HAND AUFS HERZ * Data protection / Claudia Kroll und Petra Olbrich

Privacy Policy

Controller Under Data Protection Law

The controller as defined by the applicable data protection laws, particularly the EU General Data Protection Regulation (GDPR), is:

Hand aufs Herz
Im Kastanienhof
Kleine Rainstraße 44
22765 Hamburg, Germany
Tel. +49 40 - 525 90 728

Rights of Data Subjects

You may exercise the following rights at any time by contacting our Data Protection Officer using the provided contact details provided:

Right of access to personal data stored and its processing,
Right to rectification of inaccurate personal data,
Right to erasure of your personal data,
Right to restriction of processing where deletion is not yet permitted,
Right to object to processing,
Right to data portability, if processing is based on your consent or a contract.

If you have provided consent to data processing, you may withdraw it at any time with future effect.

You also have the right to lodge a complaint with the competent supervisory authority. The competent authority is determined by your place of residence, your place of work, or the location of the alleged violation. A list of data protection authorities (non-public sector) with contact information is available at: https://www.bfdi.bund.de.

Purpose and Legal Basis for Processing Personal Data

Your personal data is processed solely for the purposes stated in this Privacy Policy.
Your data will not be transferred to third parties for purposes other than those listed below. Data is only shared where:

You have given explicit consent,
Processing is necessary for the performance of a contract with you,
Processing is required to fulfill a legal obligation,
Processing is necessary for the purposes of legitimate interests and there is no overriding interest on your part.

Data Retention and Deletion

In line with the principles of data minimization and storage limitation, we retain personal data only as long as necessary for the stated purposes or as required by applicable statutory retention periods. After the respective purpose ceases to apply, or the retention periods expire, the data is routinely deleted or anonymized in accordance with legal requirements.

Collection of General Information Upon Website Visit

When you access our website, general technical data is automatically collected via cookies or server log files. This may include:

Browser type and version,
Operating system,
Domain name of your internet service provider,
IP address (anonymized if possible),
Time and date of access.

This data does not allow any direct personal identification and is technically required for website delivery, ensuring functionality, stability, and security. The legal basis for processing is our legitimate interest under Art. 6(1)(f) GDPR.

This anonymized data may be used for statistical analysis to improve the website and underlying technology.

Contact via Email or Contact Form

When you contact us via email or our contact form, you voluntarily consent to the processing of your data for the purpose of communication. At a minimum, a valid email address is required to respond to your inquiry. Any additional information is optional.
Your data will be stored for the duration necessary to respond to your request and for any required follow-up. Once your inquiry is resolved, your data will be deleted, unless legal obligations require further retention.

Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to comply with evolving legal requirements or to reflect changes in our services. The version published at the time of your next visit shall apply.

Contact Information for Data Protection Inquiries

For all questions concerning the processing of your personal data, please contact:

Legal notice • Data protection

Deutsch