Privacy

This privacy policy contains information about our handling of your data. In the following, we will describe in general terms how and why we process your data so that you have a basic understanding of how we use these data. The general statements of this privacy policy concerning our use of your data as well as information concerning your rights under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act are intended to ensure the fair processing of these data. Sophia Lewis (hereinafter known as “we” or “us”) is the controller of the data processing.

I. General information

ContaCt

If you have any questions or suggestions about this information or if you would like to contact us to assert your rights, please send your request to

Sophia Lewis
Boltens Allee 4
22459 Hamburg
E-Mail: hello@deardoris.com

Legal grounds

The term “personal data” as used in data protection law encompasses any and all information relating to a specific or identifiable person. We process personal data in compliance with the pertinent data protection regulations, in particular the GDPR and the BDSG. We process personal data solely as permitted by law. We process personal data solely with your consent (point (a) of Art. 6 (1) GDPR), to fulfill a contract to which you are a party or to carry out pre-contractual measures when requested (point (b) of Art. 6 (1) GDPR), to fulfill a legal obligation (point (c) of Art. 6 (1) GDPR), or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless said interests are overridden by your interests or fundamental rights and freedoms that require the protection of personal data (point (f) of Art. 6 (1) GDPR).

Duration of storage

Unless otherwise stated in the following information, we store the data solely for as long as necessary to achieve the purpose of the processing or to fulfill our contractual or legal obligations. Statutory retention requirements may arise in particular from commercial or tax law regulations.

Recipients of the data

We engage service providers to process data in specific cases. Such cases include (for example) hosting, maintenance and support of IT systems, marketing measures, or the destruction of files and data carriers. These service providers process the data solely in accordance with express instructions and are contractually obligated to guarantee suitable technical and organizational measures for data protection.

Processing when you exercise your rights pursuant to Articles 12 to 22 GDPR

If you exercise your rights pursuant to Articles 12 to 22 GDPR, we will process the received personal data so that your rights are realized and we are able to verify the realization of your rights. We will process data stored for the purpose of providing and preparing information solely for this purpose and for the monitoring of privacy; the processing will otherwise be restricted in accordance with Art. 18 GDPR. This processing is based on the legal grounds set forth in point (c) of Art. 6 (1) GDPR in conjunction with Art. 12 to 22 GDPR and section 34 (2) BDSG.

Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

• You have the right pursuant to Art. 15 GDPR and section 34 BDSG to request information as to whether and, if so, to what extent we process personal data concerning you.

• You have the right pursuant to Art. 16 GDPR to request rectification of your data.

• You have the right pursuant to Art. 17 GDPR and section 35 BDSG to request erasure of your personal data.

• You have the right pursuant to Art. 18 GDPR to restrict the processing of your personal data.

• You have the right pursuant to Art. 20 GDPR to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format and to transfer this data to another controller.

• If you have given us specific consent to the processing of your data, you may withdraw this consent at any time pursuant to Art. 7 (3) GDPR. The withdrawal of consent is without prejudice to the legality of any processing that took place on the basis of the consent prior to the withdrawal.

• If you are of the opinion that the processing of your personal data infringes on the provisions of the GDPR, you have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority.

Right to object

You have the right pursuant to Art. 21 (1) GDPR to object to processing that is based on the legal grounds of points (e) or (f) of Art. 6 (1) GDPR for reasons relating to your particular situation. If we process personal data concerning you for direct marketing purposes, you may object to this processing in accordance with Art. 21 (2) and (3) GDPR.

Data protection officer 

If you have any questions about data protection, please send us an email or contact our data protection officer directly: Sophia Lewis, email: hello@deardoris.com

II. Data processing on our website

When you use our website, we collect information that you yourself provide. In addition, we automatically collect certain information about your use of the website during your visit to the website. Data protection law classifies the IP address as personal data. An IP address is assigned by the internet provider to every device connected to the internet so that it can send and receive data.

Processing of server log files

When our website is used strictly for informational purposes, general information that your browser transfers to our server is initially stored automatically (i.e., not as part of your registration). This includes by default: browser type/version, operating system used, site accessed, the previously visited site (referrer URL), IP address, date and time of the server request, and HTTP status code. This processing is carried out to safeguard our legitimate interests and is based on the legal grounds of point (f) of Art. 6 (1) GDPR. This processing secures the technical administration and the security of the website. The stored data are anonymized immediately after their collection so that no personal data are stored. We are not able to identify you as a data subject by utilizing the stored information. Pursuant to Article 11 (2) GDPR, Articles 12 to 22 GDPR do not apply in this case unless you provide additional information for your identification when exercising your rights as set forth in these articles.

Data transfer to the USA

Tools from companies based in the USA are integrated on our website. When these tools are active, your personal data can be passed on to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities will process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

This website was created with Squarespace and uses services that Squarespace has integrated into its programming. These services ensure the functionality of the site. Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland. Squarespace’s privacy policy and what services are used can be seen here: https://de.squarespace.com/privacy/

Contact options and inquiries

If you use the contact form we have provided to send us an email, we will process the transferred data to answer your request. If your query is aimed at the conclusion or performance of a contract with us, the data processing is based on the legal grounds of point (b) of Art. 6 (1) GDPR. Otherwise, we process the data on the basis of our legitimate interest in establishing contact to inquiring persons. The legal grounds for the data processing in this case are set forth in point (f) of Art. 6 (1) GDPR.

Integrated services and third-party content 

We use services and content from third-party providers on our website (hereinafter collectively referred to as “content”). This type of integration technically requires the processing of your IP address so that the content can be sent to your browser, and your IP address will be transferred to the third-party provider. This data processing is carried out to safeguard our legitimate interests in the optimization and economic operation of our website and is based on the legal grounds of point (f) of Art. 6 (1) GDPR. You may object to this data processing at any time by making the appropriate settings in your browser or by using certain browser add-ons.

We have integrated content from the following third-party services into our website:

Services of Google Ireland Limited (Ireland/EU): “Google Web Fonts” for displaying fonts. When using Google services, a transfer of the processed data to Google LLC (USA), which is headquartered in the USA, cannot be ruled out.

“YouTube” from YouTube LLC (USA) for displaying videos.

III. Further data processing

Contractual relationship

Establishing or fulfilling the contractual relationship with our customers generally requires the processing of the contact details sent to us by our contact. The processing serves our legitimate interest in a friction-free business process. The legal grounds for this processing are found in point (f) of Article 6 (1) GDPR. We also process data from current and potential customers for evaluation and marketing purposes. This processing is based on the legal grounds found in point (f) of Art. 6 (1) GDPR and serves our interest in the ongoing development of our products and services and the provision of information about our offers to you specifically. Further data processing may take place if you have given your consent (point (a) of Art. 6 (1) GDPR) or if this serves compliance with a legal obligation (point (c) of Art. 6 (1) GDPR).

December 2022