Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").The terms used are not gender-specific.

Last updated: April 17th 2025
 

Controller

Sabrina Sauter
Georgenstraße 108
80798 Munich
Germany
E-Mailddress: hey@samsauter.dev
Imprint: https://www.samsauter.dev/imprint
 

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and the data subjects involved.
 

Types of Data Processed

  • Inventory data
  • Contact data
  • Content data
  • Usage data
  • Meta, communication, and procedural data
  • Log data
     

Categories of Data Subjects

  • Communication partners
  • Users
     

Purposes of Processing

  • Communication
  • Organizational and administrative procedures
  • Feedback
  • Provision of our online offering and user-friendliness
  • IT infrastructure
     

Relevant Legal Bases

Relevant Legal Bases under the GDPR:
Below you will find an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may also apply in your country of residence or our place of business. If more specific legal bases apply in individual cases, we will inform you of them in this privacy policy.

Performance of a Contract and Pre-contractual Inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR):
Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f GDPR):
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Note on Applicability of the GDPR and the Swiss Data Protection Act (DSG):
These privacy notices are intended to provide information in accordance with both the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). Therefore, please note that the terminology used is based on the GDPR due to its broader territorial scope and better comprehensibility. Specifically, instead of the terms used in the Swiss DSG such as “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data,” the GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used. However, within the scope of the Swiss DSG, the legal meaning of the terms continues to be determined in accordance with the Swiss DSG.
 

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, the implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and separation of the data itself. We have also implemented procedures that ensure the exercise of data subjects’ rights, data deletion, and responses to data breaches. Furthermore, we take data protection into account when developing or selecting hardware, software, and procedures, in accordance with the principles of data protection by design and by default.

TLS/SSL Encryption:
To protect users’ data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the foundation of secure data transmission on the internet. These technologies encrypt the information exchanged between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. A website secured by an SSL/TLS certificate is indicated by the presence of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and in encrypted form.
 

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are withdrawn or there are no longer any legal grounds for processing. This applies in cases where the original purpose of the processing no longer exists or the data is no longer needed. Exceptions to this rule exist if legal obligations or specific interests require longer retention or archiving of the data. In particular, data that must be retained for commercial or tax-related reasons, or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons, must be archived accordingly. Our privacy notices contain additional information on data retention and deletion that apply specifically to certain processing activities. If multiple retention periods or deletion deadlines apply to a piece of data, the longest period shall always prevail. If a period does not explicitly begin on a specific date and is at least one year long, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships under which data is stored, the triggering event is the effective date of termination or any other end of the legal relationship. Data that is no longer needed for its original intended purpose but is retained due to legal requirements or other reasons is processed solely for the purposes that justify its continued retention.
 

Further Information on Processing Activities, Procedures, and Services

Retention and Deletion of Data:The following general retention periods apply under German law: 

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the working instructions and other organizational documents necessary to understand them(Section 147 para. 1 no. 1 in conjunction with para. 3 of the German Fiscal Code (AO), Section 14b para. 1 of the German VAT Act (UStG), Section 257 para. 1 no. 1 in conjunction with para. 4 of the German Commercial Code (HGB)).
  • 8 years – Accounting vouchers such as invoices and expense receipts(Section 147 para. 1 nos. 4 and 4a in conjunction with para. 3 sentence 1 AO and Section 257 para. 1 no. 4 in conjunction with para. 4 HGB).
  • 6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents that are relevant for taxation purposes, such as time sheets, cost accounting records, calculation documents, price markings, as well as payroll records (if not already accounting vouchers) and cash register receipts(Section 147 para. 1 nos. 2, 3, 5 in conjunction with para. 3 AO, Section 257 para. 1 nos. 2 and 3 in conjunction with para. 4 HGB).
  • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to respond to related inquiries, based on past business experience and typical industry practices. These are retained for the duration of the standard statutory limitation period of three years(Sections 195, 199 of the German Civil Code (BGB)).
 

Rights of Data Subjects

Rights of Data Subjects under the GDPR:
As a data subject under the GDPR, you are entitled to various rights, particularly arising from Articles 15 to 21 of the GDPR.

Right to Object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

Right to Withdraw Consent:
You have the right to withdraw any consent you have given at any time. 

Right of Access:
You have the right to request confirmation as to whether or not personal data concerning you is being processed, and to access such data along with further information and a copy of the data in accordance with legal requirements.

Right to Rectification:
In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you. 

Right to Erasure and Restriction of Processing:
 You have the right, under the legal requirements, to request that data concerning you be deleted without undue delay, or alternatively, under legal requirements, to request restriction of the processing of your data. 

Right to Data Portability:
You have the right to receive the data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transmission of this data to another controller, in accordance with legal requirements. 

Right to Lodge a Complaint with a Supervisory Authority:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.
 

Provision of Online Services and Web Hosting

We process users’ data in order to provide them with our online services. 

Types of Data Processed:
Log data (e.g., log files relating to logins, data retrieval, or access times). 

Data Subjects:
Users (e.g., website visitors, users of online services). 

Purposes of Processing:
Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.). 

Retention and Deletion:
Deletion takes place in accordance with the information provided in the section “General Information on Data Storage and Deletion.” 

Legal Basis:
Legitimate interests (Art. 6(1)(f) GDPR).
 

Further Information on Processing Activities, Procedures, and Services

Provision of Online Services on Rented Hosting Space:
To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a “web host”).

Legal Basis:
Legitimate interests (Art. 6(1)(f) GDPR).
 

Contact and Request Management

When you contact us (e.g., by mail, contact form, email, telephone, or via social media), and within the context of existing user and business relationships, we process the information provided by the inquiring individuals to the extent necessary to respond to the inquiries and any requested actions.

Types of Data Processed:
Master data (e.g., full name, residential address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., written or visual messages and posts, including related information such as authorship or time of creation); usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).

Data Subjects:
Communication partners.

Purposes of Processing:
Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online forms); provision of our online services and user-friendliness.

Retention and Deletion:
Deletion is carried out in accordance with the section “General Information on Data Storage and Deletion.” 

Legal Bases:
Legitimate interests (Art. 6(1)(f) GDPR); contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
 

Further Information on Processing Activities, Procedures, and Services

Contact Form:
When contacting us via our contact form, email, or other communication channels, we process the personal data provided to us in order to respond to and handle the respective inquiry. This typically includes information such as name, contact details, and any other information shared with us that is necessary for appropriate handling. We use this data solely for the stated purpose of communication. 

Legal Bases:
Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).