Fabian von Karais Design

Menu

Data Privacy

Preamble

This privacy policy informs you about the nature, scope, and purpose of our processing of personal data (hereinafter referred to as “data”). It applies to all personal data processing operations carried out by us, both in the context of the provision of our services and in particular on our websites, mobile applications, and external online presences such as our social media profiles (collectively referred to as the “online offering”).

The terms used are gender-neutral.

Last updated: August 2, 2025

Table of Contents:

  • Preamble
  • Controller
  • Overview of Processing Activities
  • Applicable Legal Bases
  • Security Measures
  • Transmission of Personal Data
  • International Data Transfers
  • General Information on Storage and Deletion
  • Rights of Data Subjects
  • Provision of the Online Offering and Web Hosting
  • Use of Cookies
  • Contact and Request Management
  • Changes and Updates
  • Definitions of Terms

 

Responsible

Fabian von Karais
Auerstr. 10
50733 Cologne, Germany
Email: [design@vonkarais.de](mailto:design@vonkarais.de)

**Overview of Processing Activities**

**Types of Processed Data:**

* Inventory data
* Contact data
* Content data
* Usage data
* Meta/communication/process data
* Log data

**Categories of Data Subjects:**

* Communication partners
* Users

**Purposes of Processing:**

* Communication
* Security measures
* Organizational and administrative procedures
* Feedback
* Provision of our online offering and user-friendliness
* IT infrastructure

**Applicable Legal Bases**

According to the GDPR:

* Consent (Art. 6(1)(a) GDPR)
* Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)
* Legitimate interests (Art. 6(1)(f) GDPR)

**National Data Protection Laws in Germany:**
Includes the German Federal Data Protection Act (BDSG) and, where applicable, state-specific data protection laws.

**Security Measures**

We implement technical and organizational measures in line with legal requirements to ensure a level of protection appropriate to the risk. This includes safeguarding data confidentiality, integrity, and availability through access controls, encryption, data segregation, and backup procedures. We use TLS/SSL encryption (HTTPS) to protect user data transmitted through our services.

**Transmission of Personal Data**

We may transmit or disclose data to other entities or service providers (e.g., IT providers, embedded service providers) under legal and contractual safeguards.

**International Data Transfers**

Data transfers to third countries (outside the EU/EEA) are conducted in compliance with applicable law. We rely on the EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs). Additional safeguards apply to other third countries.

More at: [https://www.dataprivacyframework.gov/](https://www.dataprivacyframework.gov/) and [https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection\_en](https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en)

**General Information on Storage and Deletion**

We delete personal data in accordance with legal requirements when consent is withdrawn or the original processing purpose no longer applies. Exceptions apply when legal obligations require longer retention (e.g., for tax or legal reasons).

**Common retention periods under German law:**

* 10 years: financial records, annual statements
* 8 years: accounting receipts
* 6 years: business correspondence and related documents
* 3 years: data relevant to potential legal claims

**Rights of Data Subjects**

Under GDPR, you have the following rights:

* Right to object to data processing (Art. 21 GDPR)
* Right to withdraw consent (Art. 7(3) GDPR)
* Right of access (Art. 15 GDPR)
* Right to rectification (Art. 16 GDPR)
* Right to erasure (Art. 17 GDPR)
* Right to restriction of processing (Art. 18 GDPR)
* Right to data portability (Art. 20 GDPR)
* Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

**Provision of the Online Offering and Web Hosting**

We process user data to provide our online services, including IP addresses, usage data, and log data. Data is processed based on legitimate interests (Art. 6(1)(f) GDPR).

Web hosting and infrastructure services are provided by third-party providers. Access logs are retained for up to 30 days unless required for legal or security reasons.

**Use of Cookies**

We use cookies for functionality, security, and analysis, in accordance with legal requirements. Where necessary, we obtain consent (Art. 6(1)(a) GDPR). Otherwise, cookies are based on legitimate interests (Art. 6(1)(f) GDPR).

**Types of Cookies:**

* Session cookies: deleted after browser is closed
* Persistent cookies: stored for up to 2 years

Consent is managed via a consent management platform (CMP) and can be withdrawn at any time.

**Contact and Request Management**

We process contact data provided via email, phone, or contact forms to respond to inquiries and fulfill pre-contractual or contractual obligations.

**Legal basis:** Contract (Art. 6(1)(b) GDPR) and/or legitimate interest (Art. 6(1)(f) GDPR)

**Changes and Updates**

We update this privacy policy as necessary and encourage users to check it regularly. If changes require user consent or notification, we will inform you accordingly.

**Definitions of Terms**

Key terms such as personal data, processing, controller, etc., are defined according to the GDPR. Additional explanations are provided to aid understanding.

*This translation is provided for informational purposes only and does not replace the legally binding German version.*

*Generated with Datenschutz-Generator.de by Dr. Thomas Schwenke*