Privacy
Data Protection:
This data protection statement explains the type, scope, and purpose of processing personal data (hereinafter referred to as “data”) within our online offering and associated websites, functions, and content, as well as external online presences, such as our social media profiles (collectively referred to as “online offering”). Regarding the terms used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Julia Messerschmidt – Carrer de Plaça 18, 07630 Campos – Mallorca, Spain.
Email: info@messerschmidthomes.com
Managing Director: Julia Messerschmidt
Types of Data Processed:
- Inventory data (e.g., names, addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of Data Subjects
Visitors and users of the online offering (hereinafter also referred to collectively as “users”).
Purpose of Processing:
- Providing the online offering, its functions, and content.
- Responding to contact inquiries and communication with users.
- Security measures.
- Reach measurement/marketing.
The term “personal data” refers to any information related to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., a cookie), or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
“Processing” refers to any operation or set of operations performed on personal data, whether by automated means or not. The term is broad and covers virtually any data handling.
“Profiling” refers to any form of automated processing of personal data aimed at evaluating certain personal aspects relating to a natural person, in particular to analyze or predict performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of the data subject.
“Controller” is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” refers to a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Relevant Legal Basis
In accordance with Art. 13 GDPR, we inform you about the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies:
- The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR.
- The legal basis for processing for the performance of our services and contractual measures or responding to inquiries is Art. 6(1)(b) GDPR.
- The legal basis for processing to comply with our legal obligations is Art. 6(1)(c) GDPR.
- The legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR.
In the event that the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.
Security Measures
We take appropriate measures in accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons. These measures include securing the confidentiality, integrity, and availability of data by controlling physical access to data, as well as access, input, transmission, and ensuring availability and separation of data. We also have procedures in place that ensure the exercise of data subject rights, deletion of data, and response to data breaches. Moreover, we take data protection into account in the development or selection of hardware, software, and procedures, according to the principle of data protection by design and by default (Art. 25 GDPR).
Cooperation with Processors and Third Parties
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transmit it to them, or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g., if data transfer to third parties, such as payment service providers, is necessary for contract fulfillment under Art. 6(1)(b) GDPR), your consent, a legal obligation, or based on our legitimate interests (e.g., when using agents, web hosting services, etc.). If we commission third parties to process data on the basis of a so-called “order processing contract,” this is done on the basis of Art. 28 GDPR.
Rights of the Data Subjects
You have the right to request confirmation as to whether data concerning you is being processed and to request information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR. You also have the right to request the correction of incorrect data or the completion of incomplete data concerning you (Art. 16 GDPR).
In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data under Art. 18 GDPR.