1. Data Protection Overview
General Information
The following provides a simple overview of what happens to your personal data when you visit this website. Personal data includes any information that can personally identify you. Detailed information on data protection can be found in our privacy policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the “Information on the Responsible Party” section of this privacy policy.
How do we collect your data?
Some data is collected when you provide it to us (e.g., via a contact form). Other data is collected automatically or after your consent when you visit the website through our IT systems. This includes technical data (e.g., browser, operating system, or time of access). This data is collected automatically as soon as you enter the website.
What do we use your data for?
Part of the data ensures error-free website operation. Other data may analyze user behavior. If contracts or inquiries are made via the website, we process submitted data for contractual purposes, orders, or other requests.
What rights do you have regarding your data?
You have the right to request free information about the origin, recipient, and purpose of your stored personal data. You may also request correction or deletion. If you have consented to data processing, you may revoke this consent at any time. Under certain circumstances, you may also request restricted processing. Additionally, you have the right to lodge a complaint with the relevant supervisory authority.
For questions about data protection, please contact us.
Analytics Tools and Third-Party Tools
Your browsing behavior may be statistically analyzed when visiting this website, primarily using analytics tools. Details can be found in the following sections.
2. Hosting
We host our website with the following provider:
All-Inkl
The provider is ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereafter “All-Inkl”). For details, see All-Inkl’s privacy policy: https://all-inkl.com/datenschutzinformationen/.
All-Inkl is used based on Art. 6 (1) (f) GDPR. We have a legitimate interest in reliable website presentation. If consent is obtained, processing occurs under Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (German Telecommunications and Telemedia Data Protection Act), where consent includes cookies or device fingerprinting. Consent can be revoked at any time.
Order Processing
We have a Data Processing Agreement (DPA) with All-Inkl to ensure GDPR-compliant processing of visitor data.
3. General Information and Mandatory Disclosures
Data Protection
We take your personal data seriously. We process it confidentially and in compliance with legal regulations and this policy.
When using this website, personal data (e.g., IP addresses) is collected. This policy explains what data we collect, how we use it, and your rights.
Note: Internet data transmission (e.g., via email) may have security gaps. Absolute protection against third-party access is impossible.
Responsible Party
The responsible party for data processing on this website is: Email: kontakt@jona-live.de
The responsible party decides the purposes and means of processing personal data (e.g., names, email addresses).
Storage Period
Unless specified otherwise, we retain your data until the purpose for processing no longer exists. If you request deletion or revoke consent, data will be deleted unless legal retention periods (e.g., tax or commercial law) apply.
Legal Bases for Data Processing
We process data based on consent (Art. 6 (1) (a) GDPR), contractual obligations (Art. 6 (1) (b) GDPR), legal obligations (Art. 6 (1) (c) GDPR), or legitimate interests (Art. 6 (1) (f) GDPR). Specific legal bases for each processing activity are detailed below.
Data Transfer to Non-Secure Third Countries & Non-DPF-Certified US Companies
We use tools from companies in non-GDPR-compliant third countries or US providers not certified under the EU-US Data Privacy Framework (DPF). If active, your data may be transferred to these countries. Note that non-EU countries may lack EU-level data protection standards.
The US is generally considered a “secure” third country. Data transfers to the US are permitted if the recipient is DPF-certified or provides adequate safeguards (e.g., standard contractual clauses).
Recipients of Personal Data
We collaborate with external parties (e.g., payment processors, tax authorities) and share data only when necessary for contracts, legal obligations, or legitimate interests. Data is shared with processors only under valid DPAs.
Revoking Consent
You may revoke consent to data processing at any time. The legality of processing before revocation remains unaffected.
Right to Object (Art. 21 GDPR)
IF PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU MAY OBJECT TO PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING. THIS ALSO APPLIES TO DIRECT MARKETING.
Right to Lodge a Complaint
You may lodge a complaint with a supervisory authority, particularly in your EU member state of residence, workplace, or the alleged infringement location.
Data Portability
You have the right to receive your data in a machine-readable format or request direct transfer to another controller, where technically feasible.
Access, Correction, and Deletion
You may request free access to your stored data, its origin, recipients, and purpose. You may also request correction or deletion. Contact us for inquiries.
Right to Restrict Processing
You may request restricted processing if:
- You contest data accuracy (during verification).
- Processing is unlawful, but you oppose deletion.
- We no longer need the data, but you require it for legal claims.
- You object to processing pending verification of overriding interests.
SSL/TLS Encryption
This site uses SSL/TLS encryption for security. Encrypted connections are indicated by “https://” and a lock icon in your browser.
4. Data Collection on This Website
Cookies
We use cookies—small text files stored on your device. Session cookies are deleted after your visit; permanent cookies remain until manually deleted or automatically removed by your browser.
Cookies may be first-party (from us) or third-party (e.g., payment services). Necessary cookies (for site functionality) are stored under Art. 6 (1) (f) GDPR. Other cookies require consent (Art. 6 (1) (a) GDPR and § 25 (1) TDDDG).
You can configure your browser to block cookies, but this may limit website functionality.
Server Log Files
The provider automatically collects and stores:
- Browser type/version
- Operating system
- Referrer URL
- Hostname
- Time of request
- IP address
This data is not merged with other sources. Processing is based on Art. 6 (1) (f) GDPR (legitimate interest in error-free site operation).
Contact Form
Data from contact forms (including your contact details) is stored to process inquiries. We do not share this data without consent.
Processing is based on Art. 6 (1) (b) GDPR (contract-related) or legitimate interest (Art. 6 (1) (f) GDPR). Data is retained until deletion is requested, consent revoked, or the purpose expires. Legal retention periods apply.
Email, Phone, or Fax Inquiries
Inquiries via email, phone, or fax are stored and processed. Data is not shared without consent. Legal basis as above.
5. Social Media
Social Media Elements with Shariff
Social media elements (e.g., Facebook, X, Instagram) are integrated using “Shariff,” which prevents data transfer until activation. Clicking the element establishes a direct connection to the provider’s server.
Activation constitutes consent under Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent is revocable.
Elements of Facebook (Meta Platforms Ireland Limited) are integrated. Activating the element connects to Facebook’s servers, sharing your IP and visit information. If logged in, Facebook can link the visit to your account.
Processing is based on consent (Art. 6 (1) (a) GDPR and § 25 (1) TDDDG). We are jointly responsible with Meta for data collection (Art. 26 GDPR).
Data transfers to the US rely on standard contractual clauses. Meta is DPF-certified.
X (formerly Twitter)
Elements of X (X Corp., USA) are integrated. Activation shares your IP and visit data. If logged in, X links the visit to your account.
Processing is based on consent. Data transfers use standard clauses. X is DPF-certified.
Elements of Instagram (Meta Platforms Ireland Limited) are integrated. Activation shares your IP and visit data. Joint responsibility applies as with Facebook.
Data transfers use standard clauses. Meta is DPF-certified.
Tumblr
Tumblr elements (Tumblr, Inc., USA) may transfer your IP and URL. Processing is consent-based.
Pinterest elements (Pinterest Europe Ltd.) may transfer log data (including IP) to the US. Processing is consent-based.
6. Analytics and Advertising
WP Statistics
We use WP Statistics (Veronalabs, Estonia) for anonymized visitor analysis. IP addresses are anonymized.
Processing is based on Art. 6 (1) (f) GDPR (legitimate interest in optimization).
7. Newsletter
Newsletter Data
To subscribe, we require your email and verification of ownership. Data is used solely for sending the newsletter and not shared.
Processing is based on consent (Art. 6 (1) (a) GDPR). Unsubscribing removes you from the list, though emails may be blacklisted to prevent future sends (legitimate interest under Art. 6 (1) (f) GDPR).
8. Plugins and Tools
YouTube (Enhanced Privacy Mode)
Embedded YouTube videos (Google Ireland Limited) use enhanced privacy mode, which doesn’t store cookies but may use Local Storage.
Processing is based on legitimate interest (Art. 6 (1) (f) GDPR). Google is DPF-certified.
Vimeo
Vimeo videos (Vimeo Inc., USA) may transfer IP and usage data. Processing is consent-based. Vimeo uses standard clauses and is DPF-certified.
Google Maps
Google Maps (Google Ireland Limited) requires your IP to function. Processing is consent-based. Google is DPF-certified.
Google reCAPTCHA
Used to prevent spam, reCAPTCHA analyzes user behavior (IP, mouse movements). Processing is based on legitimate interest (Art. 6 (1) (f) GDPR). Google is DPF-certified.
SoundCloud
SoundCloud plugins (SoundCloud Limited, UK) may link visits to your account if logged in. The UK is a GDPR-adequate country.
Spotify
This website integrates features from the music service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. The Spotify plugins can be recognized by the green logo on this website. An overview of the Spotify plugins can be found at: https://developer.spotify.com.
By visiting this website, a direct connection is established between your browser and the Spotify server via the plugin. Spotify is then informed that you have visited this website with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of this website to your Spotify profile. This enables Spotify to associate your visit to this website with your user account.
Please note that when using Spotify, cookies from Google Analytics are employed, meaning your usage data may be shared with Google. Google Analytics is a tool by the Google Group to analyze user behavior, based in the USA. Spotify is solely responsible for this integration. We, as the website operator, have no influence over this data processing.
Data storage and analysis take place based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in providing an engaging auditory experience on the website. If consent is requested, the processing is solely based on Article 6(1)(a) of the GDPR and § 25(1) TDDG, as long as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TDDG. Consent can be revoked at any time.
For more information, please refer to Spotify’s privacy policy: https://www.spotify.com/legal/privacy-policy/.
If you do not wish Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify account before activating the Spotify plugin.
Source: https://www.e-recht24.de
English 
German