Privacy Policy

Privacy Policy

1. Introduction The protection of your personal data is our highest priority. This Privacy Policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) in connection with our online services. This includes the associated website, functions, and content, as well as external online presences, such as social media profiles (hereinafter collectively referred to as “online services”). Your personal data is treated confidentially and in strict compliance with statutory data protection regulations and the provisions of this Privacy Policy.

General Notices This Privacy Policy provides you with a comprehensive overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. Please refer to this complete Privacy Policy for detailed information regarding data protection.

Data Controller The data processing on this website is carried out by the website operator. The contact details for the controller can be found in the section “Controller” in this Privacy Policy.

Data Collection Personal data is collected either when you actively share it, e.g., by filling out a contact form. Other data is collected automatically or upon your consent when visiting the website by the controller’s IT systems. This primarily concerns technical data (e.g., internet browser, operating system, or time of page access). This data collection occurs automatically as soon as you enter the website.

Data Usage Some data is collected to ensure the website functions without errors. Other data may be used to analyze your user behavior to optimize our services and adapt them to your needs.

Data Transfer to External Parties As part of the controller’s business operations, it may be necessary to transmit personal data to external parties. This transfer occurs exclusively under specific conditions: if the disclosure is necessary for the fulfillment of a contract, if there is a legal obligation (e.g., to tax authorities), if there is a legitimate interest pursuant to Art. 6 (1) lit. f GDPR, or if another legal basis permits the data transfer. When using external service providers for data processing, the disclosure of personal data takes place exclusively on the basis of a valid data processing agreement pursuant to Art. 28 GDPR. If joint data processing with other entities occurs, a contract regarding joint processing pursuant to Art. 26 GDPR will be concluded.

Revocation of Consent Certain data processing operations can only be carried out with your explicit consent. This consent can be revoked at any time. The legality of the data processing carried out until the time of revocation remains unaffected by the revocation.

Right to Object (Art. 21 GDPR) If your personal data is processed on the basis of Art. 6 (1) lit. e or f GDPR, you have the right to object to this processing at any time, provided there are reasons arising from your particular situation. This also applies to profiling based on these provisions. The specific legal basis for data processing can be found in this Privacy Policy. In the event of an objection, the controller will no longer process your personal data unless compelling legitimate grounds can be demonstrated which override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (objection pursuant to Art. 21 (1) GDPR). If your personal data is used for the purposes of direct marketing, you have the right to object to this processing at any time. This also applies to profiling, insofar as it is connected to direct marketing. After your objection, the controller will no longer use your personal data for these advertising purposes (objection pursuant to Art. 21 (2) GDPR).

Rights under the General Data Protection Regulation (GDPR) You have the right to file a complaint with a competent supervisory authority in the event of violations of the GDPR. This right can be exercised in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. Other administrative or judicial legal remedies remain unaffected. Personal data processed automatically based on consent or for the fulfillment of a contract can be requested in a structured, common, and machine-readable format. Upon request, a direct transmission of this data to another controller can also take place, provided this is technically feasible. Every data subject has the right to receive free information about their stored personal data, its origin, recipient, and the purpose of the data processing. Furthermore, there is a right to rectification or deletion of this data, provided legal provisions allow it. For further questions or concerns regarding personal data, you can contact the controller at any time. There is a right to demand the restriction of the processing of personal data if the accuracy of the data is contested and a review is pending. Even in the case of unlawful processing, the restriction of data processing can be demanded instead of deletion. Furthermore, restriction can be requested if the data is no longer needed but is required for the assertion, exercise, or defense of legal claims. In the event of an objection to processing pursuant to Art. 21 (1) GDPR, until the clarification of whose interests prevail, there is also the right to restriction. If the processing of personal data is restricted, it may, apart from storage, only be processed with the consent of the data subject or for the assertion, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.

2. Controller The data controller responsible for the processing of personal data on this website within the meaning of the GDPR is: Anna Radchenko, Address: Freibadstr. 15, 81543 Munich, Website: www.aniamalt.art, E-Mail: aniamaltart@gmail.com, Phone: 01787984594.

3. Processors Collaboration takes place with various data processors who process data on our behalf. These service providers are contractually obliged to treat the data confidentially and to use it exclusively within the scope of the respective service. Additionally, there are cases where the responsibility for data processing is shared with other entities. In such cases, responsibilities are transparently regulated and documented to ensure compliance with data protection requirements.

4. Definitions To ensure the transparency of this Privacy Policy and make it understandable for everyone, terms are used here that are also defined in the GDPR. Full legal definitions can be found in Art. 4 GDPR. The most important terms in connection with this Privacy Policy are explained below:

  • Processing: Any operation or set of operations performed in connection with personal data, whether or not by automated means. This may include the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.
  • Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Website: The entire internet offer provided by the controller under a specific URL. This includes all content, information, functions, and services published by the controller and accessible to the user via this URL. The website serves as a digital platform for providing information, services, and interaction between the controller and users.
  • Terminal Device: An electronic device capable of accessing the internet and loading websites. This includes, among others, computers, laptops, tablets, and smartphones.

5. Hosting This website is hosted on the servers of an external service provider to ensure a reliable and secure use of our online services. Data processing by the hosting provider occurs pursuant to Art. 6 (1) lit. f GDPR, as the controller has a legitimate interest in providing a stable and secure website. If it is necessary to obtain the user’s consent (e.g., for the use of certain cookies or tracking technologies), the data processing is based on the user’s consent pursuant to Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. You can revoke your consent at any time with effect for the future. The hosting provider is: Namecheap, Inc., 4600 East Washington Street, Suite 300, Phoenix, AZ 85034, USA. Details on data processing and privacy can be found in the hosting provider’s privacy policy at: https://www.namecheap.com/legal/general/privacy-policy/.

6. Legal Basis for Data Processing The processing of your personal data is based on the GDPR and other relevant statutory provisions. Depending on the purpose of the data processing, different legal bases apply. If you have consented to the processing, it is based on Art. 6 (1) lit. a GDPR (especially for special categories of data under Art. 9 (2) lit. a GDPR or data transfer to third countries under Art. 49 (1) lit. a GDPR). Consent can be revoked at any time. Processing may be necessary for contract fulfillment or pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR. Furthermore, processing may be required to fulfill legal obligations pursuant to Art. 6 (1) lit. c GDPR. In certain cases, processing is performed to protect legitimate interests of the controller or a third party, pursuant to Art. 6 (1) lit. f GDPR. For specific processing, national regulations, such as § 25 TTDSG regarding cookie storage or access to information on your device, may apply. The applicable legal bases are explained in the specific sections of this Privacy Policy.

7. Data Transfer to Unsafe Third Countries and Non-DPF Certified US Companies If tools are used on this website from companies based in third countries that are not considered safe under data protection law, or if US tools are used whose providers are not certified under the EU-US Data Privacy Framework (DPF), your personal data may be transferred to and processed in these countries. Please note that in unsafe third countries, a level of data protection equivalent to that of the EU cannot be guaranteed. For the USA as an unsafe third country, a level of protection comparable to the EU is generally not guaranteed. A data transfer to the USA is therefore only permissible if the recipient has a certification under the “EU-US Data Privacy Framework” (DPF) or possesses suitable additional safeguards. Detailed information on possible transfers to third countries, including data recipients, can be found in this Privacy Policy.

8. Storage Duration Unless a more specific storage duration is mentioned in this Privacy Policy, personal data remains with the controller until the purpose for processing ceases to apply. If a legitimate request for erasure is made or consent is revoked, the respective data will be erased, provided no other legally permissible reasons for storage exist (e.g., tax or commercial retention periods). In these cases, erasure occurs after these reasons cease to exist. The controller stores personal data only as long as necessary to fulfill the respective purposes for which the data was collected. This includes fulfilling contractual obligations, complying with statutory retention periods, and protecting the controller’s legitimate interests, such as IT security and protection against abuse. If processing is based on consent, storage occurs until the data subject revokes this consent. Revocation is possible at any time with effect for the future, after which data is immediately erased unless legal retention obligations or other overriding reasons necessitate further storage.

9. Security Measures and Data Minimization Comprehensive technical and organizational measures are taken to effectively protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure/access. Data minimization is practiced, ensuring only data strictly necessary for the respective purpose is collected and processed. This strategy reduces the risk of abuse and unauthorized access. Security measures are continuously adapted to the state of the art to ensure a high level of protection.

10. SSL/TLS Encryption To protect data transmission, current encryption technologies (e.g., SSL or TLS) are used over HTTPS. SSL (Secure Socket Layer) and TLS (Transport Layer Security) are protocols for encrypting internet data transfers, ensuring that data exchanged between your browser and the server is protected from unauthorized access. An encrypted connection is indicated by the browser address bar changing from “http://” to “https://” and the lock symbol in your browser line.

11. Storage of User Information in Log-Files Each access to the website automatically records general information transmitted by your browser to the server. This information is stored in log-files and generally includes: a) IP address of the requesting computer b) Date and time of access c) Name and URL of the retrieved file d) Website from which access is initiated (Referrer-URL) e) Browser and User Agent String used f) Operating system g) Name of your access provider h) HTTP status code This data is stored for security reasons, to ensure stable website connection, convenient website usage, and to evaluate system security, stability, and for administrative purposes. The legal basis for data processing is Art. 6 (1) lit. f GDPR. Legitimate interest arises from these data collection purposes. The collected data is in no case used to draw conclusions about your person. Stored data is anonymized or erased unless statutory retention obligations exist.

12. Cookies This website uses cookies. These are small files created by your browser and stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit the site. Cookies cause no damage to your device, contain no viruses, Trojans, or other malware. Cookies store information related to the specific device used; this does not mean the controller gains immediate knowledge of your identity. The use of cookies aims to make the offer more pleasant for you. Session cookies are used to recognize that you have already visited individual pages of the website and are automatically deleted after leaving the page. Temporary cookies are also used to optimize user-friendliness, stored on your device for a specific period; if you visit the site again, the system automatically recognizes you and your previous inputs/settings. Additionally, cookies are used to statistically record website usage to optimize the offer for you. These cookies are automatically deleted after a defined period. Data processed by cookies is required for the stated purposes to protect the controller’s and third parties’ legitimate interests pursuant to Art. 6 (1) S. 1 lit. f GDPR. Most browsers accept cookies automatically; you can configure your browser to prevent storage or warn you before a new cookie is created. Full deactivation of cookies may, however, result in not being able to use all features of the website.

13. Inquiries via E-Mail or Telephone You have the option to address inquiries to the controller via e-mail or telephone. The transmitted personal data (e.g., name, e-mail address, telephone number, and the inquiry itself) is processed and stored by the controller exclusively for the purpose of processing the inquiry and any follow-up questions. The legal basis for this processing is Art. 6 (1) lit. b GDPR, as it is necessary for contract fulfillment or pre-contractual measures. If processing is not contract-related, it is based on Art. 6 (1) lit. f GDPR, as the controller has a legitimate interest in processing and answering the inquiries.

14. Prohibition of Advertising Emails The use of contact data published in the legal notice (Impressum) for sending unsolicited advertising and information materials is hereby prohibited. Any unauthorized use of contact data for advertising purposes constitutes a violation of the operator’s rights and will not be tolerated. The operator reserves the right to take legal action in case of violations, especially regarding the unsolicited sending of spam emails.

Newsletter to Existing Customers without Consent Newsletters are sent to existing customers without explicit consent under certain conditions, permissible pursuant to Art. 6 (1) lit. f GDPR, if the following conditions are met: a) Existing customer status: The customer provided their e-mail address in connection with the sale of a good or service. b) Direct marketing for own similar goods or services: The newsletter contains only advertising for own similar products or services. c) Notification of the right to object: The customer was clearly informed at the time of collecting the e-mail address and in every newsletter that they can object to the use of their e-mail address at any time without incurring costs other than the basic transmission costs. d) No objection from the customer: The customer has not objected to the use of their e-mail address. This type of newsletter delivery is based on the controller’s legitimate interest in informing existing customers about similar products or services and maintaining the business relationship. Processing occurs pursuant to Art. 6 (1) lit. f GDPR. Customers can object to the use of their e-mail address for this purpose at any time via an informal notice by e-mail or by using the “unsubscribe” link in the newsletter.

15. Google Fonts This website uses Google Fonts, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service enables the use of fonts provided by Google to improve the visual design of this website. When retrieving Google Fonts from Google servers, your IP address is transferred to Google servers in the USA. Google stores this information and uses it to analyze font usage. Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the USA. Each DPF-certified company commits to adhering to strict data protection standards. Further information on the EU-US DPF can be found at: https://www.dataprivacyframework.gov. Additional information on the processing of your personal data by Google can be found in Google’s Privacy Policy at: https://policies.google.com/privacy.