Imprint

Responsible service provider

Mirjam Born
Nansenstr. 3
14471 Potsdam
Deutschland

Contact

Disclaimer:

Liability for contents

All contents of our website have been created with the utmost care and to the best of our knowledge. However, we cannot guarantee the accuracy, completeness and timeliness of the content. As a service provider, we are responsible for our own content on these pages in accordance with the general laws pursuant to § 7 Para.1 TMG. According to §§ 8 to 10 TMG, however, we are not obligated as a service provider to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under the general laws remain unaffected.

However, liability in this regard is only possible from the point in time at which a concrete infringement of the law becomes known. If we become aware of the above-mentioned infringements, we will remove this content immediately.

Our website contains links to external third-party websites. We have no influence on the content of these directly or indirectly linked websites. Therefore, we cannot assume any liability for the accuracy of the contents of the “external links”. The respective providers or operators (authors) of the sites are responsible for the contents of the external links.

The external links were checked for possible legal violations at the time of linking and were free of illegal content at the time of linking. A constant review of the contents of the external links is not possible without concrete evidence of a violation of the law. In the case of direct or indirect links to the websites of third parties that lie outside our area of responsibility, a liability obligation would only exist in the case where we become aware of the content and it would be technically possible and reasonable for us to prevent use in the case of illegal content.

This disclaimer also applies to links and references within our own website “Name of your domain” from questioners, bloggers, guests of the discussion forum. For illegal, incorrect or incomplete contents and in particular for damage, which develops from the use or disuse of such presented information, alone the service provider of the side, to which one referred, is responsible in particular that, which refers over left to the respective publication only.

If we become aware of any legal violations, we will remove the external links immediately.

The content and works published on our website are subject to German copyright law (http://www.gesetze-im-internet.de/bundesrecht/urhg/gesamt.pdf) . The reproduction, editing, distribution and any kind of exploitation of intellectual property in ideal and material view of the author outside the limits of copyright require the prior written consent of the respective author in the sense of copyright law (http://www.gesetze-im-internet.de/bundesrecht/urhg/gesamt.pdf ). Downloads and copies of this site are only permitted for private and non-commercial use. If the content on our website was not created by us, the copyrights of third parties must be observed. The contents of third parties are marked as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. If we become aware of any infringements, we will remove such content immediately.

Privacy

Introduction

With the following data protection declaration we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and, in particular, on our websites, in mobile application websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offer”).

The terms used are not gender-specific.

Status: June 26, 2022

Table of contents

Person responsible

Mirjam Born
Nansenstr. 3
14471 Potsdam

E-mail address: info@thesustainableloop.com

Imprint: https://thesustainableloop.com/en/legal/

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed

  • Contact data
  • Content data
  • Usage data
  • Meta/communication data

Categories of data subjects

  • Communication partners
  • Users
  • Participants

Purposes of processing

  • Provision of contractual services and customer service
  • Contact requests and communication
  • Reach measurement
  • Conversion measurement
  • Management and response to requests
  • Server monitoring and error detection
  • Feedback
  • Marketing
  • Provision of our online services and user experience
  • Information technology infrastructure

Applicable legal basis

The following is an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, should more specific legal bases be decisive in individual cases, we will inform you of these in the data protection declaration.

  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures taken at the data subject’s request.
  • Legitimate interests (Art. 6 para. 1 p. 1 lit. b. GDPR) - The processing is necessary to protect the legitimate interests of the controller or of a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. In addition, the data protection laws of the individual federal states may apply.

Security measures

We make decisions in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, appropriate technical and organizational measures in order to ensure an appropriate level of protection.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, safeguarding of availability and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of personal data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection notices may also contain further details on the retention and deletion of data, which take priority for the respective processing operations.

Provision of the online offer and web hosting

In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer, which is generated as part of the use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

  • Types of data processed: Content data (e.g. entries in online forms); usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).); reach measurement (e.g. access statistics, recognition of returning visitors); conversion measurement (measurement of the effectiveness of marketing measures); server monitoring and error detection.
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further notes on processing processes, procedures and services:

  • Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR); Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
  • Content-Delivery-Network: We use a content delivery network (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
  • GitHub: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: GitHub B.V., Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands; Legal Grounds: Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. GDPR); Website: https://github.com/; Privacy Policy: https://docs.github.com/github/site-policy/github-privacy-statement; Order Processing Agreement: https://github.com/customer-terms/github-data-protection-agreement; Standard Contractual Clauses (ensuring level of data protection in case of processing in third countries): https://docs.github.com/site-policy/github-terms/github-terms-of-service/.

Contact and Inquiry Management

When contacting us (e.g. via contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.

The response to the contact inquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries and maintaining user or business relationships.

  • Types of data processed: Contact data (e.g. email, phone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners.
  • Purposes of processing: Provision of contractual services and customer service; contact requests and communication; managing and responding to inquiries; feedback (e.g., collecting feedback via an online form); providing our online offer and user experience.
  • Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6. para. 1 p. 1 lit. f. GDPR).

Further notes on processing operations, procedures and services:.

  • Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data communicated to us in this context to process the communicated request. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment and otherwise on the basis of our legitimate interests as well as the interests of the communication partners in responding to the requests and our statutory retention obligations; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Surveys and polls

We conduct surveys and interviews in order to collect information for the respective communicated survey or interview purpose. The surveys and questionnaires we conduct (hereinafter “surveys”) are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address in order to display the survey in the user’s browser or to enable the survey to be resumed with the aid of a cookie).

  • Types of data processed: Contact data (e.g. e-mail, phone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners; participants.
  • Purposes of processing: Feedback (e.g., collecting feedback via an online form).
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further notes on processing processes, procedures and services:

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for the users because, for example, it could make it more difficult to enforce the rights of the users.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

  • Types of data processed: Contact data (e.g. e-mail, phone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online Services).
  • Purposes of processing: Contact requests and communications; feedback (e.g., collecting feedback via online form); marketing.
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further notes on processing operations, procedures and services:

Plugins and embedded functions and content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content or functionality. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online service and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further notes on processing processes, procedures and services:

  • Font Awesome (provided on own server): Display of fonts and icons; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the Font Awesome provider; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
  • Google Fonts (provided on own server): Display of fonts (and symbols); Service provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Amendment and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.

Rights of data subjects

As a data subject, you are entitled to various rights under the GDPR, which are arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to revoke consent: You have the right to revoke any consent given at any time.
  • Right to information: You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
  • Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to demand restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to demand its transfer to another responsible party.
  • Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the requirements of the GDPR.

Definitions

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.

  • Conversion measurement: Conversion measurement (also referred to as “visit action evaluation”) is a method used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users’ devices within the websites on which the marketing measures take place and then retrieved again on the target website. For example, this allows us to track whether the ads we have placed on other websites have been successful.
  • Personal Data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include visitors’ behavior or interests in certain information, such as website content. With the help of reach analysis, website owners can see, for example, at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to the needs of their visitors. For reach analysis purposes, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offer.
  • Server monitoring and error detection: With the help of server monitoring and error detection, we ensure the availability and integrity of our online offering and use the processed data to technically optimize our online offering. Performance, load and comparable technical values are processed, which provide information about the stability and any anomalies of our online offering. In the event of errors and conspicuousness, individual inquiries from the users of our online offering are recorded in order to identify and rectify sources of problems.
  • Responsible party: The term "responsible party" refers to the natural or legal person, authority, institution or other body, who alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data, be it collection, analysis, storage, transmission or deletion.
Deutsch