Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to shortly as “data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Table of Contents

• Preamble Controller
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• Use of Cookies
• Contact and Inquiry Management
• Web Analysis, Monitoring, and Optimization

Controller Mirijam Grosman

Tel Aviv, Israel & Frankfurt am Main, Germany

Email: mirijam.heuberger@gmail.com

Phone: +972 (0) 544660654

Imprint: https://mirijamgrosman.com/imprint

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected individuals.

Types of Data Processed

• Contact details.
• Content data.
• Usage data.
• Meta, communication, and process data.

Categories of Data Subjects

• Communication partners.
• Users.

Purposes of Processing

• Contact inquiries and communication.
• Reach measurement.
• Management and response to inquiries.
• Feedback.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.

Relevant Legal Bases

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transmission, security of availability, and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to the endangerment of data. We also consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technology design and by adopting privacy-friendly default settings.

Use of Cookies

Cookies are small text files or other storage technologies that store information on end devices and retrieve information from end devices. For example, to store login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or functions used on an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as creating analyses of visitor traffic.

Information about consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, unless this is not required by law. Consent is not required, in particular, if storing and accessing the information, including cookies, is essential for providing users with a telemedia service expressly requested by them (i.e., our online offering). Essential cookies typically include cookies with functions related to displaying and running the online offering, load balancing, security, storing user preferences, and choices, or similar purposes related to providing the main and ancillary functions of the online offering requested by users. The revocable consent is clearly communicated to users and includes information about the respective cookie use.

Information about data protection legal bases: The legal basis for processing users’ personal data using cookies depends on whether we ask for users’ consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies are based on our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if the use of cookies is necessary to fulfill our contractual obligations, when using cookies is necessary to fulfill our contractual obligations. We will explain the purposes for which cookies are processed during the course of this privacy policy or as part of our consent and processing procedures.

Storage duration: With regard to the storage period, the following types of cookies are distinguished:

Temporary cookies (also known as session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).

Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Similarly, the data collected using cookies can be used for reach measurement. If we do not provide specific information about the types and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage period can last up to two years.

General information about revocation and objection (so-called “opt-out”): Users can revoke any consent given and object to processing in accordance with legal requirements. To do this, users can restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Further information on processing processes, procedures, and services:

Processing of cookie data based on consent: We use a consent management solution where users’ consent to the use of cookies or to the procedures and providers mentioned in the context of the consent management solution is obtained. This procedure serves to obtain, log, manage, and revoke consents, particularly with regard to the use of cookies and similar technologies used to store, retrieve, and process information on users’ end devices. As part of this process, users’ consents are obtained for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management process. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated queries and to be able to provide evidence of consent in accordance with legal requirements. Storage is done server-side and/or in a cookie (known as an opt-in cookie) or similar technologies to be able to assign the consent to a specific user or their device. If there is no specific information about providers of consent management services, the following general information applies: The storage period for consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, the information on the scope of consent (e.g., the categories of cookies and/or service providers concerned), and information about the browser, system, and device used; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) as well as in the context of existing user and business relationships, the information of the requesting individuals is processed to the extent necessary to respond to the contact inquiries and any requested measures.

Processed Data Types: Contact details (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).

Data Subjects: Communication partners. Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.

Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Further information on processing processes, procedures, and services:

Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the stated request; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web Analysis, Monitoring, and Optimization Web analysis (also referred to as “reach measurement”) is used to evaluate the visitor traffic of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, determine at what time our online offering or its functions or content are most frequently used or invite for reuse. Likewise, we can identify areas that require optimization.

In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, may be created and information may be stored and retrieved from a browser or device for these purposes. The collected information includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have agreed to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, clear user data (such as email addresses or names) are not stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. That is, we and the providers of the software used do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).

Data Subjects: Users (e.g., website visitors, users of online services). Purposes of Processing: Reach measurement (e.g., access statistics, detection of recurring visitors); Profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.

Security Measures: IP masking (pseudonymization of the IP address).

Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing processes, procedures, and services:

Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analysis information to an end device to recognize which content users have accessed within one or several usage processes, which search terms they have used, revisited, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users referring to our online offering and technical aspects of their end devices and browsers. Pseudonymous user profiles are created with information from the use of various devices, with cookies possibly being used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, accessible, or used for further purposes. When Google Analytics collects measurement data, all IP queries are made on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Opt-out options: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying ad inserts: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and processed data).