Privacy Policy

Preamble

As part of my responsibility under data protection law, additional obligations have been imposed on me by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter “GDPR”) to ensure the protection of personal data of the individuals affected by processing (hereinafter also referred to as “customer,” “user,” “you,” “your,” or “data subject”).

Where I alone or jointly with others determine the purposes and means of data processing, this includes in particular the obligation to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing (cf. Articles 13 and 14 GDPR). With this statement (hereinafter “Privacy Notice”), I inform you about how your personal data is processed by me.

My Privacy Notice is structured modularly. It consists of a general section for all processing of personal data and processing situations that apply each time a website is accessed (A. General Information), and a special section whose content relates only to the specific processing situation described therein, in particular the visit to websites described in more detail here (B. Visiting Websites).

A. General Information

(1) Definitions

In accordance with Article 4 GDPR, the following definitions apply to this Privacy Notice:

“Personal data” (Article 4(1) GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, online identifier, location data, or by reference to physical, physiological, genetic, psychological, economic, cultural, or social identity characteristics. Identifiability may also result from linking such information or from additional knowledge. The form or embodiment of the information is irrelevant (photos, video, or audio recordings may also contain personal data).

“Processing” (Article 4(2) GDPR) means any operation or set of operations performed on personal data, whether or not by automated means. This includes in particular collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, restriction, erasure, or destruction of personal data, as well as the modification of the purpose or intended use originally underlying the processing.

“Controller” (Article 4(7) GDPR) means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Third party” (Article 4(10) GDPR) means any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons authorized to process the personal data under the direct responsibility of the controller or processor; this also includes other affiliated companies.

“Processor” (Article 4(8) GDPR) means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g., IT service providers). In data protection terms, a processor is not considered a third party.

“Consent” (Article 4(11) GDPR) means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them by a statement or by a clear affirmative action.

(2) Name and Address of the Controller

The controller responsible for the processing of your personal data within the meaning of Article 4(7) GDPR is:

Erin Charaklis
Mühlenstraße 6
24361 Groß Wittensee
Germany
Phone: +49 172 567 96 83
Email: erin.charaklis@gmail.com

Further information about my company can be found in the legal notice (Imprint).

(3) Contact Details of the Data Protection Officer

For all questions and as a contact person, please contact the person named in section A.(2).

(4) Legal Bases for Data Processing

As a matter of principle, the processing of personal data is prohibited by law unless one of the following legal bases applies:

  • Article 6(1)(a) GDPR (Consent): If the data subject has given consent to the processing of their personal data for one or more specific purposes;

  • Article 6(1)(b) GDPR: If processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request;

  • Article 6(1)(c) GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., statutory retention obligations);

  • Article 6(1)(d) GDPR: If processing is necessary to protect vital interests of the data subject or another natural person;

  • Article 6(1)(e) GDPR: If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • Article 6(1)(f) GDPR (Legitimate Interests): If processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject (particularly in the case of minors).

For each processing activity described below, I indicate the applicable legal basis. Processing may be based on multiple legal grounds.

(5) Data Deletion and Storage Duration

For each processing activity, I specify how long the data is stored and when it is deleted or blocked. Unless an explicit storage period is stated, personal data will be deleted or blocked once the purpose or legal basis for storage no longer applies. Data is generally stored only on my servers in Germany, subject to any disclosure in accordance with sections A.(7) and A.(8).

Data may be stored beyond the stated period in the event of a (pending) legal dispute or other legal proceedings, or if statutory provisions require storage (e.g., §257 German Commercial Code, §147 German Fiscal Code). Once statutory retention periods expire, the data will be blocked or deleted unless further storage is required and legally justified.

(6) Data Security

I use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties (e.g., TLS encryption for my website), taking into account the state of the art, implementation costs, nature, scope, context, and purposes of processing, as well as the risks to the data subject. These measures are continuously improved in line with technological developments.

Further information can be provided upon request.

(7) Cooperation with Processors

Like most companies, I use external service providers in Germany and abroad to conduct my business (e.g., IT, logistics, telecommunications, sales, and marketing). These providers act only on my instructions and are contractually obligated under Article 28 GDPR to comply with data protection regulations.

(8) Transfer of Personal Data to Third Countries

In the course of business relationships, personal data may be transferred to third parties that may be located outside the European Economic Area (EEA). Such processing occurs solely to fulfill contractual and business obligations and to maintain business relationships.

Some third countries are certified by the European Commission as providing an adequate level of data protection through adequacy decisions. In other countries without equivalent protection, I ensure adequate safeguards through binding corporate rules, EU standard contractual clauses, certifications, or recognized codes of conduct.

(9) No Automated Decision-Making (Including Profiling)

I do not intend to use personal data collected from you for automated decision-making processes, including profiling.

(10) No Obligation to Provide Personal Data

The conclusion of contracts with me is not dependent on your prior provision of personal data. There is generally no legal or contractual obligation to provide personal data; however, some services may be limited or unavailable if required data is not provided. You will be informed separately where this applies.

(11) Legal Obligation to Transfer Certain Data

In some cases, I may be subject to legal obligations to disclose lawfully processed personal data to third parties, particularly public authorities (Article 6(1)(c) GDPR).

(12) Your Rights

You may assert your rights as a data subject at any time using the contact details in section A.(2). These rights include:

  • Right of access (Article 15 GDPR);

  • Right to rectification (Article 16 GDPR);

  • Right to erasure (Article 17 GDPR);

  • Right to restriction of processing (Article 18 GDPR);

  • Right to data portability (Article 20 GDPR);

  • Right to object (Article 21 GDPR);

  • Right to withdraw consent (Article 7(3) GDPR);

  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR), in particular:

Independent State Center for Data Protection Schleswig-Holstein
Holstenstraße 98
24103 Kiel
mail@datenschutzzentrum.de

(13) Amendments to This Privacy Policy

This Privacy Policy is regularly reviewed and updated to reflect legal, technical, or organizational changes. Updates are published on my German website at www.dorothee-stoeterau.com.
This policy is current as of June 2021.

B. Visiting Websites

(1) Description of Functionality

Information about my company and services is available at www.jumpinghorseseurope.com and its subpages (collectively, “Websites”). When visiting my Websites, personal data may be processed.

(2) Processed Personal Data

When using the Websites for informational purposes, the following categories of personal data are processed:

Log Data:

  • Referrer URL

  • Name and URL of the requested page

  • Date and time of access

  • Browser type, language, and version

  • Shortened IP address (no personal identification possible)

  • Amount of data transferred

  • Operating system

  • Access status / HTTP status code

  • GMT time zone difference

Contact Form Data:
Data transmitted via contact forms (e.g., name, address, company, email address, and time of submission).

Newsletter Data:

  • Referrer URL

  • Date and time of access

  • Browser type

  • Shortened IP address

  • Email address

  • Date and time of subscription and confirmation

Newsletter emails contain tracking pixels (web beacons) used to evaluate user behavior. Data is collected pseudonymously and not directly linked to other personal data.

(3) Purpose and Legal Basis of Processing

  • Log data is processed for statistical purposes and to improve website stability and security (Article 6(1)(f) GDPR).

  • Contact form data is processed to handle inquiries (Article 6(1)(b) or (f) GDPR).

  • Newsletter data is processed based on consent using a double opt-in procedure (Article 6(1)(a) GDPR).

(4) Duration of Data Processing

Data is processed only as long as necessary to fulfill the stated purposes. Additional details can be found in section A.(5) and the Cookie Policy.

(5) Disclosure of Personal Data to Third Parties

Recipients may include website hosting providers, IT security services, payment processors, public authorities, and professional advisors. Transfers are based on Articles 6(1)(b), (c), or (f) GDPR.

(6) Use of Cookies, Plugins, and Other Services

Cookies are used to improve usability and effectiveness. Non-essential cookies require explicit consent (Article 6(1)(a) GDPR). Details are provided in the Cookie Policy.

No social media plugins are used; any social media icons serve only as passive links.