Privacy Policy

1. Privacy Overview

General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can identify you personally. Detailed information on data protection can be found in our Privacy Policy, which is provided below.

Data Collection on This Website
Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find the contact details of the operator in the section “Responsible Entity” in this Privacy Policy.

How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can, for example, involve data that you enter into a contact form.

Other data is automatically or with your consent collected by our IT systems when you visit the website. This is primarily technical data (e.g., Internet browser, operating system, or time of page view). These data are collected automatically as soon as you enter our website.

How do we use your data?
Some of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to obtain free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to file a complaint with the competent supervisory authority.

For any questions regarding data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

When visiting this website, your browsing behavior may be statistically analyzed. This is mainly done using analysis programs.

Detailed information about these analysis programs can be found in the following Privacy Policy.

2. Hosting and Content Delivery Networks (CDNs)

We host the content of our website with the following provider:

All-Inkl
The provider is ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter “All-Inkl”). For further details, refer to All-Inkl’s Privacy Policy: https://all-inkl.com/datenschutzinformationen/.

The use of All-Inkl is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable representation of our website. If explicit consent was obtained, processing is carried out solely on the basis of Article 6(1)(a) GDPR and § 25(1) TDDG, as far as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) in the sense of TDDG. Consent can be revoked at any time.

Contract Processing
We have entered into a contract for data processing (AVV) to use the above-mentioned service. This legally required contract ensures that All-Inkl processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Cloudflare
We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare provides a globally distributed content delivery network with DNS. It routes the information transfer between your browser and our website through the Cloudflare network. This allows Cloudflare to analyze traffic between your browser and our website, acting as a filter between our servers and potentially malicious web traffic. Cloudflare may also use cookies or other technologies to recognize internet users, which are solely used for the purposes described here.

The use of Cloudflare is based on our legitimate interest in ensuring flawless and secure delivery of our web offering (Article 6(1)(f) GDPR).

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. For further information on security and privacy at Cloudflare, refer here: https://www.cloudflare.com/privacypolicy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to adhering to these standards. Further details can be found here: https://www.dataprivacyframework.gov/participant/5666.

Contract Processing
We have entered into a data processing agreement (AVV) with Cloudflare to ensure compliance with the GDPR during data processing.

3. General Information and Mandatory Information

Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data will be collected. Personal data is data that can identify you personally. This Privacy Policy explains which data we collect and how we use them. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Responsible Entity
The responsible entity for data processing on this website is:

Catharina Russell
Alzenauer Str. 4
63579 Freigericht

Phone: [Phone number of the responsible entity]
Email: catharina@twosouls-wedding.de

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration
As long as no specific storage duration is mentioned within this Privacy Policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you submit a valid deletion request or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will occur after these reasons no longer apply.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packets and do not harm your device. They are either stored temporarily for the duration of your session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them or your web browser automatically deletes them.

Third-party cookies may also be stored on your device when you visit our page (third-party cookies). These allow us or you to use specific services from third-party companies (e.g., cookies for processing payment services).

Cookies serve various purposes. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart functions or displaying videos). Other cookies are used to analyze user behavior or display advertising.

Cookies necessary for the execution of electronic communication, the provision of certain requested functions (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring web traffic) are stored based on Article 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for technically flawless and optimized service delivery. If consent is requested for storing cookies and similar recognition technologies, processing will be based solely on that consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can configure your browser to inform you about cookies and only allow them on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.

If cookies from third parties or for analytical purposes are used, we will inform you separately in this Privacy Policy and may request consent.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

These data are not merged with other data sources.

Data collection occurs based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of its website – for this purpose, server log files must be collected.

5. Social Media

Facebook

This website integrates elements from the social network Facebook. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=en_US.

When the social media element is activated, a direct connection between your device and the Facebook server is established. Facebook receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that as the provider of this site, we do not have access to the content of the transmitted data or how Facebook uses it. For more information, please refer to Facebook’s privacy policy here: https://www.facebook.com/privacy/explanation.

If consent has been obtained, the use of the above service is based on Article 6(1)(a) of the GDPR and Section 25 of the TTDSG. Consent can be withdrawn at any time. If no consent has been obtained, the service is used based on our legitimate interest in maximizing visibility on social media.

If personal data is collected and forwarded to Facebook through the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is limited to the collection of data and its transmission to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. Our joint obligations have been laid out in an agreement on joint processing. You can find the wording of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website. Facebook is responsible for the data security of its products. Rights of the data subjects (e.g. requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert the rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.

Instagram

This website incorporates features of the Instagram service, provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is activated, a direct connection between your device and the Instagram server is established. Instagram receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the provider of this website, we do not have access to the content of the transmitted data or how Instagram uses it.

If personal data is collected and forwarded to Facebook or Instagram through the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is limited to the collection of data and its forwarding to Facebook or Instagram. The subsequent processing by Facebook or Instagram is not part of the joint responsibility. Our joint obligations have been laid out in an agreement on joint processing. You can find the wording of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website. Facebook is responsible for the data security of its products. Rights of the data subjects (e.g. requests for information) regarding data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert the rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875, and https://de-de.facebook.com/help/566994660333381.

For more information, please refer to Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.

6. Analysis Tools and Advertising

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. This includes collecting various usage data such as page views, session duration, operating systems used, and the user’s origin. These data are consolidated into a user ID and assigned to the specific device of the website visitor.

In addition, we can use Google Analytics to track your mouse movements, scrolling behavior, and clicks. Google Analytics also employs various modeling techniques to complement the collected data sets and utilizes machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of this website is generally transmitted to a server in the USA and stored there.

The use of this service is based on your consent under Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Data Processing Agreement

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads

The website operator uses Google Ads, an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter specific search terms on Google (keyword targeting). Additionally, targeted ads can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively analyze this data, for example, by analyzing which search terms led to the display of our ads and how many ads resulted in corresponding clicks.

The use of this service is based on your consent under Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads Remarketing

This website uses Google Ads Remarketing features. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offerings to specific target groups in order to subsequently show them interest-based ads in the Google advertising network (remarketing or retargeting).

Additionally, the remarketing audiences created with Google Ads can be linked with Google’s cross-device features. In this way, interest-based, personalized ads tailored to your previous usage and browsing behavior on one device (e.g., smartphone) can also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can opt out of personalized ads via the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent under Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. Consent can be withdrawn at any time.

For further information and privacy practices, please refer to Google’s privacy policy: https://policies.google.com/technologies/ads?hl=en.

Audience Building with Customer Matching

For audience building, we use the customer matching feature of Google Ads Remarketing. Here, we share certain customer data (e.g., email addresses) from our customer lists with Google. If the relevant customers are Google users and logged into their Google account, they will see appropriate advertising messages within the Google network (e.g., YouTube, Gmail, or in the search engine).

Facebook Pixel

This website uses the Facebook Pixel to track visitor actions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

The behavior of page visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes, and future advertising campaigns can be optimized.

The collected data is anonymous to us as the website operator. We cannot draw conclusions about the identity of users. However, the data is stored and processed by Facebook, which can link the data to the specific user profile and use it for its own advertising purposes in accordance with Facebook’s data usage policy. This enables Facebook to place ads both on Facebook pages and outside of Facebook. We, as website operators, cannot influence this use of the data.

The use of this service is based on your consent under Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

If personal data is collected on our website using the tools described here and forwarded to Facebook, Meta Platforms Ireland Limited and we are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility applies only to the data collection and transfer to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. The obligations that we share have been documented in a joint processing agreement. The text of the agreement can be found here: https://www.facebook.com/legal/controller_addendum.

You can disable the “Custom Audiences” remarketing feature in the Facebook ad settings here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

If you don’t have a Facebook account, you can disable Facebook’s use of interest-based ads on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

7. Plugins and Tools

Google Fonts (Local Hosting)
This site uses Google Fonts for uniform font presentation, which are provided by Google. The Google Fonts are installed locally, meaning no connection to Google’s servers is made.

For more information on Google Fonts, visit Google Fonts FAQ and Google’s privacy policy: Google Privacy Policy.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a server in the USA and stored there. The provider of this site has no influence over this data transfer. When Google Maps is activated, Google may use Google Fonts to ensure a consistent font display. When accessing Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.

The use of Google Maps is for the purpose of providing an appealing display of our online offerings and facilitating the easy location of the places we list on the website. This constitutes a legitimate interest as defined by Art. 6 (1) lit. f GDPR. If consent is requested, processing will be based solely on Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. For details, visit: Google Privacy Terms and Google Standard Contractual Clauses.

For more information on how user data is handled, please refer to Google’s privacy policy: Google Privacy Policy.

8. eCommerce and Payment Providers

Processing Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content, and modification of our contractual relationships. Personal data regarding the use of this website (usage data) is collected, processed, and used only to the extent necessary to enable the user to utilize the service or to bill them for it. The legal basis for this is Article 6, Paragraph 1, Letter b of the GDPR.

The collected customer data will be deleted after the completion of the order or the termination of the business relationship, and the expiration of any statutory retention periods. Statutory retention periods remain unaffected.

Data Transmission Upon Contract Conclusion for Online Stores, Retailers, and Goods Shipment

When you place an order with us, we pass your personal data to the transport company entrusted with delivery and the payment service provider responsible for processing the payment. Only data required by the respective service provider to fulfill their task will be provided. The legal basis for this is Article 6, Paragraph 1, Letter b of the GDPR, which permits data processing for the fulfillment of a contract or pre-contractual measures.

If you have given your consent under Article 6, Paragraph 1, Letter a of the GDPR, we will provide your email address to the transport company responsible for delivery, so that they can inform you via email about the shipping status of your order. You can revoke your consent at any time.

9. Audio and Video Conferencing

Data Processing

For communication with our clients, we use, among others, online conferencing tools. The tools we specifically use are listed below. When you communicate with us via video or audio conferencing over the internet, your personal data will be collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all the data that you provide or use to access the tools (email address and/or your phone number). In addition, the conferencing tools process the duration of the conference, the start and end time of participation, the number of participants, and other “contextual information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to facilitate online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speakers, and the type of connection.

If content is exchanged, uploaded, or otherwise provided within the tool, this will also be stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full control over the data processing operations of the tools used. Our possibilities are mainly limited by the company policies of the respective providers. For further information on data processing by the conferencing tools, please refer to the privacy policies of the tools, which we have listed below this text.

Purpose and Legal Basis

The conferencing tools are used to communicate with potential or existing contractual partners or to offer certain services to our clients (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us and our company (legitimate interest under Art. 6 para. 1 lit. f GDPR). If consent has been requested, the use of the respective tools is based on this consent; the consent can be revoked at any time with effect for the future.

Retention Period

The data directly collected by us via video and conferencing tools will be deleted from our systems as soon as you request deletion, revoke your consent for storage, or the purpose for storing the data no longer applies. Stored cookies will remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the retention period of your data that is stored by the operators of the conferencing tools for their own purposes. For details, please refer to the operators of the conferencing tools directly.

Conferencing Tools Used

We use the following conferencing tools:

Zoom
We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy: https://zoom.us/de-de/privacy.html.

Data transmission to the USA is based on the Standard Contractual Clauses of the EU Commission. For details, see here: https://zoom.us/de-de/privacy.html.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with the aforementioned provider. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.