Privacy Policy | Hope and Confidence

July 1, 2022

With this information, the responsible body named in section 1 (“we”) informs the user of the website (‘you’ or “user”) about the collection and processing of personal data in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR). At the same time, we inform you when we store information in the terminal equipment you use when accessing our websites or when we access information already stored in your terminal equipment.

The use of websites of other providers, which are referred to via links, for example, is subject to the data protection information provided there.

A General information
1 Responsible body and data protection officer

1.1 The responsible data processor for this website is: Klaus-Henri Göbel, info@kp26.de

1.2 You can contact the data protection officer by email at [Note: enter the email address of the data protection officer, but this is not mandatory], or at the address given in section 1.1, adding “For the attention of the data protection officer.” [Design note: If there is no obligation to appoint a data protection officer, the above sentence is replaced by: “We are not required to appoint a data protection officer.” See Art. 13 (1) b and Art. 14 GDPR.]

1.3 Our website is hosted by ALL-INKL.COM (www.all-inkl.com), i.e., it is technically provided on the web servers of this web host. The web host is a processor commissioned by us in accordance with Art. 28 GDPR. [Design note: the last sentence is only correct if you have actually concluded a data processing agreement with us.

2 Rights of data subjects

If we collect personal data from you, you have the following rights as a “data subject”:

2.1 Right to information

You may request information pursuant to Art. 15 GDPR about your personal data that we process.

2.2 Right to object

You have the right to object on the specific grounds set out in Art. 21(1) GDPR. We will inform you about this separately from this information under “B.”

2.3 Right to rectification

If the information concerning you is no longer accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

2.4 Right to erasure

You may request the erasure of your personal data under the conditions set out in Art. 17 GDPR.

2.5 Right to restriction of processing

In the cases specified in Art. 18 GDPR, you have the right to request a restriction on the processing of your personal data (“blocking”).

2.6 Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right under Art. 77(1) GDPR to lodge a complaint with a data protection supervisory authority of your choice.

2.7 Right to data portability

If you have provided us with personal data in accordance with Art. 20 (1) GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a structured, commonly used, and machine-readable format. The collection of data for the provision of the website and the storage of log files (see section 3.1 below) are essential for the operation of the website. They are therefore not based on consent pursuant to Art. 6 (1) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, but are justified pursuant to Art. 6 (1) (f) GDPR. The requirements of Art. 20 (1) GDPR are therefore not met in this respect.

3.1.2 The temporary storage of this user data is necessary for the duration of a website visit in order to enable the website to be delivered. For this purpose, the user's IP address must necessarily remain stored for the duration of the session (i.e., the website visit).

3.1.3 The IP address and the data listed above are stored in log files beyond this purpose. This is done so that our web host can ensure the functionality of the website and the security of the information technology systems.

3.2 On what legal basis is this data processed? The data from section 3.1 is collected and processed by our web host for the aforementioned temporary storage purpose and also for the further storage purpose in accordance with Art. 6 (1) (f) GDPR. This purpose also constitutes the legitimate interest in data processing. This legitimate interest is the interest of our web host, but also our legitimate interest in a functional website.

3.3 Are there other recipients of the aforementioned data besides the controller? As our processor, our web host has technical access to the data mentioned in 3.1.

3.4 How long will the data be stored? The data from 3.1.1 will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for a maximum of 7 days, unless a security incident requires longer storage. [Design note: Here you must describe a different individual handling on your part, deviating from the standard text.

3.5 Is there an obligation to provide data? You must provide the data from 3.1 to our web host. Otherwise, you will not be able to use our website technically and our web host cannot guarantee secure technical operation.

If we provide you with an email address and a contact form with input fields, this is for the purpose of enabling you to contact us. If you send us personal data, we will store it and process it for the purpose of contacting you. [Design note: If you design your contact form for other purposes, you must modify the standard text and also provide information about these purposes. For example, if you forward the personal data entered and transmitted to you to third parties for advertising purposes.]

4.2.2 On what legal basis is this data processed?

The data from section 4.2.1 is processed on the basis of Art. 6 (1) (f) GDPR (legitimate interest of us as the responsible body). If your request is aimed at concluding a contract, then Art. 6 (1) (b) GDPR is an additional legal basis (initiation, conclusion, and execution of a contract).

4.2.3 Are there other recipients of the aforementioned data besides the controller?

As our processor, our web host has technical access to the data mentioned in 4.2.1. [Note: If you use another service provider (mail provider), this should be specified instead of “our web host”.]

4.2.4 How long is the data stored?

The data referred to in 4.2.1 will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent to us by email or via the contact form, this is the case when the respective correspondence with the user has ended and storage is not necessary for other reasons. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

4.2.5 Is there an obligation to provide data?

You are not obliged to provide us with data from 4.2.1. You do not have to communicate with us.

4.3 Use of the session cookie “wbk_sid” based on legitimate interests

[Design note: If the login and contact forms are not used, section 4.3 does not apply, as this cookie is not set at all. If only one of the two services is not used, the text below should only apply to one or the other service.

4.3.1 What data is processed for what purpose?

As soon as you use the login form or the contact form, the session cookie “wbk_sid” is stored on your device by default. This cookie contains a long combination of numbers and letters (“ID”). The purpose of the cookie is to recognize the user as such when they request to send login data or contact information and to distinguish them from abusive users (e.g., SPAM bots).

The information in this cookie constitutes personal data. However, the use of the “wbk_sid” cookie does not require consent under data protection law because the data processing is necessary to safeguard the legitimate interests of the website operator and because the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not outweigh these interests. The legal basis for data processing is therefore Art. 6 (1) sentence 1 letter f GDPR.

5.1 If we wish to store information on the end device you use when visiting our websites and/or access information already stored on your end device, we will ask for your consent on the basis of clear and comprehensive information. This is done via a consent banner used by us. We will obtain the necessary consent before accessing your information. You can revoke your consent at any time. However, your consent is not required for certain purposes specified by law, in which case we will not ask for it. On the one hand, consent is not required if the sole purpose of storing information in the end user's terminal equipment or the sole purpose of accessing information already stored in the end user's terminal equipment is to carry out the transmission of a message via a public telecommunications network. On the other hand, consent to the use of your terminal equipment is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for us, as a provider of a telemedia service, to be able to provide a telemedia service expressly requested by the user.

5.2 Such access to end devices is possible using certain technologies. The best-known technology involves cookies. Cookies are objects that can be stored in the Internet browser or by the Internet browser on the user's end device. When a user visits a website, the server of the website operator or a third party can read the cookie stored there via the user's operating system and thus access the information stored in it. A cookie may or may not contain a characteristic string of characters that enables the user's browser to be uniquely identified when the website is visited again.

5.3 Removal option: The user can prevent or restrict the installation of cookies by adjusting their browser settings accordingly. Cookies that have already been stored can also be deleted by the user at any time via their browser. The settings for this depend on the respective browser. However, if the user prevents or restricts the installation of cookies, this may mean that not all functions of the website can be used to their full extent. What applies to cookies also applies to other technologies that use the user's end device.

6.1 In order to obtain your legally required consent for certain services or functions, or to comply with your revocation of consent, a consent banner will be displayed to you. Your consent or non-consent concerns our use of your end device (computer, laptop, smartphone, tablet) through cookies or similar technologies, which allow information to be stored on or read from your end device. Your consent may also be required for the processing of personal data by us or third parties in accordance with Art. 6 (1) sentence 1 letter a GDPR, which is associated with your use of our websites. In certain cases, the law allows us to use your device without your consent and/or to subsequently process your personal data without your consent.

6.2 We use the consent banner to inform you about all services and functions that require your consent before we use the service or function. The consent banner consists of an overview of all processing operations that require consent and describes the details of each one so that you, as a user, can assess the meaning and scope of your consent. You can consent to each process by activating a button/click area or reject it by deactivating it. There are three options for making a decision: