I. Name and address of the person in charge
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is: Fanciety GmbH Ballindamm 39 20095 Hamburg Tel.: +49 40 999 993 440 Website: Authorized representative: Managing Director Prof. Dr. Björn Michaelis
II. Contact details of the data protection officer
You can reach the data protection officer at the email address and by post at the address of the controller mentioned above.
III. General information on data processing
As a matter of principle, we only process personal data of the users of our website insofar as this is necessary to provide a functioning website, our contents and services. The further processing of personal data of our users regularly takes place only with their consent. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and where the processing of the data is permitted by law.
In case we obtain the consent of the person concerned for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the relevant legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject to, the necessary legal basis is Art. 6 para. 1 lit. c GDPR.
Finally, if the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interests the legal basis is formed by Art. 6 para. 1 lit. f GDPR.
IV. Deleting data and storage duration
The personal data collected by us for the purpose of storage will be deleted or blocked as soon as the purpose for storage is no longer required. In addition, the data may be stored if European Union laws and regulations or other legal norms to which the controller is subject to provide for this. The data shall also be blocked or deleted if a storage period, provided by the aforementioned laws, expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
V. Data collection for the provision of the website
Each time you access our website, our system automatically collects data and information from the system of the accessing computer. The following data is collected on the basis of Art. 6 Para. 1 lit. f GDPR:
- Information about the browser type and the version used
- The user's operating system
- The internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites accessed by the user's system through our website
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is deleted as soon as it is no longer required for the purpose of collection. Regarding the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data to provide the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
The personal data collected in this way is pseudonymised by technical procedures. It is therefore no longer possible to assign the data to the respective user. The data is not stored together with other personal data of the users.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
Cookies are stored on the user's computer and transmitted by it to our website. You can deactivate or restrict the transmission of cookies by changing the settings on your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it is possible that functions of the website can no longer be used to their full extent.
VII. Google Analytics
VIII. Contact form and email
You can contact us electronically via our website www.fanciety.com. On the website, the data entered in the contact form will be transmitted to us and stored. This data shall include first name, surname, telephone number, e-mail address, the reason for your request and the message sent to us.
The following data will also be stored at the time the message is sent:
- The IP address of the user
- Date and time of registration
The data will not be passed on to third parties in this context and will be used exclusively for the processing of the conversation.
The legal basis for the processing of the data subject to consent of the user is Art. 6 para. 1 lit. a GDPR. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. For the purpose of contact via email to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The corresponding data will be deleted as soon as it is no longer required for the purpose for which it was collected. The personal data from the contact form and those sent by email will be deleted when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The revocation can be made by sending an email to: email@example.com.
IX. Rights of the User
If personal data is processed by us, you have the following rights:
1. Right to information
You may request confirmation as to whether your personal data is being processed by us. In the event of such processing, you may request the following information :
- the purposes for which the personal data will be processed
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal information about you has been or will be disclosed
- the planned duration of the storage of the personal data concerning you or, if not possible, criteria for determining the storage duration
- the existence of a right to rectify or delete personal data concerning you, of a right to limit the processing by the controller or of a right to object to such processing
- the existence of a right of appeal to a supervisory authority;
- all available information on the origin of the data, if the personal data is not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Article 22 para. 1 and para. 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to correction
You have a right to rectify and/or complete your data if the processed personal data is inaccurate or incomplete. The controller must carry out the rectification without delay.
3. Right to limitation of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
- if you dispute the accuracy of your personal data, for a period of time which enables the controller to verify the accuracy of the personal data
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction for the use of personal data
- the data controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
- if you have lodged an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the justified reasons of the data controller outweigh your reasons.
Where the processing of your personal data has been restricted, such data, apart from being stored, may only be processed (i) with your consent or (ii) for the exercise or defence of rights or (iii) for the protection of the rights of another natural or legal person or (iv) for reasons of an important public interest of the European Union or of a Member State.
If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to delete
a) Obligation to delete
The controller is obliged to delete your personal data immediately, on your command, if one of the following reasons applies:
- Personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
- You revoke the consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing;
- You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR;
- Your personal data has been processed unlawfully;
- The deletion of your personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the data controller is subject to; or
- Your personal data has been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
b) Information to third parties
If the controller has made your personal data public and is obliged to delete it in accordance with Art. 17 para. 1 GDPR, it shall have to take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for processing your personal data that you have requested them to delete all links or copies of this personal data.
The right to deletion does not exist if the processing is necessary:
- on the exercise of freedom of expression and information;
- to fulfil a legal obligation required under the law of the European Union or of the Member States to which the controller is subject to or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- on grounds of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h, i and Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific, historical research or for statistical purposes pursuant to Art. 89 para. 1 GDPR, to the extent that the law referred to in Section 4 a) above is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
- for assertion, exercise or defence of legal claims.
5. Right to information
If you have exercised the right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, cancellation or limitation of the processing, unless this proves impossible or involves a disproportionate effort.
6. Right to data transferability
You have the right to receive your personal data provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without being hindered, provided that the processing is based on an agreement pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or a contract pursuant to Art. 6 Para. 1 lit. b GDPR, and the processing is carried out using automated procedures.
In exercising this right, you also have the right to receive your personal data transferred directly by one controller to the other controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to transfer data does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of objection
You have the right to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to such processing; this also applies to profiling insofar as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
8. Right to revoke consent under data protection law
You have the right to revoke your consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until your consent is revoked.
9. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular, in the Member State where you are residing, at your place of work or at the place where the alleged infringement may have occured, if you feel that the processing of your personal data is contrary to the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.