SusanMilan.com herewith informs you about the processing of personal data for which they are responsible in the sense of the EU General Data Protection Regulation (GDPR).
Apart from sending us a letter, you may contact us at any time via hello@SusanMilan.com
Below we have compiled the most important information on typical data processing for you, broken down by groups of data subjects. For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term “data” is used, only personal data within the meaning of the GDPR are meant.
1. Website Visitors
2. Customers and Respective Contacts
3. Communication Partners, Artists, Externals
1.1 Server protocol data
Our web server processes a series of data for each request, which your browser automatically transmits to our web server. This data comprises the IP address currently assigned to your device, the date and time of the request, the time zone, the specific page or file called up, the http status code and the amount of data transferred. Additionally, the website from which your request came, the browser used, the operating system of your end device and the set language. The web server uses this data to display the contents of this website in the best possible way on your device.
1.2 Web analysis with Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. IP anonymization is activated for this website, meaning Google will shorten your IP address within the European Union or in another contracting state to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information as a processor according to Art. 28 GDPR to evaluate your use of the website, to compile reports on the website activities and to provide the website’s operator with further services connected with the use of the website and the internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
1.3 Web analysis with Google AdWords
ion tracking, another Google analysis service. Google AdWords uses temporary cookies that are stored on your computer for a short time when you click on an SusanMilan.com ad. The information generated by the cookie about your use of this website after the advertisement has been clicked is usually transferred to a Google server in the USA and stored there. Google will use this information as a contractually designated processor pursuant to Art. 28 GDPR to evaluate your use of the website after the advertisement has been clicked and to compile reports on these website activities.
1.4 The purpose of data processing is to present SusanMilan.com on the internet and to communicate with job candidates, interested parties, customers and business partners. The purpose of evaluating user behaviour on the website is to design the website in line with their requirements.
1.5 The legal basis for processing is Art. 6 (1)(b) GDPR (contract of use for the website). The legal basis for the analysis of user behaviour is Art. 6 (1) (f) GDPR (legitimate interest, namely the demand-oriented design of the website).
1.6 Protocol and communication data will not be transferred to third parties unless special circumstances have arisen. If a criminal offence is suspected or in the course of an investigation, data may be transferred to the police and the public prosecutor’s office. We use service providers to process orders for the provision of our services, in particular for the provision, maintenance and servicing of IT systems.
1.7 IP addresses are anonymised after 24 hours at the latest. Pseudonymous user data is deleted after a period of six months.
1.8 The use of the website is not possible without disclosure of personal data, such as the IP address. Communication via the website without providing data is not possible. The use of the website is also possible if the pseudonymous user analysis was denied.
2.1 We process your data for the purpose of performing the obligations stemming from our contractual relationship. This also includes consulting, support and information about product innovations and new products.
2.2 The legal basis for processing the data of customers who are natural persons is Article 6 (1) (b) GDPR (contract) and Article 6 (1) (c) GDPR (legal obligations). The legal basis for the processing of contact data for customers who are not natural persons is Article 6 (1) (f) GDPR (legitimate interest, namely communication with the customer). The legal basis for information on products is Article 6 (1) (f) GDPR (legitimate interest, namely advertising).
2.3 Banks may be recipients of data for the processing of payments. In individual cases, data may be transferred to debt collection service providers, lawyers and courts. We also use service providers to process orders for the provision of our services, in particular for the provision, maintenance and servicing of IT systems.
2.4 All data relevant to contracts and book keeping shall be stored for a period of ten calendar years after the contract’s end in accordance with tax and commercial law retention periods.
2.5 The provision of data is obligatory for customers based on statutory and contractual regulations. The contractual relationship cannot be established and carried out without providing data.
3.1 The purpose of the processing is the preparation and execution of a contractual relationship or other communication.
3.2 With respect to contracts with natural persons, the legal basis for processing is Art. 6 (1) (b) GDPR (contract or contract initiation), whereas for contracts with legal persons Art. 6 (1) (f) GDPR (legitimate interest, namely communication with contact persons relevant to the contract) and Art. 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions) apply. If just communication concerned, the legal basis is Article 6(1) (f) GDPR (legitimate interest, namely documentation of communication processes).
3.3 Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract or order. We also use service providers to process orders for the provision of our services, in particular for the provision, maintenance and servicing of IT systems.
3.4 Data of contract partners and service providers shall be deleted ten calendar years after termination of the contract or order.
3.5 The processing of contact data on part of the service providers and business partners is necessary to execute the contract or order. If the data is not provided, the communication may be considerably impaired.