Privacy Policy

Preamble

This privacy policy informs you about the types of personal data (hereinafter referred to as "data") that we process, the purposes for which we process it, and the extent to which we do so. This privacy policy applies to all processing of personal data carried out by us in the context of providing our services, particularly on our websites and mobile applications, as well as our external online presences, such as our social media profiles (hereinafter collectively referred to as the 'Online Offering'). The terms used are not gender-specific.

Status: 10 August 2025

Table of contents

• Preamble

• Controller

• Overview of processing activities

• Applicable legal bases

• Security measures

• Rights of data subjects

• Provision of the online offering and web hosting

• Use of cookies

• Newsletters and electronic notifications

• Promotional communication via email, post, fax or telephone

• Plug-ins and embedded functions, as well as content.

Controller:

Veronika Faiz

Email address: faiz@posteo.de

Imprint: https://www.afterlife-design.de/impressum

Overview of Processing Activities

The following summary outlines the types of data processed, the reasons for processing it and the data subjects involved. Types of data processed:

• Inventory data

• Contact data

• Content data

• Usage data

• Meta, communication and procedural data

• Log data

Categories of data subjects

• Communication partners

• Users

Purposes of processing

• Security measures

• Direct marketing

• Reach measurement

• Conversion measurement

• Server monitoring and error detection

• Marketing

• Provision of our online offering and user-friendliness

• Information technology infrastructure

• Sales promotion

Applicable legal bases

The applicable legal bases under the GDPR are: The following provides an overview of the legal bases on which we process personal data under the GDPR. Please note that, in addition to the GDPR provisions, national data protection regulations may apply in your or our country of residence or incorporation. Should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1)(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.

• Legitimate interests (Art. 6(1)(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, override these interests.

National data protection regulations in Germany: In addition to the data protection provisions of the GDPR, Germany has its own national data protection regulations. These include the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), in particular. The BDSG contains specific provisions regarding the right of access, erasure and objection; the processing of special categories of personal data; processing for other purposes; transmission; and automated decision-making in individual cases, including profiling. Furthermore, the data protection laws of the individual federal states may also apply.

Notice on the applicability of the GDPR and the Swiss Federal Act on Data Protection (FADP): This privacy notice provides information in accordance with the GDPR and the FADP. For this reason, please note that, due to its broader territorial scope and comprehensibility, the GDPR terminology is used here. Instead of the terms 'processing' of 'personal data', 'overriding interest', and 'sensitive personal data' used in the Swiss FADP, the terms 'processing' of 'personal data', 'legitimate interest', and 'special categories of data' as used in the GDPR are applied. However, the legal meaning of these terms will continue to be determined under the Swiss FADP within its scope of application.

Security measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope and circumstances of the processing and its purposes, as well as the varying likelihood and severity of the risk to the rights and freedoms of individuals, we implement appropriate technical and organisational measures to ensure an appropriate level of security. These measures include safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to it, as well as controlling how it is accessed, inputted, transferred, made available and separated. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data when developing or selecting hardware, software, and procedures, in accordance with the principles of data protection by design and by default.

Securing online connections via TLS/SSL encryption technology (HTTPS):

To protect user data transmitted through our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt information transmitted between a website or app and a user's browser (or between two servers), thereby protecting the data from unauthorised access. As the more advanced and secure version of SSL, TLS ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, HTTPS is displayed in the URL to indicate this. This informs users that their data is being transmitted securely and in an encrypted form.

Rights of Data Subjects

Rights of Data Subjects under the GDPR:
As a data subject under the GDPR, you have various rights, particularly as set out in Articles 15 to 21 GDPR:

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and further information and a copy of the data in accordance with legal requirements.
Right to rectification: You have the right, in accordance with legal requirements, to have inaccurate data concerning you rectified and to have incomplete data completed.
Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to have personal data concerning you erased without undue delay, or alternatively, to have the processing of the data restricted.
Right to data portability: You have the right, in accordance with legal requirements, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.
Provision of the Online Offering and Web Hosting
We process the data of users in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Types of data processed: Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved); log data (e.g., log files regarding logins, retrieval of data, or access times); content data (e.g., textual or visual messages and posts as well as information relating to them, such as authorship or creation date).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); security measures; reach measurement (e.g., access statistics, recognition of returning visitors); conversion measurement (measurement of the effectiveness of marketing measures); server monitoring and error detection.
Retention and deletion: Deletion in accordance with the details provided in the section "General Information on Data Retention and Deletion".
Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).
Further information on processing activities, procedures, and services:
Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used, for example, for security purposes, such as preventing server overload (particularly in the case of abusive attacks, so-called DDoS attacks), and also to ensure server load and stability;
Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident is finally clarified.
E-mail transmission and hosting: The web hosting services we use also include the sending, receiving, and storing of e-mails. For these purposes, the addresses of recipients and senders, as well as other information relating to the sending of e-mails (e.g., the involved providers), and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of spam detection. Please note that e-mails are generally not sent in encrypted form on the internet. While e-mails are usually encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless end-to-end encryption is used). Therefore, we cannot take responsibility for the transmission path of e-mails between the sender and our server;
Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).
Squarespace: Squarespace provides software as a service for creating and hosting websites;
Service provider: Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland;
Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR);
Website: https://www.squarespace.com;
Privacy policy: https://www.squarespace.com/privacy;
Data processing agreement: https://www.squarespace.com/dpa.
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.squarespace.com/dpa).
Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and retrieve information from them. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed, or the functions used of an online offering. Cookies can also be used for various purposes, such as the functionality, security, and comfort of online offerings, as well as the creation of analyses of visitor flows.
Notes on consent:
We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, except where this is not required by law. Consent is in particular not required if the storage and retrieval of information – including cookies – is strictly necessary in order to provide users with a telemedia service they have expressly requested (i.e., our online offering). The revocable consent is clearly communicated to the users and contains the information on the respective cookie usage.
Notes on the legal bases for data processing:
The legal basis on which we process users' personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies is based on our legitimate interests (e.g., in the business operation of our online offering and its usability) or, if the use of cookies is necessary, to fulfill our contractual obligations. We will explain the purposes for which we process cookies in the course of this privacy policy or as part of our consent and processing procedures.
Retention period:
Regarding the retention period, a distinction is made between the following types of cookies:
Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g., browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be stored and preferred content can be displayed directly when the user visits a website again. The data stored in cookies can also be used for reach measurement. Unless we provide users with explicit information about the type and duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the retention period can be up to two years.
General notes on revocation and objection (opt-out):
Users can revoke their consent given at any time and also object to processing in accordance with legal requirements, in particular by means of browser settings that prevent the use of cookies or through the cookie consent management function.
- Processing of cookie data based on consent:
  - Legal basis: Consent (Art. 6(1)(1)(a) GDPR).
- Processing of cookie data based on legitimate interests:
  - Legal basis: Legitimate interests (Art. 6(1)(1)(f) GDPR).
    Newsletter and Electronic Notifications
    We send newsletters, emails, and other electronic notifications (hereinafter “newsletter”) only with the recipient’s consent or based on a legal basis. If the contents of the newsletter are specified during the subscription process, such contents are decisive for the user’s consent. Normally, providing your email address is sufficient to subscribe to our newsletter. However, in order to offer you a personalised service, we may also request your name for personalised addressing in the newsletter or other information if necessary for the purpose of the newsletter.
    Deletion and Restriction of Processing:
    We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of these data is restricted to the purpose of potential defence against claims. You may request deletion at any time, provided that the previous existence of consent is confirmed at the same time. In cases where we are obligated to permanently respect objections, we reserve the right to store the email address solely for this purpose in a suppression list (so-called “blocklist”).
    The logging of the subscription process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. If we engage a service provider to send emails, this is done based on our legitimate interest in an efficient and secure delivery system.
    Contents:
    Information about us, our services, promotions, and offers.
    Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features).
    Categories of data subjects: Communication partners.
    Purposes of processing: Direct marketing (e.g., via email or postal mail).
    Legal basis: Consent (Art. 6(1)(a) GDPR).
    Opt-out possibility: You may unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe is provided at the end of each newsletter, or you may use one of the contact options provided above, preferably by email.
    Additional information on processing operations, procedures, and services:
    Measurement of opening and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server, or from the server of our delivery service provider (if used), when the newsletter is opened. This retrieval initially collects technical information such as details about your browser and system, your IP address, and the time of retrieval. These details are used to technically improve our newsletter based on technical data or target groups and their reading behaviour, determined by their retrieval locations (which can be determined via IP address) or access times. This analysis also determines whether newsletters are opened and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to identify our users’ reading habits, adapt our content to them, or send different content according to their interests. Measurement of opening and click rates as well as the storage of results in user profiles — this section of text requires activation with a premium licence.
    Legal basis: Consent (Art. 6(1)(a) GDPR).
    Advertising Communication via Email, Post, Fax or Telephone
    We process personal data for the purposes of advertising communication, which may be carried out through various channels such as email, telephone, post, or fax, in accordance with legal requirements.
    Recipients have the right to withdraw consent at any time or to object to advertising communication at any time.
    Following withdrawal or objection, we store the data necessary to prove prior authorisation for contacting or sending for up to three years after the end of the year in which the withdrawal or objection was made, based on our legitimate interests. Processing of this data is limited to the purpose of potential defence against claims. On the basis of our legitimate interest in permanently observing withdrawal or objection, we also store the data required to prevent renewed contact (e.g., depending on the communication channel: email address, phone number, name).
    Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions, as well as information relating to them, such as authorship or creation time).
    Categories of data subjects: Communication partners.
    Purposes of processing: Direct marketing (e.g., via email or postal mail); marketing; sales promotion.
    Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”
    Legal basis: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
    Plugins and Embedded Functions and Content
    We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or maps (hereinafter uniformly referred to as “content”).
    Integration always requires that the third-party providers of this content process the users’ IP address, since they could not send the content to their browser without the IP address. The IP address is thus required for displaying this content or functionality. We strive to only use content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyse visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical details about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, and may also be linked with such information from other sources.
    Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, users’ data are processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this regard, we also refer you to the information on the use of cookies in this privacy policy.
    Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
    Categories of data subjects: Users (e.g., website visitors, users of online services).
    Purposes of processing: Provision of our online offering and user-friendliness.
    Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.” Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
    Legal basis: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
    Additional information on processing operations, procedures, and services:
    Google Fonts (served from own server): Provision of font files for a user-friendly presentation of our online offering; service provider: Google Fonts are hosted on our own server, and no data are transmitted to Google; legal basis: legitimate interests (Art. 6(1)(f) GDPR).
    Google Fonts (retrieved from Google server): Retrieval of fonts (and icons) for the purpose of technically secure, maintenance-free, and efficient use of fonts and icons with respect to up-to-date versions and loading times, uniform display, and consideration of possible licence restrictions. The provider of the fonts receives the user’s IP address so that the fonts can be provided to the user’s browser. Technical data (language settings, screen resolution, operating system, hardware used) necessary for providing the fonts depending on devices and technical environment are also transmitted. These data may be processed on a server of the font provider in the USA. — When visiting our online offering, users’ browsers send HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides the CSS (Cascading Style Sheets) from Google Fonts to users, and thereafter the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on Google’s server, and (3) the HTTP header, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the web page where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analysed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to these data is restricted and strictly controlled. The requested URL identifies the font families that the user wishes to load. These data are logged so that Google can determine how often a particular font family is requested. For the Google Fonts Web API, the user agent must adapt the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics measuring font family popularity. These aggregated usage statistics are published on the Google Fonts “Analytics” page. Finally, the referrer URL is logged so that the data can be used for production maintenance and to generate an aggregated report on the top integrations based on the number of font requests. According to its own statements, Google does not use any of the information collected by Google Fonts to create end-user profiles or to serve targeted ads. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimate interests (Art. 6(1)(f) GDPR); website: https://fonts.google.com/; privacy policy: https://policies.google.com/privacy; third-country transfer basis: Data Privacy Framework (DPF). More information: https://developers.google.com/fonts/faq/privacy?hl=en.
    Font Awesome (served from own server): Display of fonts and icons; service provider: Font Awesome icons are hosted on our own server, and no data are transmitted to the provider of Font Awesome; legal basis: legitimate interests (Art. 6(1)(f) GDPR).
    MyFonts: Fonts; in the context of font retrieval, the following data are processed: the identification number of the web font project (anonymised), the URL of the licensed website linked to a customer number to identify the licensee and licensed web fonts, and the referrer URL. The anonymised web font project identification number is stored in encrypted log files along with such data for 30 days in order to determine the monthly number of page views; after such extraction and storage of page view counts, the log files are deleted. Service provider: Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA; legal basis: legitimate interests (Art. 6(1)(f) GDPR);
    Website: https://www.myfonts.com
    Privacy policy: https://www.myfonts.com/info/legal/#Privacy
    Created with the free Privacy Policy Generator by Dr. Thomas Schwenke