Data Protection Statement

With the following Privacy Policy, I would like to inform you about the types of your personal data (hereinafter also referred to simply as "data") that I process, for what purposes, and to what extent. This Privacy Policy applies to all processing of personal data carried out by me, both in the context of providing my services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering”).

1. Controller

Michael Heilmann

Estenfelderstraße 18a

97222 Rimpar

E-mail: contact@michaelheilmann.com

2. Overview of processing activities

The following overview summarizes the types of data processed, the purposes of their processing, and the categories of data subjects involved.

2.1 Types of data processed

Inventory data (e.g., names, addresses)
Content data (e.g., entries in online forms)
Contact data (e.g., email addresses, telephone numbers)
Meta/communication data (e.g., device information, IP addresses)
Usage data (e.g., websites visited, interest in content, access times)

2.2 Categories of data subjects

Communication partners
Users (e.g., website visitors, users of online services)

2.3 Purpose of processing

Handling contact requests and communication.

2.4 Data processed when visiting our website

2.4.1 Log files

When you use our website for informational purposes only, meaning you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

The website you visited
Date and time of access
Amount of data sent in bytes
Source/referrer from which you accessed the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not shared or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use. A data processing agreement (DPA) with the provider (IONOS) is in place.

2.4.2 Cookies

Cookies are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, meaning after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser upon your next visit (persistent cookies). When cookies are set, they collect and process certain user information to varying extents—such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

This website does not use cookies.

2.5 Data processed when contacting us via e-mail

When you get in touch with us via email, we may collect personal data. The exact information collected depends on the headers and contens of your e-mail.

We use and store this data solely to respond to your inquiry and manage the related technical processes. Our legal basis for processing your data is our legitimate interest in addressing your request (Art. 6(1)(f) GDPR). If your message is intended to initiate a contract, the additional legal basis is Art. 6(1)(b) GDPR.

Once your inquiry has been fully processed, your data will be deleted—unless legal retention requirements prevent this.

3. Relevant legal bases

Below we inform you of the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, the national data protection laws applicable in your or our country of residence or establishment may also apply. If more specific legal bases are relevant in individual cases, we will inform you of these within this Privacy Policy.

Consent (Art. 6(1)(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate interests (Art. 6(1)(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

4. Rights of data subjects

As a data subject, you have various rights under the GDPR, in particular those arising from Articles 15 to 21 GDPR:

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
Right of access: You have the right to obtain confirmation as to whether data concerning you is being processed, and to obtain access to this data as well as additional information and a copy of the data in accordance with the statutory requirements.
Right to rectification: In accordance with the statutory requirements, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the statutory requirements, to request that data concerning you be deleted without undue delay, or alternatively, to request a restriction of the processing of the data in accordance with the statutory requirements.
Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller, in accordance with the statutory requirements.
Right to lodge a complaint with a supervisory authority: You also have the right, in accordance with the statutory requirements, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

Definitions of Terms

This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are taken from the law, primarily defined in Article 4 of the GDPR. The legal definitions are binding. The explanations below are intended mainly to support understanding. The terms are listed in alphabetical order.

Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Controller: The "controller" is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing: "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, such as collecting, analysing, storing, transmitting, or deleting.