Purpose of processing: Statistical evaluation; optimization and needs-based design of our website based on your click and usage behavior.

Legal basis: Article 6(1)(a) GDPR

Data categories: Usage data, connection data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Intended transfer to third countries: In individual cases, the USA (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 letter c GDPR)

Do we store or read personal data on your device based on your consent? Yes (details can be found in the overview at the end of this statement).

Google Fonts

Purpose of processing: To personalize our website by using fonts loaded from Google servers.

Legal basis : Article 6(1)(f) GDPR

Data categories: Connection data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Intended transfer to a third country: None

Do we store or read personal data on your device based on your consent? No

Google Marketing Platform

Purpose of processing: Statistical evaluation of the use of our website by services of the Google Marketing Platform; optimization and needs-based design of the website; advertising purposes.

Legal basis: Article 6(1)(a) GDPR

Data categories: Usage data, connection data (active IP anonymization; only in exceptional cases is the full IP address transmitted to a Google server and shortened there)

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Intended transfer to third countries: In individual cases, the USA (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 letter c GDPR)

Do we store or read personal data on your device based on your consent? Yes (details can be found in the overview at the end of this statement).

Google reCAPTCHA

Purpose of processing: To prevent the misuse of our website by verifying that access is made by humans and not by bots or similar programs; to ensure the security of our website and our information technology systems.

Legal basis: Article 6(1)(f) GDPR

Data categories: Connection data, usage data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Intended transfer to a third country: In individual cases, the USA

Do we store or read personal data on your device based on your consent? No

Cloudflare turnstile

Legal basis: Article 6(1)(f) GDPR

Data categories: Connection data, usage data

Recipient of the data: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107 USA

Intended transfer to a third country: In individual cases, the USA

Do we store or read personal data on your device based on your consent? No

Mailjet (Newsletter)

Legal basis : Article 6(1)(a) GDPR

Data categories : possibly master data, contact data, usage data, connection data

Recipient of the data: Mailjet SAS, 13-13 bis, Rue de l'Aubrac, 75012 Paris, France

Do we store or read personal data on your device based on your consent? No

YouTube

Purpose of processing: Integration of videos via the YouTube video plugin for the personalization of our website.

Legal basis: Article 6(1)(a) GDPR

Data categories: Usage data, connection data

Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Intended transfer to a third country: In individual cases, the USA

Do we store or read personal data on your device based on your consent? Yes (details can be found in the overview at the end of this statement).

Vimeo

Purpose of processing: Integration of videos via the Vimeo video plugin for the personalization of our website.

Legal basis: Article 6(1)(a) GDPR

Data categories: Usage data, connection data

Recipient of the data: Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011

Intended transfer to a third country: In individual cases, the USA

Do we store or read personal data on your device based on your consent? No

SoundCloud

Purpose of processing: Integration of audio via the SoundCloud audio plugin for the personalization of our website.

Legal basis: Article 6(1)(a) GDPR

Data categories: Usage data, connection data

Recipient of the data: SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin

Intended transfer to a third country: none

Do we store or read personal data on your device based on your consent? No

II. Further Information

Our website contains affiliate links, through which we receive a commission on purchases; this does not incur any additional costs for users. Further information: https://findedeinyoga.org/transparenz-partner