Laura Bauer Thalkirchnerstr 54. 80337 Munich ("MEANDMAR")

Safeguarding personal data is very important to us. Whether data is collected and for what purpose it is processed is specified in the following Data Privacy Policy. We comply with all applicable laws for protecting and securing personal data. Our employees also undergo extensive training and are bound by secrecy and compliance with all data protection regulations.

I. Name and contact details of data controller

The person responsible for processing personal data pursuant to Art. 4 of the EU DPA: Laura Bauer Thalkirchnerstr 54. 80337 Munich

+0049 1775 288033

II. Which data is collected?

Server log files
We collect data, so-called server log files on every accessing of the server on which the  website is located. These access data include for example, the name of the website accessed, the file, date and time of access, the transferred data, a notification of successful access, the browser type and version, the user's operating system, the referrer URL (the page visited previously), the IP address and the provider making the inquiry.
The legal basis for data processing is Art. 6 Sub-section 1 lit. f) of the EU DPA.

User account
We collect the user's personal data as part of the framework for setting up the user account. This includes the name, email address and physical address and telephone number, provided on a voluntary basis. 

The legal basis for data processing is Art. 6 Sub-section 1 lit. a) of the EU DPA.

Making contact
I will process any personal data you provide, i.e. an email address as well as any additional contact information along with your name for the purpose of responding to your inquiry should you contact us using email address specified on our website.

The legal basis for data processing is Art. 6 Sub-section 1 lit. b) and Art. 6 Sub-section 1 lit. f) of the EU DPA.

Our website uses cookies. This is a short data package which is exchanged between computer programs or a text file which is stored on the user's computer system. Session cookies are deleted after closing your browser, persistent cookies, on the other hand, will remain on your terminal device and enable us to identify your web browser the next time you visit. The following data, for example, is both stored and transmitted: Log-in information, items in the shopping cart, etc.
You can set your browser in such a way that you will be informed about the cookies settings and can decide individually about whether to accept them or to reject any cookies for certain cases or in general terms, for example with cookies from third party providers. The functionality of our website may be restricted if cookies are not accepted.

The legal basis for data processing is Art. 6 Sub-section 1 lit. f) of the EU DPA.

III. For what purposes will the data be used?

Personal data is only collected, stored and processed to the extent required for the service to be provided, for honoring the contract or for responding to the inquiry.
We only process your personal data in strict compliance with data protection regulations. In particular, any such data will only be processed if a legal permit has been obtained.In detail:
Server log files
This data is processed by us in order to establish a connection to our website. Processing is required to ensure the security and stability of the system.
We use log data exclusively for statistical evaluations, for the purpose of business operations, the security of the service and for maximizing the offer.
We reserve the right to check the log data at a later stage should there be any suspicion of illegal use of the service which has been raised on the basis of concrete indications.

User account
The creation of a user account makes it possible to use the services we provide. We will send you an invoice for the articles and jobs you have purchased on the basis of the data entered.

Making contact
Processing your email address is vital in order to be able to answer your request. Should any data such as name, address or similar also be processed, then this processing serves to individualize the respective user and therefore allows us to respond to his/her request to the best of our ability.

The use of cookies makes it possible to adapt the website maximally to individual user requirements. Cookies can be used, for example, to create virtual shopping carts, to define language settings or to record information entered just the once, such as search terms or location data. The use of cookies enables us to analyze user behavior, the performance of the website with regards for instance to loading times when using various browsers and the use of suitable individualized advertising in accordance with user behavior.

IV. Will data be passed on to third parties and if so, which data?

In principle, any data transmitted by you will not be made available to third parties. In some cases, however, it may be necessary to pass on your personal data to companies which are entrusted by us with the provision of individual services.
Third parties are obliged on their part to comply with the statutory provisions whenever handing and processing this data.
We will pass on your payment data to the appointed credit institution whenever processing payments.
We will pass your payment data on to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as part of payment processing whenever people pay by credit card via PayPal or by direct debit via PayPal. Further information about PayPal (Europe) S.à.r.l. et Cie, S.C.A.'s Privacy Policy can be found

When paying via the Stripe payment service, any data will be transmitted in encrypted form to Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Further information about Stripe’s Privacy Policy can be found
Information will only be transmitted to authorities and state institutions within the framework of the legal duties in order to provide information and in the event where any such action has been instructed by the courts. In such cases, we may provide the information, e.g. to make, exercise and defend legal claims and to enforce existing contracts in the context of any allegations of fraud, security measures or any generally applicable legal provisions.
Personal data outside of the framework described here will not be passed on without explicit consent.
Under no circumstances will we sell or rent out personal data to third parties.

V. How long is the data stored for?

Your data will be stored for as long as it is necessary in order to satisfy the purpose mentioned above. It will be deleted or blocked if required under commercial or tax law as soon as this is no longer the case, e.g. once the contract has been completed. The data will be deleted from the point in time from which legal storage obligations are no longer in conflict unless you have explicitly given consent for additional use.
Server log files will be stored on the server for 30 days.

VI. Your rights as the person affected

You will reserve the rights listed below as a person who is subject to the processing of personal data. These rights result from the provisions of the Basic Regulation on Data Protection and are represent here in a simplified form in a number of cases.

The right to information
You reserve the right to ask us to confirm whether any personal data concerning you will be processed, pursuant to Art. 15 of the EU DPA. If this is the case, you will reserve the right of access to this personal data and to the information specified in Art. 15 (1) Hs. 2 of the EU DPA. This specifically includes the purpose of the processing, the categories of any data processed, the recipients to whom data has been or will be disclosed, and the planned duration of the storage period or the criteria for the duration of the storage whenever these are possible.

The right to amendment
You reserve the right to ask us to rectify any incorrect data concerning with immediate effect, pursuant to Art. 16 of the EU DPA. You reserve the right to request any incomplete personal data be finalized by making an additional declaration and when taking the purposes of processing into consideration.
The right to deletion
You reserve the right to ask us to delete your personal information with immediate effect, pursuant to Art. 17 of the EU DPA. We are obliged to delete any personal data immediately should one of the provisions of Art. 17 Sub-section 1 EU DPA apply. These reasons include, for example, the fact that the data is no longer required for the purposes for which it is being collected or otherwise processed.

The right to restricted processing
According to Art. 18 EU DPA, you have the right to ask us to restrict processing your personal information should any of the conditions of Art. 18 of the EU DPA apply. This includes, for example, where you may dispute the accuracy of any personal data. We may only then process any data to a limited extent for as long as it takes to verify the accuracy of any personal data.

The right to data portability
You reserve the right to receive any personal data concerning you, which has been provided to us in a structured, standard and machine-readable format, pursuant to Art. 20 of the EU DPA. You reserve the right to transfer this data to another data controller without any interference, i.e. to another body which processes data, provided that it was processed originally based on consent or it was required in order to honor a contract.

The right of objection
According to Art. 18 EU DPA, you have the right to object to any personal data concerning you from being processed at any time if this data is being processed on the basis of Art. 6 Sub-section 1 lit. e) or f) of the EU DPA and there are reasons for doing so which are linked to your personal situation. Objections can be made to the processing of data for the purpose of direct marketing at any time. Any personal data will then no longer be processed for this purpose. The right of objection can be exercised by making an informal declaration. A written declaration or an email sent to the contact address specified above will be sufficient.

Right to withdraw the declaration of consent
You reserve the right to withdraw your consent to processing at any time, pursuant to Art. 7 Sub-section 3 of the EU DPA. The legality of any processing carried out on the basis of the consent shall remain unaffected until it is withdrawn. The right of revocation can be exercised by making an informal declaration. A written declaration or an email sent to the contact address specified above will be sufficient.

Automated decision in individual cases including profiling
You reserve the right not to be subject to a decision based exclusively on automated processing, including profiling, which has a legal impact on you or which may disadvantage you in a similar manner, pursuant to Art. 22 of the EU DPA. Art. 22 Sub-section 1 of the EU DPA provides for exceptions to this, whereby Art. 22 Sub-section 4 of the EU DPA includes partial exceptions.

The right of appeal to a supervisory authority
You reserve the right of appeal to a supervisory authority under Article 77 of the EU DPA, in particular within the Member State of your place of residence, place of work or of the place of suspected infringement, without prejudice to any other administrative or legal remedy, should you believe that the processing of personal data concerning you contradicts this regulation.

VII. Third-party services

We use the following third-party services:
- Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”)

- Instagram Inc., subsidiary of Facebook Inc., 181 South Park Street, San Fransisco, CA 94107, USA (“Instagram”)

A third party may have its registered office located in a third country, i.e. a country in which the DPA has no direct legal implications. In this case, data shall only be transmitted if your consent is given, if an appropriate level of data protection remains intact or if another legal permit exists.
Google, Facebook/Instagram, Twitter, LinkedIn and MailChimp operate under the Privacy Shield Agreement (EU-US Privacy Shield), which means that the provisions of the Privacy Shield Agreement correspond to the data protection level of the European Union and that this data will be processed accordingly.
The purpose of data processing is usually user-specific advertising, i.e. individualised advertising can be placed which corresponds to the presumed interests of the user or results from the user's previous usage behaviour. For this purpose, cookies are stored on the user's end devices. These cookies can store the usage behavior and thus represent the areas of interest. 
We would like to make it clear that in the case of requests for information and/or the assertion of other rights of affected parties, users should contact the respective third party providers directly. They have access rights to the user's data stored and processed there and can provide information and/or take appropriate measures. Should you contact us directly, we will try to support your request as best we can. However, as we have no access to the data stored by third parties, our scope for action is limited. 

Facebook, Instagram
We have integrated plugins of social networks and Facebook and Instagram services on our website

We use the 2-click method in order to ensure the highest possible level of protection and to take the principle of minimizing data into consideration. By doing so, any direct contact between the social network and you is only established when you actively click on the corresponding button.
No data will be collected, no activities are logged, and no surfing profile will be created unless the social network button has been clicked.
If the button is clicked, the respective service provider will receive information that you have accessed our website. No user account is required for this service; likewise, you do not need to be logged in if you have a user account. However, this data will be assigned directly to the account if you have a user account with the service provider and are logged in. This can be prevented by logging out before clicking the button in your user account of the corresponding service.
We have no way of influencing whether, to what extent, for what purpose and for how long the service providers and social networks collect personal data.
Further information on processing user data can be found here: 

VIII. Technical and organizational measures

We take technical and organizational measures to ensure that the security and protection requirements of the EU DPA are met, and that any personal data are protected against loss, destruction, manipulation or access by unauthorized individuals. The measures are always adapted to state-of-the-art technology.

Changes to the Privacy Policy
We reserve the right to amend this Privacy Policy at any time. You are asked to familiarize yourself regularly with the contents of the Privacy Policy.

- Updated May 2018 -