Privacy Policy
Privacy Policy
We appreciate your interest in our company. Protecting personal data is a top priority for Vanessa Lena. The use of the website vanessa-lena.com is generally possible without providing any personal data. However, if an individual wishes to use specific services offered through our website, the processing of personal data may be required. If such processing is necessary and no legal basis exists, we will generally seek the individual’s consent.
The processing of personal data—such as a person’s name, address, email address, or telephone number—is always carried out in compliance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to vanessa-lena.com. Through this privacy policy, we aim to inform the public about the nature, scope, and purposes of the personal data we collect, use, and process. Additionally, this privacy policy informs individuals about their rights regarding data protection.
As the data controller, Vanessa Lena has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible of personal data processed through this website. However, Internet-based data transmissions can always present security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, individuals are free to provide personal data to us through alternative means, such as by telephone.
1. Definitions
The privacy policy of vanessa-lena.com is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our aim is to ensure that this privacy policy is clear and understandable for both the general public and our clients and business partners. To achieve this, we would first like to explain some of the key terms used.
In this privacy policy, we use, among others, the following terms:
a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
c) Processing
Processing refers to any operation or set of operations performed on personal data, whether or not by automated means. This includes activities such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making data available. It also encompasses alignment or combination, restriction, erasure, or destruction of data.
d) Restriction of Processing
Restriction of processing refers to the marking of stored personal data with the aim of limiting its future processing.
e) Profiling
Profiling refers to any form of automated processing of personal data used to evaluate certain personal aspects of an individual. This includes analyzing or predicting aspects related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that it can no longer be attributed to a specific individual without additional information. This additional information must be kept separately and subject to technical and organizational measures to ensure that personal data cannot be linked to an identified or identifiable person.
g) Controller (Data Controller)
The controller, or data controller, is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by European Union law or the laws of its member states, the controller or the specific criteria for its designation may be provided by that law.
h) Processor (Data Processor)
A processor, or data processor, is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether or not they are considered a third party. However, public authorities that may receive personal data in the framework of a particular investigative mission under European Union or national law are not considered recipients.
j) Third Party
A third party refers to any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and those persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent of the data subject refers to any freely given, specific, informed, and unambiguous indication of their wishes, through which the data subject agrees, by a statement or a clear affirmative action, to the processing of personal data concerning them.
2. Name and Address of the Data Controller
The data controller, as defined by the General Data Protection Regulation (GDPR), as well as other data protection laws applicable in the member states of the European Union and any other regulations related to data protection, is:
Website : vanessa-lena.com
3. Collection of General Data and Information
Each time a data subject or an automated system accesses the website vanessa-lena.com, a series of general data and information is collected and stored in the server’s log files. This may include: (1) The types and versions of browsers used, (2) The operating system used by the accessing system, (3) The website from which a system reaches our website (so-called “referrer”), (4) The sub-pages accessed, (5) The date and time of access to the website, (6) The Internet Protocol (IP) address, (7) The Internet service provider of the accessing system, (8) Other similar data and information that help prevent security risks, particularly in case of cyberattacks on our IT systems.
When processing this general data and information, Vanessa Lena does not draw any conclusions about the identity of the data subject. Instead, this information is required to: (1) Properly deliver the content of our website, (2) Optimize our website’s content and marketing, (3) Ensure the continuous functionality of our IT systems and website technology, (4) Provide law enforcement authorities with the necessary information in the event of a cyberattack. These anonymously collected data are therefore statistically analyzed to improve our company’s data protection and security measures and to ensure the highest possible level of protection for the personal data we process. The anonymized server log files are stored separately from any personal data voluntarily provided by a data subject.
4. Contacting Us via the Website
In compliance with legal requirements, the website vanessa-lena.com includes information that allows for quick electronic contact with our company and direct communication with us, including a general email address.
If a data subject contacts the data controller via email or a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data, voluntarily provided by the data subject, is retained for the purpose of processing the request or for further communication. This data is not shared with third parties.
5. Subscribing to Blog Comments
Third parties can subscribe to comments on the Vanessa Lena blog. Specifically, commenters have the option to subscribe to follow-up comments on a particular blog post.
If a data subject chooses to subscribe to comments, the data controller will send an automatic confirmation email as part of the double opt-in procedure, verifying that the email address owner has indeed opted for this subscription. The subscription to comment notifications can be canceled at any time.
6. Routine Deletion and Blocking of Personal Data
The data controller processes and stores personal data only for the period necessary to fulfill the purpose of storage or as required by European legislation or other applicable laws and regulations to which the data controller is subject.
If the storage purpose no longer applies or if a legally mandated retention period set by European law or another competent authority expires, personal data will be routinely blocked or deleted in accordance with legal provisions.
7. Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right, granted by European legislation, to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this right, they may contact a representative of the data controller at any time.
b) Right of Access
Any data subject whose personal data is being processed has the right, under European legislation, to obtain free information from the data controller at any time regarding the personal data stored about them, along with a copy of that information. Furthermore, the data subject is entitled to access the following details:
– The purposes of the processing
– The categories of personal data concerned
– The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations
– Where possible, the planned storage period for the personal data, or if that is not possible, the criteria used to determine that period
– The right to request rectification or deletion of personal data, restriction of processing, or to object to such processing
– The right to lodge a complaint with a supervisory authority
– If the personal data was not collected from the data subject, any available information about its source
– The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and, where applicable, meaningful information about the logic involved, as well as the significance and potential consequences of such processing for the data subject
– The data subject also has the right to know whether personal data is being transferred to a third country or an international organization. If so, they are entitled to be informed of the appropriate safeguards related to the transfer.
If a data subject wishes to exercise their right of access, they may contact a representative of the data controller at any time.
c) Right to Rectification
Any data subject whose personal data is being processed has the right, under European legislation, to obtain the prompt rectification of inaccurate personal data concerning them. Additionally, they have the right to request the completion of incomplete personal data, including by providing a supplementary statement.
If a data subject wishes to exercise this right, they may contact a representative of the data controller at any time.
d) Right to Erasure (Right to be Forgotten)
Any data subject whose personal data is being processed has the right, under European legislation, to request that the data controller delete their personal data without undue delay if one of the following conditions applies and processing is not required:
The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
The data subject withdraws consent on which the processing is based under Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
The data subject objects to processing under Article 21(1) of the GDPR, and there are no overriding legitimate grounds for processing, or the data subject objects under Article 21(2) of the GDPR.
The personal data has been unlawfully processed.
The personal data must be deleted to comply with a legal obligation under European Union law or the laws of a member state to which the data controller is subject.
The personal data was collected in relation to the provision of information society services as referred to in Article 8(1) of the GDPR.
If any of the above conditions apply and a data subject wishes to request the deletion of personal data stored by vanessa-lena.com, they may contact a representative of the data controller at any time. Vanessa Lena will ensure that the deletion request is fulfilled immediately.
Where Vanessa Lena has made personal data public and is required to erase it under Article 17(1) of the GDPR, Vanessa Lena will take reasonable steps, including technical measures, considering available technology and implementation costs, to inform other data controllers processing the personal data that the data subject has requested the deletion of any links to, copies of, or replications of that data, unless processing is necessary. Vanessa Lena will take the necessary steps on a case-by-case basis.
e) Right to Restriction of Processing
Every data subject whose personal data is being processed has the right, under European legislation, to request the restriction of processing where one of the following conditions applies:
– The accuracy of the personal data is contested by the data subject, for a period allowing the data controller to verify its accuracy.
– The processing is unlawful, and the data subject opposes the erasure of the data and instead requests the restriction of its use.
– The data controller no longer needs the personal data for processing purposes, but the data subject requires it for the establishment, exercise, or defense of legal claims.
– The data subject has objected to processing pursuant to Article 21(1) of the GDPR, and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.
– If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored by vanessa-lena.com, they may contact a representative of the data controller at any time. Vanessa Lena will ensure the restriction of processing.
f) Right to Data Portability
Every data subject whose personal data is being processed has the right, under European legislation, to receive the personal data they have provided to a data controller in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another data controller without interference from the initial controller, provided that:
– The processing is based on consent as per Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract under Article 6(1)(b) of the GDPR.
– The processing is carried out by automated means.
– The processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
– Additionally, when exercising their right to data portability under Article 20(1) of the GDPR, the data subject has the right to have their personal data transferred directly from one controller to another, where technically feasible and provided this does not adversely affect the rights and freedoms of others.
To exercise this right, the data subject may contact Vanessa Lena at any time.
g) Right to Object
Every data subject whose personal data is being processed has the right, under European legislation, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them that is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions.
Vanessa Lena will no longer process the personal data in case of an objection unless compelling legitimate grounds for the processing can be demonstrated, which override the interests, rights, and freedoms of the data subject, or unless the processing is required for the establishment, exercise, or defense of legal claims.
If Vanessa Lena processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, Vanessa Lena will no longer process the personal data for this purpose.
Furthermore, for reasons related to their particular situation, the data subject has the right to object to the processing of their personal data for scientific or historical research purposes or for statistical purposes under Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may contact Vanessa Lena or another authorized representative at any time. The data subject is also free, in the context of using information society services—regardless of Directive 2002/58/EC—to exercise their right to object by automated means using technical specifications.
h) Automated Individual Decision-Making, Including Profiling
Every data subject whose personal data is being processed has the right, under European legislation, not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them, unless the decision:
(1) Is necessary for entering into or performing a contract between the data subject and the data controller.
(2) Is authorized by European Union law or the law of a member state to which the data controller is subject, and that law also provides for suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests.
(3) Is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into or performing a contract between the data subject and the data controller, or (2) is based on the data subject’s explicit consent, Vanessa Lena will implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests. These measures include, at a minimum, the right to obtain human intervention on the part of the data controller, to express their point of view, and to contest the decision.
If the data subject wishes to exercise their rights regarding automated decision-making, they may contact a representative of the data controller at any time.
i) Right to Withdraw Consent for Data Protection
Every data subject whose personal data is being processed has the right, under European legislation, to withdraw their consent to the processing of their personal data at any time.
If a data subject wishes to exercise their right to withdraw consent, they may contact a representative of the data controller at any time.
8. Data Protection Provisions for the Use of LinkedIn
The data controller has integrated components of LinkedIn Corporation into this website. LinkedIn is an online social network that allows users to connect with existing business contacts and establish new professional relationships. With more than 400 million registered users in over 200 countries, LinkedIn is currently the largest professional networking platform and one of the most visited websites in the world.
The entity operating LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection inquiries outside the United States, the responsible entity is LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time a page of this website containing a LinkedIn component (LinkedIn plug-in) is accessed, the browser used by the data subject automatically downloads a visual representation of the LinkedIn component. More information on LinkedIn plug-ins can be found at LinkedIn Plugins. During this technical process, LinkedIn becomes aware of which specific subpage of our website was visited by the data subject.
If the data subject is logged into LinkedIn at the same time, LinkedIn detects every visit to our website by the data subject for the entire duration of their session on our website. The LinkedIn component collects this data and assigns it to the respective LinkedIn account of the data subject. If the data subject interacts with a LinkedIn button embedded on our website, LinkedIn links this information to their personal LinkedIn user account and stores the personal data.
LinkedIn receives this information whenever a data subject visits our website while logged into LinkedIn, regardless of whether they interact with the LinkedIn plug-in. If the data subject does not want this data to be transmitted to LinkedIn, they can prevent this by logging out of their LinkedIn account before visiting our website.
LinkedIn provides users with the ability to unsubscribe from emails, SMS messages, and targeted advertisements and to manage their ad settings via LinkedIn Settings. LinkedIn also collaborates with partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may place cookies. These cookies can be disabled via LinkedIn’s Cookie Policy. The current LinkedIn Privacy Policy can be accessed at LinkedIn Privacy Policy, and the cookie policy is available at LinkedIn Cookie Policy.
9. Legal Basis for Processing
Article 6(1)(a) of the GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party—such as processing required for the delivery of goods or the provision of a service—then the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing necessary for pre-contractual measures, such as responding to inquiries about our products or services.
If our company is subject to a legal obligation requiring the processing of personal data—such as compliance with tax regulations—then processing is based on Article 6(1)(c) of the GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company premises suffered an accident and their name, age, health insurance information, or other vital details had to be shared with a doctor, hospital, or another third party. In such cases, processing would be based on Article 6(1)(d) of the GDPR.
Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies when processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, unless those interests are overridden by the fundamental rights and freedoms of the data subject. The European legislator explicitly recognized that a legitimate interest could be presumed when the data subject is a customer of the controller (Recital 47, sentence 2 of the GDPR).
10. Legitimate Interests Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is to conduct our business in a way that benefits the well-being of all our employees and shareholders.
11. Retention Period for Personal Data
The retention period for personal data is determined based on the applicable legal retention requirements. Once this period expires, the corresponding data is systematically deleted, provided it is no longer needed for the execution or completion of a contract.
12. Legal or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision
We emphasize that providing personal data is sometimes legally required (e.g., tax regulations) or may result from contractual obligations (e.g., details regarding the contracting party). In certain cases, it may be necessary for a data subject to provide personal data in order to enter into a contract, which must then be processed by us.
For instance, a data subject is required to provide personal data when our company signs a contract with them. Failure to provide this personal data would result in the contract not being concluded.
Before providing personal data, the data subject should contact a company representative. The representative will clarify whether the provision of personal data is legally or contractually required, whether it is necessary for contract conclusion, whether there is an obligation to provide personal data, and what consequences may arise from not providing this data.
13. Automated Decision-Making
As a responsible company, we do not engage in automated decision-making or profiling.
14. Hosting
This website is hosted by an external service provider (hosting provider). The personal data collected on this website is stored on the hosting provider’s servers. This may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website visits, and other data generated via this website.
The use of the hosting provider is based on:
Article 6(1)(b) of the GDPR – to fulfill contractual obligations toward our potential and existing clients.
Article 6(1)(f) of the GDPR – in our legitimate interest in ensuring the secure, fast, and efficient provision of our online services through a professional provider.
Our hosting provider only processes your data to the extent necessary to fulfill its service obligations and follows our instructions regarding data handling.
We use the following hosting provider:
webgo GmbH
Heidenkampsweg 81
20097 Hamburg
Germany
Contract for Order Processing
To ensure compliance with data protection regulations, we have concluded a data processing agreement with our hosting provider.
This privacy policy was generated using the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which serves as an external data protection officer, in cooperation with data protection lawyer Christian Solmecke.
