top of page

Privacy Notice for taro-donatella.de and Social Media Profiles

1) Controller and contact

1.1 Thank you for visiting our website. This notice explains how we process personal data when you use our site. Personal data means any information that identifies you.

1.2 Controller under the GDPR:
Matthias Steinmetz, Money Train Society, Pirmasenser Straße 6, 66957 Vinningen, Germany, Phone +49 6335 2970331, taro (at) donatella.de.
The controller decides why and how personal data is processed.

2) Data collected when you visit our website

2.1 If you use the site for information only, we collect server log data that your browser sends to our server. This includes:

  • URL accessed on our site

  • Date and time of access

  • Amount of data transferred

  • Referrer URL

  • Browser type

  • Operating system

  • IP address, possibly shortened

We process this to keep the site stable and functional, based on Art. 6(1)(f) GDPR. We do not share this data. We may review logs later if there are concrete signs of unlawful use.

2.2 We use SSL or TLS to secure transmissions. You can recognise this by “https://” and the lock icon in the browser.

 

3) Hosting and content delivery

3.1 Amazon Web Services
Provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.
All site data may be processed on the provider’s servers. A data processing agreement is in place. The provider participates in the EU-US Data Privacy Framework, which is covered by an adequacy decision.

3.2 Wix
Provider: Wix HQ, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel.
Data may also be processed by Wix Inc., 500 Terry A. Francois Blvd, San Francisco, CA 94158, USA.
A data processing agreement is in place. An EU adequacy decision applies to Israel. For the USA, the provider relies on the EU-US Data Privacy Framework.

3.3 Google Cloud CDN
Provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin D04 E5W5, Ireland.
We use the CDN to deliver media and scripts faster. Legal basis is Art. 6(1)(f) GDPR. Data may also be processed by Google LLC in the USA. A data processing agreement is in place. Google participates in the EU-US Data Privacy Framework.

4) Cookies

We use cookies to make the site usable and pleasant. Session cookies are deleted when the browser closes. Persistent cookies remain longer and store settings. Storage periods appear in your browser’s cookie settings. Where cookies process personal data, the legal basis is Art. 6(1)(b) GDPR for contract performance, Art. 6(1)(a) GDPR if you consent, or Art. 6(1)(f) GDPR for our legitimate interests in a functional and user-friendly site. You can configure your browser to accept or refuse cookies. Some features may not work without cookies.

 

5) Contacting us

If you contact us by form or email, we process your data only to handle your request. Legal basis: Art. 6(1)(f) GDPR. If your request seeks to enter into a contract, Art. 6(1)(b) GDPR also applies. We delete data once your request is resolved, unless retention duties require longer storage.

 

6) Comments

If you use the comment feature, we store your comment, the time it was posted, the display name you chose, and your IP address. We need the IP for security and to address unlawful content. We may use your email to contact you if a third party objects to your content. Legal bases: Art. 6(1)(b) and Art. 6(1)(f) GDPR. We may remove comments reported as unlawful.

7) Customer accounts

When you open an account, we process the data you enter to create and manage it, Art. 6(1)(b) GDPR. You can request deletion at any time using the contact above. We delete account data after all contracts are fulfilled, no legal retention applies, and we have no continuing legitimate interest.

 

8) Direct marketing

8.1 Email newsletter
If you subscribe, we send offers by email. Required field: your email address. Other fields are optional. We use double opt-in. By confirming, you consent under Art. 6(1)(a) GDPR. We log your IP, date, and time of signup to document consent. You can unsubscribe at any time via the link in any email or by contacting us. After unsubscribing, we delete your email unless you consent to further use or we are permitted to use it for other lawful purposes described here.

8.2 Rapidmail
Provider: rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany.
We share your signup data with the provider to send newsletters, Art. 6(1)(f) GDPR. With your consent, the provider measures campaign performance using web beacons and similar technology. Device data such as access time, IP, browser, and OS may be analysed. You can withdraw tracking consent at any time. A data processing agreement is in place.

 

9) Orders and payments

9.1 We share personal data with carriers and banks where needed to fulfil contracts and take payment, Art. 6(1)(b) GDPR. Where we owe updates for goods with digital elements or digital products, we use your contact details to inform you about updates within legal deadlines, Art. 6(1)(c) GDPR.

9.2 Payment services

  • PayPal
    Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
    We share payment data and order details with PayPal when you choose PayPal, Art. 6(1)(b) GDPR. If we deliver before receiving funds, we may share data with PayPal for credit checks based on Art. 6(1)(f) GDPR. Scoring may be used. You can object at any time, but PayPal may still process data needed to complete payment.

  • Wix Payments
    Provider: Wix HQ, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel.
    For card and similar payments we share payment data and order details, Art. 6(1)(b) GDPR. Processing may also involve Wix Inc., San Francisco, USA. Israel benefits from an EU adequacy decision. For the USA, standard contractual clauses and the EU-US Data Privacy Framework are used.

9.3 Electronic cancellation for consumer subscriptions
Where our site offers paid subscription contracts concluded online, consumers can cancel via an online button in line with the legal notice periods. We process data you enter to confirm your identity and the cancellation, Art. 6(1)(b) GDPR, and we confirm receipt and timing in text form. We are legally required to offer this functionality, Art. 6(1)(c) GDPR.

10) Online marketing

Digistore24 affiliate
Provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany.
We place affiliate links that lead to offers on partner sites. The provider measures conversions using cookies or similar technology that is typically set on partner sites. The provider may process your IP address and device data. Any reading or storing of data on your device occurs only with your consent under Art. 6(1)(a) GDPR. You can withdraw consent at any time using the consent tools on partner sites.

11) Site features and third-party tools

11.1 YouTube
Provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin D04 E5W5, Ireland. Data may also be processed by Google LLC in the USA.
When a page with a YouTube plugin loads, your browser connects to Google and your IP and other data may be transmitted. When playback starts, Google may set cookies for analytics and fraud prevention. If you are logged into your Google account, interactions may be linked to your account. Grant of consent via our consent tool is required, Art. 6(1)(a) GDPR. You can withdraw consent at any time in the consent tool. Google participates in the EU-US Data Privacy Framework.

11.2 Google reCAPTCHA
Provider: Google Ireland Limited, with possible processing by Google LLC in the USA. Google web fonts may load to render the challenge. The service checks whether an input is made by a human and helps block spam and attacks. For this, Google receives the IP, browser and OS details, and visit timestamps. Cookies may be used. Where cookies are used, we rely on your consent, Art. 6(1)(a) GDPR. Without cookies, the legal basis is our legitimate interest in preventing abuse, Art. 6(1)(f) GDPR. A data processing agreement is in place. Google participates in the EU-US Data Privacy Framework. See Google’s privacy information: https://business.safety.google/intl/de/privacy/

11.3 Job applications by email
Open roles are listed on the site. Applicants may email us. Typical data includes name, address, contact details, evidence of qualifications, and any health information we must process under labour law. We process applications under Art. 6(1)(b) GDPR and, in Germany, Section 26(1) BDSG. Special categories may be processed under Art. 9(2)(b) or Art. 9(2)(h) GDPR where required. If no hire occurs or the application is withdrawn, we delete data and email threads after 6 months, unless legal claims require longer retention. If you are hired, we process your data to perform the employment contract, Art. 6(1)(b) GDPR and Section 26(1) BDSG.

 

12) Your rights

You have the following rights under the GDPR, subject to conditions:

  • Access, Art. 15

  • Rectification, Art. 16

  • Erasure, Art. 17

  • Restriction, Art. 18

  • Notification, Art. 19

  • Data portability, Art. 20

  • Withdraw consent, Art. 7(3)

  • Lodge a complaint, Art. 77

RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS, YOU MAY OBJECT AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU OBJECT, WE WILL STOP PROCESSING THE DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING, YOU MAY OBJECT AT ANY TIME TO SUCH PROCESSING. IF YOU OBJECT, WE WILL STOP PROCESSING YOUR PERSONAL DATA FOR DIRECT MARKETING.

 

13) Storage periods

We store personal data only as long as needed for the legal basis and purpose and, where applicable, for statutory retention periods.

  • With consent under Art. 6(1)(a) GDPR, we store until you withdraw consent.

  • For contract data under Art. 6(1)(b) GDPR, we delete after retention periods end and once contract performance and pre-contract tasks are complete and we have no legitimate interest to keep data.

  • For processing under Art. 6(1)(f) GDPR, we store until you object under Art. 21(1) GDPR and no overriding grounds apply, or we need the data for legal claims.

  • For direct marketing under Art. 6(1)(f) GDPR, we store until you object under Art. 21(2) GDPR.
    If none of the above applies, we delete data when it is no longer necessary for its purpose.

 

Social Networks

Facebook Page

1) Controller and scope

Please consider carefully what personal data you share with us via Facebook. While you are logged in and visit our page, Meta can link your activity to your account. Meta stores and uses user data for its own purposes. See Facebook’s privacy policy: https://www.facebook.com/policy.php

We cannot influence Facebook’s data collection and processing. We do not know the full extent, locations, or durations of storage, how deletion duties are met, what analyses occur, or with whom data is shared. If you do not want Facebook to process your data, contact us through other channels. Our imprint on Facebook contains our full contact details.

Controller for data that you send to us via Facebook and that we process alone:
Matthias Steinmetz, Money Train Society, Pirmasenser Straße 6, 66957 Vinningen, Germany, Phone +49 6335 2970331, taro (at) donatella.de.

For Page Insights data, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is a joint controller with us under Art. 26 GDPR. See: https://www.facebook.com/legal/terms/page_controller_addendum
For Facebook Business Tools, see: https://www.facebook.com/legal/controller_addendum

2) Data protection officer at Meta

Contact via: https://www.facebook.com/help/contact/540977946302970

3) Contacting us

If you contact us via form or Messenger, we process your data to handle the request. Legal basis: Art. 6(1)(f) GDPR. If the request aims at a contract, Art. 6(1)(b) GDPR also applies. We delete data after completion unless retention is required.

4) Contract fulfilment following Facebook contact

If a contract results, we process your data as follows:
4.1 Payment data to banks for payment, Art. 6(1)(b) GDPR.
4.2 For goods, delivery data to carriers, Art. 6(1)(b) GDPR.
Where we owe updates for digital goods, we use your contact data to inform you, Art. 6(1)(c) GDPR.

5) Newsletter

If you subscribe, processing follows Section 8.1 above.

6) Page Insights statistics

Facebook provides aggregated Page Insights. We use this to understand interactions with our page, Art. 6(1)(f) GDPR. You can change ad settings at any time: https://www.facebook.com/settings?tab=ads

7) Your rights

See Section 12 above.

8) Storage periods

See Section 13 above.

Instagram Profile

1) Controller and scope

Please consider what data you share with us via Instagram. Instagram is part of Meta and shares infrastructure with Meta companies: https://www.facebook.com/help/111814505650678?ref=dp
Meta stores and uses user data. Instagram privacy information: https://help.instagram.com/help/instagram/519522125107875/

We cannot influence Meta’s processing. If you do not want Meta to process your data, use other contact channels listed in our Instagram imprint.

Controller for data you send to us via Instagram that we process alone:
Matthias Steinmetz, Money Train Society, Pirmasenser Straße 6, 66957 Vinningen, Germany, Phone +49 6335 2970331, taro (at) donatella.de.
Meta Platforms Ireland Ltd. is also a controller for data it processes.

2) Meta DPO

https://www.facebook.com/help/contact/540977946302970

3) Contacting us

Same rules as Section 5 above.

4) Contract fulfilment following Instagram contact

4.1 Payment processing with banks, Art. 6(1)(b) GDPR.
4.2 Delivery data to carriers, Art. 6(1)(b) GDPR.
Updates for digital products, Art. 6(1)(c) GDPR.

5) Your rights

See Section 12 above.

6) Storage periods

See Section 13 above.

YouTube Channel

1) Controller and scope

Review carefully what you share with us via YouTube. YouTube stores user data and may use it for business purposes. We cannot control YouTube’s processing, storage locations or durations, deletion routines, analyses, or disclosures. If you want to avoid YouTube processing your data, contact us via the channels listed in our YouTube imprint.

Controller for data you send to us via YouTube that we process alone:
Matthias Steinmetz, Money Train Society, Pirmasenser Straße 6, 66957 Vinningen, Germany, Phone +49 6335 2970331, taro (at) donatella.de.
Google Ireland Limited is also a controller for data it processes. See Google’s privacy policy: https://policies.google.com/privacy
Google may process data in the USA. Google participates in the EU-US Data Privacy Framework.

2) Contacting us via YouTube

If you contact us by form or Messenger, we process your data to handle your request, Art. 6(1)(f) GDPR. If aimed at a contract, Art. 6(1)(b) GDPR. We delete after completion unless retention applies.

3) Direct marketing

3.1 Email marketing
Newsletter rules as in Section 8.1 above.

3.2 Postal marketing
On the basis of Art. 6(1)(f) GDPR, we may use your name and postal address and, if provided during a business relationship, title, academic degree, year of birth, and professional designation for postal offers. You can object at any time.

4) Your rights

See Section 12 above.

5) Storage periods

See Section 13 above.

bottom of page