Data protection
1. introduction
We, cehler.dev (hereinafter referred to as Service Provider) understand that your privacy is of utmost importance and are committed to protecting your personal data. This Privacy Policy provides you with a detailed overview of how we collect, use, protect and, where appropriate, disclose information about you when you visit our website or use our services. Our aim is to be transparent about what personal information we collect, why we collect it and how we ensure it is treated securely.
2. scope of application
This privacy policy applies to all services, products and the website offered by cehler.dev. It covers information that we collect online through our website and offline through other channels. Please note that our website may contain links to external websites that are not covered by this privacy policy. We recommend that you carefully read the privacy statements of every website you visit as soon as you leave our website.
Your use of our website and services is conditional upon your acceptance of this Privacy Policy. If you do not agree with any part of this statement, please do not use our website and services. We reserve the right to change or update this Privacy Policy from time to time. Changes will take effect when they are published on our website. We recommend that you review this Privacy Policy regularly to ensure that you are aware of any changes and how they affect your rights regarding your personal data.
This introduction serves as a basis for understanding our obligations and your rights in connection with your personal data. Protecting your privacy is important to us and we strive to maintain high standards of data protection in all aspects of our business.
3. definitions of important terms
To ensure a clear understanding of our privacy policy, it is important to define some key terms used in this document:
- Personal data: Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the data subject.
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Data subject: Any identified or identifiable natural person whose personal data is processed by the controller.
- Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller within the meaning of data protection law
The "controller" is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. In relation to this privacy policy, the controller is
cehler.dev
Behringstr. 150
22763 Hamburg
As the controller, we have implemented numerous technical and organizational measures to ensure that the personal data processed via our website is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed.
Data collection on our website
Data can be collected on our website in various ways. On the one hand, data is automatically collected by our IT systems when you visit our website. This includes, in particular, technical data (e.g. internet browser, operating system or time the page was accessed). This data is collected automatically as soon as you enter our website.
On the other hand, your data may be collected when you provide it to us. This may, for example, involve data that you enter in a contact form. Other data may be used to analyze your user behavior, such as the use of Google Analytics, reCAPTCHA and Google Tag Manager, which are described in detail in separate sections of this privacy policy.
The processing of your personal data is based either on your consent, the fulfillment of a contract or pre-contractual measures, legal obligations or our legitimate interest in improving our website and our services.
4. definitions of important terms
Controller within the meaning of data protection law
The controller within the meaning of data protection law is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. Your company/your name, full address, contact details] is responsible for data processing on this website. As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website.
Data collection on our website
Data can be collected on our website in various ways. On the one hand, data is collected that you actively communicate to us, for example by entering it in contact forms. On the other hand, our IT systems automatically collect data when you visit the website, in particular technical data (e.g. internet browser, operating system or time the page was accessed).
Types of data processed
- Personal data: This may include name, address, e-mail addresses and telephone numbers that you provide to us, e.g. when filling out contact forms.
- Technical data: When you visit our website, we automatically collect data that your browser transmits to our servers. This includes, for example, IP address, date and time of access, browser type and version, operating system and similar technical information.
- Usage data: Information about how you use the website, including pages visited, time spent on particular pages and interactions on the site.
- Cookies: Small text files that are stored on your device and enable your use of the website to be analyzed.
Purpose of data processing
Your personal data is processed for various purposes:
- To ensure the functionality of the website,
- To answer contact requests and communicate with users,
- For technical administration and further optimization of our website,
- To analyze the usage behavior of our visitors in order to constantly improve our offer.
Legal basis for data processing
The processing of personal data takes place on the basis of various legal bases, depending on the context in which the data is processed:
- If we have obtained your consent for certain processing operations, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
- When processing data that is required to fulfill a contract or to carry out pre-contractual measures, Art. 6 para. 1 lit. b GDPR serves as the legal basis.
- Insofar as the processing of personal data is required to fulfill a legal obligation, the processing is based on Art. 6 para. 1 lit. c GDPR.
- If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Use of cookies
Our website uses cookies to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your end device. Some cookies are "session cookies" that are automatically deleted at the end of your visit to the website. Other cookies remain on your device until you delete them and enable us to recognize your browser the next time you visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
5 What are cookies?
Cookies are small text files that are used by websites to make the user experience more efficient. They are stored on your device when you visit a website. Cookies help to store information about your visit, such as your preferred language and other settings. This can make your next visit easier and the website more useful to you. Cookies play an essential role and without them the internet browsing experience would often be more frustrating.
Types of cookies and their use
- Strictly necessary cookies: These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, requested services, such as shopping cart or electronic invoicing, cannot be provided.
- Performance cookies: These collect information about how visitors use a website, e.g. which pages visitors go to most often, and whether they receive error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous.
- Functionality cookies: These cookies allow the website to remember choices you make (such as your username, language or the region you are in) and provide enhanced, more personalized features.
- Targeting or advertising cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to measure the effectiveness of the advertising campaign.
Cookie consent and management
When you visit our website for the first time, you will be asked whether you consent to the use of cookies. You have the option of giving or refusing your consent to certain types of cookies. You can change your cookie settings and withdraw your consent at any time. Most web browsers also allow you to manage cookie settings. You can set your browser to notify you when you receive a cookie, or you can disable all cookies. However, disabling or rejecting cookies may limit the functionality of our website.
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics also uses cookies that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We have activated IP anonymization on this website so that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Purpose and scope of data collection by Google Analytics
Google Analytics is a web analytics service that enables website operators to understand how visitors interact with their website. By using cookies, Google Analytics generates detailed statistics about the visitors to a website. This data includes the number of users, the origin of the visitors, the pages they have visited, the length of their stay on the website and the actions they have taken. The purpose of this data collection is to provide website operators with valuable insights that they can use to improve their website and the user experience. The data collected by Google Analytics can also be used to analyze user behavior, adapt marketing strategies and make the content of the website more effective.
IP anonymization
In order to increase data protection, Google Analytics includes a function for IP anonymization. If IP anonymization is activated on a website, the IP address of the user is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. This measure serves to prevent the identification of the individual user by the IP address and to strengthen data protection.
Objection and opt-out options
Users who do not want their data to be collected by Google Analytics have various options to prevent this collection:
- Users can prevent the storage of cookies by setting their browser software accordingly. However, this may mean that they cannot use all the functions of the website to their full extent.
- Google offers a browser add-on to deactivate Google Analytics. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The browser add-on to deactivate Google Analytics can be downloaded and installed at the following link: Browser add-on to deactivate Google Analytics.
Google reCAPTCHA
Google reCAPTCHA is a service that is used to check whether data is entered on a website (e.g. in a contact form) by a human or by an automated program. This helps to protect websites from spam and misuse. reCAPTCHA analyzes the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR with the legitimate interest of protecting our own website from automated spying, misuse and SPAM.
Use and purpose of Google reCAPTCHA
Google reCAPTCHA is a security service provided by Google to distinguish whether an action on a website is performed by a human or abusively by automated processing, so-called bots. The primary purpose of its use is to improve the security of websites and protect them from spam and abuse, while ensuring a user-friendly online experience. Websites use reCAPTCHA, for example, in contact forms, registration forms or during registration to prevent automated software (bots) from performing unwanted actions, such as sending spam via contact forms.
Data processing by reCAPTCHA
When reCAPTCHA is activated, it performs a series of analyses to determine whether a user is human or not. These analyses start automatically as soon as the visitor enters the website. reCAPTCHA evaluates various information, such as IP address, duration of the user's website visit, mouse movements and possibly other data required for Google services. This information is processed by Google and the data collected can be used to improve other Google services.
Legal basis and options for objection
The processing of data by Google reCAPTCHA is necessary to protect a legitimate interest of the website operator - namely the protection of its website against automated misuse and SPAM. The legal basis for the use of reCAPTCHA and the associated data processing is Art. 6 para. 1 lit. f of the European General Data Protection Regulation (GDPR). Users who wish to object to the collection of data by reCAPTCHA must unfortunately refrain from visiting the website on which reCAPTCHA is used, as no specific opt-out option is currently provided by Google for reCAPTCHA services. However, users can contact the operator of the website to express their concerns or objection to the use of reCAPTCHA.
Google Tag Manager (gtag.js)
Google Tag Manager is a tool that enables website operators to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. However, the tags managed by the Tag Manager may collect data if they have been configured to do so. The use of Google Tag Manager serves to increase the efficiency of tag implementation and management and thus improves the performance of the website and the user experience.
The use of Google Tag Manager is based on the legitimate interest of the website operator in the technically error-free and optimized provision of its services in accordance with Art. 6 para. 1 lit. f GDPR. Users who wish to avoid specific tags or the associated data processing can deactivate or restrict the execution of JavaScript in their browsers. However, this may impair the functionality of the website on which Google Tag Manager is used.
Function and purpose of the Google Tag Manager
Google Tag Manager is an efficient tool from Google that enables website operators to manage website tags via a single interface. A "tag" is a snippet of JavaScript that is used for tracking and analysis purposes. The Tag Manager makes it possible to centrally implement and manage various tracking codes and associated code fragments that are usually embedded in websites - such as Google Analytics, Facebook Pixel or other advertising tracking tools - without having to make any changes to the code of the actual website. The primary purpose of using Google Tag Manager is to increase the efficiency of setting up and managing tracking tools, allowing website operators to use their resources more effectively and improve the performance of their websites.
Data protection measures when using the Google Tag Manager
Although Google Tag Manager itself does not collect any personal data, as it is only used to integrate and manage tags on websites, the tags it manages can collect data. Google therefore implements data protection measures to ensure transparency and control over data processing. Website operators are required to specify in their privacy policy exactly which tags are active and what data is collected by them. It is also important that users are informed on the website about the possibility of giving or refusing their consent to data collection by these tags, in accordance with the requirements of the GDPR.
Management and deactivation of tags
Google Tag Manager offers website operators the flexibility to quickly activate or deactivate tags. Users who do not want their data to be collected via the tags have the option of adjusting the cookie settings on the respective website accordingly or using browser extensions that block tracking. Users can also deactivate JavaScript in their browser, although this may impair the functionality of the website. Direct deactivation of specific tags by the user is generally not provided for, which is why transparency and control by the website operator and the consent of the user are of central importance.
Rights of the data subject
Individuals whose data is collected as part of the tracking tools managed by Google Tag Manager have certain rights under the GDPR:
- Right of access: You have the right to know what personal data is collected about you.
- Right to rectification: You may request the rectification of inaccurate personal data.
- Right to erasure: Under certain circumstances, you can request the erasure of your data.
- Right to restriction of processing: In certain cases, you have the right to request the restriction of the processing of your data.
- Right to data portability: You may request to receive a copy of your data in an electronic format.
- Right to object: You have the right to object to the processing of your personal data at any time.
It is the duty of the website operator to ensure that the rights of the data subjects are respected and that requests regarding their personal data are processed promptly.
Function and purpose of the Google Tag Manager
Google Tag Manager (GTM) is a free tool that makes it easy for marketers, web developers and website owners to manage and embed code snippets or tags on their website or mobile apps without having to make any changes to the code of the actual website. Tags can serve a variety of purposes, including tracking, analytics, marketing optimization and more. The main purpose of GTM is to simplify the implementation and management of these tags, increasing efficiency and reducing the need for extensive development resources. GTM makes it easy to add, edit and disable tags through a user-friendly interface without having to edit the source code of the website or app each time.
Data protection measures when using the Google Tag Manager
Although the GTM itself does not collect any personal data, it can be used to embed tags that do. It is therefore important to implement clear data protection measures:
- Transparency: Website operators should clearly state in their privacy policy that the GTM is used and for what purpose.
- Consent: Explicit consent should be obtained from the user before activating tags that may collect personal data, especially in regions where this is required by law, such as in the EU under the GDPR.
- Privacy-friendly default settings: Tags should be configured to respect user privacy, e.g. by anonymizing IP addresses wherever possible.
Management and deactivation of tags
The GTM enables website operators to manage tags quickly and easily:
- Activation and deactivation: Tags can be activated or deactivated as required without changing the source code of the website. This offers flexibility when testing and implementing new marketing strategies or tracking tools.
- Versioning and rollback: GTM saves versions of tag configurations so that you can revert to an earlier configuration if required.
Rights of the data subject
Users have specific rights regarding their personal data that may be collected through tags:
- Right to information: Users can request information about what personal data is collected about them.
- Right to rectification: Users have the right to request the rectification of inaccurate data.
- Right to erasure: Under certain circumstances, users may request the erasure of their data.
- Right to restriction of processing: Under certain conditions, users may request that the processing of their data be restricted.
- Right to object: Users have the right to object at any time to the processing of their data for specific purposes.
Website operators must ensure that the implementation of GTM and the use of tags are in compliance with applicable data protection laws and that the rights of data subjects are respected. It is important to provide mechanisms for obtaining and managing user consent and to provide transparent information about the use of GTM and the associated data protection practices.
Rights of the data subject
In accordance with the European General Data Protection Regulation (GDPR) and other local data protection laws, individuals whose data is processed have certain rights. These rights and the options for exercising them are described in detail below.
Right to information
Each data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If this is the case, the data subject has a right of access to this personal data and to the following information:
- the purposes of processing,
- the categories of personal data that are processed,
- the recipients or categories of recipients to whom the personal data have been or will be disclosed,
- the planned duration of storage of the personal data or, if specific information on this is not possible, the criteria for determining this duration.
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to restriction of processing
In certain circumstances, the data subject has the right to obtain from the controller restriction of processing of their personal data. These circumstances include:
- the accuracy of the personal data is contested by the data subject,
- the processing is unlawful and the data subject opposes the erasure of the personal data,
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims
- the data subject has objected to the processing.
Right to erasure ("right to be forgotten")
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing.
- The personal data was processed unlawfully.
The exercise of these rights is free of charge for the data subject and can be asserted directly with the controller. The controller shall take appropriate measures to inform the data subject of the aforementioned rights and to facilitate the exercise of these rights.
Rights of the data subject
Right to information
Data subjects have the right to be informed by the controller when it comes to the correction, deletion or restriction of the processing of their personal data. The controller must inform all recipients to whom personal data have been disclosed of any rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
Right to data portability
This right enables data subjects to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the original controller, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means.
Right of objection
Data subjects have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) GDPR. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right to revoke the declaration of consent under data protection law
Data subjects have the right to withdraw their declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Automated decision in individual cases including profiling
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, provided that the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
Right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes the GDPR.
Data security
Technical and organizational measures
To ensure the security of your data, we implement a range of technical and organizational measures. These measures are designed to protect personal data against accidental or unauthorized destruction, loss, alteration, unauthorized disclosure or access. These measures include, among others
- Data security concepts that are regularly reviewed and updated to ensure that our protective measures are state of the art.
- Access controls that ensure that only authorized persons have access to personal data for which they have clear authorization.
- Data transmission backup to protect data during transmission over the Internet.
- Data minimization to ensure that only the data required for the respective purpose is collected.
- Training for employees on data protection practices and the handling of personal data.
SSL or TLS encryption
We use SSL or TLS encryption to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize this by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Changes to the privacy policy
We reserve the right to amend our privacy policy in order to adapt it to changes in the legal framework or changes to our services and data processing. New privacy policies apply from the time they are published on our website. We recommend that you check this privacy policy regularly to stay informed about the protection and processing of your data. If significant changes are made that affect your rights or the way in which we process personal data, we will inform you in an appropriate manner, for example by means of a prominent notice on our website or by communicating directly with you.
Changes to the privacy policy
We reserve the right to amend our privacy policy in order to adapt it to changes in the legal framework or changes to our services and data processing. New privacy policies apply from the time they are published on our website. We recommend that you check this privacy policy regularly to stay informed about the protection and processing of your data. If significant changes are made that affect your rights or the way in which we process personal data, we will inform you in an appropriate manner, for example by means of a prominent notice on our website or by communicating directly with you.
Adjustments and updates to data security
In order to continuously ensure the protection and security of your personal data, we are committed to constantly reviewing our security measures and adapting them where necessary. The rapid development of digital technologies and the constantly changing threats in the area of cyber security require us to continuously update and improve our technical and organizational security measures.
Updating the security measures
We actively monitor the latest developments in security technology and adapt our security measures accordingly to maintain a high standard of protection. This includes the implementation of advanced encryption techniques, regular security audits and the training of our employees in data protection and security-related topics.
Adapting to new threats
The cyber security landscape is dynamic and new types of threats are constantly emerging. We are committed to regularly reviewing and adapting our security protocols to be prepared against current and future threats. This includes responding quickly to security incidents and implementing measures to mitigate damage and prevent future incidents.
Commitment to transparency
We understand that the trust of our users in the security of their data is of crucial importance. Therefore, we are committed to transparency regarding our security practices and measures. Should significant changes in our security measures be necessary, we will inform the affected parties and provide the necessary information to promote understanding and trust in our measures.
Review and improvement
The effectiveness of our security measures is regularly reviewed and evaluated to ensure that they comply with current security standards and requirements. We strive to make continuous improvements to ensure the integrity, availability and confidentiality of the personal data we process.
User involvement
We encourage our users to become part of our security culture by informing us of any perceived vulnerabilities or security concerns. We value our users' feedback as an important contribution to improving our security measures.
Through these ongoing adjustments and updates to our security measures, we are committed to ensuring a high level of data security and to maintaining and strengthening the trust of our users and partners.
Contact details
Person responsible for data processing
cehler.dev
Behringstr. 150
22763 Hamburg
Germany
E-mail: [email protected]
Website: https://cehler.dev
Represented by: Christian Ehler
Data Protection Officer
Data Protection Officer of cehler.dev
Behringstr. 150
22763 Hamburg
Germany
E-mail: [email protected]
Our data protection officer will be happy to answer any questions you may have about data protection. Please do not hesitate to contact him directly with any queries regarding your personal data and the exercise of your data protection rights.
Contact for questions about data protection
You can contact us at any time with questions about data protection, the exercise of your rights as a data subject (such as the right to information, rectification, erasure, restriction of processing, objection to processing, data portability) or to withdraw your consent. To do so, please use the contact details of the controller or the data protection officer provided above. We endeavor to process all requests quickly and in accordance with the legal requirements.