Date: June 12, 2025
I care about protecting your personal data. I treat your information confidentially and use it exclusively as outlined in this data protection policy declaration.
You can use my website (hereinafter also referred to as “this website”) without providing any personal data. However, if you wish to access certain services, it may be necessary to process such data. In cases where there is no legal basis for this, I will generally request your consent first.
The processing of personal data, including details such as name, address, email address or telephone number, is carried out in accordance with the General Data Protection Regulation (GDPR) and the relevant national data protection laws. This privacy policy sets out to inform the public about the type, scope and purpose of the personal data collected, used and processed in the course of my business activities. It also explains the rights to which data subjects are entitled.
I have implemented a range of technical and organisational measures to ensure the highest possible level of protection for personal data processed through this website. However, data transmission over the Internet can involve security risks, and absolute protection cannot be guaranteed. For this reason, data subjects are free to provide personal data to me by alternative means, such as by telephone.
The Controller within the meaning of the General Data Protection Regulation, other applicable data protection laws in the Member States of the European Union, and other provisions relating to data protection is:
Carolyn Gelsomino (hereinafter also referred to as “the Controller”)
An der Forst 5
38527 Meine
Germany
Phone.: +491772427689
Email: info@cgelsomino.com
Website: www.cgelsomino.com
This website uses cookies, which are text files stored on your computer by your internet browser.
Many websites and servers use cookies, which often contain what is known as a cookie ID. A cookie ID is a unique identifier consisting of a string of characters that enables websites and servers to associate the cookie with the specific internet browser in which it was stored. This allows the websites and servers visited to distinguish the individual browser of a data subject from other internet browsers that store different cookies. In this way, a specific browser can be recognised and identified by its unique cookie ID.
By using cookies, I am able to offer users of this website more user-friendly services that would not be possible without them.
By means of a cookie, the information and offers on this website can be tailored more closely to the needs of the user. As mentioned above, cookies enable me to recognise visitors to this website, with the aim of making it easier for them to use. For example, a user who accepts cookies does not need to enter their login details each time they visit, as this is handled automatically by the website through the cookie stored on the user’s computer. Another example is the shopping cart cookie in an online shop, which allows the store to remember the items a customer has placed in their virtual cart.
Data subjects may at any time prevent cookies from being set by this website by adjusting the settings of their internet browser, thereby permanently refusing the use of cookies. Cookies that have already been set can also be deleted at any time via the internet browser or other software programmes. This option is available in all commonly used internet browsers. If cookies are disabled in the browser, certain functions of this website may not be fully available.
When a data subject or an automated system accesses this website, a range of general data and information is collected and stored in the server log files. This may include: (1) browser type and version used, (2) operating system of the accessing device, (3) website from which the user arrived at this site (the so-called referrer), (4) sub-pages accessed, (5) date and time of access, (6) Internet Protocol (IP) address, (7) internet service provider of the accessing system, and (8) other similar data and information that may be relevant for protecting my information technology systems in the event of an attack.
When using this general data and information, I do not draw any conclusions about the data subject. This information is used solely to (1) deliver the content of my website correctly, (2) optimise the content of my website and its advertising, (3) ensure the long-term functionality of my information technology systems and website infrastructure, and (4) provide law enforcement authorities with the information required for criminal prosecution in the event of a cyber-attack. I may also analyse anonymised data and information for statistical purposes, with the aim of enhancing the data protection and security measures of my business and ensuring the highest possible level of protection for the personal data I process. The anonymised data contained in the server log files are stored separately from all personal data provided by a data subject.
This website contains information that enables quick electronic contact with my business, as well as direct communication with me, including a general address for electronic mail (email address). If a data subject contacts me by email or via a contact form, the personal data provided by the data subject will be stored automatically. Any such personal data, submitted voluntarily to me as the data Controller, is stored for the purpose of processing the enquiry or making contact with the data subject. This personal data is not disclosed to third parties.
This website may offer users the opportunity to leave individual comments on specific blog posts published on my blog. A blog is a publicly accessible, web-based platform through which one or more individuals, known as bloggers, can publish articles or share thoughts in so-called blog posts. These blog posts can usually be commented on by third parties.
If a data subject leaves a comment on the blog published on this website, the comment itself, the date of the comment and the user’s chosen pseudonym will be stored and published. In addition, the IP address assigned by the internet service provider (ISP) to the data subject will also be logged. This storage of the IP address is for security purposes and in case the comment violates the rights of third parties or contains illegal content. The storage of this personal data is therefore in my legitimate interest, enabling me to defend myself in the event of an infringement. This personal data will not be disclosed to third parties unless required by law or necessary for the defence of the Controller’s legal rights.
The Controller processes and stores the personal data of a data subject only for as long as is necessary to achieve the purpose for which it was collected, or where such storage is permitted by the European Union legislator or other competent legislators in laws or regulations to which I am subject.
Once the purpose of storage no longer applies, or any retention period prescribed by the European Union legislator or another competent legislator has expired, the personal data will be routinely restricted or erased in accordance with the applicable legal requirements.
Each data subject has the right, as granted by the European Union legislator, to obtain from the Controller confirmation as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact me at any time.
Every data subject has the right, as granted by the European Union legislator, to obtain from the Controller, free of charge, information at any time about their personal data that is being stored, as well as a copy of that information. In addition, under the European Union’s regulations, the data subject has the right to access the following details:
Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the Controller.
Every data subject has the right, as granted by the European Union legislator, to obtain from the Controller, without undue delay, the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may contact me at any time.
Every data subject has the right, as granted by the European Union legislator, to obtain from the Controller the erasure of personal data concerning them without undue delay, and the Controller is obliged to erase such personal data without undue delay where one of the following grounds applies, provided that the processing is not necessary:
If one of the aforementioned grounds applies and a data subject wishes to request the erasure of personal data stored by the Controller, they may contact the Controller at any time. The Controller will ensure that the erasure request is acted upon without delay.
Where the Controller has made personal data public and is obliged, pursuant to Article 17(1) GDPR, to erase that personal data, the Controller shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other Controllers processing the personal data that the data subject has requested the erasure by such Controllers of any links to, or copies or replications of, those personal data, insofar as processing is not required. The Controller will take the necessary measures on a case-by-case basis.
Every data subject has the right, as granted by the European Union legislator, to obtain from the Controller the restriction of processing where one of the following applies:
If one of the aforementioned conditions applies and a data subject wishes to request the restriction of the processing of personal data stored by the Controller, they may contact the Controller at any time. The Controller will ensure that the restriction of processing is implemented.
Every data subject has the right, as granted by the European Union legislator, to receive the personal data concerning them, which they have provided to a Controller, in a structured, commonly used and machine-readable format. They also have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, or on a contract pursuant to point (b) of Article 6(1) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Furthermore, in exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have personal data transmitted directly from one Controller to another, where this is technically feasible and does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the data subject may contact me at any time.
Every data subject has the right, as granted by the European Union legislator, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) GDPR. This right also applies to profiling based on these provisions.
Following an objection, the Controller will no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or where the processing is necessary for the establishment, exercise or defence of legal claims.
If the Controller processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This right also applies to profiling to the extent that it is related to direct marketing. Where the data subject objects to the processing of personal data for direct marketing purposes, the Controller will cease processing the personal data for these purposes.
The data subject also has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them by the Controller for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may contact the Controller at any time. Furthermore, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject is free to exercise their right to object by automated means using technical specifications.
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data Controller, or (2) is not authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data Controller, or (2) it is based on the data subject’s explicit consent, the Controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, contact me at any time.
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, contact me at any time.
This website uses the Google Analytics component with the anonymisation function enabled. Google Analytics is a web analytics service. Web analytics involves the collection, gathering and analysis of data about the behaviour of visitors to websites. Such a service collects, among other things, data about the website from which a person arrived (the so-called referrer), which sub-pages were visited, how often they were visited and for how long each sub-page was viewed. Web analytics is primarily used to optimise a website and to conduct a cost–benefit analysis of internet advertising.
The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
For web analytics via Google Analytics, the Controller uses the “_gat._anonymizeIp” application. This application ensures that the IP address of the data subject’s internet connection is shortened by Google and anonymised when the website is accessed from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse traffic on my website. Google uses the data and information collected, among other things, to evaluate the use of this website, to compile online reports on website activity and to provide other services relating to the use of this website.
Google Analytics places a cookie on the data subject’s information technology system. The definition of cookies is explained above. By setting this cookie, Google is enabled to analyse the use of this website. Each time one of the individual pages of this website, operated by the Controller and incorporating a Google Analytics component, is accessed, the internet browser on the data subject’s information technology system automatically transmits data to Google via the Google Analytics component for the purposes of online advertising and commission settlement. In the course of this technical procedure, Google gains access to personal information, such as the data subject’s IP address, which it uses, among other things, to identify the origin of visitors and clicks and to prepare commission statements.
The cookie stores personal information such as the time of access, the location from which the access was made, and the frequency with which the data subject visits my website. Each time my website is accessed, such personal data – including the IP address of the internet connection used by the data subject – is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America, and Google may share them with third parties where collected through this technical procedure.
As stated above, the data subject may at any time prevent the setting of cookies by my website through an appropriate adjustment of the web browser used, thereby permanently refusing the setting of cookies. Such an adjustment would also prevent Google Analytics from placing a cookie on the data subject’s information technology system. Furthermore, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programmes.
In addition, the data subject may object to the collection of data generated by Google Analytics in connection with the use of this website, as well as to the processing of such data by Google, and may prevent this from occurring. To do so, the data subject must download and install a browser add-on available at https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics, via a JavaScript function, that no data or information relating to visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is regarded by Google as an objection.
If the data subject’s information technology system is later deleted, formatted or newly installed, the browser add-on must be reinstalled in order to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject, or by another person within their sphere of responsibility, it may be reinstalled or reactivated.
Further information and the applicable data protection provisions of Google can be found at:
https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/ .
The Controller has integrated components of LinkedIn Corporation into this website. LinkedIn is a web-based social network that enables users to connect with existing business contacts and establish new ones. With over 400 million registered users in more than 200 countries, LinkedIn is currently the largest platform for business networking and one of the most visited websites in the world.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES, the responsible entity is LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time one of the individual pages of this website, operated by the Controller and containing a LinkedIn component (LinkedIn plug-in), is accessed, the internet browser on the data subject’s information technology system is automatically prompted to download a display of the corresponding LinkedIn component from LinkedIn. Further information about the LinkedIn plug-in can be found at https://developer.linkedin.com/plugins. During this technical process, LinkedIn becomes aware of the specific sub-page of my website that the data subject has visited.
If the data subject is logged in to LinkedIn at the same time, LinkedIn detects, with each visit to my website and for the entire duration of the session, which specific sub-page of my website the data subject has accessed. This information is collected via the LinkedIn component and linked to the data subject’s LinkedIn account. If the data subject clicks on one of the LinkedIn buttons integrated into my website, LinkedIn associates this action with the data subject’s personal LinkedIn account and stores the related personal data.
LinkedIn receives information via the LinkedIn component that the data subject has visited this website, provided the data subject is logged in to LinkedIn at the time of accessing this site. This occurs regardless of whether the data subject clicks on the LinkedIn button or not. If the data subject does not wish such information to be transmitted to LinkedIn, they may prevent this by logging out of their LinkedIn account before visiting my website.
LinkedIn provides, at https://www.linkedin.com/psettings/guest-controls, options to unsubscribe from email messages, SMS messages and targeted advertising, as well as to manage advertising settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame. The setting of such cookies can be refused via https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.
This website uses the Shariff component. The Shariff component provides social media buttons designed to comply with data protection requirements. Shariff was developed for the German computer magazine c’t and is published by GitHub, Inc. The developer’s address is GitHub, Inc., 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, United States.
Typically, the button solutions offered by social networks transmit personal data to the respective social network as soon as a user visits a website containing such a button. By contrast, the Shariff component only transfers personal data to social networks when the visitor actively clicks on one of the social media buttons. Further information on the Shariff component can be found in c’t magazine at http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-ct-Shariff-ist-im-Usatz-2470103. Html provided. he use of the Shariff component is intended to protect the personal data of visitors to my website while enabling the integration of a social network button solution on this website.
Further information and the applicable data protection provisions of GitHub can be found at https://help.github.com/articles/github-privacy-policy/.
When accessing certain sub-services of my website, additional personal data, such as contact details including name and email address, are processed for the purpose of displaying and selecting available appointments.
If I request a user’s consent to the use of third-party providers, the legal basis for processing the data is that consent. Their use may also form part of my (pre-)contractual services, provided that the use of such third-party providers has been agreed in this context. In all other cases, user data is processed on the basis of my legitimate interests, namely my interest in providing efficient, economical and user-friendly services. In this context, I also refer to the information on the use of cookies in this privacy policy.
Data is transferred to the processor Calendly, Inc., 115 E Main St., Ste. A1B, Buford, GA 30518, USA, represented by DPO Centre Europe, Friedrichstraße 88, 10117 Berlin, Germany, eurep@calendly.com, Website: https://calendly.com/de; Privacy Policy: https://calendly.com/pages/privacy. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Article 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient has committed to complying with the data processing principles of the Data Privacy Framework (DPF).
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which the Controller obtains consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party – for example, when processing is required to supply goods or provide a service – the legal basis is Article 6(1)(b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, such as responding to enquiries about my services.
If the Controller is subject to a legal obligation that requires the processing of personal data, for example to meet tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This could be the case, for instance, if a visitor were injured during a meeting and their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In such circumstances, the processing would be based on Article 6(1)(d) GDPR.
Finally, processing may be based on Article 6(1)(f) GDPR, where it is necessary for the purposes of the legitimate interests pursued by myself or by a third party, provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data. This legal basis is particularly relevant where the data subject is a client of the Controller, as noted in Recital 47, point 2 of the GDPR.
Where the processing of personal data is based on Article 6(1)(f) GDPR, my legitimate interest is the operation of my business for the benefit of my professional activities and the satisfaction of my clients.
The period for which personal data is stored is determined by the applicable statutory retention period. Once this period has expired, the corresponding data will be routinely deleted, provided it is no longer required for the performance of a contract or the initiation of a contract.
The Controller explicitly states that the provision of personal data is, in some cases, required by law (for example, under tax regulations) or may result from contractual requirements (for example, details of the contracting party). In certain circumstances, it may be necessary, in order to conclude a contract, for the data subject to provide me with personal data that I must subsequently process. For example, the data subject is obliged to provide me with personal data when I enter into a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
Before providing personal data, the data subject may contact me to clarify whether the provision of personal data is required by law or by contract, or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences would be of not providing such data.
As a responsible business owner, I do not use automated decision-making or profiling.
***
This Data Privacy has been created based on the Privacy Policy Generator provided by DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as External Data Protection Officer Schwaben, in cooperation with the Data Protection Lawyers at WILDE BEUGER SOLMECKE | Rechtsanwälte.