My Work in CRM

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our privacy policy set out below.

Data Collection on this Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Notice concerning the party responsible” in this privacy policy.

How do we collect your data?
Your data is collected, on the one hand, by you providing it to us. This may, for example, be data you enter in a contact form.

Other data is collected automatically or after your consent when visiting the website through our IT systems. These are mainly technical data (e.g. internet browser, operating system, or time of page access). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other inquiries.

What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. You also have the right, under certain circumstances, to request the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this and other questions on the subject of data protection, you can contact us at any time.

Analytics Tools and Third-Party Tools

When visiting this website, your browsing behaviour may be statistically evaluated. This happens primarily with analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following providers:

Strato

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter “Strato”). When you visit our website, Strato collects various log files including your IP addresses.

For more information, please see Strato’s privacy policy: https://www.strato.de/datenschutz/

The use of Strato is based on Art. 6 GDPR. We have a legitimate interest in a reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting). Consent may be revoked at any time.

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1)(f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent may be revoked at any time.

Our hosting provider(s) will only process your data to the extent necessary to fulfil their service obligations and follow our instructions regarding this data.

We use the following hosting provider(s):
Hubspot Ireland

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission on the internet (e.g. communication by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Notice concerning the responsible party

The party responsible for data processing on this website is:

Manuela Hackl
Ebertplatz 6
78467 Konstanz
Germany

Email: manu@manuelahackl.

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

1. Encryption

Data is encrypted during transmission (e.g. SSL/TLS for emails, VPN, Nextcloud encryption).

2. Confidentiality

(Art. 32 (1)(b) GDPR)

Physical access control

No unauthorised access to data processing facilities. Ensured by:
Key / lockable home office environment
Limitation of persons with access (only myselff)

System access control

Unauthorised use of IT systems is prevented by:

Secure passwords (password policy)
Automatic lock mechanisms (timeout, screen lock)
Two-factor authentication where applicable (2FA)
Encryption of data carriers (laptop protected with full-disk encryption, if in use/applicable)
Antivirus, firewall and VPN (currently Avira/McAfee)

Data access control

Prevent unauthorised reading, copying, altering or deleting within systems by:

Authorisation concept & role-based access (only processor has admin rights)
Logging of access to systems

Separation control

Separate processing of data for different purposes ensured by:

Client separation (separate Nextcloud folders, local separation)

3. Integrity

(Art. 32 (1)(b) GDPR)

Transfer control

Prevent unauthorised reading, copying, alteration or removal:

privacy screen protection
Virtual Private Networks (VPN)
Encrypted platforms (Nextcloud)

Input control

Ensure traceability of data entry, changes, or deletion:

Logging of logins and activities
Documentation of system use within used systems (system integrated log files)

4. Availability & Resilience

(Art. 32 (1)(b) GDPR)

Availability control

Protection against accidental destruction or loss ensured by:

Backup strategy (regular backups, local and Nextcloud storage)
Antivirus software
Firewall
Incident reporting (report directly to client/partner)
Fast recoverability (via backups and Nextcloud availability)

5. Regular Review, Assessment & Evaluation

Art. 32 (1)(d) GDPR; Art. 25 (1) GDPR

Data protection management: Regular review of security measures.
Incident-response management: Notification of clients wshortly after knwoledge.
Privacy-friendly default settings: Processing limited to what is necessary.

Order control
Ensuring processing only unde the instructions of the client/partner:

Clear contractual arrangements (provided by client)
Formalised order management (instructions documented in writing/email)
Strict selection of 3rd parties, employes or partners

6. Recovery Procedures

The recovery of personal data availability after physical or technical incidents is ensured by:
- Regular backups
- and use of GDPR-compliant Nextcloud environment.