studiolehn
Juro Lehmann
Leuschnerdamm 23
10999 Berlin
Tel.: +49 15736241023
Website: lehnstudio.com
E-Mail: info@studiolehn.com
VAT ID No. according to § 27 a of the German Value Added Tax Act:
DE 301590450
Content Responsible according to § 6 MDStV:
Juro Lehmann, B.A. interior architecture
IMAGE CREDIT
objects: Ramtin Zanjani
about, references NYH: Michael Baumgärtner
LIABILITY AND PROTECTION NOTICES
Disclaimer: The contents of this online offer have been created with care and to the best of our knowledge, but are only for information purposes and do not have any legally binding effect, unless they are legally mandatory information (e.g. imprint, data protection declaration, terms and conditions or consumer information). We reserve the right to change or delete the contents in whole or in part, provided that contractual obligations remain unaffected. All offers are subject to change and non-binding.
DATA PROTECTION DECLARATION
PREAMBLE
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our Social-Media profiles (hereinafter collectively referred to as "Online Offering").
Status: 23.10.2024
SUMMARY OF PROCESSINGS
The following summary provides an overview of the types of data processed and the purposes for which they are processed, and refers to the persons concerned.
TYPES OF DATA PROCESSED
Content data.
Usage data.
Meta, communication and procedural data.
Log data.
CATEGORIES OF PERSONS CONCERNED
Users
PURPOSES OF PROCESSING
SECURITY MEASURES.
PROVIDING OUR ONLINE OFFERING AND USER-FRIENDLINESS.
INFORMATION TECHNOLOGY INFRASTRUCTURE.
LEGAL BASES
The following provides an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if special legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.
CONSENT (Art. 6 (1) (1) (a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
LEGITIMATE INTERESTS (Art. 6 (1) (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, that the interests, fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission as well as automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual federal states may apply.
Reference to the applicability of the GDPR and Swiss DSG: This data protection information is intended to provide information both under the Swiss DSG and under the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the GDPR terms are used due to their broader geographical application and comprehensibility. In particular, instead of the terms "processing" of "personal data" used in the Swiss DSG, "overriding interest" and "particularly sensitive personal data," the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms is still determined within the scope of the Swiss DSG in accordance with the Swiss DSG.
SAFETY MEASURES
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, according to the legal requirements.
The measures include in particular the safeguarding of the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access to the data, their input, their transmission, their safeguarding of availability and their separation. Furthermore, we have established procedures that ensure the exercise of the rights of data subjects, the deletion of data and reactions to the risk of data being compromised. We also take the protection of personal data into account at the time of the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default.
INTERNATIONAL DATA TRANSFERS
Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons, bodies or companies, this only takes place in accordance with the statutory requirements. If the level of data protection in the third country is recognised as adequate by a decision of the European Commission (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise ensured, in particular by means of standard contractual clauses (Art. 46 (2) (c) GDPR), explicit consent or in the case of contractual or statutory transfer (Art. 49 (1) GDPR). Otherwise, we will inform you of the bases for the transfer to third countries for the individual providers from the third country, whereby the adequacy decisions serve as the primary bases. Information on third-country transfers and existing adequacy decisions can be found in the EU Commission's information offer: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognised the level of data protection as safe for certain companies from the USA within the framework of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at
GENERAL INFORMATION ON DATA STORAGE AND DELETION
We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or there are no further legal grounds for processing. This applies in cases where the original processing purpose no longer applies or the data is no longer required. There are exceptions to this rule if statutory obligations or special interests require longer storage or archiving of the data.
In particular, data that must be kept for commercial or tax reasons or whose storage is necessary for the enforcement of rights or the protection of the rights of other natural or legal persons must be archived accordingly.
Our data protection information contains additional information on the storage and deletion of data that applies specifically to certain processing processes.
If there are several indications of the storage duration or deletion periods for a date, the longest period is always decisive.
If a period does not begin explicitly on a specific date and is at least one year, it starts automatically at the end of the calendar year in which the event that triggers the period has occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the point in time at which the termination or other termination of the legal relationship becomes effective.
We process data that is no longer required for the originally intended purpose, but is stored for legal reasons or for other reasons, exclusively for the reasons that justify its storage.
Further information on processing procedures, procedures and services:
Storage and deletion of data: The following general retention periods apply for storage and archiving under German law:
10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the work instructions and other organisational documents, booking documents and invoices required for their understanding (§ 147 (3) in conjunction with (1) no. 1, 4 and 4a AO, § 14b (1) UStG, § 257 (1) no. 1 and 4, (4) HGB).
6 years - Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents, insofar as they are relevant for taxation, e.g. hourly wage slips, operating account forms, calculation documents, price labels, but also payroll documents, insofar as they are not already booking documents, and cash tapes (§ 147 (3) in conjunction with (1) no. 2, 3, 5 AO, § 257 (1) no. 2 and 3, (4) HGB).
3 years - Data that are required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related enquiries, based on previous business experience and usual industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
RIGHTS OF THE DATA SUBJECTS
Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Right to rectification: You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
Right to erasure and restriction of processing: You have the right to demand that the data concerning you be erased immediately or, alternatively, to demand a restriction of the processing of the data in accordance with the statutory provisions, depending on the legal basis.
Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to demand that it be transferred to another controller, in accordance with the statutory provisions.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of the personal data concerning you infringes the provisions of the GDPR.
PROVIDING THE ONLINE SERVICE AND WEB HOSTING
We process the data of users to provide our online services and to provide the user with our online services. To this end, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Data types processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); Log data (e.g. log files concerning logins or the retrieval of data or access times). Content data (e.g. textual or visual messages and contributions, as well as the information relating to them, such as information on authorship or the time of creation).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).) Security measures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).
PROVIDING THE ONLINE SERVICE AND WEB HOSTING
We process the data of users to provide our online services and to provide the user with our online services. To this end, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Data types processed: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); Log data (e.g. log files concerning logins or the retrieval of data or access times). Content data (e.g. textual or visual messages and contributions, as well as the information relating to them, such as information on authorship or the time of creation).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).) Security measures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR).
Further information on processing procedures, procedures and services:
Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". Server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, a message about successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g. to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the server's capacity utilisation and stability; Legal bases: Legitimate interests (Art. 6 (1) (1) (f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data that must be kept for evidence purposes is excluded from deletion until the incident has been finally clarified.
PLUG-INS AND EMBEDDED FUNCTIONS AS WELL AS CONTENT
We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter referred to as "content").
The integration always presupposes that the third-party providers of this content process the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content or functions. We endeavour to only use such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referrer websites, visit time and other information about the use of our online offer, as well as be linked to such information from other sources.
Legal basis: If we ask the user for their consent to the use of third-party providers, the legal basis for the processing of the data is consent. Otherwise, the user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.
Types of data processed: Usage data (e.g. page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and processing data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offer and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on the user's devices for a period of two years.).
Legal basis: Consent (Art. 6 (1) (1) (a) GDPR). Legitimate interests (Art. 6 (1) (1) (f) GDPR).