1. GENERAL INFORMATION AND MANDATORY DISCLOSURES
General information
The following information provides an overview of what happens to your personal data when you visit this website. Personal data refers to any data that can identify you personally. For detailed information on data protection, please refer to my privacy policy listed below this text.
I would like to point out that data transmission over the Internet (e.g., communication via email) may have security vulnerabilities. Complete protection of data from third-party access is not possible.
Data controller
The data controller responsible for data processing on this website is:
Untamed Letters
c/o Grosch Postflex #641
Emsdettener Str. 10, 48268 Greven, Germany
Phone and more details: upon request
Email: contact[at]untamed-letters.ink
Data retention
Your personal data will remain with me until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or revoke your consent for data processing, your data will be deleted, provided there are no other legally permissible reasons for retaining your personal data (e.g., tax or commercial retention periods); in the latter case, the data will be deleted once these reasons no longer apply.
General information on the legal basis for data porocessing on this website
If you have consented to data processing, I process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data according to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the access of information on your device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) TTDSG. Consent may be revoked at any time.
If your data is necessary for the fulfillment of a contract or for pre-contractual measures, I process your data based on Art. 6(1)(b) GDPR. Additionally, I process your data to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on my legitimate interests pursuant to Art. 6(1)(f) GDPR. The specific legal basis for each processing activity is explained in the following sections of this privacy policy.
Notice regarding data transfer to the US and other third countries
I use tools from companies based in the US or other third countries. If these tools are active, your personal data may be transferred to these third countries and processed there. I would like to point out that these countries may not provide the same level of data protection as the EU. For example, US companies are obligated to hand over personal data to security authorities without allowing you, as the affected party, to take legal action. It cannot be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data located on US servers for surveillance purposes. I have no control over these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can revoke your already given consent at any time. The legality of the data processing carried out before the revocation remains unaffected.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, I WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS I CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged violation. This right to complain is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data that I process based on your consent or in fulfillment of a contract in a structured, commonly used, and machine-readable format or to request the transfer of the data to another controller, provided this is technically feasible.
SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to me as the site operator. You can recognize an encrypted connection by the address line of the browser changing from “http://” to “https://” and the lock icon in your browser’s address bar. If SSL encryption is enabled, the data you transmit to me cannot be read by third parties.
Information, deletion, and correction
Within the scope of the applicable legal provisions, you have the right to request information about your stored personal data, its origin, and recipients, as well as the purpose of the data processing at any time, free of charge. You also have the right to request the correction or deletion of this data. For this purpose and for further questions regarding personal data, you can contact me at any time.
Right to restrict processing
You have the right to request the restriction of the processing of your personal data. You can contact me at any time for this. The right to restrict processing exists in the following cases:
– If you dispute the accuracy of your personal data stored by me, I usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
– If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
– If I no longer need your personal data, but you need it to establish, exercise, or defend legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
– If you have objected to processing under Art. 21(1) GDPR, a balancing of your and my interests must take place. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may only be processed (apart from being stored) with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
2. HOSTING
IONOS
I host my website with IONOS SE. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter IONOS).
When you visit my website, IONOS collects various log files, including your IP address. For more details, please refer to IONOS’s privacy policy:
https://www.ionos.de/terms-gtc/terms-privacy.
The hosting provider processes personal data related to the website as a data processor in accordance with Article 28 GDPR. I have entered into a data processing agreement (DPA) with the aforementioned provider. This legally required contract ensures that the provider processes personal data of my website visitors only according to my instructions and in compliance with the GDPR.
3. DATA COLLECTION ON THIS WEBSITE
Inquiries by email or phone
If you send me inquiries by email or phone, your inquiry, including any personal data (name, inquiry) arising from it, will be stored by me for the purpose of processing your request and in case of follow-up questions. I do not share this data without your consent.
The processing of this data is based on Article 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or necessary for pre-contractual measures. In all other cases, the processing is based on my legitimate interest in effectively handling the inquiries addressed to me (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), provided it has been requested. You can revoke your consent at any time.
The data you provide will remain with me until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies (e.g., after processing your inquiry). Mandatory legal provisions – particularly retention periods – remain unaffected.
4. SOCIAL MEDIA
This website uses plugins from the social network Instagram, which is operated by Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (hereinafter “Instagram”). If you visit a page on my website that contains an Instagram plugin, a connection to the Instagram servers is established. In doing so, Instagram may be informed that your IP address has visited my website. If you are logged into your Instagram account, Instagram can associate your visit to my website with your user account. By interacting with the Instagram plugin, such as clicking the “Like” button or sharing content, this information is transmitted directly to Instagram and stored there.
I would like to point out that as the operator of this website, I do not receive knowledge of the content of the transmitted data or its use by Instagram. For more information, please refer to Instagram’s privacy policy at https://help.instagram.com/519522125107875.
The use of Instagram plugins is based on my legitimate interest in providing attractive content to my website visitors (Art. 6(1)(f) GDPR). If you do not want Instagram to collect data about your visit to this website, please log out of your Instagram account before visiting my site.
Data transmission to the US is based on the EU Commission’s standard contractual clauses. More information on data transfer and protection can be found in Instagram’s data policy at https://help.instagram.com/519522125107875.
5. PLUGINS AND TOOLS
Elementor
I have integrated the Elementor plugin on my website. The provider is Elementor Ltd., Tuval St. 40, Ramat Gan, 5126112, Israel. These plugins do not process any personal data.
For more information on Elementor’s privacy policies, please refer to:
https://elementor.com/about/privacy/
Wordfence
I have integrated Wordfence on this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).
Wordfence is used to protect my website from unauthorized access or malicious cyber-attacks. To do this, my website establishes a permanent connection to Wordfence’s servers, allowing Wordfence to check its databases against website accesses and block them if necessary.
The use of Wordfence is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in providing the most effective protection of their website against cyber-attacks. If consent has been requested, the processing is based exclusively on Article 6(1)(a) GDPR and Section 25(1) TTDSG, as far as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the US is based on the EU Commission’s standard contractual clauses. Details can be found here:
https://www.wordfence.com/help/general-data-protection-regulation/.
I have entered into a data processing agreement (DPA) with Wordfence. This legally required contract ensures that the provider processes personal data of my website visitors only according to my instructions and in compliance with the GDPR.
UpdraftPlus
This website uses the WordPress plugin UpdraftPlus (Simba Hosting Ltd. UK registered company number: 8570611, VAT number: 202 1260 80, product development and marketing in cooperation with XIBO Ltd., Cardiff, UK). This service encrypts and regularly backs up the entire WordPress installation (SFTP/SCP) to ensure a backup in case of any issues. More information can be found in UpdraftPlus’s privacy policy:
https://updraftplus.com/data-protection-and-privacy-centre/
CookieYes
We use the CookieYes plugin to manage cookie consent on our website. CookieYes is a service provided by CookieYes Limited, located at 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.
The plugin helps us to comply with data protection laws by allowing visitors to make informed choices about the use of cookies. When you visit our site, you will be presented with a cookie banner that enables you to accept or reject non-essential cookies. CookieYes stores your consent preferences in a cookie on your browser to remember your choice for future visits. Legal basis: The use of CookieYes is based on our legitimate interest in providing a user-friendly and legally compliant cookie consent solution (Art. 6 para. 1 lit. f GDPR).
Data processed: CookieYes may collect anonymized data regarding your consent status (e.g., whether you accepted or declined cookies), your IP address in truncated form, and the date and time of your consent. For more information about CookieYes and how it handles data, please visit: https://www.cookieyes.com/privacy-policy/
Privacy policy based on: https://www.e-recht24.de