P R I V A C Y  P O L I C Y

​

This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online services and associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Services"). Regarding the terms used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

​

Responsible:

Katharina Hübscher
Address: Cepeda 5, 07014 Palma de Mallorca
Email: info@katehkate.de

​

​

Types of Data Processed:​

• Basic Data (e.g., names, addresses).

• Contact Data (e.g., email addresses, phone numbers).

• Content Data (e.g., text entries, photographs, videos).

• Contract Data (e.g., contract subject, duration, customer category).

• Payment Data (e.g., bank details, payment history).

• Usage Data (e.g., visited websites, interest in content, access times).

• Meta/Communication Data (e.g., device information, IP addresses).
   

Processing of Special Categories of Data (Article 9(1) GDPR):

No special categories of data are processed.

​

Categories of Data Subjects Affected by Processing:

• Customers, prospects, visitors, and users of the online service.

• Business partners.

• Visitors and users of the online platform.
  We collectively refer to the data subjects as "users."
   

Purpose of Processing:

• Provision of the online offering, its content, and shop functions.

• Fulfillment of contractual obligations, service, and customer care.

• Responding to contact inquiries and communication with users.

• Marketing, advertising, and market research.

• Security measures.

Last updated: May 2025
 

1. Terminology Used

1.1. "Personal data" refers to all information relating to an identified or identifiable natural person ("data subject"); a natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., cookies), or one or more specific characteristics.

1.2. "Processing" refers to any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

1.3. "Controller" refers to the natural or legal person, public authority, agency, or other body that alone or jointly determines the purposes and means of processing personal data.
 

2. Legal Basis for Processing

In accordance with Article 13 GDPR, we inform you about the legal bases for our data processing. If the legal basis is not mentioned in this Privacy Policy, the following applies:

• The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.

• The legal basis for processing for the performance of our services and contract execution as well as responding to inquiries is Article 6(1)(b) GDPR.

• The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR.

• The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR.

• If the processing is necessary to protect vital interests, Article 6(1)(d) GDPR serves as the legal basis.
   

3. Changes and Updates to the Privacy Policy

We ask users to regularly review the content of this Privacy Policy. We update this Privacy Policy whenever changes to our data processing require it. We will notify users when changes require their cooperation (e.g., consent) or individual notification.
 

4. Security Measures

4.1. We implement appropriate technical and organizational measures in accordance with Article 32 GDPR to ensure a level of security appropriate to the risk, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing. These measures include ensuring the confidentiality, integrity, and availability of data.

4.2. Security measures include encrypted data transmission between your browser and our server.
 

5. Disclosure and Transmission of Data

5.1. If we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if transmission of data to payment providers is required for contract fulfillment under Article 6(1)(b) GDPR), if you have given your consent, if there is a legal obligation, or based on our legitimate interests (e.g., use of agents, web hosts, tax consultants).

5.2. If we commission third parties with the processing of data on the basis of a "data processing agreement," this is done in accordance with Article 28 GDPR.
 

6. Data Transfers to Third Countries

If we process data in a third country (i.e., outside the EU or the European Economic Area) or do so using third-party services, data will only be processed if necessary for fulfilling our (pre)contractual obligations, with your consent, due to a legal obligation, or based on our legitimate interests.
 

7. Rights of Data Subjects

7.1. You have the right to request confirmation whether relevant data is being processed and to obtain access to this data (Article 15 GDPR).

7.2. You have the right to rectification (Article 16 GDPR) and the right to erasure (Article 17 GDPR) of your data.

7.3. You have the right to restrict processing under certain conditions (Article 18 GDPR).

7.4. You have the right to data portability (Article 20 GDPR).

7.5. You have the right to lodge a complaint with a data protection authority (Article 77 GDPR).
 

8. Right to Withdraw Consent

You have the right to withdraw consent given under Article 7(3) GDPR with effect for the future.
 

9. Right to Object

You can object to future processing of your data at any time in accordance with Article 21 GDPR, particularly for direct marketing purposes.
 

10. Cookies and Right to Object in Direct Marketing

10.1. "Cookies" are small files stored on users' devices. We use temporary and permanent cookies for security and marketing purposes.

10.2. Users can disable cookies in their browser settings. Disabling cookies may limit website functionality.

10.3. Users can object to tracking cookies used for online marketing via:

• US-based opt-out: http://www.aboutads.info/choices/

• EU-based opt-out: http://www.youronlinechoices.com/
   

11. Deletion of Data

11.1. We delete processed data in accordance with Articles 17 and 18 GDPR when it is no longer required for its intended purpose.

11.2. Statutory retention periods apply (e.g., commercial retention of six years under §257 HGB and ten years under §147 AO).