Privacy Policy

Data protection

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both within the framework of the provision of our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender specific.

Responsible person

 Dr. Barqawi New Work Consulting

 Dr. Dianah Barqawi

 Holzhausenstr. 85

 60322 Frankfurt

 Germany

 Email: dbarqawi@drbarqawi-consulting.com

 Website: www.drbarqawi-consulting.com

Overview of data processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

1. Types of data processed

• Inventory data (e.g., names, addresses).
• Content data (e.g., entries in online forms).
• Contact details (e.g., email, telephone numbers).
• Meta/communication data (e.g., device information, IP addresses).
• Usage data (e.g., websites visited, interest in content, access times).
• Contract data (e.g., subject matter of the contract, term, customer category).

2. Categories of data subjects

• Communication partner.
• Users (e.g., website visitors, users of online services).

3. Processing

is any process or series of processes carried out with or without the aid of automated processes in connection with personal data, such as collecting, recording, organizing, classifying, storing, adapting or changing, reading out, querying, using Disclosure by transmission, distribution or other form of making available, alignment or association, restriction, deletion or destruction.

4. Controller 

is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, decides on the purposes and means of processing personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

5. Receiver

is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered recipients.

6. Third

is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

7. Purposes of processing

• • Provision of our online offering and user-friendliness.
  • Direct marketing (e.g., via email or post).
  • Feedback (e.g., collecting feedback via online form).
  • Marketing.
  • Contact inquiries and communication.

8. Duration of data storage

The criterion for the duration of storage of personal data is the respective statutory retention period. After the deadline has expired, the relevant data will be routinely deleted unless it is no longer required to fulfill the contract or initiate a contract.

Cookies

The cookie policy was created by cookiedatabase.org.

Relevant legal bases

Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you of these in the data protection declaration.

• Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party unless the interests or fundamental rights and freedoms of the data subject are protected requiring personal data predominate.
• Right to complain to the responsible supervisory authority – In the event of violations of the GDPR, those affected have the right to complain to a supervisory authority, in particular the member state of their habitual residence, their place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, data processing applies for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.

Application and use of Google Analytics

The person responsible for processing has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, collection, and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data about the website from which a data subject came to a website (so-called referrer), which sub-pages of the website were accessed, or how often and for what duration a sub-page was viewed. Web analysis is primarily used to optimize a website and to analyze the cost-benefit of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The person responsible for processing uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. Using this addition, the IP address of the data subject’s Internet connection is shortened and anonymized by Google if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.

Further information and Google’s applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

User and event-level data stored by Google that is linked to cookies, user identifiers (e.g. User ID), or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized after 14 months or deleted.

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, and the type, scope, circumstances, and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and its separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted, and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software, and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a full IP address is not necessary, the IP address is shortened (also referred to as “IP masking”). Here, the last two digits or the last part of the IP address after a period are removed or replaced with placeholders. Shortening the IP address is intended to prevent or make it significantly more difficult to identify a person based on their IP address.

SSL encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transfer of personal data

As part of our processing of personal data, the data may be transmitted to or disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third-party services or disclosing or transmitting data to other people, bodies or companies takes place, this only takes place in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligations through so-called standard protection clauses of the EU Commission, if certifications or binding internal data protection regulations exist (Articles 44 to 49 GDPR, EU Commission information page:  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Provision of online offerings and web hosting

To be able to provide our online offering securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services as well as security and technical maintenance services.

The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that arises in the context of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites.

Email sending and hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g., the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server.

Collection of access data and log files: The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type, and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP address and the requesting provider.

The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability.

• Types of data processed: content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent permitted for processing is revoked or other permissions no longer apply (e.g., if the purpose for processing this data no longer applies or it is not necessary for the purpose).

Unless the data is deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.

Our data protection information may also contain further information on the storage and deletion of data, which applies primarily to the respective processing.

Changes and updates to the data protection declaration

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses may change over time, and ask you to check the information before contacting us.

Rights of data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right, for reasons arising from your particular situation to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
• Right to revoke consent: You have the right to revoke your consent at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
• Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with the legal requirements.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common, and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.
• Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you are of the opinion that the processing of your data personal data concerned violates the requirements of the GDPR.