Privacy policy

Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the “controller”) for purposes of data protection law is:

Cosmos Dream

Eileen Bischoping

Lauergasse 33

67346 Speyer, Germany

Tel.: 015205610022
E-Mail: cosmos.dreams2020@gmail.com

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Cookie Consent Manager

We have integrated the consent management tool “consentmanager” (www.consentmanager.net) from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of “consentmanager” you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed by consentmanager. In addition, the processed information may also be stored on your device.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. “Consentmanager” stores your data as long as your user settings are active. After two years after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.
You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to info@consentmanager.net.

Cookies

a) Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.

This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.

When you close your browser, these session cookies are deleted.

b) Third-party cookies

If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analyzing, or improving the features of our website.

Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.

c) Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

Contact

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

TuCalendi

In order to offer an easy option to book appointments, TuCalendi is used. The provider is tucalendi.com, located at Calle Manuel Bello Ramoz 74, 38670 Adeje, S/C Tenerife, Spain (hereinafter “TuCalendi”).
For the purpose of appointment booking, the desired date and time as well as other specific data are requested. These data include the name and email address of the person booking and/or attending the appointment as well as information about the reason for the appointment. The entered data is used for the planning, execution, and possibly for the follow-up of the appointment. The appointment data is stored on TuCalendi’s servers. TuCalendi’s privacy policy can be found here: https://www.tucalendi.com/en/privacy.
The data entered by the appointment booker remains with us until the user requests deletion, revokes consent to storage, or the purpose for data storage no longer applies. Mandatory legal provisions, in particular retention periods, remain unaffected.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in uncomplicated appointment scheduling with interested parties and customers. If consent has been requested, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time.
A contract for order processing (AVV) has been concluded with the above-mentioned provider, in which the provider assures that personal data will only be processed according to our instructions and in compliance with the GDPR.

WP Statistics

This website uses WP Statistics, a WordPress plugin developed by Veronalabs (5460 W Main St, Verona, NY 13478, United States) for easy statistics creation.

The plugin collects visitor data when your web browser connects to our web server. This data includes:

Browser and browser version
Operating system used
Date and time
Information on city/country
Duration of stay on the website
Clicks on the website

The goal is to provide you with the best possible user experience when visiting the website. The statistics created by WP Statistics help to identify weaknesses and make improvements. This allows for continuous optimization of the website to provide an even better online experience.

WP Statistics does not use cookies for data collection. The data, including IP addresses, is collected anonymously and stored locally on the server. No data is transferred to third parties. The anonymous data collection makes it impossible to identify visitors, even retrospectively.

Yoast SEO

To support search engine optimization of the website, the plugin “YOAST SEO” is used. According to WP-Support (https://wordpress.org/support/topic/yoast-gdpr/), this plugin does not store any personal data.

TikTok

We maintain an online presence on tiktok to present our company and our services and to communicate with customers/prospects. TikTok is a service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland

We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to TikTok.

The privacy policy of TikTok can be found at

We maintain an online presence on Pinterest to present our company and our services and to communicate with customers/prospects. Pinterest is a service of Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

The Pinterest privacy policy can be found here:

https://policy.pinterest.com/de/privacy-policy

YouTube

We maintain an online presence on YouTube to present our company and our services and to communicate with customers/prospects. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA.

The YouTube privacy policy can be found here:

https://policies.google.com/privacy

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

The LinkedIn privacy policy can be found here:

https://www.linkedin.com/legal/privacy-policy

facebook

To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Facebook platform.

On this social media platform, we are jointly responsible with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

The data protection officer of Facebook can be reached via this contact form:

https://www.facebook.com/help/contact/540977946302970

We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.

The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.

When accessing our online presence on the Facebook platform, Meta Platforms Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).

This data of the user is used for statistical information on the use of our company presence on Facebook. Meta Platforms Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Meta Platforms Ireland Ltd. can provide advertising both within and outside of Facebook based on your interests. If you are logged into Facebook at the time you access our site, Meta Platforms Ireland Ltd. will also link this data to your user account.

If you contact us via Facebook, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.

Meta Platforms Ireland Ltd. might also set cookies when processing your data.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Facebook may be fully usable.

Details on the processing activities, their suppression, and the deletion of the data processed by Facebook can be found in its privacy policy:

https://www.facebook.com/privacy/explanation

It cannot be excluded that the processing by Meta Platforms Ireland Ltd will also take place in the United States by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025.

Calendly

For the purpose of scheduling an appointment, the desired appointment time and other specific data are requested. This data includes the name, email address, and information regarding the reason for the appointment. The entered data will be used for the planning, execution, and, if necessary, follow-up of the appointment. The appointment data will be stored on Calendly’s servers. Calendly’s privacy policy can be found here: https://calendly.com/legal/privacy-notice.

The data entered by the person booking the appointment will remain with us until the user requests deletion, revokes consent for storage, or the purpose for data storage no longer applies. Mandatory legal provisions – in particular, retention periods – remain unaffected.

The legal basis for data processing is Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in providing a straightforward appointment scheduling process for interested parties and customers. If consent was obtained, Article 6(1)(a) of the GDPR is the legal basis for data processing; consent may be revoked at any time.

Data transfers to the USA are based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://calendly.com/pages/dpa.

Instagram

To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform.

On this social media platform, we are jointly responsible with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data protection officer of Instagram can be reached via this contact form:

https://www.facebook.com/help/contact/540977946302970

https://www.facebook.com/legal/terms/page_controller_addendum

When accessing our online presence on the Instagram platform, Meta Platforms Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).

This data of the user is used for statistical information on the use of our company presence on Instagram. Meta Platforms Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Meta Platforms Ireland Ltd. can provide advertising both within and outside of Instagram based on your interests. If you are logged into Instagram at the time you access our site, Meta Platforms Ireland Ltd. will also link this data to your user account.

If you contact us via Instagram, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.

Meta Platforms Ireland Ltd. might also set cookies when processing your data.

Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy:

https://help.instagram.com/519522125107875

It cannot be excluded that the processing by Meta Platforms Ireland Ltd. will also take place in the United States by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025.

Use of Google reCAPTCHA

We use Google reCAPTCHA (hereinafter referred to as “reCAPTCHA”) on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA ensures that input on our website (e.g., in a contact form) is made by a human and not by automated software or bots. This serves to protect the security of our website and prevent misuse.

What data is processed?
reCAPTCHA checks whether the data (e.g., in a contact form) is entered by a human. For this purpose, reCAPTCHA analyzes various information (e.g., IP address, time spent on the website, mouse movements, and keyboard inputs). This analysis begins automatically as soon as you access the website. The data collected during the analysis is transmitted to Google.

The processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in protecting our website and preventing misuse.

Data transfer to the USA
Google may store and process the data on servers in the United States. Data transfers to the USA are based on the Standard Contractual Clauses (SCC) as the legal foundation for processing. For further details, please refer to Google’s privacy policy.

Google Privacy Policy
For more information on how Google processes data, please visit:

Note on implementation
reCAPTCHA will only be activated with your explicit consent, which can be provided through our cookie banner. Processing will only take place after you have expressly agreed to the use of cookies or reCAPTCHA (Article 6(1)(a) GDPR).

Google Workspace

We use Google Workspace, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for communication and organization of our business processes. As part of Google Workspace, we utilize the following services:

Google Mail (Gmail): for sending and receiving emails,
Google Meet: for video conferences,
Google Drive: for file storage and sharing,
Google Calendar: for scheduling and managing appointments.

Processed Data

The use of Google Workspace may involve the processing of the following personal data:

Names,
Email addresses,
Content of emails, chats, or video conferences,
Metadata (e.g., time and duration of video conferences, features used),
Uploaded or shared files (e.g., documents, graphics),
Appointment details (e.g., subject, date, time, participants).

Purpose of Processing

Data processing is carried out exclusively for the following purposes:

Communication with customers, prospects, and business partners,
Scheduling and managing appointments,
Storing and organizing files,
Conducting video conferences and online meetings.

The legal basis for the processing is:

Article 6(1)(b) GDPR: Contract performance or the execution of pre-contractual measures,
Article 6(1)(f) GDPR: Legitimate interest in efficient communication and organization.

Data Processing by Google

Google processes your personal data as a data processor pursuant to Article 28 GDPR. Data processing is governed by Google’s Data Processing and Security Terms (DPST), which comply with the requirements of the GDPR.

Data Transfer to Third Countries

Data may be stored and processed on Google servers located in third countries such as the United States. Data transfer is conducted based on Standard Contractual Clauses (SCC) pursuant to Article 46 GDPR, which ensure an adequate level of data protection.

Security

Google implements comprehensive security measures, including:

SSL/TLS encryption for data transmission,
Encryption of data during storage (“at rest”).

Additionally, we have implemented security measures such as two-factor authentication (2FA) to further protect your data.

Further information
For more information about Google’s data processing practices and privacy policies, please visit:

Google Privacy Policy
Google Data Processing and Security Terms (DPST)

Social media links via graphics

We also integrate the following social media sites into our website. The integration takes place via a linked graphic of the respective site. The use of these graphics stored on our own servers prevents the automatic connection to the servers of these networks for their display. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network.

Once you click, that network may record information about you and your visit to our site. It cannot be ruled out that such data will be processed in the United States.

Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to our site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly.

The following social networks are integrated into our site by linked graphics:

General introduction

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc, 1601 S. California Ave., Palo Alto, CA 94304, USA.

TikTok

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland

Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Etsy

Etsy Irelanc UC, 66/67 Great Strand Street, Dublin 1, D01 RW84, Ireland , Irland, a subsidiary of Etsy, Inc., 117 Adams Street, Brooklyn, NY 11201, USA

Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc, 1601 S. California Ave., Palo Alto, CA 94304, USA.

TuCalendi

TuCalendi.com, Calle Bethencourt Alfonso 33, 7º, 38002 Santa Cruz, S/C Tenerife, Spain

Calendly

Calendly, 71 17th St NW, Ste 1000 Atlanta, GA 30363, USA
Privacy notice: https://calendly.com/legal/privacy-notice

Google

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland