Table of contents
April 28, 2019
Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
#I. Information about us as controllers of your data
The party responsible for this website (the “controller”) for purposes of data protection law is:
c/o CV Legal Abogados
Jr. José Maria Arguedas J-13
Urb. Sta Mónica Wanchaq, Cusco
#II. The rights of users and data subjects
With regard to the data processing to be described in more detail below, users and data subjects have the right
- to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
- to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
- to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
- to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
- to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.
Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.
#III. Information about the data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.
For technical reasons, the following data sent by your internet browser to us or to our server provider Netlify will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
The data thus collected will be stored for less than 30 days, but not in association with any other of your data.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.
The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all. The form uses the so called localStorage, read more below
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.
#Newsletter - SparkPost
We offer you the opportunity to register for our free newsletter via our website. We use SparkPost, a service of Message Systems, Inc. (dba SparkPost), 9160 Guilford Rd., Columbia, Maryland 21046, USA, hereinafter referred to as “SparkPost”.
Through certification according to the EU-US Privacy Shield SparkPost guarantees that it will follow the EU’s data protection regulations when processing data in the United States. In addition, SparkPost offers further information about its data protection practices at sparkpost.com/policies/privacy/
The legal basis for sending the newsletter is Art. 6 Para. 1 lit. a) GDPR.
You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter. The form uses the so called localStorage, read more below
We use YouTube on our website. This is a video portal operated by YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.
YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification according to the EU-US Privacy Shield Google and its subsidiary YouTube guarantee that they will follow the EU’s data protection regulations when processing data in the United States.
We use YouTube in its advanced privacy mode (recognizable by the url youtube-nocookie.com) to show you videos. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the advanced privacy mode means that the data specified below will only be transmitted to the YouTube server if you actually start a video.
Without this mode, a connection to the YouTube server in the USA will be established as soon as you access any of our webpages on which a YouTube video is embedded.
This connection is required in order to be able to display the respective video on our website within your browser. YouTube will record and process at a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established.
If you are logged in to YouTube when you access our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account.
For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser.
We use Vimeo to display videos on our website. This is a service of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, hereinafter referred to as “Vimeo.”
Some of the user data is processed on Vimeo servers in the USA. Through certification according to the EU-US Privacy Shield Vimeo guarantees that it will follow the EU’s data protection regulations when processing data in the United States.
The legal basis for collecting and processing this information is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.
When you access a page on our website that has Vimeo embedded in it, a connection to Vimeo’s servers in the USA is established. For technical reasons, it is necessary for Vimeo to process your IP address. In addition, the date and time of your visit to our website will also be recorded.
If you are logged into Vimeo while visiting one of our webpages containing a Vimeo video, Vimeo will associate information about your interaction with our site to your Vimeo account. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your Vimeo user account accordingly.
For the purpose of functionality and usage analysis, Vimeo uses Google Analytics. Google Analytics stores cookies on your terminal device via your browser and transmits information about the use of those websites in which a Vimeo video is embedded to Google. It is possible that Google will process this information in the USA.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
The legal basis for collecting and processing this information is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website and in Vimeo’s legitimate interest in statistically analyzing user behavior for optimization and marketing purposes.
Vimeo offers further information about its data collection and processing as well your rights and your options for protecting your privacy at this link: vimeo.com/privacy.
We use GoatCounter as analytics provider, which is totally anonymous. The provided statistics are not as accurate as from other providers, yet it’s sufficient to get an idea which pages are being visited, post are read and how often.
The following information is collected:
URL of the visited page.
Country name based on IP address.
No personal information (such as IP address) is collected. Visitors are not tracked by using e.g. persistent cookies; it is virtually impossible to tie any of the collected information to a person.
GoatCounter does not collect data which can be used to identify a person, and the GDPR almost certainly doesn’t apply. See Recital 26, “Not applicable to anonymous data”.
That being said, EU Regulations such as the GDPR are interpreted and enforced different across member states, and national laws may also apply. It’s advised you consult a lawyer if you want detailed legal advice specific to your situation.
Our forms use the so called localStorage provided by your browser to cache small amounts of data. We use this functionality to backup data you enter in our forms to prevent them from data loss, which might happen due to connection problems, page reload, etc. Each form has its own entry in the localStorage to be synchronised with. We prefill the form automatically if you refresh the page or a submission fails. The cache will be cleared if you manually delete the content of the fields and after a successful submission.
#What about Facebook and other social Networks?
You might be wondering why we’re nowhere talking about our use of social links like Facebook or no mentioning about analytical services like Google Analytics. Even though we’re using all of those services, we’e not giving them any personally identifiable information (PII). This works because we’re using our own implementations, instead of the officialy provided ones.
Our use of Google Analytics is similar. Our website doesn’t talk to Google’s servers directly. We built our own little “gatekeeper” which receives only information we provide, which includes the site url you’re currently visiting and a randomly generated id to group multiple requests, none of which contain any personally identifable information. Our gatekeeper will then hand those information over to Google Analytics for us to review. This system won’t give us accurate user statistics, but rather an idea about which pages and articles are mostly clicked.
The fonts we use are originally from Google’s Font collection. As we store them on our servers, Google won’t get access to your personal data.