In the following, we provide information about the processing of personal data when using my website www.christiangajda.com, file sharing cloud service via fileshare.christiangajda.com and my social media profiles. Personal data is all data that can be related to a specific natural person, such as their name or IP address.
The controller in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Christian Gajda, Amalienstr. 81B, 80799 München, email: info [at] christiangajda.com.
The scope of data processing, processing purposes and legal bases is set out in detail below. In principle, the following can be considered as the legal basis for data processing:
Insofar as we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission in accordance with Art. 45 (3) GDPR guarantee the security of data when transferred, insofar as it exists, as is the case for Great Britain, Canada and Israel, for example. When transferring data to service providers in the USA, the legal basis for the transfer of data is an adequacy decision by the EU Commission if the service provider has also certified itself under the EU US Data Privacy Framework. In other cases (e.g. if there is no adequacy decision), the legal basis for the transfer of data is usually standard contractual clauses, i.e. unless we provide otherwise. These are rules adopted by the EU Commission and are part of the contract with the respective third party. In accordance with Article 46 (2) (b) GDPR, they guarantee the security of data transfer. Many of the providers have provided contractual guarantees that go beyond the standard contractual clauses, which protect the data beyond the standard contractual clauses. These include, for example, guarantees with regard to the encryption of data or with regard to an obligation on the part of a third party to notify data subjects when law enforcement agencies want to access data.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its purpose and the deletion does not conflict with any legal storage requirements. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we must store for contractual or tax reasons.
Data subjects have the following rights vis-à-vis me with regard to personal data concerning them:
Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data. Contact details of data protection supervisory authorities are available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html retrievable.
As part of a business relationship or other relationship, clients, interested parties or third parties must only provide me with the personal data that is necessary to establish, carry out and end the business relationship or for the other relationship or which I am legally obliged to collect. Without this data, I will usually have to refuse to conclude a contract or provide a service or will no longer be able to carry out an existing contract or other relationship. Mandatory information is marked as such.
In principle, I do not use fully automated decision-making in accordance with Article 22 GDPR to establish and carry out a business relationship or other relationship. Should I use these procedures in individual cases, I will inform you of this separately, provided this is required by law.
When you contact me, e.g. by e-mail or telephone, the data provided to me (e.g. names and e-mail addresses) is stored by us in order to answer questions. The legal basis for processing is our legitimate interest (Art. 6 (1) (f) GDPR) to answer inquiries addressed to me. I delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal storage obligations.
From time to time, I conduct client surveys to get to know my clients and their needs better. In doing so, I collect the data requested in each case. It is my legitimate interest to get to know my customers and their wishes better, so that the legal basis for the associated data processing is Art. 6 (1) (f) GDPR. I delete the data when the results of the surveys have been evaluated.
My website stores information in the terminal equipment of website visitors (e.g. cookies) or accesses information that is already stored in the terminal device (e.g. IP addresses). The details of this information are set out in the following sections. This storage and access is based on the following provisions:
Insofar as this storage or access is absolutely necessary so that I provide the service of my website expressly requested by website visitors (e.g. to carry out a chatbot used by the website visitor or to ensure the IT security of our website), it is carried out on the basis of Section 25 (2) No. 2 TTDSG.
Otherwise, this storage or access is based on the consent of website visitors (Section 25 (1) TTDSG).
Downstream data processing is carried out in accordance with the following sections and on the basis of the provisions of the GDPR.
When using the website for informational purposes, i.e. when site visitors do not provide me with separate information, I collect the personal data that the browser transmits to my server to ensure the stability and security of my website. This is my legitimate interest, so that the legal basis is Art. 6 (1) (f) GDPR. This data is:
This data is also stored in log files. They are deleted when they are no longer required to be stored, at the latest after 14 days.
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, website accesses and other data generated via a website. This data is stored anonymously and cannot be accessed by me.
The host is used for the purpose of fulfilling the contract with my potential and existing client (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of my online offering by a professional provider (Art. 6 para. 1 lit. f GDPR).
My host will only process your data to the extent necessary to fulfill its performance obligations and follow my instructions with regard to this data. I work with this host in confidence:
Webflow, Inc.
398 11th Street, 2nd Floor
San Francisco, CA 94103
When you contact me via the contact form on my website, I save the data requested there and the content of the message. The legal basis for processing is my legitimate interest in answering inquiries addressed to me. The legal basis for processing is therefore Article 6 (1) (f) GDPR. I delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal storage obligations.
My website uses cookies. Cookies are small text files that are stored in a web browser on a site visitor's device. Cookies help make the website more user-friendly, effective and secure. Insofar as these cookies are necessary for the operation of my website or its functions (hereinafter “technically necessary cookies”), the legal basis for the associated data processing is Art. 6 (1) (f) GDPR. I have a legitimate interest in providing customers and other site visitors with a functional website. Specifically, I use technically necessary cookies for the following purpose or purposes: Cookies that accept language settings
When using my Nextcloud instance, no personal data is stored. Only the following information is processed:
Anonymous Download Information: When files are downloaded, this is displayed as an anonymous user without collecting or storing personal data.
File Uploads: The only data stored are the files users upload for the purpose of the respective project. These files are stored and processed solely to fulfill the project's objectives.
The storage of uploaded files is exclusively for the purpose of collaboration within the respective project. The legal basis for data processing is Article 6(1)(b) GDPR (performance of a contract or project-related collaboration).
Uploaded files are stored only as long as necessary for the respective project. After the project is completed or upon request, the files will be deleted unless legal retention obligations apply.
The stored files will not be disclosed to third parties unless required for the project or mandated by law.
I implement appropriate technical and organizational security measures to protect the stored files from unauthorized access, loss, or manipulation.
Since no personal data in the traditional sense is collected, users nevertheless have the right to request deletion or access to project files. For additional questions, feel free to contact me at the address provided above.
I use Google web fonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, processing only takes place on our servers. We process meta/communication data (e.g. device information, IP addresses) in the EU. The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in using an easy-to-use and cost-effective font on our website. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de retrievable.
I use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA. The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting me using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation. The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which I have agreed with the provider. The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de retrievable.
I am represented on social media networks to present myself and my services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to show advertising on network sites and elsewhere on the Internet that meets the interests of users. For this purpose, network operators store information on usage behavior in cookies on the user's computer. In addition, it cannot be ruled out that operators may combine this information with other data. Users can obtain further information and advice on how users can object to processing by the site operators in the data protection declarations of the respective operators listed below. It may also be that the operators or their servers are located in non-EU countries so that they process data there. This can result in risks for users, for example because it is difficult to enforce their rights or because government agencies gain access to the data. When users of the networks contact me via my profiles, I process the data provided to me in order to answer the inquiries. This is my legitimate interest, so that the legal basis is Article 6 (1) (f) GDPR.
I maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is through the settings for advertisements: https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Fpsettings%2Fadvertising
I maintain a profile on X (formerly Twitter). The operator is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. The privacy policy is available here: https://x.com/en/privacy. To object to data processing, you can adjust your settings for personalized ads: https://x.com/settings/personalization.
I maintain a profile on Medium. The operator is A Medium Corporation, 548 Market Street, PMB 42061, San Francisco, CA 94104, USA. The privacy policy is available here: https://policy.medium.com/medium-privacy-policy-f03bf92035c9. To manage data processing preferences, you can adjust your settings as outlined in their privacy policy.
I reserve the right to change this privacy policy with effect for the future. A current version is always available here.
If you have any questions or comments regarding this privacy policy, please use the contact details provided above.
Great design lives at the intersection of aesthetics, technological possibilities, and functionality.