Privacy Policy | Tammo Foerster

Legal Disclaimer – Binding Language Version

This English translation of the privacy policy is provided for informational purposes only. In the event of any discrepancies, ambiguities, or conflicts between this English version and the original German version, the German version shall prevail as the sole legally binding document. This translation does not constitute a legal amendment or interpretation of the original text. No legal rights or obligations may be derived from this translated version.

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to personally identify you. Detailed information on data protection can be found in the privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section "Information on the Data Controller" within this privacy policy.

How do we collect your data?
Your data is collected in two ways:

Data you provide to us: For example, data you enter into a contact form.
Automated data collection: When you visit the website, certain technical data (e.g., internet browser, operating system, time of page access) is automatically collected by our IT systems. This occurs as soon as you access the website.

What do we use your data for?
Some data is collected to ensure the website functions without errors. Other data may be used to analyze user behavior. If the website enables the conclusion or initiation of contracts, the transmitted data will also be processed for contractual offers, orders, or other inquiries.

What rights do you have regarding your data?
You have the right, at any time and free of charge, to:

Obtain information about the origin, recipient, and purpose of your stored personal data.
Request the correction or deletion of this data.
Withdraw any consent you have given for future data processing.
Under certain circumstances, request the restriction of processing of your personal data.
Lodge a complaint with the competent supervisory authority.

For these or other questions regarding data protection, you may contact us at any time.

2. Hosting

We host the contents of our website with the following provider:

WIX
Provider: Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter "WIX").

WIX is a tool for creating and hosting websites. When you visit our website, WIX analyzes user behavior, visitor sources, the region of website visitors, and visitor numbers. WIX stores cookies on your browser that are necessary for the display of the website and to ensure security (essential cookies).

The data collected via WIX may be stored on various servers worldwide, including in the USA.

For details, please refer to WIX’s privacy policy:
https://de.wix.com/about/privacy.

The transfer of data to the USA and other third countries is based on the EU Standard Contractual Clauses (Art. 46 GDPR) or comparable guarantees under Art. 46 GDPR. Details can be found here:
https://de.wix.com/about/privacy-dpa-users.

Legal Basis for Processing (Art. 6 GDPR):

Legitimate interest (Art. 6(1)(f) GDPR): We have a legitimate interest in ensuring the most reliable presentation of our website.
Consent (Art. 6(1)(a) GDPR & § 25(1) TTDSG): If consent has been obtained, processing is carried out exclusively on the basis of consent, which may be revoked at any time.

WIX is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to adhering to these standards. Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5626.

Data Processing Agreement (DPA):
We have concluded a Data Processing Agreement (DPA) with WIX. This is a contract required under data protection law, ensuring that WIX processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data refers to data that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this occurs.

We would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the Data Controller

The controller responsible for data processing on this website is:

Tammo Förster
Königstor 26
34117 Kassel, Germany

Phone: +49 160 93300233
Email: business@tammofoerster.com

The "controller" is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law). In the latter case, deletion will occur after these reasons no longer apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPRor Art. 9(2)(a) GDPR, if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on § 25(1) TTDSG. Consent can be revoked at any time.

If your data is necessary for contract performance or pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. The relevant legal bases for each processing activity are explained in the following sections of this privacy policy.

Recipients of Personal Data

In the course of our business activities, we collaborate with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if:

It is necessary for contract performance.
We are legally obligated to do so (e.g., tax authorities).
We have a legitimate interest under Art. 6(1)(f) GDPR in the disclosure.
Another legal basis permits the transfer.

When using processors, we disclose personal data only on the basis of a valid Data Processing Agreement (DPA). In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke consent at any time. The legality of data processing carried out before revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the personal data we process automatically based on your consent or for contract performance in a commonly used, machine-readable format. If you request direct transfer to another controller, this will only be done to the extent technically feasible.

Right to Access, Rectification, and Erasure

Within the framework of applicable legal provisions, you have the right to free information about your stored personal data, its origin, recipients, and the purpose of processing, as well as a right to rectification or erasure of this data. For this purpose, or for further questions regarding personal data, you may contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. To do so, you may contact us at any time. The right to restriction applies in the following cases:

If you contest the accuracy of your personal data stored with us, we generally need time to verify this. During the verification period, you have the right to request restriction of processing.
If processing of your personal data was/is unlawful, you may request restriction instead of erasure.
If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request restriction instead of erasure.
If you have objected under Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request restriction of processing.

If processing has been restricted, such personal data—apart from storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries you send to us as the site operator), this site uses SSL/TLS encryption. An encrypted connection is indicated by the browser’s address bar changing from "http://" to "https://" and a lock icon in the browser bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Promotional Emails

We hereby object to the use of contact data published under legal notice requirements for sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

4. Data Collection on This Website

Our website uses cookies. Cookies are small text files that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored until you delete them yourself or automatic deletion occurs through your web browser.

Cookies may originate from us (first-party cookies) or third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for payment processing).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies are used for analyzing user behavior or advertising purposes.

Cookies required for electronic communication, providing certain functions you request (e.g., shopping cart), or optimizing the website (e.g., cookies for measuring web traffic) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimized service provision. If consent for cookie storage has been obtained, processing occurs exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent may be revoked at any time.

You can configure your browser to inform you about cookie settings, allow cookies only in individual cases, exclude cookies for specific cases or generally, and activate automatic deletion of cookies when closing the browser. Disabling cookies may limit website functionality.

For details on cookies and services used, refer to this privacy policy.

Server Log Files

The website provider automatically collects and stores information in server log files, which your browser automatically transmits to us. This includes:

Browser type and version
Operating system used
Referrer URL
Hostname of accessing device
Time of server request
IP address

This data is not merged with other data sources.

Collection occurs based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimization of its website—server log files must be recorded for this purpose.

Contact Form

If you submit inquiries via the contact form, your details from the form, including the contact details you provide, will be stored for processing the inquiry and any follow-up questions. We will not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR if the inquiry relates to contract performance or pre-contractual measures. Otherwise, processing is based on our legitimate interest in effectively processing inquiries (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), if obtained. Consent may be revoked at any time.

Data entered in the contact form remains with us until you request deletion, revoke consent, or the purpose for storage no longer applies (e.g., after completed inquiry processing). Mandatory legal provisions—especially retention periods—remain unaffected.

Inquiries via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed for handling your request. We will not share this data without your consent.

Data transmitted via contact requests remains with us until you request deletion, revoke consent, or the purpose for storage no longer applies (e.g., after completed request processing). Mandatory legal provisions—especially statutory retention periods—remain unaffected.

5. Social Media

Facebook

This website integrates elements of the Facebook social network. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, collected data may also be transferred to the USA and other third countries.

An overview of Facebook social media elements can be found here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and Facebook’s server. Facebook thereby receives information about your visit to this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link this website’s content to your Facebook profile. Facebook can then associate your visit with your user account. We emphasize that we, as the website provider, have no knowledge of the content of transmitted data or its use by Facebook.

For further information, see Facebook’s privacy policy:
https://de-de.facebook.com/privacy/explanation.

Processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent may be revoked at any time.

If personal data is collected via this tool and forwarded to Facebook, we and Meta Platforms Ireland Limited are jointly responsible for this processing (Art. 26 GDPR). Joint responsibility is limited to data collection and forwarding to Facebook. Subsequent processing by Facebook is not covered. Our joint obligations are outlined in an agreement:
https://www.facebook.com/legal/controller_addendum.

Data transfers to the USA are based on EU Standard Contractual Clauses:
https://www.facebook.com/legal/EU_data_transfer_addendum.

Facebook is certified under the EU-US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/participant/4452.

Instagram

This website integrates functions of Instagram. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and Instagram’s server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, clicking the Instagram button links this website’s content to your Instagram profile. Instagram can then associate your visit with your user account. We emphasize that we, as the website provider, have no knowledge of the content of transmitted data or its use by Instagram.

Processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent may be revoked at any time.

Joint responsibility with Meta Platforms Ireland Limited applies as described under Facebook above.

Data transfers to the USA are based on EU Standard Contractual Clauses:
https://privacycenter.instagram.com/policy/.

Instagram is certified under the EU-US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/participant/4452.

6. Newsletter

Newsletter Data

If you wish to receive the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Additional data is not collected or is collected only on a voluntary basis.

We process the data entered in the newsletter registration form exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of the data, the email address, and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Data stored for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will be used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

7. Plugins and Tools

YouTube with Enhanced Privacy Mode

This website embeds videos from YouTube. The operator of the service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page on this website that contains an embedded YouTube video, a connection to YouTube's servers is established. This informs YouTube which specific pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in "enhanced privacy mode." According to YouTube, in this mode, videos are not used to personalize the viewing experience on YouTube. Ads played in enhanced privacy mode are also not personalized. While enhanced privacy mode does not set cookies, it may use local storage elements in the user's browser that may contain personal data and be used for recognition purposes.

For technical details on enhanced privacy mode, please see:
https://support.google.com/youtube/answer/171780

Additional data processing operations may be triggered after starting a YouTube video, over which we have no control.

The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about data protection at YouTube, please see their privacy policy at:
https://policies.google.com/privacy?hl=de

The company is certified under the "EU-US Data Privacy Framework" (DPF):
https://www.dataprivacyframework.gov/participant/5780

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify whether data entered on this website (e.g., in a contact form) is being entered by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links:
https://policies.google.com/privacy?hl=de and
https://policies.google.com/terms?hl=de

The company is certified under the "EU-US Data Privacy Framework" (DPF):
https://www.dataprivacyframework.gov/participant/5780

SoundCloud

Plugins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK) may be integrated on this website. You can recognize the SoundCloud plugins by the SoundCloud logo on the affected pages.

When you visit our website, a direct connection is established between your browser and the SoundCloud server after activating the plugin. SoundCloud thereby receives the information that you have visited our site with your IP address. If you click the "Like" or "Share" button while logged into your SoundCloud user account, you can link and/or share the contents of our website with your SoundCloud profile. This allows SoundCloud to associate your visit to our website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by SoundCloud.

The storage and analysis of the data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The United Kingdom is considered a secure third country under data protection law. This means that the UK has a level of data protection that corresponds to that of the European Union.

For more information, please refer to SoundCloud's privacy policy at:
https://soundcloud.com/pages/privacy

If you do not want SoundCloud to associate your visit to our website with your SoundCloud user account, please log out of your SoundCloud user account before activating SoundCloud plugin content.

Spotify

This website integrates features of the Spotify music service. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize the Spotify plugins by the green logo on this website. An overview of the Spotify plugins can be found at:
https://developer.spotify.com

This allows a direct connection to be established between your browser and the Spotify server when you visit this website via the plugin. Spotify thereby receives the information that you have visited our website with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the contents of our website to your Spotify profile. This allows Spotify to associate your visit to our website with your user account.

We would like to point out that when using Spotify, cookies from Google Analytics are used, so your usage data may also be passed on to Google when using Spotify. Google Analytics is a tool from the Google group for analyzing user behavior with headquarters in the USA. Spotify is solely responsible for this integration. We as the website operator have no influence on this processing.

The storage and analysis of the data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the appealing acoustic presentation of its website. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information, please refer to Spotify's privacy policy:
https://www.spotify.com/de/legal/privacy-policy/

If you do not want Spotify to be able to associate your visit to our website with your Spotify user account, please log out of your Spotify user account.

Quelle:

https://www.e-recht24.de