Privacy Policy
We are very pleased about your interest in Grow Your Flow. Data protection is of particular importance to us at grow-your-flow.com. The use of the website www.grow-your-flow.com is generally possible without providing any personal data. However, if a person wishes to use special services on our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Grow Your Flow. Through this privacy statement, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights through this privacy statement.
Grow-your-flow.com, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, it is open to any data subject to transmit personal data to us through alternative means, such as by telephone.
1. Definitions
The privacy policy of Grow Your Flow is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the general public, as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms in this privacy policy, among others:
a) Personal Data: Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the „data subject“). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject: a data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing: Processing is any operation or set of operations performed on personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction.
d) Restriction of Processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling: Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.
f) Pseudonymization: Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller: Controller or controller for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor: Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
i) Recipient: Recipient is a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third Party: Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent: Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her for a specific purpose.
2. Name and Address of the Controller
Controller, as defined by the General Data Protection Regulation, other data protection laws applicable in the European Union member states, and other provisions with a data protection character, is:
Deborah Keser / Ossendorfer Straße 197 / 50825 Köln / Germany
Phone: 0049 17678317825
Email: contact@grow-your-flow.com
Website: www.grow-your-flow.com
3. Cookies
The websites of grow-your-flow.com use cookies. Cookies are text files that are stored on a computer system via an internet browser.
Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited internet pages and servers to differentiate the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
By using cookies, grow-your-flow.com can provide users of this website with more user-friendly services that would not be possible without the cookie setting.
Through a cookie, the information and offers on our website can be optimized for the user. Cookies allow us, as previously mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to utilize our website. The user of a website that uses cookies, for example, does not have to enter access data each time the website is accessed because this is taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the items that customers have placed in the virtual shopping cart via a cookie.
The data subject can, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the internet browser used and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an internet browser or other software programs. This is possible in all popular internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be entirely usable.
4. Collection of General Data and Information
The website of Grow Your Flow collects a series of general data and information with each call to the website by a data subject or an automated system. This general data and information are stored in the server’s log files. The data that may be collected includes (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to avert risks in the event of attacks on our information technology systems.
Grow Your Flow does not draw conclusions about the data subject when using this general data and information. Instead, this information is needed to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and its advertising, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. These anonymously collected data and information are therefore statistically and further evaluated by grow-your-flow.com, with the aim of increasing data protection and data security in our company to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
5. Contact Possibility via the Website
The website of Deborah Keser contains due to legal regulations information that enables a quick electronic contact to Grow Your Flow as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the data controller via email or a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data voluntarily provided by a data subject to the data controller will be stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
6. Comment Function in the Blog on the Website
Grow-your-flow.com offers users on a blog, located on the website of the data controller, the possibility to leave individual comments on individual blog posts. A blog is a publicly accessible portal usually managed on a website where one or more persons, known as bloggers or web bloggers, can post articles or write down thoughts in blog posts. Blog posts can generally be commented on by third parties. If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information on the time of the comment entry as well as the user name (pseudonym) chosen by the data subject will be stored and published. Furthermore, the IP address assigned by the Internet Service Provider (ISP) to the data subject will be logged. This storage of the IP address is done for security reasons and in case the data subject violates the rights of third parties or posts illegal content through a submitted comment. The storage of these personal data is therefore in the own interest of the data controller, so that they can exculpate themselves in the event of a legal violation. There is no disclosure of this collected personal data to third parties unless such disclosure is required by law or serves the legal defense of the data controller.
7. Routine Erasure and Blocking of Personal Data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or as stipulated by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the storage purpose is no longer applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with legal requirements.
8. Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right granted by the European legislator to obtain confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.
b) Right to Information
Any data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain free information from the controller at any time about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:
- the purposes of processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration
- the existence of the right to rectification or erasure of personal data concerning them or restriction of processing by the controller or a right to object to such processing
- the right to lodge a complaint with a supervisory authority
- if the personal data is not collected from the data subject: all available information about the origin of the data
- the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the suitable guarantees in connection with the transfer.
If a data subject wishes to exercise this right of access, they can contact an employee of the controller at any time.
c) Right to Rectification
Any data subject affected by the processing of personal data has the right granted by the European legislator to demand the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
If a data subject wishes to exercise this right of rectification, they can contact an employee of the controller at any time.
d) Right to Erasure (Right to be Forgotten)
Any data subject affected by the processing of personal data has the right granted by the European legislator to request the controller to delete the personal data concerning them without delay if one of the following reasons applies and if the processing is not necessary:
- The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
- The data subject withdraws their consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data has been unlawfully processed.
- Deletion of personal data is required to fulfill a legal obligation under Union or Member State law to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Article 8(1) GDPR.
If one of the above reasons applies, and a data subject wishes to request the erasure of personal data stored by Deborah Keser, they can contact an employee of the controller at any time. The employee of Deborah Keser will ensure that the erasure request is complied with immediately.
If personal data has been disclosed by Deborah Keser and our company, as the data controller, is obliged to delete personal data pursuant to Article 17(1) GDPR, Deborah Keser, taking into account available technology and implementation costs, will take appropriate measures, including technical measures, to inform other data controllers processing the disclosed personal data that the data subject has requested the erasure of all links to this personal data or copies or replications of this personal data, as far as processing is not required. The employee of Deborah Keser will arrange the necessary in individual cases.
e) Right to Restriction of Processing:
- Individuals have the right to request the restriction of processing under certain conditions:
- If the accuracy of personal data is contested by the individual, the processing will be restricted during the verification period.
- If the processing is unlawful, and the individual opposes erasure, they can request the restriction of processing.
- If the data is no longer needed for processing purposes, but the individual requires it for legal claims.
- If the individual has objected to processing under Article 21(1) of the GDPR, pending verification of whether the legitimate grounds of the controller override those of the individual.
- The individual can contact a representative of the data controller to request the restriction of processing.
f) Right to Data Portability:
- Individuals have the right to receive their personal data, provided to a controller, in a structured, commonly used, and machine-readable format.
- They can transmit this data to another controller without hindrance from the initial controller, where:
- Processing is based on consent or a contract, and
- Processing is carried out by automated means.
- The right also includes having personal data directly transmitted from one controller to another if technically feasible.
- To exercise this right, the individual can contact a representative of the data controller.
g) Right to Object:
- Individuals can object to the processing of their personal data at any time for reasons relating to their particular situation.
- The controller will cease processing unless compelling legitimate grounds override the interests, rights, and freedoms of the individual or for the establishment, exercise, or defense of legal claims.
- The right to object applies to processing for direct marketing purposes, including profiling.
- Individuals can exercise this right by contacting any representative of the data controller.
h) Automated Decisions Including Profiling:
- Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them.
- Exceptions apply if the decision is necessary for the performance of a contract, authorized by law, or based on the individual’s explicit consent.
- In such cases, individuals have the right to obtain human intervention, express their point of view, and contest the decision.
- To assert these rights, individuals can contact a representative of the data controller.
i) Right to Withdraw Consent:
- Individuals have the right to withdraw their consent to the processing of personal data at any time.
- The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- To exercise this right, the individual can contact a representative of the data controller.
These rights are fundamental components of data protection legislation, aiming to empower individuals with control over their personal data. Individuals can typically contact the data controller or their representatives to exercise these rights.
9. Data Protection Provisions for the Use of Facebook
The data controller has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is an online meeting place operated on the Internet, allowing users to communicate with each other and interact in the virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or company-related information. Among other things, Facebook allows users of the social network to create private profiles, upload photos, and connect through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the responsible entity for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up of one of the individual pages of this website operated by the data controller and on which a Facebook component (Facebook plugin) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. In the course of this technical procedure, Facebook gains knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into Facebook, Facebook recognizes with each call-up of our website by the data subject and for the entire duration of their stay on our website which specific subpage of our website the data subject visits. These pieces of information are collected by the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, for example, the „Like“ button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information via the Facebook component that the data subject has visited our website whenever the data subject is logged in to Facebook at the same time as accessing our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If such transmission of this information to Facebook is not desirable for the data subject, they can prevent it by logging out of their Facebook account before calling up our website.
The data protection declaration published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the options offered by Facebook to protect the privacy of the data subject. Various applications are also available that make it possible to suppress data transmission to Facebook.
10. Data Protection Provisions for the Use of Instagram
The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and distribute such data to other social networks.
The operator of the Instagram services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
With each call-up of one of the individual pages of this website operated by the data controller and on which an Instagram component (Insta-button) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Instagram component to download a display of the corresponding component from Instagram. In the course of this technical procedure, Instagram gains knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into Instagram, Instagram recognizes with each call-up of our website by the data subject and for the entire duration of their stay on our website which specific subpage of our website the data subject visits. This information is collected by the Instagram component and associated with the respective Instagram account of the data subject. If the data subject clicks one of the Instagram buttons integrated on our website, the data and information transmitted with it are assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
Instagram receives information via the Instagram component that the data subject has visited our website whenever the data subject is logged in to Instagram at the same time as accessing our website; this occurs regardless of whether the data subject clicks on the Instagram component or not. If such transmission of this information to Instagram is not desirable for the data subject, they can prevent it by logging out of their Instagram account before calling up our website.
Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
11. Data Protection Provisions for the Use of YouTube
The data controller has integrated components of YouTube on this website. YouTube is an Internet video portal that allows video publishers to upload video clips for free and enables users to view, rate, and comment on them for free as well. YouTube allows the publication of all types of videos, making complete movies and TV shows, as well as music videos, trailers, or user-generated videos accessible via the Internet portal.
The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
With each call-up of one of the individual pages of this website operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. In the course of this technical procedure, YouTube and Google become aware of which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into YouTube, YouTube recognizes with the call-up of a subpage that contains a YouTube video which specific subpage of our website the data subject visits. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website when the data subject is logged into YouTube at the same time as accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not desired by the data subject, they can prevent it by logging out of their YouTube account before calling up our website.
The data protection regulations published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing, and use of personal data by YouTube and Google.
12. Legal Basis for Processing
Art. 6 I lit. a DS-GVO serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example, in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business premises were injured, and their name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Art. 6 I lit. d DS-GVO. Ultimately, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a customer of the data controller (Recital 47 Sentence 2 DS-GVO).
13. Legitimate Interests Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the conduct of our business activities for the benefit of all our employees and shareholders.
14. Duration for Which the Personal Data are Stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of the period, the corresponding data is routinely deleted, provided it is no longer required for the fulfillment of the contract or the initiation of a contract.
15. Legal or Contractual Provisions on the Provision of Personal Data; Necessity for the Conclusion of the Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Non-Provision
We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information on the contractual partner).
Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data that must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
Before the data subject provides personal data, the data subject must contact one of our employees. Our employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences of non-provision of the personal data.
16. Existence of Automated Decision-Making
As a responsible company, we refrain from automatic decision-making or profiling. This sample privacy policy was created by the privacy policy generator of the German Society for Data Protection, in cooperation with the media law firm WILDE BEUGER SOLMECKE | Attorneys at Law.