DATA PROTECTION DECLARATION ACCORDING TO THE GDPR
DATA PROTECTION DECLARATION ACCORDING TO THE GDPR
I. Name and Address of the Data Controller
The data controller, as defined by the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is
Marryfair – The Wedding House
Saarstrasse 44 54634 Bitburg, represented by the owner, Ms. Julia Steffen
II. Name and Address of the Data Protection Officer
The data protection officer of the data controller is:
Marryfair – The Wedding House,
Saarstrasse 44, 54634 Bitburg, represented by the owner, Ms. Julia Steffen
The State Commissioner for Data Protection and Freedom of Information
III. General Information on Data Processing
Scope of Processing Personal Data We process personal data of our users only to the extent necessary for providing a functional website and the contents of our services.
The processing of personal data of our users is generally only done with the user’s consent.
An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.
Data Deletion and Storage Duration Personal data of the data subject will be deleted or blocked as soon as the purpose of storage is no longer applicable. Storage may also take place if required by the European or national legislator in Union regulations, laws, or other provisions to which the data controller is subject.
Blocking or deletion of data also occurs when a storage period prescribed by the mentioned standards expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.
IV. Providing the Website and Creating Log Files
Description and Scope of Data Processing Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Information about the browser type and version, The user’s operating system, The internet service provider of the user, The user’s IP address, Date and time of access, Websites from which the user’s system accesses our website, Websites that are accessed by the user’s system through our website. The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.
Legal Basis for Data Processing The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.
Purpose of Data Processing The temporary storage of IP addresses by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Duration of Storage The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for providing the website, this is the case when the respective session is ended.
In the case of storing data in log files, this is the case after a maximum of 7 days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the calling client is no longer possible.
Objection and Removal Options The collection of data for the provision of the website and the storage of data in log files are mandatory for the operation of the website. Therefore, there is no option to object on the part of the user.
The data collected in this way is pseudonymized by technical measures. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the user.
Legal Basis for Data Processing The legal basis for the processing of personal data using cookies is Article 6(1)(f) of the GDPR.
We require cookies for a variety of applications.
The use of analytical cookies is for the purpose of improving the quality of our website and its content.
VI. Contact Form and Email Contact
Description and Scope of Data Processing
On our website, there is a contact form that can be used for electronic communication. If a user utilizes this option, the data entered in the input mask is transmitted to us and stored.
This data includes:
- Name, first name
- Email address
- Date of the event
- Budget estimate
- Clothing sizes
- Marketing source
- Personal agreements or preferences serving the process
At the time of sending the message, the following data is also stored:
- User’s IP address
- Date and time of registration
Contact can also be made via the provided email address. In this case, the personal data transmitted via email is stored. No data is shared with third parties in this context. The data is used exclusively for processing the conversation.
Legal Basis for Data Processing
The legal basis for data processing is Art. 6(1)(a) GDPR (General Data Protection Regulation).
The legal basis for processing data transmitted via email is Art. 6(1)(f) GDPR.
If email contact aims at concluding a contract, Art. 6(1)(b) GDPR additionally serves as the legal basis for processing.
Purpose of Data Processing
Processing personal data from the input mask serves solely for handling the contact.
In the case of email contact, there is a legitimate interest in processing the data for communication. Other personal data processed during the submission process aims to prevent misuse of contact forms and ensure the security of our information systems.
Data is deleted when no longer needed for the purpose of its collection. For data from the contact form and email correspondence, this occurs when the respective conversation with the user is concluded, indicating that the matter is resolved. Additional personal data collected during the submission process is deleted after 7 days.
Right to Object and Removal Option
Users can revoke their consent to the processing of personal data at any time. If a user contacts us via email, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued.
Revocation of consent or objection to storage can be made in writing or electronically via email. All personal data stored in connection with the contact will be deleted in such cases.
VII. Web Analytics
Scope of Processing Personal Data
We use an open-source software tool to analyze user surfing behavior on our website. The software places a cookie on the user’s computer. When specific details on our website are accessed, the following data is stored:
- 2 bytes of the user’s IP address
- Accessed website
- Referring website
- Subpages accessed from the visited website
- Duration of the visit
- Frequency of website access
This software operates exclusively on our website’s servers, and personal data is stored there. Data is not shared with third parties, and IP addresses are partially anonymized.
Legal Basis for Processing Personal Data
The legal basis for processing user data is Art. 6(1)(f) GDPR.
Purpose of Data Processing
Analyzing user data allows us to understand user behavior, compile information about website components, and improve the website’s user-friendliness. This is our legitimate interest under Art. 6(1)(f) GDPR.
Data is deleted when no longer needed for our recording purposes.
Objection and Removal Option
Users have control over cookie usage through their browser settings. Disabling or restricting cookie transmission can be done through browser settings. If cookies are disabled on our website, some functions may not be fully usable.
VIII. Use of Facebook
The data subject can obtain an overview of all Facebook plugins at https://developers.facebook.com/docs/plugins/?locale=de_DE.
IX. Rights of the Data Subject
Right to Information
The data subject has the right to request confirmation on whether personal data concerning them is being processed. If so, they have the right to obtain information about:
- The purposes of the processing
- The categories of personal data being processed
- Recipients or categories of recipients to whom the personal data has been or will be disclosed
- The planned duration of storage or criteria for determining that duration
- The right to correction or deletion of personal data
- The right to restrict processing by the controller
- The right to object to such processing
- The right to lodge a complaint with a supervisory authority
Right to Correction
The data subject has the right to correction or completion of inaccurate or incomplete personal data.
Right to Restriction of Processing
Under certain conditions, the data subject can request the restriction of the processing of their personal data.
Right to Deletion
The data subject can request the deletion of their personal data, and the controller is obliged to delete this data under certain circumstances.
Right to Information
The data subject has the right to be informed about recipients of their personal data if the data controller has disclosed it.
Right to Data Portability
The data subject has the right to receive personal data provided to the controller in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the original controller.
Right to Object
The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data based on legitimate interests.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
Right to Withdraw Consent
If the processing is based on consent, the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data infringes the GDPR.