Sissi & Fiona Logo

Privacy Policy

I. Information about the processing of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR)

The protection and confidentiality of your personal data is important to Sissi & Fiona. We only collect, use or process personal data in accordance with the statutory provisions and in accordance with the following privacy policy.

1. Controller and Data Protection Officer

The controller for this website is Sissi & Fiona GmbH, Michael Mackens, Voigtstraße 12, 20257 Hamburg, E-Mail: michael@sissi-fiona.de

You can reach the data protection officer via e-mail at: michael@sissi-fiona.de or via the address Sissi & Fiona GmbH, Voigtstraße 12, 20257 Hamburg.

2. Data processed for the provision of the website and the creation of log data

a. Which data is processed for which purpose?

Each time you access content on the website, data is temporarily stored that may allow identification. The following data is collected:

  • Date and time of access
  • IP address
  • Hostname of the accessing computer
  • Website from which the website was accessed
  • Websites accessed via the website
  • Visited page on our website
  • Message indicating whether the retrieval was successful
  • Amount of data transferred
  • Information about the browser type and the version used
  • Operating system

The temporary storage of the data is necessary for the course of a website visit to enable delivery of the website. Further storage in log files takes place to ensure the functionality of the website and the security of the information technology systems. Our legitimate interest in data processing also lies in these purposes.

b. On what legal basis is this data processed?

The data is processed on the basis of Art. 6 para. 1 lit. f GDPR.

c. Are there other recipients of personal data besides the controller?

The website is hosted by STRATO AG, Pascalstraße 10, 10587 (datenschutz@strato.de). The host receives the above-mentioned data as a processor.

d. How long is the data stored?

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When providing the website, this is the case when the respective session has ended. The log data is stored for a maximum of 24 hours directly and exclusively accessible to administrators. After that, they are only indirectly available via the reconstruction of backup tapes and are finally deleted after a maximum of four weeks.

3. Rights of the data subject

a. Right to access: You can request information about your personal data processed by us in accordance with Art. 15 GDPR.

b. Right to object: You have a right to object for specific reasons (see under point II).

c. Right to rectification: If the information concerning you is no longer correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request a completion.

d. Right to erasure: You can request the deletion of your personal data in accordance with Art. 17 GDPR.

e. Right to restriction of processing: You have the right to request a restriction of the processing of your personal data in accordance with Art. 18 GDPR.

f. Right to complain: If you believe that the processing of your personal data violates data protection law, you have the right to complain to a data protection supervisory authority of your choice in accordance with Art. 77 para. 1 GDPR. This also includes the data protection supervisory authority responsible for the controller: The Hamburg Commissioner for Data Protection and Freedom of Information, https://datenschutz-hamburg.de/service-information/beschwerde-oder-hinweis-einreichen

g. Right to data portability: In the event that the requirements of Art. 20 para. 1 GDPR are met, you have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party.

II. Right to object according to Art. 21 para. 1 GDPR

You have the right to object at any time to the processing of your personal data based on Article 6 para. 1 lit. f GDPR for reasons arising from your particular situation. The controller will no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves the assertion, exercise, or defense of legal claims. The collection of data for the provision of the website and the storage of log files are mandatory for the operation of the website.