The protection of your personal data is very important to us, which is why we would like to provide you with all the information about the processing and storage of your data when you visit our website and our companies. In order to be able to use all the functions and services of our site, it is necessary to collect your personal data. However, processing and storage is carried out solely in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (TDDG). Responsible body Uta Claußnitzer Feldkircher Straße 6 71522 Backnang-Maubach Email: uta@atelier-farbstil.de Further information can be found in the legal notice. COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE Note: In order to protect your data as comprehensively as possible from unauthorised access, we take technical and organisational measures and use an encryption method on our website. Your data is transferred via the Internet from your computer to our computer and vice versa using TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for data transmission on the Internet. You can usually recognise "TLS" by the closed padlock symbol in the status bar of your browser and the address beginning with https://.

COLLECTION OF ACCESS AND LOG DATA This website automatically collects and stores server log file information that your browser transmits to us. This includes: - Referrer (the previously visited website) - Requested website or file - Browser type and version - Operating system used - Type of device used - Time of access - IP address in anonymised form (used only to determine the location of access) The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. This is justified by the need to be able to identify indications of illegal use of our website. This anonymous data is stored separately from any personal data you may have provided and therefore does not allow any conclusions to be drawn about a specific person. Your personal data will not be passed on to third parties. Your personal data will not be transferred to third parties. We have concluded a data processing agreement in accordance with Art. 28 GDPR with the provider of this website, Onepage GmbH, based in Germany. They host the websites on servers belonging to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, as a subcontractor. Data transfers to Google LLC are subject to the Data Privacy Framework (adequacy decision for the USA). In this context, the following domains are accessed: static.onepage.io 1cdn.io Api-eu.onepage.io fonts.gstatic.com www.google.com The data collected is stored for 7 days in server log files, which your browser automatically transmits to us. We only store the server log files for longer in the event of attacks on our server infrastructure or other legal violations. This longer storage is based on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in preserving evidence.

ENQUIRIES VIA THE CONTACT FORM, E-MAIL AND TELEPHONE Any personal information that you provide to us on a voluntary basis will, of course, be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. A further legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 (1) lit. b) GDPR. All personal data that you provide to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final response has been sent to you, unless a contract is concluded. The retention period of 2 years is based on the fact that, in isolated cases, you may contact us again on the same matter after receiving a response and refer to the previous correspondence. Experience has shown that after 2 years, there are no further queries regarding our responses.

USE OF WEB ANALYSIS TOOLS AND COOKIES We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone via your browser when you visit a website. This serves to recognise the website visitor. Cookies can also provide us with information about how you use our website, enabling us to continuously improve its design. Cookies themselves do not contain any personal data about users; they are only used to clearly identify what our customers find interesting and useful on our website. We also use so-called "web beacons" (small graphic images, also known as "pixel tags" or "clear GIFs") on our website. They are used in conjunction with cookies to track general user behaviour on the website. The legal basis for the processing of personal data using cookies and other technologies is your consent in accordance with Art. 6 (1) (a) GDPR, which you give us via the so-called "consent banner" as soon as you visit our website for the first time. We use cookies for the following purposes: Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use the functions you require. Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This allows us, for example, to determine how we can better tailor our website to the habits of our users. The data processed by necessary cookies is required for the purposes listed below to protect our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR. Any use of cookies that is not technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 (1) (a) GDPR. Using our "Cookie Consent Tool", you can set which cookie categories you want to agree to when visiting our website. Once cookies have been stored, you can delete them at any time via your web browser settings or revoke your consent at any time. You can also adjust your web browser settings so that no cookies are stored. In this case, however, not all functions of our website may be available. In the context of data processing (with the help of cookies and similar techniques for processing usage data), we may use specialised service providers, particularly from the online marketing sector. These process your data on our behalf as processors, are carefully selected and contractually bound in accordance with Article 28 GDPR. All of the above-mentioned providers act as processors for us. Cookies are set through our homepage. These are text files that can be stored and output on your device. In addition to session cookies, which are deleted as soon as the browser is closed, there are also permanent cookies. Permanent cookies remain stored for a certain period of time beyond individual sessions. Technically necessary cookies and similar technologies are used, for example, to enable certain basic functions of our website (page navigation, display). For this purpose, information is stored on your device and read by us. In some cases, these cookies and similar technologies only contain information about certain settings and are therefore not personally identifiable. Without such cookies and similar technologies, our website would not function correctly. Our homepage specifically uses the following cookies:

TECHNICALLY NECESSARY Cookie name Provider Validity Cookie category Purpose ONEPAGE_COOKIE_SETTINGS_V1 Website operator Persistent Technically necessary Stores visitors' settings regarding cookies and other technologies STATISTICS Cookie name Provider Validity Purpose one_stats_metadata static.onepage.io Persistent / Local Storage Collects statistical data on the behaviour of website users. Used for internal analysis. The legal basis for the use of the technically necessary cookies listed above is the fulfilment of the contract in accordance with Art. 6 (1) lit. b) GDPR and § 25 (1) TDDDG. For all other services, your consent in accordance with Art. 6 (1) lit. a) GDPR and, if applicable, other data protection laws is the legal basis. You can revoke your consent at any time with effect for the future. The processing is based on the initiation or execution of a contract. Data processing of business partners and customers Fulfilment of contractual obligations (Art. 6 (1) (b) GDPR) The purposes of data processing arise from the implementation of pre-contractual measures and the fulfilment of obligations arising from the concluded contract. Execution of our contracts with customers For the purpose of contract execution with you, we process master data such as your first and last name, your billing address and your billing and payment details. We use your email address for communication purposes. To fulfil legal obligations (Art. 6(1)(c) GDPR) The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfilment of storage and identification obligations, e.g. in the context of requirements for tax control and reporting obligations, and data processing in the context of requests from authorities. In this context, data may also be transferred to our appointed tax advisor. To fulfil our legitimate interests (Art. 6 para. 1 lit. f GDPR) We process the contact details of contact persons at customers, interested parties, suppliers and other business partners for communication by e-mail, telephone and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 (1) f) GDPR. The legitimate interest arises from the interest in conducting or initiating business relationships with customers, interested parties, suppliers and other business partners, as well as personal contact with contact persons. We generally exclude the transfer of data to third parties. Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data you have provided beyond the actual fulfilment of the contract with business partners. The legitimate interests here are, in particular, the selection of suitable business partners, the fulfilment of compliance measures, the assertion of legal claims, the defence against liability claims, the prevention of criminal offences and the regulation of damages resulting from the business relationship. Who receives the personal data you provide? Within the framework of contractual relationships, we may also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is contractually ensured in this regard.

Retention period Personal data is stored for as long as is necessary to fulfil the above-mentioned purposes. As a rule, this is 10 years to comply with tax law retention periods. Data processing for documentation of compliance with the GDPR Insofar as your data is processed on the basis of consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, we process your data exclusively for specific purposes and after providing separate information in order to be able to prove, within the scope of our accountability under Art. 5 (2) GDPR, that you have consented to the data processing in question. If you assert your rights as a data subject under the GDPR against us, we also process and store your data in order to be able to prove, within the scope of our accountability under Art. 5 (2) GDPR, that we have complied with the GDPR when processing your request. If you assert your rights under the GDPR against us, your data may be transferred to our external data protection consultant (SCALELINE Datenschutz). SOCIAL MEDIA I maintain the following social media presences: Instagram: https://www.instagram.com/atelier.farbstil/ Instagram is a product of Meta Platforms Inc. (formerly Facebook Inc.): Facebook.com/help/1561485474074139/?helpref=related Data processing by me: Maintaining the above-mentioned social media pages and placing advertisements Personal data entered on social media pages, such as comments, videos, images, likes, public messages, etc., are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our page and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place advertisements ("ads") on our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, which is in the interest of our public relations and communication. Page insights Social media platforms provide anonymised statistics and insights that help us gain insights into the types of actions people take on our site (so-called "page insights"). These page insights are generated based on certain information about people who have visited our site. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our pages. This processing of personal data is carried out by the social media platform and us as so-called joint controllers pursuant to Art. 26 GDPR. In the case of joint responsibility, a separate agreement must be concluded. Instagram: https://www.facebook.com/legal/terms/page_controller_addendum If you wish to object to specific data processing over which we have influence (e.g. deletion of comments), please contact us using the contact details above. Please note: The provision of your data is neither required by law nor contractually required, nor is it necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or participate in competitions. To contact us, please use the email address above. Data processing by the operator of the social media platform: In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, they are also considered to be another controller who carries out their own data processing. This means that the operator is also a separate controller under the GDPR. However, we have only limited influence on the data processing carried out by the operator. Where we can exert influence (e.g. through parameterisation), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in accordance with data protection regulations. In many cases, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in their own privacy policy: Facebook: www.facebook.com/help/568137493302217 When using the platform, your personal data is usually also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries have been certified by the European Commission as having an adequate level of protection. This means that the legal situation regarding privacy protection in these countries is comparable to that in the EU or the EEA. Further information on the current countries with adequacy decisions can be found here. Certifications under the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram) and Google (YouTube). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries. Please note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence over the web tracking methods used by the social media platform. For example, we cannot disable it. Please be aware that it cannot be ruled out that the provider of the social media platform may use your profile and behavioural data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform. Rights of data subjects Your rights as a data subject You have the right under Art. 15 (1) GDPR to request information about the personal data stored about you free of charge. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR. If the data processing is based on Art. 6 (1) e) or f) GDPR, you have a right to object under Art. 21 GDPR. If you object to data processing, it will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the interests of the data subject in objecting. If data processing is based on consent pursuant to Art. 6(1)(a), Art. 9(2)(a) or Art. 49(1)(a) GDPR, you may withdraw your consent at any time with effect for the future without affecting the lawfulness of the processing carried out to date. You also have the right to lodge a complaint with a data protection supervisory authority. In particular, the complaint can be lodged with a supervisory authority in the EU Member State of your place of residence, your place of work or the place of the alleged infringement. The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg PO Box 10 29 32 70025 Stuttgart Tel.: 0711/615541-0 Fax: 0711/615541-15 No automated decision-making We do not use automated decision-making or profiling. Provision Unless otherwise stated in the previous sections, the provision of personal data is neither required by law nor contractually required, nor is it necessary for the conclusion of a contract. Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example. This privacy policy was created in collaboration with the consulting firm SCALELINE Datenschutz. The legal texts are subject to copyright.