Privacy Policy As of: 
April 8, 2024

Table of Contents
  • Controller
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transfer of Personal Data
  • International Data Transfers
  • Rights of Data Subjects
  • Business Services
  • Provision of Online Offerings and Web Hosting
  • Use of Cookies
  • Presence on Social Networks (Social Media)
  • Plug-ins and Embedded Functions as well as 

Content Controller
Jenny, Liebermann
jl graphic design
Birkerstr. 30, 80636 München, 
Germany
Email Address: hello@jl-graphicdesign.com

Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of their processing, as well as referring to the individuals affected.

Types of Data Processed
  • Inventory data.
  • Payment data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data. 

Categories of Data Subjects
  • Prospects.
  • Users.
  • Business and contractual partners. 

Purposes of Processing
  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Office and organizational procedures.
  • Administration and response to inquiries.
  • Feedback.
  • Marketing.
  • Provision of our online offerings and user-friendliness.
  • Information technology infrastructure. 

Relevant legal bases according to the GDPR: Below, you will find an overview of the legal bases of the GDPR, on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject. Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Federal Data Protection Act (BDSG). The BDSG contains special regulations concerning the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making including profiling on an individual basis. Furthermore, state data protection laws of individual federal states may apply.

Notice of applicability of GDPR and Swiss DPA: These data protection notices serve both to provide information in accordance with the Swiss Federal Data Protection Act (Swiss DPA) and the General Data Protection Regulation (GDPR). For this reason, we kindly ask you to note that due to broader spatial application and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms used in the Swiss DPA such as "processing" of "personal data," "predominant interest," and "particularly sensitive personal data," the terms used in the GDPR such as "processing" of "personal data," "legitimate interest," and "special categories of data" are used. However, the legal significance of these terms will continue to be determined within the scope of the applicability of the Swiss DPA according to the Swiss DPA.

Security measures
In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and separation of the data concerned. Furthermore, we have established procedures to ensure the exercise of data subject rights, data deletion, and responses to data breaches. Additionally, we consider data protection when developing or selecting hardware, software, and procedures in accordance with the principle of data protection, through technical design and by implementing privacy-friendly default settings.

Transmission of personal data
In the course of our processing of personal data, it may occur that such data is transmitted to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

International data transfers
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs in connection with the use of third-party services or the disclosure or transmission of data to other individuals, entities, or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers are carried out only if the level of data protection is otherwise ensured, particularly through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49 para. 1 GDPR). Additionally, we inform you of the bases for the transfer to third countries for each provider from the third country, with adequacy decisions being the primary basis. Information on third-country transfers and existing adequacy decisions can be found on the European Commission's website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=en.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection as safe for certain companies from the USA under the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you within the data protection notices which service providers we use are certified under the Data Privacy Framework.

Rights of data subjects
Rights of data subjects under the GDPR: You, as data subjects, have various rights under the GDPR, particularly arising from Articles 15 to 21 of the GDPR:
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and other specified information according to legal requirements.
Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you and, according to legal requirements, the completion of incomplete personal data.
Right to erasure and restriction of processing: You have the right, according to legal requirements, to obtain from the controller the erasure of personal data concerning you without undue delay, or alternatively, the restriction of processing of personal data concerning you.
Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller according to legal requirements.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Business Services
We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as "contractual partners"), within the scope of contractual and comparable legal relationships as well as associated measures and in connection with communication with the contractual partners (or pre-contractually), such as responding to inquiries.
We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any updating obligations, and remedy for warranty and other service disruptions. Furthermore, we use the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations and company organization. Additionally, we process the data based on our legitimate interests in both proper and economical business management and in security measures to protect our contractual partners and our business operations from misuse, safeguarding their data, secrets, information, and rights (e.g., involving telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose the data of contractual partners to third parties to the extent required for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further processing, such as for marketing purposes, as part of this privacy policy.

We inform contractual partners about which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, through special labeling (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., in principle after four years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal archiving reasons (usually ten years for tax purposes). Data disclosed to us as part of an order by the contractual partner will be deleted in accordance with the specifications and generally after the end of the order.

Processed types of data: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:
Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used, on the one hand, for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the utilization and stability of the servers; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and read from them. For example, to store the login status in a user account, the contents of a shopping cart in an online shop, the accessed content, or the functions used in an online offer. Cookies can also be used for various purposes, such as functionality, security, and convenience of online offerings, as well as for analyzing visitor traffic.
Consent Information: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, unless it is not required by law. Permission is not necessary, in particular, if storing and reading the information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) expressly requested by them. The revocable consent is clearly communicated to them and contains information about the respective cookie usage.
Data Protection Legal Basis Information: The legal basis on which we process users' personal data using cookies depends on whether we ask for consent. If users accept, the legal basis for the processing of their data is the expressed consent. Otherwise, the data processed using cookies are based on our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if it is necessary for the fulfillment of our contractual obligations, when the use of cookies is required to comply with our contractual obligations. We clarify the purposes for which cookies are used by us in this privacy policy or as part of our consent and processing processes.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
Persistent Cookies: Persistent cookies remain stored even after the end device is closed. For example, the login status can be stored, and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected using cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), they should assume that these are persistent and that the storage duration can be up to two years.

General Withdrawal and Objection Information (Opt-out): Users can revoke their consent at any time and also object to the processing in accordance with legal requirements, including through the privacy settings of their browser.
Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Presences on Social Networks (Social Media)
We maintain online presences within social networks and process user data within this framework to communicate with users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union in this context. This may entail risks for users, as, for example, the enforcement of user rights could be made more difficult.

Furthermore, users' data within social networks is typically processed for market research and advertising purposes. For example, user behavior and resulting interests can be used to create user profiles. The latter may in turn be used to display advertisements within and outside the networks that presumably correspond to users' interests. Therefore, cookies are typically stored on users' computers, in which user behavior and interests are stored. In addition, data may also be stored in user profiles independent of the devices used by the users (especially if they are members of the respective platforms and logged in).

For a detailed description of the respective processing methods and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.
Even in the case of inquiries and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

Processed Data Types: Contact details (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as information about authorship or time of creation); Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Affected Persons: Users (e.g., website visitors, users of online services). Purposes of Processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online form). Marketing. Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Processes, Procedures, and Services:
Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
Plug-ins and Embedded Functions as well as Content
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of this content process users' IP addresses, as they could not send the content to their browsers without the IP address. The IP address is therefore necessary for the presentation of this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymous information may also be stored in cookies on users' devices and may include technical information about the browser and operating system, referring websites, visit time, and further information about the use of our online offering, but may also be linked to such information from other sources.

Legal Basis Information: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Processed Data Types: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Affected Persons: Users (e.g., website visitors, users of online services). Purposes of Processing: Provision of our online offering and user-friendliness.

Created with the free privacy policy generator from Dr. Thomas Schwenke.


Contacts: Mail or Instagram
Imprint / Privacy policy