1. Overview

The protection and responsible use of your personal data is of great importance to us. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In the following, this privacy policy therefore details which data we collect and how we process or use this data, for which purposes and on which legal grounds, in accordance with the European General Data Protection Regulations (“GDPR”) and other applicable laws, as well as which accompanying protective measures we have taken in technical and organizational terms. All personal data that we collect from you will only be collected, processed and used for the stated purpose (details below). In addition, we will inform you about your rights towards us as the person responsible.

2. Responsible Person

Responsible Person in the sense of Article 4 No. 7 GDPR is Levire UG (haftungsbeschränkt) & Co. KG. For further information and contact details please refer to our legal disclosure.

3. Data processing on this website

When you visit this website, information is collected, used and stored for several purposes:

3.1 Data retrieval and server logs

When using this website for informational purposes only (i.e. if you do not log in to use the website, register or otherwise provide us with information), we collect the data transmitted by your browser that are necessary for you to use the website at all. These data are technically required for us to display this website and to guarantee its stability and security. This data is automatically collected and stored in the server log files. Legal basis for this is Article 6 Para.1 Sentence 1 lit. f GDPR. During an informational visit, we collect and use this data exclusively in a non-personal form, i.e. we do not assign it to specific persons and it is not merged with other data sources. This data is stored exclusively on servers in Germany. After use for the above-mentioned purposes, the data is deleted after seven days.

This concerns the following data:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (concrete page)
  • Access status/HTTP status code
  • The amount of data transferred in each case
  • The web page from which the request comes/ the page you last visited
  • Browser (type), operating system and its interface
  • Language and version of the browser software

3.2 Facebook pixel (analysing service)

We also use the Facebook pixel of Facebook, a social media network from Facebook Ireland Ltd, on the website for analysis purposes. The code implemented on this page can evaluate the behavior of visitors who have come to this website via Facebook advertising or who have a Facebook account, and it provides us with abstract, i.e. not personalized information about the content which was viewed, for how long it was viewed, and which buttons were clicked, etc. We are not able to distribute this information to any concrete person. The purpose of this analysis is to improve the content and the structure of our website. The legal basis is Article 6 Para.1 Sentence 1 lit. f GDPR. Personal data which is collected in this process is only collected and stored by Facebook and not visible to us.

Facebook pixel collects the following types of data:

  • Http header: everything present in HTTP headers. HTTP headers are a standard web protocol that is sent between any browser request and any server on the Internet. HTTP headers contain IP addresses, web browser information, page location, document, referrer and web page visitor.
  • Pixel-specific data: this includes the pixel ID and the Facebook cookie.
  • Button-click data: this includes any buttons clicked by visitors to the website, the labels of those buttons and any pages accessed as a result of clicking the button.
  • Optional values: Developers and marketers can optionally send additional information about the visit via personalized data events. Examples of personalized data events are the conversion value, page type and more.
  • Form field names: these include the names of web page fields such as “email”, “address” and “quantity” that are filled in when a product or service is purchased. The pixel does not capture field values unless the advertiser includes them in the advanced match or under optional values.

Please refer to the Facebook Privacy Policy for further information:  https://www.facebook.com/about/privacy/update

3.3 Google Recaptcha

Furthermore, we use Google Recaptcha on this website for our own security purposes. Legal basis for this is Article 6 Para.1 Sentence 1 lit. f GDPR. Google Recaptcha is a free service that protects your website from spam and abuse. It uses an advanced risk analysis engine and adaptive challenges to keep automated software (e.g. so-called bots) from engaging in abusive activities on your site. Personal data collected in this process is only collected and stored by Google. The collected data is not visible for us.

Google hereby collects the following types of data:

  • Information about the apps, browsers, and devices you use to access Google services.
  • Unique identifiers, browser type and settings, device type and settings, operating system, mobile network information such as the mobile operator’s name and phone number, and the app version number.
  • Information about the interaction of your apps, browsers, and devices with Google’s services, including the IP address, crash reports, system activity, and the date, time and referral URL of your request.

Please refer to the Google Privacy Policy for more information: https://policies.google.com/privacy?hl=en

4. Contact form

If you send us inquiries, we will ask you for your name, your contact data and other information that we need from you. We use the data provided by you exclusively to answer your inquiries. The legal basis is Article 6 Para. 1 Sentence 1 lit. a, b and f GDPR. In order to contact you via the contact form offered on this website, the data requested there will be collected and encrypted and then forwarded by e-mail to the e-mail address contact@nynaqueen.com. This data is stored exclusively for the purpose of communication and is deleted immediately and irrevocably upon request.

5. Newsletter

With your consent, you can subscribe to the newsletter on our website, with which we inform you about newly published books, giveaways, etc. or send you free book chapters for download. The legal basis for sending our newsletter is Article 6 Para. 1 Sentence 1 lit. a GDPR. We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we will ask you to confirm that you wish to receive the newsletter.

For this, we use the service of MailChimp. MailChimp is a marketing automation platform and an email marketing service. MailChimp stores the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this processing is Article 6 Para. 1 Sentence 1 lit. f GDPR. A valid e-mail address is required for sending the newsletter. After your confirmation, we will save it for the purpose of sending you the newsletter. The processing of your e-mail address is necessary in order to provide you with the desired service (newsletter). The legal basis for this is Article 6 Para. 1 Sentence 1 lit. b GDPR. You can revoke your consent to the sending of the newsletter at any time and cancel your subscription to the newsletter. You can withdraw your consent by clicking on the link provided in each newsletter, by sending an e-mail to contact@nynaqueen.com or by sending a message to the contact details given in the legal disclosure of this website. The data stored for the purpose of sending the newsletter will be deleted in the event of revocation of your consent in accordance with data protection.

Please refer to the MailChimp Privacy Policy for more information: https://mailchimp.com/legal/privacy/

6. Data transfer

We have your data processed by contract processors such as newsletter senders and computer center operators. These contract processors are bound by contracts in accordance with Article 28 GDPR. We only pass on the data to third parties if this is necessary to fulfill the tasks assigned by you or if there is a legal obligation.

7. Cookies

Furthermore, when our website is used by you, Facebook pixel and Google Recaptcha cookies are stored on your computer. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective. The legal basis for the use of cookies on our website is Article 6 Para. 1 Sentence 1 lit. f GDPR. We use session cookies to operate our website. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This enables your computer to be recognized when you return to the website. The session cookies are deleted when you close your browser.

You can prevent cookies from being saved by making the appropriate settings in your browser software. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent.

7.1 Cookie Categories

The cookies used on our website are grouped into the following categories.

7.2 Used Cookies

The below list details the cookies used on our website.

8. Routine deletion and blocking of personal data

The data will be processed and stored as long as this is necessary to achieve the storage purpose. They will then be deleted as soon as this is legally permissible.

9. Your rights

9.1 Right to information

You may request confirmation from us as to whether personal data relating to you will be processed by us. In the event of such processing, you may request information from the data controller on the following information:

a) the purposes for which the personal data are processed;

b) the categories of personal data which are processed;

c) the recipients or the categories of recipients to whom the personal data relating to you has been or will be disclosed;

d) the planned duration of the retention of the personal data relating to you or, if it is not possible to provide specific information in this regard, criteria for determining the retention period;

e) the existence of a right to rectification or erasure of personal data concerning you, of a right to limit the processing by the controller or of a right to object to such processing;

f) the existence of a right of appeal to a supervisory authority;

g) all available information on the origin of the data if the personal data are not collected from the data subject;

h) the existence of automated decision-making, including profiling, in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer.

9.2 Right to rectification

You have the right to have your personal data corrected and/or completed without delay if it is inaccurate or incomplete.

9.3 Right to limitation of processing

Under the following conditions, you may request the limitation of the processing of your personal data:

a) if you dispute the accuracy of the personal data concerning you for a period of time which allows the controller to verify the accuracy of the personal data;

b) if the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data;

c) if the controller no longer needs the personal data for the purposes of the processing but you need it for the assertion, exercise or defense of legal claims, or

d) if you object to the processing in accordance with Article 21 Para. 1 GDPR and it has not yet been established whether the justified reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data – apart from their storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.#

9.4 Right to deletion

You may request that the personal data relating to you be deleted immediately and the controller is obliged to delete such data immediately if one of the following reasons applies:

a) The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed.

b) You revoke your consent on which the processing was based pursuant to Article 6 Para. 1 Sentence 1 lit. a or Article 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing.

c) You object to the processing pursuant to Article 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21 Para. 2 GDPR.

d) The personal data relating to you have been processed unlawfully.

e) The deletion of personal data relating to you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

f) Personal data relating to you have been collected in relation to information society services offered pursuant to Article 8 Para. 1 GDPR.

If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Article 17 Para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.

The right to cancellation does not exist in so far as the processing is necessary

a) for the exercise of the right to freedom of expression and information;

b) for the fulfillment of a legal obligation which the processing requires under the law of the Union or the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) for reasons of public interest in the field of public health in accordance with Article 9 Para. 2 lit. h and Para. 3 GDPR;

d) for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 Para. 1 GDPR, insofar as the law referred to in Para. 1 presumably makes the realization of the objectives of such processing impossible or seriously impairs it, or

e) for the assertion, exercise or defense of legal claims.

9.5 Right to notification

If you have exercised the right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of the processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients by the controller.

9.6 Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another data controller without being hindered by the data controller to whom the personal data was provided, provided that a) the processing is based on an agreement pursuant to Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract pursuant to Article 6 Para. 1 lit. b GDPR and b) the processing is carried out using automated procedures. In exercising this right, you also have the right to have the personal data relating to you transferred directly by a person responsible to another person responsible as far as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

9.7 Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Article 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.  The person responsible will no longer process the personal data relating to you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.  If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. In connection with the use of information society services, you may exercise your right of objection by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

9.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time.  The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

9.9 Right to automated decision in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you.  This shall not apply if the decision a) is necessary for the conclusion or performance of a contract between you and the responsible person, b) is permissible under the laws of the Union or the Member States to which the responsible person is subject and such laws contain reasonable measures to protect your rights and freedoms and your legitimate interests, or c) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 Para. 1 GDPR, unless Article. 9 Para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests. With regard to the cases referred to in a. and c., the person responsible shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state his own position and to challenge the decision.  There is no automated decision-making, including profiling, pursuant to Article 22 Para. 1 and 4 GDPR.

9.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you reside, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is in breach of the GDPR. The Hamburg Commissioner for Data Protection and Freedom of Information Klosterwall 6 (Block C), 20095 Hamburg Tel.: (040) 4 28 54 – 40 40 E-Fax: (040) 4 279 – 11811 E-Mail: mailbox@datenschutz.hamburg.de The supervisory authority to which the complaint was submitted informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

10. Data security

We secure our website and other systems by technical and organizational measures against loss, destruction, access, change or spreading of your data by unauthorized persons. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.