Disclaimer – Legal Notice

§ 1 Limitation of Liability
The content of this website is prepared with the utmost care. However, the provider does not guarantee the accuracy, completeness, or timeliness of the content provided. Use of the website’s content is at the user’s own risk. Contributions identified by name reflect the opinion of the respective author and not necessarily that of the provider. Merely using the provider’s website does not establish any contractual relationship between the user and the provider.

§ 2 External Links
This website contains links to third-party websites (“external links”). These websites are the responsibility of their respective operators. When the external links were first established, the provider reviewed the third-party content to determine whether any legal violations existed. At that time, no legal violations were apparent. The provider has no influence whatsoever on the current and future design or content of the linked pages. The inclusion of external links does not imply that the provider endorses the content behind the reference or link. Constant monitoring of external links is not reasonable for the provider without concrete evidence of legal violations. However, upon becoming aware of any legal violations, such external links will be deleted immediately.

§ 3 Copyright and Related Rights
The content published on this website is subject to German copyright and related rights. Any use not permitted under German copyright and related rights law requires the prior written consent of the provider or the respective rights holder. This applies in particular to the reproduction, adaptation, translation, storage, processing, or reproduction of content in databases or other electronic media and systems. Third-party content and rights are identified as such. The unauthorized reproduction or distribution of individual content or entire pages is prohibited and punishable by law. Only the creation of copies and downloads for personal, private, and non-commercial use is permitted.

Displaying this website within external frames is permitted only with written permission.

§ 4 Special Terms of Use
If special terms for specific uses of this website differ from the provisions set forth above, this will be expressly noted in the relevant section. In such cases, the special terms of use shall apply in each individual instance.

Privacy Policy

This Privacy Policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “Data”) within our online offering and the associated websites, features, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offering”). With regard to the terms used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Data Controller

Weserland Coworking
Felix Hofmann
Weserstrasse 21
12045 Berlin

Email address: contact@weser.land
Owner: Felix Hofmann

Types of data processed:

– Personal data (e.g., names, addresses).
– Contact details (e.g., email addresses, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., websites visited, content interests, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the website (hereinafter, we collectively refer to these individuals as “users”).

Purpose of the processing

– Providing the online service, its features, and content.
– Responding to contact requests and communicating with users.
– Security measures.
– Audience measurement/marketing

Terminology Used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any interaction with data.

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The term “controller” refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Relevant legal basis

In accordance with Article 13 of the GDPR, we are providing you with the legal bases for our data processing activities. Unless the legal basis is specified in the Privacy Policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing to fulfill our services, carry out contractual obligations, and respond to inquiries is Article 6(1)(b) of the GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

Safety measures

In accordance with Article 32 of the GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, and disclosure of the data, ensuring its availability, and maintaining its separation. Furthermore, we have established procedures to ensure that data subjects’ rights are upheld, data is deleted, and appropriate action is taken in response to data breaches. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Cooperation with Data Processors and Third Parties

If, in the course of our data processing activities, we disclose data to other individuals or companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, we do so only on the basis of a legal authorization (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR), you have given your consent, a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we engage third parties to process data on the basis of a so-called “data processing agreement,” this is done in accordance with Article 28 of the GDPR.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, we do so only if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual permissions, we process or have data processed in a third country only if the specific requirements of Art. 44 et seq. of the GDPR are met. This means that processing takes place, for example, on the basis of special safeguards, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the U.S. through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “Standard Contractual Clauses”).

Rights of data subjects

You have the right to request confirmation as to whether the relevant data is being processed, as well as access to that data, further information, and a copy of the data in accordance with Article 15 of the GDPR.

In accordance with Article 16 of the GDPR, you have the right to request that your personal data be completed or that any inaccurate personal data concerning you be corrected.

In accordance with Article 17 of the GDPR, you have the right to request that the relevant data be erased without delay; alternatively, in accordance with Article 18 of the GDPR, you have the right to request that the processing of the data be restricted.

You have the right to request that we provide you with the personal data concerning you that you have provided to us, in accordance with Article 20 of the GDPR, and to request that we transmit that data to other data controllers.

You also have the right, pursuant to Article 77 of the GDPR, to lodge a complaint with the competent supervisory authority.

Right of Withdrawal

You have the right to withdraw any consent you have given in accordance with Article 7(3) of the GDPR with future effect

Right to object

You may object at any time to the future processing of your personal data in accordance with Article 21 of the GDPR. In particular, you may object to the processing of your data for direct marketing purposes.

Cookies and the Right to Object to Direct Marketing

“Cookies” are small files that are stored on users’ computers. Various types of information can be stored in cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to a website. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent.” For example, the login status can be stored so that users can access it again after several days. Similarly, such a cookie can store the user’s interests, which are used for audience measurement or marketing purposes. “Third-party cookies” are cookies provided by providers other than the controller operating the online service (otherwise, if only the controller’s cookies are used, they are referred to as “first-party cookies”).

We may use both temporary and permanent cookies, and we provide further information about this in our Privacy Policy.

If users do not wish to have cookies stored on their computer, they are asked to disable the corresponding option in their browser’s settings. Stored cookies can be deleted in the browser’s settings. Disabling cookies may result in limited functionality of this website.

A general objection to the use of cookies for online marketing purposes can be submitted for a wide range of services—particularly in the case of tracking—via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in your browser settings. Please note that this may prevent you from using all features of this website.

Deletion of Data

The data we process will be erased or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this Privacy Policy, the data we store will be erased as soon as it is no longer necessary for the purposes for which it was collected and there are no legal retention obligations preventing its erasure. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with German legal requirements, records must be retained for a period of 10 years, in particular pursuant to Sections 147(1) of the German Fiscal Code (AO), 257(1)(1) and (4), (4) of the German Commercial Code (HGB) (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and for 6 years pursuant to § 257(1)(2) and (3), (4) of the German Commercial Code (HGB) (business correspondence).

In accordance with Austrian law, records must be retained for 7 years pursuant to § 132(1) of the Federal Tax Code (BAO) (accounting records, receipts/invoices, accounts, supporting documents, business papers, statements of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically supplied services, telecommunications, radio, and television services provided to non-business customers in EU member states for which the Mini One-Stop Shop (MOSS) is utilized.

Business-related processing

In addition, we process
– contract data (e.g., subject matter of the contract, term, customer category).
– payment data (e.g., bank details, payment history)
from our customers, prospects, and business partners for the purposes of providing contractual services, customer service and support, marketing, advertising, and market research.

Order Processing in the Online Store and Customer Account

We process our customers' data as part of the ordering process in our online store to enable them to select and order the products and services of their choice, as well as to facilitate payment, delivery, and fulfillment.

The data processed includes inventory data, communication data, contract data, and payment data; the individuals affected by this processing include our customers, prospective customers, and other business partners. The processing is carried out for the purpose of providing contractual services in connection with the operation of an online store, billing, delivery, and customer service. In this context, we use session cookies to store the contents of the shopping cart and persistent cookies to store the login status.

Data processing is based on Article 6(1)(b) (processing of orders) and (c) (legally required archiving) of the GDPR. The information marked as required is necessary for the establishment and performance of the contract. We disclose the data to third parties only in connection with delivery, payment, or within the scope of legal permissions and obligations toward legal advisors and authorities. The data is processed in third countries only if this is necessary for the fulfillment of the contract (e.g., at the customer’s request for delivery or payment).

Users have the option to create a user account, which allows them, in particular, to view their orders. During registration, users are informed of the required mandatory information. User accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data associated with the account will be deleted, unless retention is necessary for commercial or tax law reasons in accordance with Art. 6(1)(c) GDPR. Information in the customer account remains until its deletion, followed by archiving in the event of a legal obligation. It is the users’ responsibility to back up their data upon termination prior to the end of the contract.

When users register, log in again, or use our online services, we store their IP address and the time of the respective user action. This data is stored based on our legitimate interests, as well as the users’ interest in protection against misuse and other unauthorized use. This data is not disclosed to third parties under any circumstances, unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) of the GDPR.

Data will be deleted once statutory warranty obligations and similar obligations have expired; the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, the data will be deleted once those obligations have expired (at the end of the retention periods required under commercial law (6 years) and tax law (10 years)).

Third-party payment service providers

We use external payment service providers whose platforms allow users and us to process payment transactions (e.g., each with a link to their privacy policy): PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

We use payment service providers in connection with the performance of contracts pursuant to Article 6(1)(b) of the GDPR. In addition, we use external payment service providers based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes personal information, such as name and address; banking information, such as account numbers or credit card numbers; passwords, TANs, and verification codes; as well as details related to the contract, transaction amounts, and recipients. This information is required to process the transactions. However, the data entered is processed and stored solely by the payment service providers. This means we do not receive any account or credit card-related information, but only information confirming or rejecting the payment. In some cases, the payment service providers may transmit the data to credit bureaus. This transmission is intended for identity and creditworthiness verification. For this purpose, we refer you to the terms and conditions and privacy policies of the payment service providers.

Payment transactions are subject to the terms and conditions and privacy policies of the respective payment service providers, which are available on their respective websites or within their transaction applications. We also refer you to these documents for further information and to exercise your rights of withdrawal, access, and other data subject rights.

Web Hosting and Email Services

The hosting services we use are intended to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services, which we utilize for the purpose of operating this online offering.

In this context, we—or our hosting provider—process personal data, contact information, content data, contractual data, usage data, metadata, and communication data from customers, prospective customers, and visitors to this website based on our legitimate interest in providing this website efficiently and securely, in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a data processing agreement).

Collection of access data and log files

We, or rather our hosting provider, collect data regarding every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Article 6(1)(f) of the GDPR. The access data includes the name of the accessed webpage, the file, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address, and the requesting provider.

For security reasons (e.g., to investigate cases of misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data that must be retained for evidentiary purposes is exempt from deletion until the incident in question has been fully resolved.

Created using Datenschutz-Generator.de by Attorney Dr. Thomas Schwenke