The protection of your data is important to us, Hidden Emphasis. Therefore, we would like to inform you in the following about the extent to which we process data in the context of our online offers and how we protect them. And we would like to inform you about your rights in this regard.
I. Name and contact details of the controller
Dulce Et Utile Webdesign
Schmales Feld 10a
32805 Horn-Bad Meinberg
Responsible: Alexander Hetzel (address and contact details as above)
II. Collection and storage of personal data as well as the nature and purpose of their usage
The collection and storage of personal data basically happens in two ways: when visiting our website and when contacting us.
a) Visit of our website
When you visit our website (https://hiddenemphasis.com), the browser you use on your device to access our website automatically sends data to the server of our website. These are temporarily stored in a so-called log file.
The following data are automatically collected and stored until automatically deleted:
- IP address of the requesting device,
- date and time of access,
- URL and title of the retrieved file,
- website from which the access takes place (so-called "referrer URL"),
- utilized browser,
- utilized operating system,
- name of your access provider
The above data is processed for the following purposes:
- to ensure a frictionless connection to our website,
- to enable you to conveniently use our website,
- to ensure system security and system stability,
- to do more administrative work
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the data collection purposes already mentioned above. In no case, however, we use the data collected to draw conclusions about your person.
In addition, we use analysis services on our website, which we will explain in more detail in Section V.
When contacting us (eg via contact form, e-mail, telephone, social media, etc.), the data provided by the user will be processed for the purpose of handling the contact request and processing it in accordance with Art. 6 para. 1 lit. b) GDPR. The data processing for the purpose of contacting us is in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR based on your voluntarily granted consent. For the contact form, only minor details such as name, e-mail address and message are required to enable the communication at all. User data can also be stored in a Customer Relationship Management ("CRM") system or similar software.
We delete the requests, if they are no longer required. We check the requirement every two years. Furthermore, the legal archiving obligations apply.
III. Disclosure of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place.
We only pass on your personal data to third parties if:
- you provide us with explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data,
- in the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR a legal obligation exists,
- this is legally permissible and, according to Art. 6 para. 1 sentence 1 lit. b) GDPR, it is required for the settlement of contractual relationships with you.
Cookies are small files containing data that are placed on your device, be it a desktop computer or mobile gadget. Cookies are used by many online service providers to make their websites or services function or work more efficiently. Sometimes they are used to report information.
You distinguish two broad types of cookies. The ones that are set by the website owner (which in this case would be us, Hidden Emphasis) are called "first party cookies". The cookies that are placed by other tools or services, but are included on our website, are called "third party cookies". Third party cookies make it possible to deliver certain services or interactive elements to website users. An excellent example of this is Google maps, which are created by Google and are then included in a website. These maps usually save cookies from Google on your device (which is why we don’t use them).
What makes third party cookies dangerous is the fact that these third parties can recognize your device, even if it hasn’t ever visited your website before. They can recognize you as the user of the site that transmitted the third party cookie.
At the moment, cookies are not used on our website.
V. Analytics Tools
At the moment, this website does not use any external analytics tools. We do this to protect the privacy of our users.
Our online offer includes a newsletter. In the following, we would like to inform you about the content that we intend to send, but also about the registration, sending and statistical evaluation process. In addition, we will inform you about your right of objection, about which the mailing service provider takes care of the technical handling of our newsletter and in which form a performance measurement takes place.
a) Content & procedures
We send newsletters, e-mails, and other electronic notifications with advertising data (after this referred to as "newsletter") only with the consent of the recipient or legal permission.
Subscribers to our newsletter receive the following content through our newsletter:
- references to contributions from the international press, possibly with a summary (usually once a week)
- personal stories written by the author (usually once a week)
- new posts from our blog (usually 1-3 times a week)
- new episodes of our podcast (usually once a week)
- offers, promotions, and news from Hidden Emphasis or its partners (usually up to six times a year)
- announcements of new services and products, e.g., books, courses, services (usually up to six times a year)
- surveys to optimize our performance (usually up to two times a year)
To subscribe to our newsletter, providing a valid e-mail address is sufficient.
Registration for our newsletter takes place in a so-called double-opt-in procedure. That means that after you have registered, you will first receive an e-mail requesting confirmation of your registration. This confirmation is necessary so that nobody can register with external e-mail addresses that are not their own. The registrations for the newsletter are logged to be able to prove the registration process in retrospect in accordance with the legal requirements. That also includes saving the login and confirmation time and the IP address from which the confirmation was made. Likewise, changes to the data stored at the e-mail service provider are logged.
To provide you with some technical background on how the sign-up process works:
- You fill out the form with your e-mail address. As long as you don’t click on the send button (usually titled "sign up"), the form will not be sent, and MailChimp won’t receive your data. MailChimp cannot see which data you type into the form unless you click on the button or hit Return on your keyboard.
- After clicking on the send button, the form data will be transferred to MailChimp.
- During this process, you will be briefly redirected to the MailChimp website, even if it might be only for a split second.
- Because MailChimp will usually redirect you back to our website immediately to show you a specific page on our website that provides you with information on how to confirm your e-mail address. This redirection is so brief – you might not even notice you have been to MailChimp’s website at all.
- When you click on the confirmation link in the e-mail MailChimp has sent you, you will be redirected to MailChimp. Again, this might only be for a split second because MailChimp will usually redirect you very quickly to our web site so that we can show you our "thank you" page. MailChimp might track that you’ve opened this e-mail, by the way.
- Your registration is now complete. However, during this process, you visit the MailChimp website at least twice, which allows MailChimp to install their cookies on your device. As much as we might like to, we cannot influence this behavior of MailChimp. We can only control the cookies that our web site installs or that are installed through elements from third parties that we have included on our website. Neither of these two cases applies to MailChimp, unfortunately.
b) Legal basis
The newsletter is sent and the related performance measurement is based on the consent of the recipient in accordance with Art. 6 para. 1 lit. a), Art. 7 GDPR (in Germany also in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the statutory permission pursuant to § 7 para. 3 UWG).
The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest is based on the use of a user-friendly and secure newsletter system, which serves both our business interests and the expectations of our users and also allows us to prove our consent.
c) Right of objection
You can unsubscribe from our newsletter at any time, ie revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may store the e-mail addresses for up to three years on the basis of our legitimate interests, before deleting them, in order to provide evidence of prior consent. The processing of this data is of course limited to the purpose of a possible defense against claims. An individual request for deletion is also possible at any time, provided that at the same time the former existence of a consent is confirmed.
d) Mailing service provider
The newsletters are sent by MailChimp, a mailing service provider of Rocket Science Group, LLC (675 Ponce De Leon Ave. NE # 5000, Atlanta, GA 30308, USA).
The Rocket Science Group LLC or MailChimp is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The mailing service provider is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR and a contract processing agreement acc. Art. 28 para. 3 sentence 1 GDPR.
The mailing service provider may use the data of the recipients in a pseudonymous form, ie without assignment to a user, to optimize or improve their own services, eg for the technical optimization of sending and the presentation of newsletters or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to address them themselves or to pass the data on to third parties.
e) Measuring the success of campaigns
Our newsletters contain so-called "web beacons", which is a pixel-sized file that is retrieved when the newsletter is opened by the server of our mailing service provider mentioned above. As part of this call, technical data such as information about the browser and your operating system as well as your IP address and the time of retrieval are collected.
These data are used to improve the technical performance of the services based on the technical data or the target groups and their reading behavior, as well as the call locations (which can be determined by means of the IP address) and access times.
The statistical surveys also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, these data can be assigned to the individual newsletter recipients. However, it is neither our goal nor that of our mailing service provider to observe individual users. Rather, the evaluations serve to identify the reading habits of our users in general and to tailor our content to them or to send different content according to the interests of our users.
VII. Comment function
Users have the opportunity to leave comments on posts on our website. If users make use of this option, we will save their IP addresses based on our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR for 7 days. This is for our own safety if someone posts unlawful content in the comments (insults, prohibited political propaganda, etc.). In this case, we ourselves could be prosecuted for the comment and are therefore interested in the identity of the author.
However, you can use pseudonyms at any time or do without the input of a name or an e-mail address altogether. You can also completely prevent the transfer of data by not using our commenting system.
VIII. Other services and plugins used
On our website we use various services and plugins, which we would like to explain in more detail below.
a) Hosting & server
The hosting services we use serve to provide the following services:
- infrastructure and platform services,
- computing capacity,
- storage space and database services,
- security deposits,
- technical maintenance services we use for the purpose of operating this online offer.
Here we or our hosting provider ALL-INKL.COM – Neue Medien Münnich (owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany) process the following data:
- inventory data,
- contact details,
- content data,
- contract data,
- usage data,
- meta and communication data
of customers, prospects and visitors of this online offer on the basis of our legitimate interests in order to ensure an efficient and secure provision of our online offers acc. to Art. 6 para. 1 lit. f) GDPR in conjunction with Art. 28 GDPR (data processing agreement).
b) Google Fonts
This site incorporates fonts from Google Fonts, an offer from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; https://www.google.com/intl/en/about/ (hereafter "Google"). This is done for the purpose of a contemporary and user-friendly presentation of our website in terms of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
To use this feature, your IP address must be transmitted and stored to Google’s servers in the United States. As a provider of this website, we have no influence on this data transfer.
c) Instagram embeds
We use embed codes from Instagram on our website. This is done for the purpose of a contemporary and user-friendly presentation of our website in terms of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Instagram is a Facebook product (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland).
When you visit a page that contains such embed code, it creates a direct connection between your browser and the Instagram servers. We have no control over the nature and extent of the data transmitted to Instagram servers through the the embed code.
This site incorporates videos from YouTube, an offer from YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA), which is owned by the umbrella organization Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). This is done for the purpose of providing differentiated and versatile multimedia content on our website in the sense of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
To use this feature, your IP address must be transmitted to and stored on the YouTube or Google servers in the United States. As a provider of this website, we have no influence on this data transfer. However, we include the videos in a according to the provider "extended privacy mode", if this is technically possible. Videos are usually integrated via the domain youtube-nocookie.com.
e) Profile pictures from Gravatar
This site incorporates profile images from Gravatar, an offer from Automattic, Inc. (132 Hawthorne Street, San Francisco, CA 94107, USA). This is done for the purpose of personalizing the comment function of our website for our users in the sense of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
Gravatar is a service where users can log in and submit profile pictures related to their e-mail address. Later, when these users sign in to online platforms with their e-mail address or leave comments on blogs and websites using that e-mail address, the profile picture associated with the address is automatically loaded. This way, users do not have to upload their own profile picture on each website, but can set it once centrally for their e-mail address(es).
To provide this feature, the e-mail address given by the users when commenting on our website is sent to Gravatar in order to check whether a profile is stored for it. This is the sole purpose of submitting the e-mail address and will not be used for any other purpose, but will be deleted afterwards.
Users can completely prevent the transmission of their e-mail address by not using our commenting system or by not providing an e-mail address.
To use this feature, it is also required that your IP address be transferred to the Automattic, Inc. servers in the United States and stored whenever a sub page with comments on it is accessed. As a provider of this website, we have no influence on this data transfer.
f) Payment via PayPal
It is possible to process the payment on our website via the online payment service PayPal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as the payment method, your data required for the payment process will be automatically forwarded to PayPal. These are regularly the following data:
- country of your residence
- e-mail address of the customer / payer
- e-mail address of the recipient of the products
- telephone and mobile number
- IP address
The legal basis for data processing is Art. 6 para 1 lit b GDPR, as the processing of the data is required for payment by PayPal and thus for the performance of the contract.
IX. Rights of the aggrieved party
To protect your data, you have extensive rights, which we would like to explain to you below. You have the right:
- in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, the existence of a the right to complain, the source of your data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
- in accordance with Art. 16 GDPR, to demand the immediate rectification of incorrect or the completion of personal data stored by us;
- in accordance with Art. 17 GDPR, to require the deletion of your personal data stored by us, except where the processing is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, or the processing was unlawful, but you reject their deletion and we no longer need the data, but you need them for assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to obtain your personal data provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
- in accordance with Art. 7 para. 3 GDPR, to revoke your once granted consent towards us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future;
- in accordance with Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
X. Right of objection
If your personal data are processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is granted by us without stating a particular situation.
If you would like to exercise your right of revocation and objection, please send an e-mail to firstname.lastname@example.org.
XI. Data security
To secure our website, we use a so-called SSL certificate with a 256-bit encryption (or with 128-bit encryption, if your browser should not support better encryption).
Whether a website has an SSL certificate can be determined, for example, via an external service such as the Qualys SSL test (https://www.ssllabs.com/ssltest/). Most browsers also provide the ability to view the certificate directly. However, since the procedure differs depending on the manufacturer, we ask you to consult the operating instructions or the documentation of the manufacturer of your browser.
In addition, we use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.