Zum Inhalt springen
Startseite » Data Privacy

Data Privacy

Thank you for your interest in our internet website.

We place great value on the protection of your data and privacy. Here we inform you, the user, about the kinds of data, the extent and purpose of the data collection and the usage of personal data on this website by ourselves, the data controllers. With regard to the terminology used, e.g. „controller“ or „processor“, please refer to the definitions in Article 4 General Data Protection Regulation (GDPR).

Data Controller, Data Protection Officer

Data Controller according to the Data Protection Laws, in particular the EU-General Data Protection Regulation, (GDPR) is:

Andreas Hoffschildt
Palisadenstraße 40
D-10243 Berlin

E-Mail: info@klessing-hoffschildt-architects.com
Telephone: +49 30 417175 03

We do not have an appointed representative or data protection officer.

1. Data protection

Legal basis

Our privacy and data protection policy is based on the General Data Protection Regulation (GDPR) of the European Union. For German citizens and authorities it is extended by the new version of the Bundesdatenschutzgesetzes (BDSG). Both laws came into force on the 25. May 2018.

Which data is protected?

Article 4 GDPR and § 46 BDSG both define data to be protected as: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This also includes IP addresses and content data such as comments on blog articles.

Your rights as data subject

By way of the above contact data you may exercise the following rights at any time:

  • Right to access:You may request, in accordance with Article 15 GDPR, disclosure of whether we have stored or process any data concerning your person. You have the right to receive copies of the data, and of any further pertinent information thereabaout.
  • Right to correction: In accordance with Article 16 GDPR you have the right to demand the completion of incomplete data concerning yourself, and / or the correction of any incorrect data about yourself.
  • Right to erasure: In accordance with Article 17 GDPR you can require that data about yourself is deleted without undue delay. Legal restrictions may however take precedence.
  • Right to restriction of data processing: according to Article 18 GDPR, inasmuch as the data concerned cannot be erased due to a legal restriction.
  • Right to objection: to the processing of your available data in accordance with Article 21 GDPR.
  • Right to revocation: You may revoke a given approval in accordance with Article 7 Section 3 GDPR with effect for the future.
  • Right to data portability: If you have agreed to the data processing or have entered into a contract with us, you may demand to receive the data concerning you that you have provided us with, in accordance with Article 20 GDPR, and to demand the transmission to another responsible party.
  • Right to complaint: You may approach the responsible authority with a complaint in accordance with Article 77 GDPR at any time. Your responsible authority varies according to your residence, workplace or the suspected infringement.

2. Personal data gathered by this website

Voluntary input by way of this website

Establishment of contact

We do not use a contact form; our contact data are listed on the Contact Page.

Duration of data storage

The criteria for the duration of data storage differ for the various types of data. Please refer to the relevant sections and the paragraph „business-related processing“ below.

Tracking

Tracking in this context means recording activities of a specific user, e.g. how a user navigates through a website, what she/he downloads or buys, and when she/he revisits the website. When large, centralised services such as Google Analytics are used for this purpose, the possibility for the service provider to track a particular persons activities across many websites arises.

We find this kind of tracking excessive and disrespectful – although it legally counts as a „legitimate interest“ of the website owner in accordance with the GDPR.

This website does not use tracking software.

Webserver Logs

To repel so called hacker attacks and to respond to fraudulent access, the software which answers website data requests („webserver“) logs its actions in protocol files („log files“). This infrastructure is a part of web hosting, located at a deeper level than the website itself. The storing of data in these files occurs in accordance with Article 6 Section 1 clause f. GDPR, based on our legitimate interest concerning the reliable functioning of the website.

The log files contain the following information for every access:

  • Your IP-address (see below)
  • Date and time of the access
  • The web address of the visited page („URL“)
  • The type of the webservers response („HTTP status code“)
  • The amount of data sent in bytes
  • The web address visited immediately previously („Referer“)*
  • The browser and the client operating system used („User Agent“)*

*Provided you have not suppressed these values via browser settings or browser plugin.

This website is hosted within the framework of a web hosting package of a well-known hosting service provider. The IP-addresses in the webserver logs are noted in an anonymous form, so that the log files do not contain personally identifiable information.

Summary: Your personal data

We do not gather any personal data. Thus there can be no further statements about how we handle it, as there is none.

3. Further topics

Cookies

A cookie is a small package of data originating from a website, which your browser deposits on your computer on behalf of that website. Every time your browser requests a particular web page, it sends any cookies (name and content), which originated from that pages website, along with the request. Cookies may contain many sorts of information, e.g. choice of viewing language, shopping cart contents, or a requirement not to be tracked. A cookie may be valid only until the browser is closed, or for a specifiable period of time (e.g. 3 months, 1 year). Cookies which are to be deleted when the browser is closed, effectively temporary information, are termed „Session-Cookies“. Cookies set by the website of a page being viewed are called first-party cookies. The most problematical types of cookie from the viewpoint of data privacy are, however, so called third-party cookies. These are not set by the website visited, but by another website which the page visited has called in the background. The most widely known example of this is Google Analytics, but there are many others.

Cookies from the security plugin WP Cerber

This website uses the excellent plugin WP Cerber to protect it against hacking and spam. In order to perform its task thoroughly, WP Cerber needs to set between 2 and 6 cookies, for the sole purpose of securing the website by detecting and mitigating malicious activity. All these cookies have randomly generated names and contain randomly generated values. No personal or sensitive data is stored in the cookies. These are domain cookies valid for 1 day – your browser will automatically delete them after 24 hours.

Here you can see which cookies have been set by WP Cerber:

  • cBFaypYUwNm
  • Rdoefk
  • _QafyA-Pn

Social Media Buttons

Data privacy shortcomings of social media buttons have long been known by experts. Therefore we use none.

Use of third-party services and content

Our online presence uses no third-party services or content.

RSS-Feeds

Our website has been implemented using the Open Source CMS WordPress. A standard, inbuilt feature of WordPress is RSS Feeds, for both blog posts and comments. When you subscribe to (one of) these feeds, e.g. in your browser, no personal data is gathered. Note, however, that on each request for feed data, the webserver will note that request (including your IP) in its logfile. That topic has been explained in the section „Webserver Logs“ above.

Encryption of the data exchanged between browser and webserver

For security and privacy, this website forces all data exchanged between the webserver and your browser to be encrypted. This would be particularly relevant where you enter personal data, e.g. a contact form (we have none). The technique used is known as TLS, which stands for Transport Layer Security; earlier versions of the encryption protocoll were known as SSL (Secure Sockets Layer). You can recognise an encrypted connection by the lock symbol at the left end of the browser address bar, and the web address starting with „https://“. The encryption ensures that any data entered to a website cannot be read and decoded by others.

Privacy policy changes

We may update our privacy policy from time to time, to (a) ensure that it matches new legal requirements, and (b) to cover changes made to the technologies used by the website. For future visits the only valid version of the privacy policy is the one online at that time.