is based on the GDPR of the European Union. The California Consumer Privacy Act (CCPA) is also based on the GDPR law passed by the European Union.
We care about your privacy, and we know you do, too. Read about how we use, store and protect your personal data. You may ask us to disclose what personal information we have about you and to delete your personal information.
We are compliant with the data protection regulations – including the European Union‘s General Data Protection Regulations (GDPR).
Why we process personal data
Legal grounds for processing personal data
European Union user rights under the GDPR and how to exercise them
Contact Information for our data controller and data protection officer
“Personal data” is information relating to an identified or identifiable natural person.
Information Collection and Use – General
We may collect information when you visit christaherzog.com or interact with us.
Contact With Us
When you contact us per a form on our website or per email, we ask you to provide your email address and name. You can choose to provide only your first name instead of your full name if you wish. This personal data is kept to answer your questions and requests until the need for it no longer exists. We are never giving these data to third parties.
You have the opportunity to subscribe to our newsletter via a form on our website. We ask you to provide your email address and name. You can choose to provide only your first name instead of your full name if you wish. Your email address is necessary for us to be able to send you the newsletter. By filling in the subscription form of the newsletter, sending it, and clicking on the conformation link sent to you by email, you indicate that you agree that you are subscribing to the newsletter. You can cancel the subscription to the newsletter at any time. In every email of a newsletter that you receive from us, there is an unsubscribe link at the end, which you can use to unsubscribe at any time.
Transfer of Personal Data to Third Parties
Third Party Cookies
Our website uses so-called cookies. These are small text files that are stored on your browser that is connected with your device. They do no harm. Some cookies remain stored on your device until you delete them. These are cookies of iContact and Shareit – Digital River. They allow to recognize your browser on your next visit.
Prevention of Hacker Attacks
To prevent hackers who attack our website to cause damage, we use AIO WordPress Security. WP Security stores the IP address of a visitor. If a hacker tries to login, I can block him. A specific number of data of visitors are stored. If there are new visitors, the data from older ones are no longer kept on the list. If there are more hacker attacks from a specific IP address, we block them, thus excluding the hacker from the website, which could prevent damage to the website. It is not our interest to collect any data from visitors other than hackers.
Use of Social Networks Plugins
Our website uses features of the web analytics service Google Analytics, from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, located in a non-European third country. Google Analytics is used to track site statistics and user demographics, interests and behavior on websites. We also use Google Search Console to help understand how our website visitors find our website and to improve our search engine optimization. For this purpose, cookies are used that allow an analysis of the use of our website by visitors. The data generated thereby is transmitted to the server of the provider of the analysis services and stored there. As a rule, no consent is obtained for the use of personal data since the data is pseudonymised. Here we refer to Art. 6 para. 1 GDPR.
Our concern within the meaning of the GDPR (legitimate interest) is the improvement of our products and our website. Thanks to Google Analytics, we see how many visitors from German or English-speaking and from other language speaking countries visit the website, as well as some demographic data that helps us to adjust and improve the content of our texts. The user data is pseudonymised, whereby we do not see any IP addresses or other personal data that would indicate a single visitor to the website.
The data processing takes place on the grounds of the legal regulations of the § 96 para. 3 TKG as well as the art 6 para. 1 a) (consent) and / or f (legitimate interest) of the GDPR.
When Buying a Product
To sell products to customers we use a third-party service provider. If you buy a product from us, you buy it from Shareit – Digital River. Shareit – Digital River is an international company that automates the process of buying, paying and delivering a digital product. The reason that we decided selling our products by an international company is that every buyer, thanks to international processing, pays the customary local sales tax – VAT.
The data you provide is required to fulfill the contract. Without this data Shareit – Digital River cannot conclude the contract with you. A transfer of data to another third party does not take place, with the exception of the transmission of credit card or bank data to the bank or payment service provider. for the purpose of debiting the purchase price.
You will need to provide at least your full name and email, as well as payment information, on the Shareit – Digital River payment processing portal. The email is required to send you, after payment, the download link or login details that will allow you to log into a website where you will find the downloads.
Your payment details are managed exclusively by Shareit – Digital River. This is also necessary should you require your payment back for what you have 60 days.
After payment, you will receive by email the download or information to access the downloads. Only then will Digital River send us a confirmation of your order. This is necessary so that we can help you with questions or problems.
Your data, which we receive as a confirmation of your order from Shareit – Digital River, that is the date of purchase, name, address, email, name of the purchased product and purchase price, will be stored with us so that we can offer you good service, for example to respond to questions about the product and we will send you a new download if the download of the product is lost until the expiration of the tax retention period, which is 7 years.
We have to pay taxes for all purchases and have to keep all order confirmations for 7 years.
The data processing takes place on the grounds of the statutory provisions of § 96 (3) TKG and Art. 6 para. 1 lit a (consent) and / or lit b (necessary for fulfillment of the contract) of the GDPR.
Scope of Processing of Personal Data on This Website
See in the catalog of Art. 6 para. 1 GDPR
Names and emails of newsletter subscribers stored by iContact are not managed or processed by us. If a subscriber wants to be certain after unsubscribing that their data stored on iContact will be erased, they can write to us and we will have their data erased in iContact.
Data from contact forms are kept only until the questions have been answered.
Data at Shareit – Digital River is kept for 7 years.
Google Analytics renews data constantly.
Purpose of Data Processing
It is necessary for subscribers of the newsletter to provide their name and email in order to receive the newsletter.
Contact forms on the site collect name and email to answer to questions and to help with issues.
Google Analytics collects visitor demographics so that we can tailor our texts to a specific type of visitor.
WP Security monitors visitor behavior to counter hacker attacks, and for us the data is important to prevent a hacker attempting multiple attacks from visiting the site.
Shareit – Digital River needs to collect data to process sales.
Duration of Storage of Data
Basically, the data will be deleted as soon as the purpose of their collection has been fulfilled.
Subscribers to the newsletter can unsubscribe from the newsletter at any time and ask us to make sure that their data on iContact is deleted.
WP Security retains data only for a short time. This depends on the number of visitors to the website.
Google Analytics renews its data regularly.
Order confirmations received after purchasing a product through Digital River must be retained by us under Austrian tax law for 7 years.
Opposition and Removal Possibility
Anyone subscribing to our newsletter may request deletion of their data stored on iContact at any time. He can ask us to delete this data. The deletion of personal data from third parties is not possible through us.
Data of contact forms on christaherzog.com are deleted after questions and issues have been answered. The visitor can ask for deletion of his data at any time.
A deletion of data at and from Shareit – Digital River is not possible because of tax laws.
Data on WP Security is deleted automatically.
In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and opposition. If you believe that the processing of your data violates the data protection law or otherwise your data protection claims have been violated in a way, you can complain to the supervisory authority = data protection authority.
Name and Address of The Person Responsible and The Data Protection Officer of christaherzog.com
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations for this website is:
Dr. Christa Herzog
(This is the address of the company Dr. Christa Herzog, not the residency of Dr. Christa Herzog.)
General Information About Data Processing
Scope of Processing of Personal Data
In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact or the processing of the data is permitted by law.
Legal Ground For The Processing of Personal Data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal Ground.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as legal ground. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR as legal ground.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR as legal ground for processing.
Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is omitted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion or fulfillment of the contract.
Provision of The Website and Creation of Log Files
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the system of the user comes to our website
(7) Web sites accessed by the user’s system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
1. Legal Ground For Data Processing
The legal ground for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
2. Purpose of The Data Processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.
3. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of storing the data in log files, this is the case after no more than seven days.
4. Possibility of Opposition and Removal
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
1. Description and Scope of Data Processing
The following data is stored and transmitted in the cookies by Shareit – Digital River:
– products in shopping cart
In this way, the following data can be transmitted:
(1) Entered search terms
(2) Frequency of page views
(3) Use of Website Features
The data of the users collected in this way are pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the users.
2. Legal Ground For Data Processing
The legal ground for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.
The legal ground for the processing of personal data using cookies for analysis purposes is the corresponding consent of the user Art. 6 para. 1 lit. a GDPR.
3. Purpose of The Data Processing
We require cookies for the following applications:
– Shopping cart
– Analysis of the Website
The user data collected through technically necessary cookies will not be used to create user profiles.
The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.
For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.
4. Duration of Storage, Objection and Disposal Options
1. Description and Scope of Data Processing
On our website you can subscribe to a free newsletter. The data from the input mask are transmitted to us when registering for the newsletter. This is a name and an email address.
In addition, the following data is collected by the autoresponder when registering.
– Date of Registration
If you buy a product on our website and deposit your e-mail address, this can subsequently be used by us for sending a newsletter.
In connection with the processing of data for the sending of newsletters, there is no disclosure of the data to third parties. The data will be used exclusively for sending the newsletter.
2. Legal Ground For Data Processing
The legal ground for the processing of the data after the user has registered for the newsletter is the consent of the user Art. 6 para. 1 lit. a GDPR.
3. Purpose of The Data Processing
The collection of the user’s e-mail address serves to deliver the newsletter.
The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.
4. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.
The other personal data collected during the registration process will usually be deleted immediately.
5. Opposition and Removal Possibility
Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose a corresponding link (unsubscribe link) can be found in every newsletter.
This also allows a revocation of the consent to the storage of the personal data collected during the registration process.
Contact Form And Email Contact
1. Description And Handling of Data Processing
On our website contact forms are available (form for contact and customer service), which can be used for electronic contact. If a user uses this option, the data entered in the input mask will be transmitted to us and saved. These data are:
– Name and Email
– Date and Time
2. Legal Ground For Data Processing
Legal ground for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR. The legal ground for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR.
3. Purpose of The Data Processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
5. Opposition And Removal Possibility
The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.
In this case, personal data stored in the course of contacting will be deleted.
Rights of The Person Concerned
1. Right to Information
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the person responsible about the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.
2. Right to Rectification
You have a right to rectification and / or completion to the controller, provided the personal data that is processed is incorrect or incomplete. The responsible person must make the correction without delay.
3. Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the limitation of the processing after the o.g. If conditions are restricted, you will be informed by the person in charge before the restriction is lifted.
4. Right to Cancellation
a) Obligation to delete
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal ground for processing.
(3) According to. Art. 21 para. 1 GDPR objection to the processing and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 GDPR Opposition to processing.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the person in charge has made the personal data concerning you public and is acc. Art. 17 (1) of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs persons requesting deletion of any links to such personal data or of copies or replications of such personal data.
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the European Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferring on the controller has been;
(3) for reasons of public interest in the field of public health in accordance with Art. 9 (1) lit. h and i and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes acc. Art. 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
5. Right to Information
If you have the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
6. Right to Data Portability
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
(1) the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR is based and
(2) the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right to Object
You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f GDPR takes an objection; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the ground of the consent until the revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permitted by European Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your express consent.
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates against the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.
We request individuals under 16 not provide personal data to us. If we learn that we have collected the personal data from a child under 16, we will take steps to delete the information as soon as possible.
Rome, Italy, 2021, 2. May
The GDPR of the EU is much stronger. We have to and we do comply with the GDPR. This part of the text might be easier to read.
Here at christaherzog.com (the website), we understand and share in your concern for personal privacy. We want to assure you that we treat your privacy with great respect. Any personal information that you share with us, stays with us. Your information will never be shared with a third party that is not an affiliate of us without your expressed permission.
The only instances in which we will ever share your personal information are as follows: (I) if we obtain permission from you first; (II) if we transfer our business assets or change the corporate structure; (III) if we need to share it with contractors or agents who perform services for us or (IV) if we are required by law to disclose the information.
Collected information and how we use it
We automatically collect some non-personally identifiable information for our own uses, which cannot identify you personally to us or any of our affiliates. This type of information may include your IP address, the type of operating system or browser that you use, or the domain name from which you linked to the website. We might collect this information for a variety of reasons, including diagnosing problems with our server or administering the website. Also, collecting this information gives us the best insight i.g. into which parts of the website users view the most.
We may collect personal information with your permission, such as your e-mail address, or demographic information, or through surveys. This information is used solely for the purpose of e-mail communication. emails or addresses in our database, are not used for any other purpose than they are originally intended for.
Our products are sold by Shareit – Digital River. Should we ever offer any product directly as also for specific services we offer, we will only ask you for the minimum amount of information necessary to verify that you are the one making the purchase or using the specific services. We will ask you for your name, address, credit card number and expiration date, only to make sure that the person using the credit card is the person who owns it. Again, we will never sell or share your information with any third party not affiliated with christaherzog.com without first obtaining your permission.
Social Media Sites
When you are writing a comment on christaherzog.com for Facebook, Google+ or other Social Media Sites, think that it becomes public and that it is out of our possibilities to do anything about it.
Although christaherzog.com doesn’t require you to accept cookies to view the website, your browsing experience will be greatly enhanced by doing so. Cookies can help to customize the pages that you see when you browse based on your browser type, and cookies allow us to track which features of the website the users like best.
Cookies do not have the ability to track where you go when you leave christaherzog.com or to remember passwords or usernames from this site or others. They cannot create pop-up ads or give your computer a virus, nor can they crash your computer. Cookies can’t delete or add cookies from other websites. Most importantly, cookies do not have the capability to identify users personally, and cannot store or reveal any personal information about any user at any time.
Please be advised that some of the banner ads on the website are provided by outside companies and contain cookies. Should you decide not to take advantage of the benefits of cookies, most browsers allow you disable or reject them.
Christaherzog.com has security measures in place to protect the loss, alteration, or misuse of all information that we collect. We take all of the reasonable steps that we can to ensure your private information remains private. We do not assume responsibility or liability for any third-party use of your personal information, whether it is obtained legally or illegally from the system of christaherzog.com.
Should you provide us with your e-mail address, christaherzog.com may occasionally send you communications regarding promotional offerings or content that we think you may be interested in. If you do not wish to receive this communication, you can opt-out any time. You will find an unsubscribe link on the bottom of each mail.
Changes in Corporate Structure
In developing the website and business, the corporate structure may change. Please be aware that user information, personally identifiable or otherwise, may be a transferred asset in the event that the website or certain parts of it, is sold, merged, or otherwise transferred.
MATERIAL CONNECTION DISCLOSURE
Products on this site offered are from Dr. Christa Herzog, but also from companies with which we have an affiliate relationship and / or another material connection to the providers of goods and services mentioned and may be compensated when you purchase from a provider, except otherwise mentioned. You should always perform due diligence before buying goods or services from anyone via the Internet or offline.