Privacy Policy

This Privacy Policy explains how we collect, process and protect your personal data when you visit our website or contact us. We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

Controller

Werkstatt für Geigenbau
Tanja Hidde
Wilhelm-Hauff-Str. 14
12159 Berlin
Germany

Email: hidde@geigenbau-in-berlin.de

Overview of Processing Activities

The following overview summarises the categories of personal data we process, the purposes for which such data is processed, and the categories of individuals affected by the processing.

Categories of Personal Data Processed

  • Identity and contact information
  • Contact details
  • Content data
  • Usage data
  • Metadata, communication and technical data
  • Server log data

Categories of Data Subjects

  • Individuals contacting us
  • Visitors to our website

Purposes of Processing

  • Communication
  • Implementation of technical and organisational security measures
  • Administrative and organisational purposes
  • Website security (including firewall protection)
  • Provision and operation of our website
  • Maintenance of our information technology infrastructure

Legal Bases for Processing

We process personal data only where permitted by applicable law. Depending on the specific processing activity, one or more of the following legal bases under the General Data Protection Regulation (GDPR) apply.

Consent – Article 6(1)(a) GDPR

Processing is based on your consent where you have freely given your consent for one or more specific purposes.

Performance of a Contract – Article 6(1)(b) GDPR

Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

Legitimate Interests – Article 6(1)(f) GDPR

Processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your interests or fundamental rights and freedoms requiring the protection of personal data.

Applicable German Data Protection Law

In addition to the GDPR, German data protection legislation, including the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), may apply. The BDSG contains supplementary provisions concerning, among other things, the exercise of data subject rights, the processing of special categories of personal data and other specific processing activities.

Security Measures

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. In doing so, we take into account the state of the art, implementation costs, the nature, scope, context and purposes of processing, as well as the risks to the rights and freedoms of natural persons.

Our security measures include, in particular, access controls, data integrity safeguards, availability protection, secure storage, and procedures to ensure the exercise of data subject rights and the secure deletion of personal data. Data protection is taken into account during the development and selection of our hardware, software and business processes in accordance with the principles of Privacy by Design and Privacy by Default.

TLS / SSL Encryption

To protect data transmitted via our website, we use Transport Layer Security (TLS) encryption (HTTPS). TLS encrypts communications between your browser and our web server, helping to prevent unauthorised access to transmitted information. A secure connection is indicated by the “https://” prefix and the padlock symbol displayed in your browser.

Data Retention and Erasure

Unless a more specific retention period is stated in this Privacy Policy, we retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law.

Personal data will be deleted once the relevant purpose no longer applies, consent has been withdrawn, or no other legal basis for processing exists. This does not apply where statutory retention obligations or overriding legitimate interests require continued storage of the data.

Where personal data must be retained to comply with commercial, tax or other legal obligations, processing will be restricted to those purposes for which retention is required.

Statutory Retention Periods

Under German law, the following general retention periods may apply:

  • 10 years – accounting records, annual financial statements, inventories and comparable financial documentation.
  • 8 years – accounting vouchers, invoices and expense receipts.
  • 6 years – business correspondence and other tax-relevant business records.
  • 3 years – data required for the establishment, exercise or defence of legal claims, corresponding to the regular statutory limitation period.

Unless otherwise required by law, retention periods generally commence at the end of the calendar year in which the relevant event occurred.

Provision of the Website and Web Hosting

When you visit our website, we process certain technical information required to deliver the website securely and efficiently to your device. This includes, in particular, your IP address and technical data generated during your visit.

Categories of Personal Data Processed

  • Usage data
  • Technical metadata
  • IP address
  • Server log data

Purpose of Processing

  • Provision and operation of our website
  • Ensuring website security and stability
  • Maintenance of our IT infrastructure
  • Protection against misuse and cyberattacks

Legal Basis

Article 6(1)(f) GDPR (Legitimate Interests)

Hosting Provider

Our website is hosted by:

ALL-INKL.COM – Neue Medien Münnich
Hauptstraße 68
02742 Friedersdorf
Germany

The hosting provider supplies the server infrastructure, storage capacity and related technical services required for operating this website.

Where required by law, a Data Processing Agreement (DPA) has been concluded with the hosting provider in accordance with Article 28 GDPR.

Server Log Files

Whenever you access our website, technical information is automatically recorded in server log files. This information may include:

  • IP address
  • Date and time of access
  • Requested pages and files
  • Amount of data transferred
  • Browser type and version
  • Operating system
  • Referring website (Referrer URL)
  • Internet service provider

Server log files are processed exclusively to ensure the security, stability and proper operation of the website and to detect and prevent unauthorised access or malicious attacks, including denial-of-service (DDoS) attacks.

Log files are generally retained for no longer than 30 days before being deleted or anonymised, unless longer retention is required for evidential purposes.

Website Security (Wordfence)

To protect our website against unauthorised access, malware and other cyber threats, we use the security solution Wordfence, provided by Defiant Inc., Seattle, Washington, USA.

Wordfence may process technical information such as IP addresses, security-related identifiers and information concerning access to our website in order to detect malicious activities and protect the integrity of our systems.

Processing is based on our legitimate interest in maintaining the security and reliability of our website in accordance with Article 6(1)(f) GDPR.

Blogs and Publications

Our website may include blog articles or other published content intended to provide information about our workshop, our services and the craft of violin making.

Where visitors interact with such content, personal data is processed only to the extent necessary to display the content, ensure the secure operation of the website and facilitate communication where applicable.

Categories of Personal Data Processed

  • Identity and contact information
  • Content submitted by users
  • Usage data
  • Technical metadata and communication data

Categories of Data Subjects

  • Visitors to our website

Purpose of Processing

  • Provision of website content
  • Operation and maintenance of our online services
  • Ensuring website security

Legal Basis

Article 6(1)(f) GDPR (Legitimate Interests)

Contacting Us

If you contact us by email, telephone, post or via the contact form on our website, we process the personal data you provide solely for the purpose of handling your enquiry and communicating with you.

Depending on the nature of your enquiry, this may include your name, contact details and any information you choose to provide.

Categories of Personal Data Processed

  • Name
  • Email address
  • Postal address (where applicable)
  • Telephone number (where applicable)
  • Content of your enquiry
  • Technical communication data

Categories of Data Subjects

  • Individuals contacting us

Purpose of Processing

  • Responding to enquiries
  • Communication with customers and prospective customers
  • Preparation and performance of contracts

Legal Bases

  • Article 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
  • Article 6(1)(f) GDPR – Legitimate Interests

Contact Form

When you submit an enquiry using our contact form, the information you provide is transmitted to us and processed exclusively for the purpose of responding to your request.

The data you provide is not used for marketing purposes and will not be disclosed to third parties unless required by law or necessary for the fulfilment of your request.

Personal data submitted via the contact form will be retained only for as long as necessary to process your enquiry or to comply with applicable legal obligations.

Third-Party Content and Embedded Services

Our website may incorporate content and functionality provided by third-party service providers.
Examples include fonts, images, videos or maps that are loaded from external servers.

In order to display such content, your IP address must be transmitted to the respective provider.
Without your IP address, the requested content cannot be delivered to your browser.
Wherever possible, we use services that process your IP address solely for the purpose of delivering the requested content.

Some third-party providers may also use cookies, web beacons or similar technologies to
collect technical information about the use of their services. Such processing is carried out
only where permitted by applicable law or with your consent where required.

Categories of Personal Data Processed

  • IP address
  • Usage data
  • Technical metadata
  • Browser and device information

Purpose of Processing

  • Providing embedded content
  • Ensuring the functionality of our website
  • Improving user experience

Legal Bases

  • Article 6(1)(a) GDPR – Consent (where required)
  • Article 6(1)(f) GDPR – Legitimate Interests

Google Fonts (Hosted Locally)

We use Google Fonts to ensure a consistent and visually appealing presentation of text on our website.
All font files are hosted locally on our own web server.

As a result, no connection to Google servers is established and no personal data is transmitted
to Google when you visit our website.

Legal basis: Article 6(1)(f) GDPR (Legitimate Interests).

Adobe Fonts

We also use Adobe Fonts, a web font service provided by Adobe, to ensure a consistent
and high-quality presentation of typography on our website.

When Adobe Fonts are loaded, Adobe may receive technical information such as your
IP address and browser information that is necessary to provide the font files.

For users within the European Economic Area, the responsible provider is:

Adobe Systems Software Ireland Limited
4–6 Riverwalk
Citywest Business Campus
Dublin 24
Ireland

Adobe participates in the EU–US Data Privacy Framework (DPF), which provides an
appropriate level of protection for personal data transferred to participating organisations
in the United States.

Further information is available in Adobe’s  Privacy Policy

Legal basis:
Article 6(1)(a) GDPR (where consent is required) and/or
Article 6(1)(f) GDPR (Legitimate Interests).

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time in order to reflect
changes in legal requirements, our services or the way we process personal data.
The version published on this website is always the current version.