Privacy Policy

Controller
Cordula Böck
Hauptstr. 56 a
86825 Bad Wörishofen

Email address: support@cybersecureguard-121fb46.ingress-daribow.ewp.live

Imprint: https://cybersecureguard.org/imprint

 

Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

 

Categories of Data Subjects

  • Service recipients and clients
  • Interested parties
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of Processing

 

Relevant Legal Bases
Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or establishment may apply. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National data protection regulations in Germany:
In addition to the GDPR’s data protection regulations, national data protection regulations apply in Germany. In particular, this includes the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, as well as automated individual decision-making including profiling. Additionally, data protection laws of the individual federal states may also apply.

 

Note on the Applicability of the GDPR and the Swiss DPA: These data protection notices serve to provide information both under the Swiss Federal Act on Data Protection (DPA) and the General Data Protection Regulation (GDPR). For this reason, we kindly ask you to note that due to the broader geographical application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “Bearbeitung” (processing) of “Personendaten” (personal data), “überwiegendes Interesse” (overriding interest), and “besonders schützenswerte Personendaten” (sensitive personal data) used in the Swiss DPA, the terms “Verarbeitung” (processing) of “personenbezogene Daten” (personal data), “berechtigtes Interesse” (legitimate interest), and “besondere Kategorien von Daten” (special categories of data) used in the GDPR are applied. However, the legal meaning of the terms is still determined by the Swiss DPA within the scope of its applicability.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the varying likelihoods and severity of risks to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

These measures particularly include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, entry, disclosure, ensuring availability, and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data from the very beginning of the development or selection of hardware, software, and procedures, in line with the principle of data protection by design and by default.

Securing Online Connections through TLS/SSL Encryption Technology (HTTPS)

To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

 

Transmission of Personal Data

In the course of our processing of personal data, it may happen that this data is transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data Processing in Third Countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or the disclosure or transmission of data to other persons, entities, or companies (which can be recognized by the postal address of the respective provider or if the privacy policy explicitly refers to data transfer to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This dual protection ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard contractual clauses serve as an additional safeguard. Should there be changes within the DPF, the standard contractual clauses serve as a reliable fallback option. This is how we ensure that your data remains adequately protected even in the event of any political or legal changes.

For individual service providers, we inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov.

For data transfers to other third countries, corresponding security measures apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission.

 

 

Deletion of Data

We delete the data we process in accordance with legal requirements as soon as the consent originally permitting the processing is revoked, or other legal bases cease to apply (e.g., when the purpose for processing the data no longer exists, or the data is no longer necessary for that purpose).

If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes only. This means the data will be blocked and not processed for any other purposes.

This applies, for example, to data that must be retained for commercial or tax law reasons, or data whose storage is necessary for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person.

Our privacy policy may include additional information about the storage and deletion of data that applies specifically to certain processing operations.

 

Rights of Data Subjects

As a data subject under the GDPR, you have various rights, particularly those set out in Articles 15 to 21 GDPR:

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to direct marketing.

Right to Withdraw Consent

You have the right to withdraw consent at any time.

Right of Access

You have the right to request confirmation as to whether personal data concerning you is being processed, and, where this is the case, access to the data and additional information in accordance with legal requirements.

Right to Rectification

You have the right, in accordance with legal requirements, to request the completion of incomplete personal data or the correction of inaccurate personal data concerning you.

Right to Erasure and Restriction of Processing

You have the right, in accordance with legal requirements, to request the immediate deletion of personal data concerning you, or alternatively to request a restriction of processing.

Right to Data Portability

You have the right, in accordance with legal requirements, to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transfer to another controller.

Right to Lodge a Complaint

Without prejudice to other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

 

Use of Cookies

Cookies are small text files or other storage identifiers that store information on end devices and allow information to be read from them.
For example, they can store login status, shopping cart contents, accessed pages, or used functions.

Cookies can also serve various purposes, such as ensuring the functionality, security, and convenience of online services, or analyzing visitor flows.

Notes on Consent

We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless it is not legally required.

Consent is not required when storing or retrieving information (including cookies) is strictly necessary to provide a telemedia service explicitly requested by the user (i.e., our online service).

Strictly necessary cookies typically include those related to:

  • displaying and operating the online service

  • load balancing

  • security

  • storing user preferences and settings

  • functions required to provide the main and ancillary features of the requested service

Revocable consent is clearly communicated to users and includes information about each cookie’s purpose.

Legal Basis for Cookie Processing

The legal basis for processing personal data using cookies depends on whether we request user consent.
If users consent, the legal basis is that consent.
Otherwise, cookie data is processed based on our legitimate interests (e.g., the economical operation and usability of our online service) or when necessary for the performance of contractual obligations.

We clarify the specific purposes for which we process cookie data throughout this privacy policy or in the context of our consent and processing procedures.

 

Storage Duration

Regarding the storage duration of cookies, the following types are distinguished:

Temporary Cookies (Session Cookies)

Temporary cookies are deleted at the latest once the user leaves the online service and closes the device (e.g., browser or app).

Permanent Cookies

Permanent cookies remain stored even after closing the device.
For example, they may store login status or show preferred content when the user returns.
They may also be used for analytics and reach measurement.

Unless explicitly stated, users should assume that cookies are permanent and may be stored for up to two years.

 

General Information on Withdrawal and Objection (Opt-Out)

Users can withdraw consent at any time and may object to processing in accordance with legal requirements.

This includes restricting cookie use in browser settings (although this may affect website functionality).
Users can also object to cookies used for online marketing via the following websites:

 

Legal Bases

  • Legitimate Interests (Art. 6(1)(f) GDPR)

  • Consent (Art. 6(1)(a) GDPR)

 

Additional Notes on Processing

Processing Cookie Data Based on Consent

I use a cookie consent management system that collects, stores, manages, and allows users to withdraw their consent for cookie usage and related data processing.

Consent may be stored server-side and/or in an opt-in cookie or similar technology.
Unless otherwise specified, consent may be stored for up to two years.

A pseudonymous user ID is generated and stored together with:

  • the time of consent

  • the scope of consent (e.g., cookie categories, service providers)

  • browser, system, and device information

Legal Basis: Consent (Art. 6(1)(a) GDPR).

 

 

Blogs and Publication Media

I use blogs or comparable online communication and publication tools (“publication media”). I only process readers’ data to the extent necessary for displaying the publication media, enabling communication between authors and readers, or ensuring security. For all other aspects of visitor data processing, please refer to the relevant sections of this privacy policy.

Categories of processed data:
Inventory data (e.g., names, addresses);
Contact data (e.g., email, phone numbers);
Content data (e.g., entries in online forms);
Usage data (e.g., visited pages, interest in content, access times);
Meta, communication, and process data (e.g., IP addresses, timestamps, identifiers, consent status).

Data subjects: Users (e.g., website visitors, online service users).
Purposes: Fulfillment of contractual duties; collecting feedback; providing and improving my online services; security measures.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Gravatar Profile Images

I use Gravatar for profile images within my online services, especially on the blog.
Gravatar allows users to upload profile images associated with their email address. When users comment using an email address linked to Gravatar, the profile image may appear next to their comment.

The user’s email address is transmitted to Gravatar in encrypted form solely to check whether a profile exists. It is not used for any other purpose and is deleted afterward.

I use Gravatar based on my legitimate interests, as it allows commenters to personalize their posts.
To display images, Gravatar must receive users’ IP addresses — this is technically necessary.

If users do not want their Gravatar image to appear, they should use an email address not linked to Gravatar. Anonymous commenting is also possible.

Users can avoid the transmission entirely by not using my comment system.

Service provider: Aut O’Mattic A8C Ireland Ltd., Dublin
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

 

Audio Content

I use hosting and analytics services to provide audio content for streaming and download and to obtain statistical insights into access and usage.

Processed data: Usage data; meta/communication/process data
Data subjects: Users
Purposes: Reach measurement; conversion measurement; creation of user profiles; providing and improving my online services
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

 

 

Newsletter and Electronic Notifications

I send newsletters, emails, and other electronic notifications only with the consent of recipients or where legally permitted. If the newsletter content is described during signup, that description determines the scope of consent. Typically, my newsletters contain information about my services and activities.

To subscribe, providing an email address is sufficient. Additional information (e.g., name) may be requested for personalization.

Double Opt-In

Newsletter registration follows a double opt-in process:
After signing up, users receive an email requesting confirmation. This prevents unauthorized signups.

I log the registration process to comply with legal requirements (timestamps, IP address, changes to stored data).

Deletion and Restriction

I may store unsubscribed email addresses for up to three years based on legitimate interests to prove past consent.
Upon request, deletion is possible at any time.

Opt-out

Users may unsubscribe at any time via the link included in every newsletter or by contacting me directly.

Legal basis:
Consent (Art. 6(1)(a) GDPR)
Legitimate interests (Art. 6(1)(f) GDPR)

Aweber

I use Awever for sending and managing newsletters.

 

Web Analytics, Monitoring, and Optimization

I use web analytics (“reach measurement”) to analyze how visitors interact with my online services, which helps me optimize functionality, content, and user experience.

Unless stated otherwise, profiles may be created for these purposes using cookies or similar technologies.

I use IP masking so that IP addresses are pseudonymized.
I do not store identifiable personal information like names or email addresses within analytics tools.

Purposes: Reach measurement; user profiling; improving my online services
Legal bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR)

Google Analytics 4

I use Google Analytics 4 to measure usage of my online services based on a pseudonymous user ID.
GA4 does not log or store individual IP addresses for EU users.

 

 

Presence on Social Networks (Social Media)

I maintain online presences within social networks and, in this context, process users’ data in order to communicate with active users on those platforms or to provide information about myself and my work.

I would like to point out that user data may be processed outside the European Union. This may pose risks for users, for example by making it more difficult to enforce their data protection rights.

In addition, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on users’ behavior and resulting interests. These profiles can be used to display advertisements inside and outside the platforms that are presumed to match users’ interests.

For these purposes, cookies are typically stored on users’ devices, capturing their usage behavior and interests. Moreover, such profiles may also store data independently of the devices used (particularly when users are registered members of the respective platforms and logged in).

For detailed information about the respective processing activities and opt-out options, I refer to the privacy policies and documentation of the individual platform operators.

In the event of data access requests or the exercise of data subject rights, I would like to note that these are most effectively addressed directly to the respective platform providers. Only they have access to the users’ data and can take appropriate actions or provide information.
If you nonetheless require assistance, you may contact me.

Categories of processed data:
Contact data (e.g., email, telephone numbers);
Content data (e.g., entries in online forms);
Usage data (e.g., visited pages, interest in content, access times);
Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).

Data subjects: Users (e.g., website visitors, online service users).
Purposes of processing: Responding to contact requests and communication; collection of feedback; marketing.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

 

Plugins and Embedded Features and Content

I integrate functional and content elements into my online services that are obtained from servers of their respective providers (“third-party providers”). These may include graphics, videos, or map embeds (collectively referred to as “content”).

The integration of such content always requires the processing of the users’ IP address, as the content cannot be sent to their browser without it. The IP address is therefore technically necessary for displaying this content. I strive to use only content whose providers use the IP address solely for delivering the respective content.

Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags allow for the evaluation of visitor traffic on this website. Pseudonymous information may also be stored in cookies on users’ devices and may contain technical data (browser, OS), referring websites, visit times, or additional usage information. These data may also be combined with information from other sources.

Categories of processed data:
Usage data (e.g., visited pages, interest in content, access times);
Meta/communication/process data (e.g., IP addresses, timestamps, IDs, consent status);
Inventory data (e.g., names, addresses);
Contact data (e.g., email, phone numbers);
Content data (e.g., online form entries).

Data subjects: Users (e.g., website visitors, online service users).
Purposes: Provision of online services and usability; feedback functionality.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

 

Additional Notes on Processing Tools and Services

Shariff

I use privacy-friendly “Shariff” social media buttons.
Shariff was developed to increase privacy and replace traditional share buttons. Instead of the user’s browser connecting to social networks directly, the server hosting this website connects to the social platforms—for example, to request the number of likes. Users remain anonymous.

More information about Shariff: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Service provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Privacy Policy: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html

 

YouTube Videos

For video embedding.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://www.youtube.com
Privacy Policy: https://policies.google.com/privacy
Third-country transfer: EU-US Data Privacy Framework (DPF)
Opt-out:
https://tools.google.com/dlpage/gaoptout
https://myadcenter.google.com/personalizationoff

 

Changes and Updates to This Privacy Policy

I kindly ask you to review this privacy policy regularly. I update it whenever changes in my data processing activities make this necessary. I will inform you if such changes require your cooperation (e.g., renewed consent) or individual notification.

Where this privacy policy includes addresses or contact information of companies or organizations, please note that such details may change over time. I recommend checking the information before contacting them.

CybersecureGuard
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.