Privacy Policy

 

On this page, I inform you about the Privacy Policy regarding the treatment and protection of the personal data of users and customers that may be collected by browsing or contracting services through the website www.sarah-thonnet.com.

I guarantee compliance with current regulations on the protection of personal data, reflected in the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD). It also complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons. (GDPR).

The website’s use implies acceptance of this Privacy Policy and the conditions included in the Legal Notice.

 

Data processing information 

Content:

  1. Name and contact details of the controller and the data protection officer2. Collection and storage of personal data; type, purpose, and use3. Passing on of data to third parties

    4. Your rights as a data subject

    5. Your right of objection

1. Name and contact details of the controller and the data protection officer

This data protection declaration applies to me,

Sarah Thonnet

NIF: X5830370P

Address: C/Manuel Pestana Quintana 1; Puerta 42, 35109 El Tablero de Maspalomas – Las Palmas, España

Email: mail@sarah-thonnet.com

Website: www.sarah-thonnet.com

as the controller.

I am not legally obliged to appoint a data protection officer, as I am a freelancer. Nevertheless, I adhere to the provisions of the data protection laws.

2. Collection and storage of personal data; type, purpose, and use

The moment you request a service, the following information will be collected:

  • Title (Mr/Ms/Mrs), name, and surname
  • Address
  • Email address
  • Telephone number (landline and/or mobile phone)
  • Fax number (if available and required)
  • Bank account details, if applicable
  • Date of birth, if applicable

In addition, all information necessary for the fulfillment of the contract/order with you is collected.

Personal data is collected:

– to identify you as a client;
– to be able to advise you appropriately;
– to fulfill my contractual obligations with you;
– to comply with my legal obligations;
– to establish correspondence with you;
– for invoicing or, if necessary, for dunning purposes;
– to assert any claims against you.

The processing of the personal data takes place on the occasion of your inquiry with me and is necessary for the purposes mentioned, for the treatment of your request, and for the fulfillment of obligations derived from the underlying contract/order.

The personal data collected will be stored until the end of the statutory retention period and then deleted. As an exception, this does not apply if I am obligated to more extended storage due to tax or commercial storage obligations or if you have consented to storage beyond such period.

3. Transfer of personal data to third parties

Your personal data will not be transferred to third parties. Exceptions to this only apply insofar as this is necessary for processing the contract/order with you. This specifically includes the transfer of data to service providers commissioned by me (so-called data processors) or other third parties whose activities are necessary to execute the contract. The transferred data may only be used by the third parties exclusively for the purposes mentioned.

4. Your rights as a data subject

As the data subject and holder of the data, you have several rights:

  • Right to withdrawal of consent: You can withdraw your consent given to me at any time. Data processing based on the withdrawn consent may then no longer be continued in the future.
  • Right of access: You can request information about your personal data I process. This specifically applies to data processing purposes; the categories of personal data; the categories of recipients, if applicable; the storage period, if applicable; and the origin of your data.
  • Right to rectification: You can request the rectification or completion of incorrect data stored by me.
  • Right to erasure: You can request the erasure of your personal data stored with me, as far as their processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or the assertion, exercise or defense of legal claims.
  • Right to restriction of processing: You may request that your personal data processing be restricted if you dispute the accuracy of the data and if the processing is unlawful, but you refuse to delete it. You also have this right if I no longer need the data, but you require it to assert, exercise, or defend legal claims. In addition, you have this right if you have objected to the processing of your personal data.
  • Right to data portability: You may request that I provide you with the personal data you have provided to me in a structured, common, and machine-readable format. Alternatively, you can request the direct transmission of the personal data you have provided to me or to another person in charge, as far as this is possible.
  • Right to complaint: You can lodge a complaint with any data protection supervisory authority, e.g., if you believe that I am illegally processing your personal data. Our supervisory authority is the Spanish Data Protection Agency (AEPD), and its contact details can be found below:

Spanish Data Protection Agency:

Agencia Española de Protección de Datos
Directora Mar España Martí
C/Jorge Juan, 6
E – 28001 Madrid
Tel.: + 34 901 100 099 / + 34 91 266 35 17

https://www.aepd.es/agencia/contacto.html 

5. Your right to object

Information on the right to object under Article 21 GDPR

You, as the data subject, have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Article 6 (1) letter f, GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party). If you object, I will no longer process your personal data unless I can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

 

 

Data Protection Declaration

1. Information on this Data Protection Declaration

General information

The following notes provide a simple overview of what happens to your personal data when you visit my website. Personal data are all data with which you can be personally identified. You will find detailed information on the subject of data protection in my Data Protection Declaration listed under this text.

Data collection on our website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator, myself. You can find my contact details in the Legal Notice of this website.

Contact form: I request personal data that may include name and surname, email address, and telephone number to respond to your queries.

For example, I use these data to respond to your messages, doubts, complaints, comments, or concerns you may have regarding the information included on the website, the services provided through the website, the processing of your personal data, questions regarding the legal texts included on the website, as well as any other query you may have that is not subject to the conditions of the website or of the contract.

How do I collect your information?

On the one hand, your data is collected when you communicate it to me. This may be data that you send us by email, for example.

Other data is automatically collected by my IT systems or the IT systems of my host when you visit my website. These are mainly technical data (e.g., Internet browser, operating system, or time of page visit). This data is collected automatically as soon as you enter my website.

For what purpose do I use your personal data?

Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time (Article 15, GDPR). You also have the right to request the correction (Article 16, GDPR), blocking or deletion of this data (Article 17, GDPR). You can contact me at any time at the address given in the Legal Information if you have any further questions about data protection. You also have the right to appeal to a competent supervisory authority.

Third-party analysis and tools

When you visit my website, your browsing behavior can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The browsing behavior analysis is usually anonymous; the browsing behavior cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.

2.  General remarks and mandatory information

Data protection

I take the protection of your personal data very seriously. Of course, I treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data is collected. Personal data are data with which you can be personally identified. This data protection declaration explains which data we collect and for what I use it. It also explains how and for what purpose this is done.

I would like to point out that data transmission over the Internet (e.g., communication by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the controller

The data processing controller on this website is:

Sarah Thonnet, C / Manuel Pestana Quintana 1, Puerta 42,
35109 – El Tablero De Maspalomas – Las Palmas (España)
Telephone: (0034) 696 80 92 57]
E-mail: mail@sarah-thonnet.com

A controller is a natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Revocation of your consent to data processing

Many data processing processes are only possible with your express consent. You can revoke your consent at any time. All you need to do is send me an informal email. The legality of the data processing up to the revocation remains unaffected by the revocation.

Right to lodge a complaint with a supervisory authority

In the event of breaches of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The supervisory authority responsible for data protection is the Data Protection Officer in Spain, where my company has its registered office. A list of the data protection officers, and their contact details can be found at https://www.aepd.es/agencia/contacto.html

Spanish Data Protection Agency

Agencia Española de Protección de Datos
Directora Mar España Martí
C/Jorge Juan, 6
E – 28001 Madrid
Tel.: + 34 901 100 099 / + 34 91 266 35 17

https://www.aepd.es/agencia/contacto.html

Right to data transferability

You have the right to have data that we process automatically based on your consent or fulfill a contract handed over to you or a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only occur if it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to me as the site operator. You can recognize an encrypted connection because the address line of the browser changes from “HTTP://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, third parties cannot read the data you transmit to me.

Objection against advertising mails

As part of my duty to include a Legal Information on my website, I must publish my contact details. However, these may be used by third parties to send unwanted advertising and information. I herewith object to the use of contact data published within the scope of the imprint obligation to send any unsolicited advertising and information material that I have not expressly authorized. I expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.

3. Data protection officer

Statutory data protection officer

I am not legally obliged to appoint a data protection officer.

4. Data collection on our website

Cookies

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies serve to make my website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies I use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable me to recognize your browser the next time you visit my website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain circumstances, and generally activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.

Cookies, which are necessary to carry out the electronic communication process, or to provide certain functions desired by you (e.g., shopping basket function), are stored in accordance with Art. 6.1(f) GDPR. I have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of my services. As far as other cookies (e.g., cookies for the analysis of your browsing behavior) are stored, these will be treated separately in this data protection declaration.

Google Analytics is a web analytics service provided by Google, Inc., a Delaware corporation with headquarters at 1600 Amphitheatre Parkway, Mountain View (California), CA 94043, United States (“Google”). More information can be found at https://analytics.google.com.

Google Analytics uses “cookies,” which are text files placed on your computer, to help me analyze how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Server log files

The pages’ provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to me. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • The hostname of the accessing computer
  • Server access time
  • IP address

These data are not combined with other data sources.

The basis for data processing is Article 6.1(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures.

Processing of data (customer and contract data)

I collect, process, and use personal data only to the extent necessary for the establishment, content design, or change of the legal relationship (inventory data). This is done according to Article 6.1(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures. I collect, process, and use personal data about the use of our Internet pages (usage data) only to the extent necessary to enable or invoice the user for the use of the service.

The collected customer data will be deleted after completing the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transfer upon conclusion of a contract for services and digital content

I only transfer personal data to third parties if this is necessary in contract processing, for example, to the credit institution commissioned to process payments.

A further transmission of the data will not take place or only if you have expressly consented to the transmission. Your data will not be transferred to third parties without your express consent, for example, for advertising purposes.

The basis for data processing is Article 6.1(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures.

5. Social Media

I am on social networks linked to my website. If you become a follower of my social networks or enters on of them by pressing the social buttons, the processing of personal data will be governed by the conditions of use, privacy policies, and access regulations that belong to the corresponding social network, apply in each case, and that you have previously accepted by leaving my site and entering a social media platform.

You can consult the privacy policies of the social networks in these links:

Facebook plugins (Like & Share button)
https://developers.facebook.com/docs/plugins/.

https://de-de.facebook.com/policy.php.

Twitter plugin

https://twitter.com/account/settings

LinkedIn Plugin

https://www.linkedin.com/legal/privacy-policy.

XING Plugin

https://www.xing.com/app/share?op=data_protection.