top of page

Privacy Policy

Preamble

With the following privacy policy, we aim to inform you about what types of personal data (hereinafter referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all data processing activities carried out by us, whether in connection with our services or specifically on our websites, mobile applications, and external online platforms such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Last updated: October 11, 2024

Table of Contents

  • Preamble

  • Data Controller

  • Overview of Data Processing

  • Legal Basis for Processing

  • Security Measures

  • Data Transfer to Third Parties

  • International Data Transfers

  • General Information on Data Retention and Deletion

  • Rights of Data Subjects

  • Business Services

  • Provision of the Online Offering & Web Hosting

  • Use of Cookies

  • Contact & Inquiry Management

  • Presence on Social Networks (Social Media)

  • Plug-ins and Embedded Content

  • Zoom

  • WhatsApp

Data Controller

André Guzman
Ludwig-Clormann-Allee 20
76833 Siebeldingen (GER)

Email: home@andre-guzman.com
Imprint: andre-guzman.com/impressum

Overview of Data Processing

The following overview summarizes the types of data we process, the purposes of processing, and the affected categories of individuals.

Types of Processed Data

  • Basic data

  • Payment data

  • Contact details

  • Content data

  • Contract data

  • Usage data

  • Metadata, communication, and procedural data

  • Log data

Categories of Data Subjects

  • Service recipients and clients

  • Interested parties

  • Communication partners

  • Users

  • Business and contractual partners

Purposes of Processing

  • Fulfillment of contractual services and obligations

  • Communication

  • Security measures

  • Office and organizational processes

  • Administration and management procedures

  • Feedback collection

  • Marketing

  • Profiling based on user data

  • Provision of our online offering and user experience optimization

  • IT infrastructure management

  • Public relations

  • Business operations and economic processes

Legal Basis for Processing

Legal Foundations under the GDPR

The following section outlines the legal bases under the GDPR that justify our data processing activities. Please note that national data protection regulations in your country of residence or our business location may also apply.

  • Consent (Art. 6(1)(a) GDPR) – You have given your consent for specific purposes.

  • Contractual fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary to fulfill a contract or take pre-contractual measures.

  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is required to comply with a legal obligation.

  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary to protect our or a third party’s legitimate interests, provided they do not override your fundamental rights and freedoms.

Security Measures

We implement appropriate technical and organizational security measures to protect your data in accordance with the latest technological standards. These include securing data confidentiality, integrity, and availability by controlling physical and electronic access, monitoring data transfers, and implementing data deletion protocols.

We also integrate data protection principles into the design of hardware, software, and procedures to ensure privacy by design and default.

Data Transfer to Third Parties

In the course of processing personal data, we may transfer or disclose this data to other entities, such as IT service providers or third-party service providers embedded into our website. In such cases, we comply with all legal requirements and ensure data protection through appropriate contractual agreements.

International Data Transfers

If data is transferred to countries outside the EU/EEA, it is done in compliance with legal requirements. This may be based on:

  • An adequacy decision by the EU Commission (Art. 45 GDPR)

  • Standard contractual clauses (Art. 46(2)(c) GDPR)

  • Your explicit consent (Art. 49(1) GDPR)

For companies certified under the EU-US Data Privacy Framework, the European Commission has deemed their data protection standards adequate. A list of certified companies is available here.

General Information on Data Retention and Deletion

We delete or restrict access to your personal data when the legal basis for processing ceases to exist, unless legal retention obligations apply.

Standard Retention Periods under German Law:

  • 10 years – Accounting records, invoices, and financial statements

  • 6 years – Business correspondence and tax-relevant documents

  • 3 years – Data required for potential legal claims

If multiple retention periods apply, the longest period takes precedence.

Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Right to Object: You can object to processing based on legitimate interests at any time.

  • Right to Withdraw Consent: You can withdraw your consent at any time with future effect.

  • Right to Access: You have the right to request a copy of your data.

  • Right to Rectification: You can request corrections to inaccurate or incomplete data.

  • Right to Deletion & Restriction: You can request the deletion or restriction of your data.

  • Right to Data Portability: You can request a structured, machine-readable format of your data.

  • Right to File a Complaint: If you believe your data is being processed unlawfully, you can file a complaint with a supervisory authority.

Business Services

We process customer and business partner data for contractual purposes, service provision, and communication. This includes invoicing, service fulfillment, and responding to inquiries.

Data is stored in compliance with legal retention obligations, typically for 4 years (unless extended due to tax or legal requirements).

Provision of the Online Offering & Web Hosting

Our online services are hosted by:

INWX GmbH
Prinzessinnenstr. 30, 10969 Berlin, Germany
Email: datenschutz@inwx.de

We have signed a Data Processing Agreement (DPA) with INWX to ensure compliance with GDPR.

Use of Cookies

Cookies are used to enhance functionality, security, and user experience. Where required, we obtain your explicit consent before setting non-essential cookies.

Types of Cookies:

  • Session Cookies: Automatically deleted when you close your browser.

  • Persistent Cookies: Stored for a set period (up to 2 years).

You can manage or withdraw your consent at any time through your browser settings.

Presence on Social Networks

We maintain profiles on platforms such as Instagram and LinkedIn to engage with users and provide updates. Data processing in social networks is subject to their respective privacy policies.

More information:

Video Conferencing & Messaging Services

  • Zoom: We use Zoom Communications Inc., based in the USA. Data is transferred under EU standard contractual clauses.

  • WhatsApp: We use WhatsApp Ireland Ltd. for communication. Messages are end-to-end encrypted, but metadata is shared with Meta. More details.
     

This privacy policy was created using the free privacy policy generator by Dr. Thomas Schwenke.

Get in touch!

+49 155 60505432

home@andre-guzman.com

Landau i.d. Pfalz

Imprint

Privacy Policy

bottom of page