Privacy Policy - laser-crafting

1. Privacy Policy at a Glance

General Information

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. Detailed information on the topic of data protection can be found in our privacy policy below.

Data Collection on this Website

Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the “Notice to the Responsible Party” section of this privacy policy.

How do we collect your data?
Your data is collected in part when you provide it to us. This may include data that you enter into a contact form, for example.
Other data is collected automatically or after your consent when you visit the website through our IT systems. These are mainly technical data (e.g., internet browser, operating system, or time of page visit). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Some of the data is collected to ensure the smooth provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to request information about the origin, recipient, and purpose of your stored personal data at any time free of charge. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of processing your personal data under certain circumstances. Additionally, you have the right to file a complaint with the responsible supervisory authority.

You can contact us at any time regarding these matters or for any further questions regarding data protection.

Analysis Tools and Third-Party Tools
When you visit this website, your browsing behavior may be statistically evaluated. This is primarily done using so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

Strato

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter “Strato”). When you visit our website, Strato collects various log files, including your IP addresses.

For more information, please refer to Strato’s privacy policy:
https://www.strato.de/datenschutz/.

The use of Strato is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in providing our website as reliably as possible. If consent has been requested, the processing is carried out exclusively based on Art. 6 (1) lit. a GDPR and § 25 (1) TDDG, to the extent that consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) in the sense of TDDG. Consent can be revoked at any time.

Order Processing
We have signed an order processing agreement (AVV) for the use of the above-mentioned service. This is a legally required contract that ensures Strato processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various personal data will be collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this occurs.

We would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Notice to the Responsible Party

The responsible entity for data processing on this website is:

Sascha Ziebart
Hopfengarten 31
38547 Calberlah
GERMANY

Phone: +491622090988
Email: contact@laser-crafting.com

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage duration is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons to store your personal data (e.g., tax or commercial law retention periods); in this case, the data will be deleted after these reasons no longer apply.

General Notes on the Legal Basis for Data Processing on this Website

If you have given consent to data processing, we process your personal data based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed under Art. 9 (1) GDPR. In the case of explicit consent for the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), the data processing is additionally carried out based on § 25 (1) TDDG. Consent can be revoked at any time.

If your data is required for the fulfillment of a contract or for the performance of pre-contractual measures, we process your data based on Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is required for the fulfillment of a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing may also be based on our legitimate interest under Art. 6 (1) lit. f GDPR. The specific legal bases applicable in each case will be provided in the following sections of this privacy policy.

Note on Data Transfer to Third Countries with Inadequate Data Protection and the Transfer to US Companies Not Certified under the DPF

We use tools from companies based in third countries that are not considered safe under data protection law, as well as US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that in third countries with inadequate data protection, no level of protection comparable to that in the EU can be guaranteed.

We would also like to point out that the USA, as a safe third country, generally offers a level of data protection comparable to the EU. A data transfer to the USA is therefore permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees in place. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external parties. In some cases, it is necessary to transfer personal data to these external parties. We only share personal data with external parties if this is required for contract fulfillment, if we are legally obligated to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest under Art. 6 (1) lit. f GDPR in the transfer, or if another legal basis permits the data transfer. When using data processors, we only share personal data with our customers based on a valid contract for order processing. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and Against Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES AT ANY TIME; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 (2) GDPR).

Right to Lodge a Complaint with the Responsible Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their usual residence, place of work, or the location of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in the performance of a contract in a structured, commonly used, and machine-readable format, and to transmit this data to another controller. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Right to Information, Rectification, and Deletion

You have the right, under the applicable legal provisions, to obtain free of charge at any time information about your stored personal data, its origin, recipients, and the purpose of the data processing, and if applicable, the right to rectification or deletion of this data. For this and any further questions regarding personal data, you can contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of processing your personal data.
If the processing of your personal data is unlawful, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing your personal data instead of deletion.
If you have filed an objection under Art. 21 (1) GDPR, a balance of interests must be made between your and our interests. Until it is determined whose interests outweigh, you have the right to request the restriction of processing your personal data.

If you have restricted the processing of your personal data, these data may only be processed – aside from their storage – with your consent or for the assertion, exercise, or defense of legal claims, or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

SSL or TLS Encryption

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as a website operator.
You can recognize an encrypted connection by the address bar of the browser changing from “http://” to “https://” and the lock symbol in your browser’s address bar.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4. Data Collection on this Website

Cookies

Our website uses so-called “cookies.” Cookies are small data packets that do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may come from us (first-party cookies) or third parties (so-called third-party cookies). Third-party cookies enable the integration of certain services from third parties within websites (e.g., cookies for payment processing services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for carrying out the electronic communication process, providing certain functions you have requested (e.g., for the shopping cart function), or optimizing the website (e.g., cookies to measure website traffic) are stored based on Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to provide their services in a technically error-free and optimized manner. If consent has been requested for storing cookies and similar recognition technologies, the processing will take place exclusively based on this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDG); consent can be revoked at any time.

You can configure your browser to be informed about the setting of cookies and allow cookies only in specific cases, exclude the acceptance of cookies for certain cases or generally, as well as enable the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.

The cookies and services used on this website can be found in this privacy policy.

Use of Google Analytics

We use Google Analytics to analyze website usage. The data obtained is used to optimize our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data regarding website usage on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data.

During your visit to the website, the following data is transmitted to Google:

Pages visited
Achievement of “website goals” (e.g., contact inquiries and newsletter sign-ups)
Your behavior on the pages (e.g., duration of visit, clicks, scroll depth)
Your approximate location (country and city)
Your internet address (IP address)
Technical information such as browser, internet provider, device, and screen resolution
The source of your visit (i.e., which website or advertisement you came from)
A randomly generated user ID

No personal data such as name, address, or contact details is transmitted to Google Analytics.

This data is transmitted to Google servers in the USA. We point out that in the USA, the level of data protection may not be guaranteed to the same extent as within the EU.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID, allowing you to be recognized during future visits to the website.

The recorded data, along with the randomly generated user ID, is stored, enabling the evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

If you disagree with the data collection, you can prevent it by installing the browser add-on for disabling Google Analytics or by rejecting cookies via our cookie settings dialog.

Source: www.traffic3.net

5. Social Media

Facebook

This website integrates elements of the Facebook social network. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here:
https://developers.facebook.com/docs/plugins/?locale=en_US.

When the social media element is active, a direct connection is established between your device and the Facebook server. This allows Facebook to receive information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the website provider, have no knowledge of the content of the transmitted data or how Facebook uses it. For further information, please refer to Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent according to Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

As far as personal data is collected on our website through the use of the tools described here and transferred to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. The obligations we share are documented in a joint processing agreement. The text of the agreement can be found here:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring the secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Rights of the data subjects (e.g., right to information) regarding the data processed by Facebook can be asserted directly with Facebook. If you assert your rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381, and
https://www.facebook.com/policy.php.

The company holds a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures the compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, you can obtain from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?
contact=true&id=a2zt0000000GnywAAC&status=Active

X (formerly Twitter)

This website integrates features of the X service (formerly Twitter). These features are provided by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For the data processing of individuals living outside the USA, the branch responsible is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

When the social media element is active, a direct connection is established between your device and the X server. This allows X (formerly Twitter) to receive information about your visit to this website. By using X (formerly Twitter) and the “Re-Tweet” or “Repost” function, the websites you visit are linked to your X (formerly Twitter) account and made known to other users. We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or how X (formerly Twitter) uses it. For further information, please refer to the privacy policy of X (formerly Twitter) at:
https://twitter.com/de/privacy.

The use of this service is based on your consent according to Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

You can change your privacy settings for X (formerly Twitter) in the account settings at:
https://twitter.com/account/settings.

Instagram

This website integrates features of the Instagram service. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. This allows Instagram to receive information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or how Instagram uses it.

The use of this service is based on your consent according to Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

As far as personal data is collected on our website through the use of the tools described here and transferred to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The subsequent processing by Facebook or Instagram is not part of the joint responsibility. The obligations we share are documented in a joint processing agreement. The text of the agreement can be found here:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tools and for ensuring the secure implementation of the tools on our website. Facebook is responsible for the data security of Facebook or Instagram products. Data subject rights (e.g., right to information) regarding the data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert your rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://privacycenter.instagram.com/policy/, and
https://de-de.facebook.com/help/566994660333381.

Further information can be found in Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/.

This website uses elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you visit a page that contains such an element, your browser establishes a direct connection to Pinterest’s servers. This social media element transmits log data to Pinterest’s server in the USA. This log data may include your IP address, the address of the visited websites that also contain Pinterest features, the type and settings of the browser, the date and time of the request, your usage of Pinterest, as well as cookies.

The use of this service is based on your consent according to Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Further information regarding the purpose, scope, and further processing and use of the data by Pinterest, as well as your rights and options for protecting your privacy, can be found in Pinterest’s privacy policy:
https://policy.pinterest.com/de/privacy-policy.

6. Analysis Tools and Advertising

WP Statistics

This website uses the analysis tool WP Statistics to analyze visitor traffic statistically. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com).

With WP Statistics, we can analyze the use of our website. WP Statistics collects, among other things, log files (IP address, referrer, browsers used, user’s origin, search engine used) and actions taken by website visitors on the page (e.g., clicks and views).

The data collected with WP Statistics is stored exclusively on our own server.

The use of this analysis tool is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our web offering and our advertising. If consent was requested, the processing takes place solely based on Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

IP Anonymization

We use WP Statistics with anonymized IP. Your IP address is shortened, so it can no longer be directly assigned to you.

Anti-Spam

We collect information about visitors who leave comments on websites that use our anti-spam service, Akismet. The information we collect depends on the Akismet settings the user has set for the website. Typically, this includes the IP address of the commenter, the user agent, the referrer, and the URL of the website (supplemented by information provided directly by the comment author, such as name, username, email address, and the comment itself).

7. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No additional data is collected, or only on a voluntary basis. This data is used exclusively for sending the requested information and is not shared with third parties.

The processing of the data entered into the newsletter registration form is carried out solely based on your consent (Art. 6 (1) lit. a GDPR). You can withdraw your consent for the storage of data, email address, and its use for sending the newsletter at any time, for example, via the “unsubscribe” link in the newsletter. The lawfulness of the data processing operations carried out until the withdrawal remains unaffected.

The data you provided for receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose is no longer relevant. After unsubscribing from the newsletter or the purpose no longer applies, the data will be deleted from the newsletter distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, within the framework of our legitimate interest under Art. 6 (1) lit. f GDPR.

Data stored for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary to prevent future mailings. Data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest under Art. 6 (1) lit. f GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.