Privacy Policy

1. General information and scope

This privacy policy is intended to inform users of this website about the nature, scope and purpose of the collection and use of personal data by the website operator [see below] in accordance with the European General Data Protection Regulation (GDPR).
The website operator takes your data protection very seriously and treats your personal data confidentially and in accordance with the statutory provisions.
Please note that data transmission over the Internet can always be associated with security vulnerabilities. Complete protection against access by third parties is not possible.

2. Mandatory information

The responsible body for data processing on this website is:
Johanna Legnar
8 Wolfe Tone Street
Clonakilty
Cork P85 Y243
IRELAND

+49 1 57 72 07 18 03
johanna@legnar-design.com

The responsible body decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

3. Scope of processing personal data

We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. Processing is generally only carried out with the user’s consent. An exception applies in cases where prior consent cannot be obtained and processing is permitted by law.

4. Legal basis for processing

Art. 6(1)(a) GDPR – consent

Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures

Art. 6(1)(c) GDPR – legal obligation

Art. 6(1)(d) GDPR – vital interests

Art. 6(1)(f) GDPR – legitimate interest

5. Rights of data subjects

5.01 Right to information

You may request information from the controller as to whether personal data concerning you is being processed.

5.02 Right to rectification

You have the right to have inaccurate data rectified or incomplete data completed without delay.

5.03 Right to restriction of processing

Under certain conditions, you may request the restriction of processing.

5.04 Right to erasure (‘right to be forgotten’)

You may request the erasure of your personal data, provided that there are no legal retention obligations to the contrary.

5.05 Right to notification

The controller is obliged to notify all recipients of any rectification, erasure or restriction, unless this is impossible or involves disproportionate effort.

5.06 Right to object

You have the right to object to the processing of your data at any time for reasons arising from your particular situation. This applies in particular to direct marketing.

5.07 Automated decisions in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you.

5.08 Withdrawal of consent

Consent given for the processing of personal data may be withdrawn at any time.

5.09 Right to lodge a complaint with the competent supervisory authority

As a data subject, you have the right to lodge a complaint with a supervisory authority in the event of a breach of data protection law.

The competent authority for Ireland is the Data Protection Commission (DPC):
Data Protection Commission (DPC)
6 Pembroke Row
Dublin 2
D02 X963
Website: https://www.dataprotection.ie
Contact: https://forms.dataprotection.ie/contact
Telephone: +353 (01) 765 01 00 1800 437 737

You can also contact the supervisory authority of your usual place of residence or workplace.

5.10 Right to data portability

You have the right to receive data that we process automatically on the basis of your consent or for the performance of a contract in a machine-readable format or to have it transferred directly to a third party.

5.11 General right to information

Within the framework of the applicable legal provisions, you have the right to obtain information about your stored personal data free of charge at any time and, if necessary, the right to have it corrected, blocked or deleted.

6. SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect confidential content. You can recognise an encrypted connection by the ‘https://’ in the address bar and the lock symbol in the browser.

7. Content delivery networks (CDN) and website hosting

This website is operated by an external service provider (host). Personal data is processed and stored on the host’s servers (see also section 7.1 ‘Log files’).

Processed data may include, in particular:

  • IP addresses
  • Contact enquiries
  • Meta and communication data
  • Contract data
  • Contact details
  • Names
  • Website accesses
  • Other data generated in the course of using our website

Hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the legitimate interest of providing our website in a secure, fast and efficient manner (Art. 6(1)(f) GDPR).

Our host only processes your data within the scope of order processing in accordance with our instructions. A contract for order processing has been concluded.

Host of this website:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4–6
32339 Espelkamp
Telephone: +49 (0)5772 293-100

7.1 Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

Data collected:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Pages accessed
  • Host name of the accessing computer
  • Time of the server request
  • IP address

The access logs of the web servers record which pages were accessed and at what time. They contain the following data:
IP, directory protection user, date, time, pages accessed, logs, status code, data volume, referrer, user agent, host name accessed.

Storage by Mittwald:

The IP addresses are stored anonymously. To do this, the last one to three digits are removed, i.e. ‘127.0.0.1’ becomes ‘127.0.0.0’. IPv6 addresses are also anonymised. The anonymised IP addresses are stored for 60 days. Information about the directory protection user used is anonymised after one day.

Error logs, which log incorrect page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the website accessed.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in system security and optimisation).

8. Data processing outside the EU

8.1 Web fonts (Monotype)

This website uses ‘web fonts’ from Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA, for the uniform display of fonts.
When you visit the site, your browser loads the required web fonts from Monotype’s servers (fast.fonts.net). Your IP address is transmitted in the process.
The use of web fonts is in the interest of a uniform and appealing presentation of our website (Art. 6 para. 1 lit. f GDPR). Further information can be found in Monotype’s privacy policy.

9. Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter. A link on our website will redirect you to an external registration form. We use the service Omnisend UAB, Verkių g. 25C-1, LT-08223 Vilnius, Lithuania, to send and manage our newsletter.

9.1 Type of data processing

When you click on the link to subscribe to the newsletter, you will be redirected to the Omnisend platform. There you can register for our newsletter. The following personal data will be transmitted directly to Omnisend and processed there:

  • Email address (mandatory)
  • First name and surname (optional)
  • Selected areas of interest/topics (optional)
  • Time of registration
  • IP address (at the time of registration)

After registering, you will receive a confirmation email from us (double opt-in). Only after confirming your email address via the link in this email will your registration become effective and you will receive regular newsletters from us with information about our services and offers, as well as tips, news and special offers by email.

9.2 Purpose of processing

Your data is processed solely for the purpose of sending the newsletter and communicating with you in connection with this. Providing your name and selecting areas of interest enables us to tailor the newsletter content better to your interests.
The double opt-in procedure serves to verify that you are actually the owner of the email address provided and that you agree to receive the newsletter.

9.3 Legal basis

Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. You give this consent by registering for the newsletter via the Omnisend form and it is documented by confirmation in the double opt-in procedure.

9.4 Data transfer

Omnisend processes your data as a processor on our behalf. Omnisend’s headquarters are located in Lithuania, a member state of the European Union. No data is transferred to third countries outside the EU/EEA.
Omnisend has committed itself to complying with the General Data Protection Regulation (GDPR). A contract for order processing in accordance with Art. 28 GDPR has been concluded with Omnisend.
Further information on data processing by Omnisend can be found in their privacy policy: https://www.omnisend.com/privacy/

9.5 Storage period

Your data will be stored for the duration of your newsletter subscription with Omnisend. After unsubscribing from the newsletter, your data will be deleted, provided that there are no legal retention obligations to the contrary.
The data from the double opt-in procedure (time of registration, time of confirmation, IP address) will be stored for verification purposes for as long as you are subscribed to our newsletter.

9.6 Revocation of your consent and unsubscribing

You can revoke your consent to receive the newsletter at any time with future effect. The legality of the data processing carried out on the basis of your consent until revocation remains unaffected.

Unsubscription options:

  • Via the unsubscribe link at the end of each newsletter email
  • By email to: johanna@legnar-design.com
  • In writing to the address given in point 2

After you unsubscribe, your data will no longer be used for sending the newsletter and will be deleted in accordance with legal requirements.

9.7 Necessity of information

Only your e-mail address is required to subscribe to the newsletter. Providing your name and selecting areas of interest is voluntary and serves to better tailor the newsletter to your needs.