Thank you for taking an interest in my privacy notice!
This notice provides you with details of how I collect and process your personal data through your use of my website laurayeffeth.com.
Laura Yeffeth is the data controller and the one responsible for your personal data through your use of this website.
Full name of legal entity: Laura Yeffeth
Email address: email@example.com
Postal address: Bouchéstraße 15, 12435 Berlin, Germany
Telephone number: +49 0176 988 21092
How your data is collected
The main way your data is collected is when you fill out a the project planner or the contact form on the contact page.
Your data is also collected if you send me an email, call me, text me, message me on social media or any other communication you send me.
Your data is also collected if you submit the sign-up form for my newsletter.
If you become a client, I’ll collect contact and financial data from you in order to submit invoices and accept payments.
What types of data is collected
Communication data such as name, email address, and website URL.
Customer data includes data relating to any purchases of products or services such as your name, title, address, email address, phone number, contact details, purchase details and your card details.
Technical and usage data such as your IP address, details about your browser, time zone settings, the path you take through the website, the pages you view and how long you stay on the pages, what you do on the pages and details about the number of times you visit. I may also collect page response times, download errors, and other actions.
Marketing Data such as data about your preferences in receiving marketing from me and my third parties and your communication preferences. I process this data to enable you to partake in my promotions such as special offers on my services, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising.
I do not collect sensitive data such as race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, criminal convictions and offences.
I do not collect children’s data. This site is intended for use only by those who are 18 years of age or over. I do not target children, and do not knowingly collect any personal data from any person under 16 years of age. By providing me with your data, you warrant to me that you are over 16 years of age.
Where I am required to collect personal data by law, or under the terms of the contract between us and you do not provide me with that data when requested, I may not be able to perform the contract (for example, to deliver services to you). If you don’t provide me with the requested data, I may have to cancel a service you have ordered but if I do, I will notify you at the time.
I will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email me at firstname.lastname@example.org. In case I need to use your details for an unrelated new purpose I will let you know and explain the legal grounds for processing.
I may process your personal data without your knowledge or consent where this is required or permitted by law.
I do not carry out automated decision making or any type of automated profiling.
How and why your data is used
To communicate with you such as to learn about your business and provide a quote.
The legal basis for this is contract and legitimate interests.
To improve the website and your experience on it such as to learn how you navigate and use the site and what browsers or devices you access the website from in order to provide a better experience. As a UX designer creating a positive user experience for my website visitors is paramount. This information helps me to do this better on laurayeffeth.com.
The legal basis for this is legitimate interests.
Marketing purposes such as sending you emails and messages about my services and content. Before I share your personal data with any third party for their own marketing purposes I will get your express consent.
The legal basis for this is consent and legitimate interests.
Contractual purposes such as providing quotes, invoices, statements and payment reminders. I process this data to the supply products or services you have purchased and to keep records of these transactions.
The legal basis for this is contract.
More about the legal basis for processing your data
Processing your data is necessary for a contract you have with me, or because I have asked you to take specific steps before entering into a contract (such as filling out the project planner).
Processing your data is necessary for my legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.
These legitimate interests are:
- To reply to communications you send me
- To keep records sent to me
- To establish, pursue or defend legal claims
- To understand how you use the website and improve your experience
- To grow my business and decide on my marketing strategy
In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.
You have given clear consent for me to process your personal data for a specific purpose.
If you have previously given consent, you can withdraw that consent at any time by following the opt-out links on any marketing message sent to you or by emailing me directly at email@example.com.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchasing my services.
Who your data may be shared with
I may have to share your personal data with the parties set out below:
- Service providers who provide IT, system administration, customer relationship manager (CRM) and scheduling services
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require me to report processing activities
- Third parties to whom I sell, transfer, or merge parts of my business or assets
I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. I only allow such third parties to process your personal data for specified purposes and in accordance with my instructions.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of my third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever I transfer your personal data out of the EEA, I do my best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- I will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where I use certain service providers, I may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- If I use US-based providers that are part of EU-US Privacy Shield, I may transfer data to them, as they have equivalent safeguards in place.
If none of the above safeguards is available, I may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
How I secure your data
I have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. I also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on my instructions and they must keep it confidential.
I have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if I am legally required to.
I use SSL encryption, however no data transmission is guaranteed to be 100% secure. You provide personal data at your own risk.
How long I keep your data
I will only retain your personal data for as long as necessary to fulfill the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for I look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires me to keep basic information about my customers (including contact, identity, financial and transaction data) for ten years.
In some circumstances I may anonymize your personal data for research or statistical purposes in which case I may use this information indefinitely without further notice to you.
Your rights and choices
You can choose not to give me your personal data
I collect personal data through the forms on this website so if you don’t fill out these forms, I won’t have your personal data. You may still browse the website, but I will not be able to contact you or provide you with a quote for your project.
You can turn off cookies in your browser
You can ask me not to use your data for marketing
I will ask you before using your personal data for marketing. If you’ve given me consent to use your data for marketing, you can change your mind. All marketing emails I send will have the option to unsubscribe which you can use to opt out of further marketing emails. You can also opt out from marketing by emailing me at firstname.lastname@example.org.
The right to access
You have the right to access any personal data I hold about you.
The right to rectification
You have the right to correct any inaccurate personal data I may have about you. It is important that the information I hold about you is accurate and up to date.
The right to erasure
Also known as the right to be ‘forgotten’, you can ask me to erase any personal data I hold about you.
The right to restrict processing
You have the right to request that I restrict the processing of your personal data.
The right to portability
You have the right to port your data to another service. I will give you a copy of your data in machine-readable format so that you can provide it to another service.
The right to object to processing
You have the right to object to the processing of your personal data if such processing is not reasonably required for a legitimate business purpose or to comply with the law. In regard to marketing, you have the right to object (opt out) at any time.
The right to lodge a complaint
You have the right to complain to a data protection authority about my collection and use of your personal information. Contact details for data protection authorities are available here.
Please contact me first if you do have a complaint so that I can try to resolve it for you.
If you wish to exercise any of the rights set out above, please email me at email@example.com
I try to respond to all legitimate requests within one month. If your request is particularly complex or if doing so would adversely affect the rights and freedoms of others, it may take longer than a month, in which case I will notify you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third-party websites and am not responsible for their privacy statements. When you leave my website, I encourage you to read the privacy notice of every website you visit.