PRIVACY POLICY

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can identify you personally. Detailed information on data protection can be found in our privacy policy below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Note on the Responsible Party” in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include data you enter into a contact form. Other data is collected automatically or with your consent when you visit the website through our IT systems. This mainly includes technical data (e.g., internet browser, operating system, or time of page visit). This data is collected automatically as soon as you enter the website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your browsing behavior. If contracts can be entered into or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other requests for services.

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipients, and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can withdraw this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request the restriction of processing your personal data. You also have the right to file a complaint with the relevant supervisory authority.

For this and any further questions regarding data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When visiting this website, your browsing behavior may be statistically analyzed. This is primarily done with the help of analysis tools. Detailed information about these analysis tools can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host. These may include, among other things, IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

External hosting is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). If consent was obtained, processing takes place solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, as far as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent may be withdrawn at any time.

Our host(s) will process your data only to the extent necessary to fulfill their service obligations and will follow our instructions regarding this data.

We use the following host(s):

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

3. General Information and Mandatory Information

Data Protection

The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is information that can identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.

We point out that data transmission over the internet (e.g., communication via email) may have security vulnerabilities. A complete protection of data from third-party access is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:

Jan Tillmanns
Am Kreuzstein 45
63477 Maintal

Email: admin[at]janoti.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a specific storage duration is mentioned within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you submit a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur once these reasons no longer apply.

General Information on the Legal Grounds for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed according to Art. 9 para. 1 GDPR. In the case of explicit consent for the transfer of personal data to third countries, data processing also takes place based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing also occurs based on § 25 para. 1 TDDG. Consent can be withdrawn at any time.

Note on Data Transfer to Third Countries with Insecure Data Protection Laws and Transfer to US Companies Not DPF-Certified

We use tools from companies based in third countries with insecure data protection laws and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. We point out that in third countries with insecure data protection laws, no data protection level comparable to the EU can be guaranteed.

We point out that the USA, as a third country, generally offers a data protection level comparable to the EU. Data transfer to the USA is permissible if the recipient has a certification under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of Personal Data

In the course of our business activities, we cooperate with various external entities. In some cases, it is necessary to transmit personal data to these external parties. We only share personal data with external parties when it is required for contract fulfillment, when we are legally obligated to do so (e.g. transferring data to tax authorities), when we have a legitimate interest in the transfer pursuant to Art. 6(1)(f) GDPR, or when another legal basis permits the data transfer. When using processors, we only transfer our customers’ personal data based on a valid contract for data processing. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have previously given at any time. The lawfulness of the processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR THE PROCESSING CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, IF IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

In case of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the location of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to request that we provide you with data that we process based on your consent or in the course of fulfilling a contract in a structured, commonly used, and machine-readable format. If you request direct transmission of the data to another controller, this will only be done if technically feasible.

Right to Access, Rectification, and Deletion

You have the right to obtain information about your stored personal data at any time, free of charge, including its origin, recipients, and the purpose of the processing, and if necessary, the right to rectify or delete this data, in accordance with applicable legal provisions. For this and any other questions regarding personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can request this at any time. The right to restriction of processing applies in the following cases:

If you contest the accuracy of your personal data stored with us, we usually need time to verify this. During the verification, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data is unlawful, you can request the restriction of processing instead of deletion.
If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing instead of deletion.
If you have filed an objection under Art. 21(1) GDPR, there must be a balancing of interests between yours and our interests. As long as it is not clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have requested a restriction of processing of your personal data, those data – except for their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

4. Data Collection on This Website

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for processing your inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal retention periods remain unaffected.

Inquiries via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all personal data arising from it (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The data you send us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after processing your request). Mandatory legal retention periods, especially statutory retention periods, remain unaffected.

5. Social Media

Facebook

This website integrates elements of the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. As a result, Facebook can associate the visit to this website with your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or how Facebook uses it. For more information, please refer to Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDG. Consent may be withdrawn at any time.

Insofar as personal data is collected on our website with the help of the tool described here and transferred to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook or Instagram. The subsequent processing by Facebook or Instagram after the transfer is not part of the joint responsibility. The joint obligations have been documented in an agreement on joint processing. You can find the wording of the agreement at:
https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the legally compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://privacycenter.instagram.com/policy/ and
https://de-de.facebook.com/help/566994660333381.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure the compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452.

Instagram

This website includes features of the Instagram service. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. This allows Instagram to receive information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the provider of this site, we do not have knowledge of the content of the transmitted data or how Instagram uses it.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG. Consent can be revoked at any time.

To the extent that personal data is collected on our website using this tool and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited to the collection of data and its forwarding to Facebook or Instagram. Processing by Facebook or Instagram after the data forwarding is not part of the joint responsibility. Our shared obligations have been outlined in a joint processing agreement. You can find the wording of the agreement here:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information when using the Facebook or Instagram tool and for ensuring the privacy-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. Data subject rights (e.g., access requests) regarding data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert data subject rights with us, we are obligated to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://privacycenter.instagram.com/policy/, and
https://de-de.facebook.com/help/566994660333381.

For more information, please refer to Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s link:
https://www.dataprivacyframework.gov/participant/4452.

Tumblr

This website uses buttons and other elements of the Tumblr service. The provider is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA.

When the social media element is active, a direct connection is established between your device and the Tumblr server. This allows Tumblr to obtain information about your visit to this website.

The Tumblr buttons allow you to share a post or page on Tumblr or follow the provider on Tumblr. When you visit one of our websites with the Tumblr button, the browser establishes a direct connection with the Tumblr servers. We have no influence on the scope of data that Tumblr collects and transmits using this plugin. Currently, the IP address of the user and the URL of the respective website are transmitted.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. Consent can be revoked at any time.

Further information can be found in Tumblr’s privacy policy at:
https://www.tumblr.com/privacy/de.

6. Plugins and Tools

YouTube with Enhanced Privacy

This website embeds videos from the YouTube website. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a website that embeds YouTube, a connection is established to the YouTube servers. This informs the YouTube server about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. Videos played in enhanced privacy mode will not be used by YouTube for personalizing browsing on YouTube. Ads displayed in enhanced privacy mode are also not personalized. In enhanced privacy mode, no cookies are set. Instead, so-called Local Storage elements are stored in the user’s browser, which contain personal data and can be used for recognition. Details on the enhanced privacy mode can be found here:
https://support.google.com/youtube/answer/171780.

Further data processing operations may be triggered after activating a YouTube video over which we have no control.

The use of YouTube is in the interest of providing an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent was requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) in accordance with TDDDG. Consent may be revoked at any time.

Further information about data protection on YouTube can be found in their privacy policy at:
https://policies.google.com/privacy?hl=de.

Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages with a Vimeo video, a connection is made to the Vimeo servers. The Vimeo server is informed about which of our pages you have visited. Additionally, Vimeo gains access to your IP address. This applies even if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to Vimeo’s servers in the USA.

If you are logged into your Vimeo account, you allow Vimeo to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or similar recognition technologies (e.g., device fingerprinting) to recognize website visitors.

The use of Vimeo is in the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest under Art. 6 para. 1 lit. f GDPR. If explicit consent was requested, the processing takes place solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDTG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TDDTG. The consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Further details can be found here:
https://vimeo.com/privacy.

For more information on Vimeo’s handling of user data, please refer to their privacy policy at:
https://vimeo.com/privacy.

The company has a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. Further information is available from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5711.

Google Fonts

This page uses Google Fonts, which are provided by Google, to ensure consistent font display. When you visit a page, your browser loads the necessary fonts into its cache to display text and fonts correctly.

For this purpose, the browser you use must establish a connection to Google’s servers. This allows Google to know that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the consistent representation of the font style on their website. If explicit consent was requested, the processing takes place solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDTG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TDDTG. The consent can be revoked at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

For more information on Google Fonts, visit:
https://developers.google.com/fonts/faq and in Google’s privacy policy:
https://policies.google.com/privacy?hl=de.

Google Maps

This page uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With this service, we can embed map material on our website.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a server of Google in the USA and stored there. The provider of this website has no control over this data transmission. If Google Maps is activated, Google may use Google Fonts for the uniform display of fonts. When Google Maps is accessed, your browser loads the necessary web fonts into its cache to display text and fonts correctly.

The use of Google Maps is in the interest of providing an appealing presentation of our online offerings and ensuring the easy location of places specified on our website. This constitutes a legitimate interest under Art. 6 para. 1 lit. f GDPR. If explicit consent was requested, the processing takes place solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDTG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TDDTG. The consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Further details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how Google handles user data, please see Google’s privacy policy:
https://policies.google.com/privacy?hl=de.

SoundCloud

This website may integrate plugins from the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK). You can recognize the SoundCloud plugins by the SoundCloud logo on the affected pages.

When you visit this website, a direct connection between your browser and the SoundCloud server is established after activating the plugin. This allows SoundCloud to know that you visited this website with your IP address. If you click the “Like” or “Share” button while logged into your SoundCloud account, you can link and/or share the content of this website with your SoundCloud profile. This allows SoundCloud to associate the visit to this website with your user account. We would like to point out that we, as the site provider, have no knowledge of the content of the transmitted data or its use by SoundCloud.

The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in maximizing visibility on social media. If explicit consent was requested, the processing takes place solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDTG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TDDTG. The consent can be revoked at any time.

The United Kingdom is considered a data protection safe third country. This means that the UK has a level of data protection comparable to that of the European Union.

For more information, please refer to SoundCloud’s privacy policy at:
https://soundcloud.com/pages/privacy.

If you do not want SoundCloud to link the visit to this website with your SoundCloud user account, please log out of your SoundCloud account before activating the SoundCloud plugin.

Spotify

This website incorporates features of the music service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize the Spotify plugins by the green logo on this website. An overview of the Spotify plugins can be found at:
https://developer.spotify.com.

When you visit this website, a direct connection between your browser and the Spotify server is established via the plugin. Spotify is informed that you visited this website with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of this website to your Spotify profile. This allows Spotify to associate the visit to this website with your user account.

We would like to point out that when using Spotify, cookies from Google Analytics are used, so your usage data may also be transferred to Google. Google Analytics is a tool from the Google corporation to analyze user behavior, based in the USA. Spotify is solely responsible for this integration. As the website operator, we have no influence on this processing.

The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the appealing acoustic design of their website. If explicit consent was requested, the processing takes place solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDTG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TDDTG. The consent can be revoked at any time.

For more information, please refer to Spotify’s privacy policy:
https://www.spotify.com/de/legal/privacy-policy/.

If you do not wish for Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify account.