Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the nature, scope, and purposes of the processing of your personal data (hereinafter referred to as “data”).

This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, mobile applications, and within our external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used apply to persons of all genders.

Last updated: February 1, 2026


Table of Contents

Preamble
Controller
Overview of Processing Activities
Applicable Legal Bases
Security Measures
Retention and Deletion of Data
Rights of Data Subjects
Hosting and Provision of the Online Offering
Cookies
Blogs and Publications
Newsletter
Plugins and Embedded Content
Amendments
Definitions


Controller

Yael F. Gray
c/o WirFinden.Es
Naß und Hellie GbR
Kirchgasse 19
65817 Eppstein
Germany

Email address: hello@yael-gray.de

Legal Notice (Imprint):
https://books.yael-gray.de/imprint/


Overview of Processing Activities

This section provides a summary of the categories of data processed, the purposes pursued, and the categories of data subjects concerned.

Categories of Data Processed

Identification data
Contact data
Content data
Usage data
Metadata, communication, and procedural data
Log data

Categories of Data Subjects

Correspondents
Users

Purposes of Processing

Security measures
Direct marketing
Collection of feedback
Provision of the online offering and user-friendliness
Information technology infrastructure


Applicable Legal Bases

Legal Bases under the GDPR

We process personal data on the basis of the following legal grounds in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR):

Consent

(Article 6(1)(a) GDPR)

The data subject has given consent to the processing of their personal data for one or more specific purposes.

Legitimate Interests

(Article 6(1)(f) GDPR)

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.


German National Data Protection Law

In addition to the GDPR, German national data protection regulations apply, in particular the Federal Data Protection Act (Bundesdatenschutzgesetz — BDSG).

These provisions include, in particular, specific rules regarding the right of access, the right to erasure, the right to object, the processing of special categories of data, and automated decision-making, including profiling.

Data protection laws of the individual German federal states (Länder) may also apply.


Security Measures

In accordance with legal requirements, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures take into account:

  • the state of the art,
  • the implementation costs,
  • the nature, scope, context, and purposes of the processing,
  • as well as the risks to the rights and freedoms of natural persons.

Data Protection

The measures implemented include, in particular:

  • ensuring the confidentiality, integrity, and availability of data,
  • control of physical and electronic access,
  • management of access rights,
  • securing data transfers,
  • data backup and separation.

We have also implemented procedures to ensure:

  • the exercise of data subjects’ rights,
  • the deletion of data,
  • the handling of security incidents.

Furthermore, we apply the principles of “data protection by design” and “data protection by default”.


Securing Connections (TLS/SSL)

In order to protect data transmitted via our online services, we use TLS/SSL encryption technologies (HTTPS).

These technologies ensure that information exchanged between the user’s browser and our servers is encrypted, thereby protecting it against unauthorized access.

The presence of “HTTPS” in the URL indicates that the connection is secure.


General Information on Data Retention and Deletion

We delete personal data processed by us in accordance with legal requirements as soon as the consent on which the processing is based is withdrawn or no other legal basis justifies further processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required.

Exceptions apply where legal obligations or specific interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose retention is necessary for the establishment, exercise, or defense of legal claims, or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our data protection information may contain further details regarding retention periods and deletion that apply to specific processing activities.

Where several retention periods or deletion deadlines are specified for the same data, the longest period applies. Data that is no longer retained for the originally intended purpose but due to legal obligations or other reasons will only be processed for the purposes justifying its retention.


General Retention and Archiving Periods (German Law)

The following general periods apply, in particular with regard to retention and archiving obligations under German law:

10 years — retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as work instructions and organizational documents necessary for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO; § 14b para. 1 UStG; § 257 para. 1 no. 1 in conjunction with para. 4 HGB).

8 years — accounting documents such as invoices and expense receipts (§ 147 para. 1 nos. 4 and 4a in conjunction with para. 3 sentence 1 AO; § 257 para. 1 no. 4 in conjunction with para. 4 HGB).

6 years — other business documents: received commercial correspondence, copies of sent correspondence, and other documents relevant for taxation (e.g., time records, calculation documents, price labels, payroll documents, cash register receipts), provided they do not already constitute accounting documents (§ 147 para. 1 nos. 2, 3, 5 in conjunction with para. 3 AO; § 257 para. 1 nos. 2 and 3 in conjunction with para. 4 HGB).

3 years — data required to consider potential warranty claims, claims for damages, or similar contractual claims, as well as for processing related requests: retention for the duration of the statutory limitation period of three years (§§ 195, 199 BGB).


Commencement of Retention Periods (End of Calendar Year)

Where a retention period does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred.

In the case of ongoing contractual relationships involving data retention, the triggering event is generally the effective date of termination or other end of the legal relationship.


Rights of Data Subjects

As a data subject, you have various rights under the GDPR, in particular those arising from Articles 15 to 21:

Right to Object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes; this also applies to profiling insofar as it is related to such direct marketing.

Right to Withdraw Consent: You have the right to withdraw consent at any time.

Right of Access: You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, access to such data and further information, as well as a copy thereof, in accordance with legal requirements.

Right to Rectification: You have the right to obtain the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete data completed, in accordance with legal requirements.

Right to Erasure and Restriction of Processing: You have the right to obtain the erasure of your personal data without undue delay or, alternatively, the restriction of processing in accordance with legal requirements.

Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller, in accordance with legal requirements.

Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you violates the GDPR, without prejudice to any other administrative or judicial remedy.


Provision of the Online Offering and Hosting (Web Hosting)

We process users’ data in order to provide our online services. For this purpose, we process, in particular, the user’s IP address, which is necessary for transmitting the content and functions of our online services to the user’s browser or device.

Categories of Data Processed

Usage data (e.g., pages visited and duration of visits, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, persons involved); log data (e.g., log files relating to connections, data retrieval, or access times).

Data Subjects

Users (e.g., website visitors, users of online services).

Purposes of Processing

Provision of the online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment — computers, servers, etc.); security measures.

Retention and Deletion

Deletion in accordance with the information provided in the section “General Information on Data Retention and Deletion.”

Legal Basis

Legitimate interests (Article 6(1)(f) GDPR).


Further Information on Processing Activities, Procedures, and Services

Provision of the Online Offering on Rented Storage Space

For the provision of our online offering, we use storage capacity, computing resources, and software that we rent or otherwise obtain from a hosting provider (hereinafter “host”).

Legal basis: Legitimate interests (Article 6(1)(f) GDPR).


Collection of Access Data and Log Files

Access to our online offering is recorded in the form of “server log files.” These may include: the address and name of the accessed pages and files, date and time of access, volume of data transferred, notification of successful access, browser type and version, operating system, referrer URL (previously visited page), and, as a rule, the requesting IP address and access provider.

Log files are used, on the one hand, for security purposes (e.g., prevention of server overload, particularly in the case of abusive attacks such as DDoS attacks) and, on the other hand, to ensure optimal utilization of the servers and their stability.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR).


Deletion of Data

Information stored in log files is retained for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally resolved.


ALL-INKL

Services for the provision of information technology infrastructure and related services (e.g., storage space and/or computing capacity).

Service provider: ALL-INKL.COM – Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Website: https://all-inkl.com/
Privacy policy: https://all-inkl.com/datenschutzinformationen/
Data processing agreement (Article 28 GDPR): Provided by the service provider.


Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and read information from those devices. Cookies may be used for various purposes, including ensuring the functionality, security, and convenience of online services, as well as analyzing visitor traffic.

We use cookies in accordance with legal requirements. Where required, we obtain users’ prior consent. Where consent is not required, we rely on our legitimate interests. This applies, in particular, where the storage and retrieval of information is strictly necessary to provide content and functions expressly requested by users. This includes, for example, the storage of settings and ensuring the functionality and security of our online offering.

Consent may be withdrawn at any time. We provide clear information on the scope of consent and the cookies used.


Information on Legal Bases under Data Protection Law

The processing of personal data by means of cookies depends on the existence of consent. Where consent is given, it serves as the legal basis. In the absence of consent, we rely on our legitimate interests as described in this section and in the context of the respective services and procedures.


Retention Period

With regard to retention periods, a distinction is made between:

Temporary cookies (session cookies): These are deleted at the latest when the user leaves the online offering and closes their device (e.g., browser or mobile application).

Persistent cookies: These remain stored even after the device is closed. They may be used, for example, to store login status and to display preferred content directly on a subsequent visit. Usage data collected via cookies may also be used for audience measurement. If we do not provide explicit information on the type and retention period (e.g., as part of obtaining consent), it should be assumed that persistent cookies are used and that the retention period may be up to two years.


General Information on Withdrawal of Consent and Objection (Opt-Out)

Users may withdraw their consent at any time and exercise their right to object to processing in accordance with legal requirements, including by using the privacy settings of their browser.


Categories of Data Processed

Metadata, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, persons involved).


Data Subjects

Users (e.g., website visitors, users of online services).


Legal Bases

Legitimate interests (Article 6(1)(f) GDPR); consent (Article 6(1)(a) GDPR).


Further Information on Processing Activities, Procedures, and Services

Processing of Cookie-Related Data Based on Consent

We use a consent management solution to obtain, record, manage, and enable the withdrawal of users’ consent to the use of cookies or comparable technologies, as well as to the processing operations and service providers specified within the consent management framework.

Within this framework, users’ consents (including the categories of cookies and/or service providers concerned) are collected. Users are also given the option to manage and withdraw their consents.

Consent declarations are stored in order to avoid repeated requests and to be able to demonstrate consent in accordance with legal requirements. Storage takes place on the server and/or in a cookie (so-called “opt-in cookie”) or by means of comparable technologies in order to assign consent to a specific user or device.

Unless specific information about the providers of consent management services is provided, the following general information applies: the retention period for consent is a maximum of two years. A pseudonymous user identifier is created and stored together with the timestamp of consent, the scope of consent (e.g., categories of cookies and/or service providers), and information about the browser, system, and device used.

Legal basis: Consent (Article 6(1)(a) GDPR).


Complianz

Recording and management of consents (acceptance of cookies and data processing), logging of users’ choices, display of privacy and cookie information, and the possibility to withdraw or adjust consent.

Service provider: Execution on servers and/or computers under its own data protection responsibility.

Website: https://complianz.io/
Privacy policy: https://complianz.io/legal/

Further information: An individual user ID, language, types of consent, and the time of consent are stored on the server and in a cookie on users’ devices.


Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter referred to as “publication media”).

Readers’ data is processed only to the extent necessary for the presentation of the publication media, communication between authors and readers, and for security purposes.

For all other aspects, we refer to the information on the processing of visitors’ data contained in this privacy policy.


Categories of Data Processed

Identification data (e.g., full name, postal address, contact details, customer number); contact data (e.g., postal and email addresses, telephone numbers); content data (e.g., textual or visual messages and contributions, information relating to the author or the date of creation); usage data (e.g., pages visited, duration of visits, click paths, intensity and frequency of use, types of devices and operating systems, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, persons involved).

Data Subjects

Users (e.g., website visitors, users of online services).

Purposes of Processing

Collection of feedback (e.g., via online forms); provision of the online offering and user-friendliness.

Retention and Deletion

Deletion in accordance with the section “General Information on Data Retention and Deletion.”

Legal Basis

Legitimate interests (Article 6(1)(f) GDPR).


Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletter”) exclusively on the basis of the recipients’ consent or on the basis of a legal authorization.

Where the content of the newsletter is specified at the time of registration, this content is decisive for the scope of the consent. As a rule, only an email address is required for subscription. However, in order to provide a personalized service, we may request the name for personalized addressing or other information necessary for the purposes of the newsletter.

Deletion and Restriction of Processing

We may retain unsubscribed email addresses for a maximum period of three years on the basis of our legitimate interests in order to be able to demonstrate prior consent.

Processing of these data is limited to the defense of potential legal claims. An individual request for deletion is possible at any time, provided that the prior existence of consent is confirmed.

In the case of an ongoing obligation to observe objections, we reserve the right to store the email address in a suppression list (“blocklist”) solely for this purpose.

Logging of the Registration Process

The registration process is logged on the basis of our legitimate interests in order to demonstrate that the process was carried out properly.

Where we use a service provider to send emails, this is based on our legitimate interest in using an efficient and secure mailing system.

Newsletter Content

Information about new publications, works, projects, and occasional updates.

Categories of Data Processed

Identification data (e.g., full name, postal address, contact details, customer number); contact data (e.g., postal and email addresses, telephone numbers); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, persons involved).

Data Subjects

Correspondents.

Purposes of Processing

Direct marketing (e.g., by email or postal mail).

Legal Basis

Consent (Article 6(1)(a) GDPR).

Option to Object (Opt-Out)

You may unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt.

An unsubscribe link is provided at the end of each newsletter. You may also use any of the contact methods provided above, preferably by email.


Plugins, Embedded Functions, and Third-Party Content

We integrate functional and content elements into our online offering that are obtained from the servers of third-party providers (hereinafter “third-party providers”), such as graphics, videos, or maps (hereinafter collectively referred to as “content”).

The integration of such content requires that the third-party providers process users’ IP addresses, as this is technically necessary for transmitting the content to the user’s browser.

We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content.

Third-party providers may also use pixel tags (“pixel tags” or “web beacons”) for statistical or marketing purposes. These tags enable the analysis of visitor traffic on the pages of this website.

The pseudonymized information collected in this manner may be stored in cookies on users’ devices and may contain, among other things, technical information about the browser and operating system, referring websites, time of access, as well as other usage data, which may be combined with information from other sources.

Information on Legal Bases

Where we request users’ consent for the use of third-party providers, such consent constitutes the legal basis for processing.

Otherwise, the data is processed on the basis of our legitimate interests, namely the interest in providing effective, economical, and recipient-oriented services.

In this context, we also refer to the information on the use of cookies in this privacy policy.

Categories of Data Processed

Usage data (e.g., pages visited, duration of visits, click paths, intensity and frequency of use, types of devices and operating systems, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, persons involved).

Data Subjects

Users (e.g., website visitors, users of online services).

Purposes of Processing

Provision of the online offering and user-friendliness.

Retention and Deletion

Deletion in accordance with the section “General Information on Data Retention and Deletion.”
Cookies are stored for a maximum period of two years unless otherwise specified.

Legal Bases

Consent (Article 6(1)(a) GDPR); legitimate interests (Article 6(1)(f) GDPR).

Further Information on Processing Activities, Procedures, and Services

Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery)

We integrate software into our online offering that is obtained from servers of third-party providers (e.g., functional libraries used for presentation or user-friendliness).

These providers collect users’ IP addresses and may process them for the purpose of transmitting the software to the browser, for security purposes, and for the analysis and optimization of their services.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR).


Amendments and Updates

We ask you to regularly review the contents of this privacy policy.

We will adapt this privacy policy whenever changes to our data processing activities make this necessary. We will inform you when a modification requires action on your part (e.g., consent) or individual notification.

Where addresses and contact details of companies or organizations are provided in this privacy policy, please note that such information may change over time. We recommend verifying the details before contacting the respective entities.


Definitions

This section provides an overview of the terms used in this privacy policy.

Where terms are defined by law, their legal definitions apply. The following explanations are primarily intended to facilitate understanding.

Identification Data

Identification data includes essential information that enables the identification and management of contractual partners, user accounts, profiles, and similar assignments.

This may include, in particular, personal and demographic data such as names, contact details (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs).

Such data forms the basis for formal interactions between individuals and services, institutions, or systems by enabling clear identification and communication.


Content Data

Content data comprises information generated in the course of creating, modifying, and publishing content of any kind.

This category includes, in particular, texts, images, videos, audio files, and other multimedia content published across various platforms and media, as well as associated metadata (tags, descriptions, author information, publication dates).


Contact Data

Contact data refers to essential information enabling communication with individuals or organizations.

This includes, in particular, telephone numbers, postal addresses, email addresses, as well as identifiers for social media and instant messaging services.


Metadata, Communication, and Procedural Data

These categories encompass information relating to the processing, transmission, and management of data.

Metadata (data about data) describes the context, origin, and structure of other data (e.g., file size, creation date, author, modification history).

Communication data concerns the exchange of information between users via various channels (emails, call logs, social media messages, instant messaging), including the persons involved, timestamps, and means of transmission.

Procedural data describes internal processes, in particular workflows, transaction logs, audit logs, and activity histories used for traceability and control purposes.


Usage Data

Usage data refers to information describing how users interact with products, services, or digital platforms.

This includes, in particular, the functions used, duration of visits, navigation paths, frequency of use, timestamps, IP addresses, device-related information, and, where applicable, location data.

Such data is particularly useful for behavioral analysis, optimization of the user experience, personalization of content, and improvement of services.


Personal Data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”).

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, identification number, location data, or an online identifier such as a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.


Log Data

Log data refers to information relating to events or activities recorded within a system or network.

It generally includes timestamps, IP addresses, user actions, error messages, and other information relating to the use or operation of systems.

Such data is used, in particular, for analysis, security monitoring, and performance reporting purposes.


Controller

The “controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.


Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.

This term includes, in particular, the collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction of data.


Final Note

Document created using the free Datenschutz-Generator.de by Dr. Thomas Schwenke.