Change privacy settings | History of privacy settings | Revoking consent

Privacy policy

Note: This English translation is for informational purposes only. Name and address of the person responsible:

The controller within the meaning of the EU General Data Protection Regulation and other data protection regulations is
Sonja Neuroth
Kantorie 75
45134 Essen, Germany
Germany

Tel.: 0201 27109974
E-mail: info@sonjaneuroth.de
Website: https://sonjaneuroth.de

We respect your data!

Thank you for your interest in our website. The trust of all visitors and customers, the security of your data and the protection of your privacy are of central importance to us. We therefore treat your personal data in accordance with the applicable statutory data protection regulations and this privacy policy. Personal data is information that can be used to identify you, such as your real name, your address or your telephone number.
If you view and use our website without registering or otherwise expressly transmitting information to us, we process the data that is transmitted to us with each request from your browser (see "Log data" below). If you expressly transmit personal data to us (e.g. via our contact form), this is done exclusively for the purpose of the request or the respective order. We would like to point out that data transmission on the Internet can never be completely protected against access by third parties.
In the following, we would like to explain to you in more detail what data we process, when and for what purpose. It explains how our services work and how the protection of your personal data is guaranteed.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for data processing.

Data erasure and storage duration

The personal data of the data subject will be deleted as soon as the purpose of storage no longer applies. Data may also be stored if this is provided for by European or national laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Your rights

You have a right to free information about the personal data we have stored about you and, if applicable, a right to rectification, restriction of processing or erasure of this data. You also have the right to data portability. Finally, you also have the right to complain to the data protection supervisory authority about the processing of your personal data by us.
We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.

Provision of information

If you have any questions regarding the collection, processing or use of your personal data, for information, for the correction, blocking or deletion of data as well as for the revocation of any consent given or for objection to a specific use of data, please contact us using the following e-mail address: info@sonjaneuroth.de

Protocol data

The automatic collection and storage of log data by the provider of the Internet services (provider) takes place because the processing of this data is technically necessary in order to display our website to you and to ensure stability and security. The log data includes the following information:

Date and time of the respective request
Internet address (URL) that was requested
URL that the visitor visited immediately before
Browser and language used
Operating system used and its interface
IP address and host name of the visitor
Access status / http status code
Amount of data transferred in each case

This data is transmitted to us automatically and cannot be assigned to your person with reasonable effort. The legal basis for the processing of this data is our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR, as this data processing is necessary for the operation and display of the website. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

Cookies

In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your end device and that store certain information for exchange with our system. The legal basis for the processing of this data is Art. 6 para. 1 sentence 1 lit. f GDPR. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (transient cookies). These include session cookies in particular. These store a unique identifier (session ID). This session ID can be used to assign various requests from your browser to a common session. This allows your device to be recognized when you return to our website during a session. Session cookies are also deleted when you log out.
Other cookies remain on your end device for a specified period of time and enable us to recognize your browser or end device the next time you visit our website (persistent cookies).
Please note that certain cookies are already set as soon as you enter our website. You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases, in particular cookies from third parties (third-party cookies) or in general. If you do not accept cookies, the functionality of our website may be restricted for you.

We use the "Real Cookie Banner" consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. You can find details on how "Real Cookie Banner" works at https://devowl.io/de/rcb/datenverarbeitung/. The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.

Configuration of the cookie settings in the browser

You have the option of preventing cookies from being stored on your computer by making the appropriate browser settings. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari™: http://apple-safari.giga.de/tipps/cookies-in-safari-aktivieren-blockieren-loeschen-so-geht-s/ and https://support.apple.com/kb/PH21411?locale=de_DE
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: http://help.opera.com/Windows/10.20/de/cookies.html

Encryption through SSL

For security reasons, our website uses SSL encryption (Secure Sockets Layer). This means that transmitted data is protected and cannot be read by third parties. You can recognize successful encryption by the fact that the protocol name in the status bar of the browser changes from "http://" to "https://" and that a closed lock symbol is visible there.

Web hosting via all incl

We use the services of ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68 | D-02742 Friedersdorf for web hosting for our websites and have concluded an order processing contract with all-inkl.com in accordance with Art. 28 GDPR. Further information can be found in the privacy policy of all-inkl.com at https://all-inkl.com/datenschutz/. The legal basis is our legitimate interest in operating and maintaining the operational security of these websites in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Contact form

You can contact us electronically using the contact form provided by us. Our contact form indicates which data is mandatory and which can be entered voluntarily. All data entered will be stored by us and used exclusively for the purpose of answering your inquiries. In addition, your IP address and the date and time of registration are stored. Your personal data will be deleted as soon as storage is no longer required for this purpose or we will restrict processing if there are statutory retention obligations. The legal basis for the processing of the data is the implementation of a pre-contractual measure by your request in accordance with Art. 6 para. 1 lit. b GDPR.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Registration on this website

You can register on our website in order to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject your registration.

In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing that has already taken place remains unaffected by the revocation.

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

Newsletter Brevo

The information provided in this section explains how the registration, dispatch, evaluation and content of our e-mail newsletter are organized.
We use the services of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (hereinafter referred to as "Brevo") to send our newsletter.
If you would like to subscribe to our e-mail newsletter and read it regularly, you must register with a valid e-mail address and thus consent to the processing of your personal data by us. Please refer to the declaration of consent on the newsletter registration form.
Before sending the newsletter, you must expressly confirm to us as part of the so-called double opt-in procedure that we should activate the e-mail newsletter service for you. We do this to prevent third-party e-mail addresses from being used for registrations. For this purpose, you will receive a confirmation and authorization e-mail from us asking you to click on the link contained in this e-mail to confirm that you wish to receive our newsletter.
In connection with the registration, in addition to the e-mail address, the time of registration, the time of confirmation, the IP address and the consent text are stored and we use the e-mail address exclusively for the delivery of the newsletter, unless you have expressly consented to other use.
Small, "invisible" files (beacons) that are sent with the newsletter can be used for various evaluations to improve our offers. The IP address, browser and time of retrieval and opening of the newsletter and the click behavior on links contained in the newsletter are recorded and statistically evaluated.
You can cancel your subscription by withdrawing your consent. You can unsubscribe from the newsletter at any time. To do so, please use the link provided in the newsletter. A separate revocation of the dispatch or evaluation of user behavior is unfortunately not possible.
We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR.
You can view the data protection provisions of the shipping service provider at https://www.brevo.com/de/legal/privacypolicy/ view.
Legal basis
The newsletter is sent and the opening and click rates are analyzed on the basis of the recipient's consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG. The analysis of opening and click rates is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our interest is to create the most suitable offers for our users and to achieve and continuously optimize this by analyzing user behavior.

YouTube

Our website uses YouTube functions. When you visit our site, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you give YouTube the opportunity to assign your user behavior directly to your personal YouTube profile. You can prevent this by logging out of your YouTube account.
We have no knowledge of further processing or the duration of storage. The operator of the service is Google LLC, D/B/A YouTube, 901 Cherry Ave, San Bruno, CA 94066, USA.
We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities. According to the current legal situation, the USA is considered an unsafe third country with an inadequate level of data protection. There is currently no adequacy decision pursuant to Art. 45 GDPR.
However, Google has undertaken to comply with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses - SCC).
You can find more information on the standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de and under https://policies.google.com/privacy/frameworks?hl=de .
You can find further information on the handling of user data by YouTube in YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Google Web Fonts

We use Google Web Fonts. All fonts are loaded locally.When using Google Web Fonts, no personal data is forwarded to third parties.

Processing of data (customer and contract data)

We collect, process and use personal data only insofar as it is necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable or charge the user for the use of the service.

The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transmission upon conclusion of contract for online stores, retailers and shipping of goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with payment processing. Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures .

Data transmission upon conclusion of a contract for services and digital content

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution responsible for processing payments.

Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures .

Woocommerce and Woocommerce Germanized

This website uses the WordPress plugins Woocommerce and Woocommerce Germansized to ensure the technically smooth sale of products. This is a local plugin. No personal data is transferred to Woocommerce. The Woocommerce plugin adds the functionality of an online store to our content management system. Woocommerce Germanized extends WooCommerce and ensures the technical adaptation to the specific German legal requirements. In this way, we ensure compliance with data protection regulations when using WooCommerce.

PayPal

On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option of withdrawing your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

Gelato

On our website, we offer the option of ordering products using the print-on-demand process. This means that the respective product is not in stock with us, but that an order to print the product is only placed with an external provider after payment by the customer. For these services, we use the company Gelato ASA, Dronning Eufemias gate 8, 0191 Oslo, Norway, which automatically receives an order with the customer's delivery address after payment for the product in order to print the product and send it to the customer independently.

If you order products on this page that must first be printed and are obviously not original paintings, your data will be forwarded to Gelato for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b GDPR). You can find more information at: https://www.gelato.com/de/rechtliches/privacy

TranslatePress

This site uses the translation service TranslatePress of SC Reflection Media SRL, Str. Armoniei, nr. 23A, Ap. 46, Timis County, Timisoara City, Romania.

The purpose of this use is to offer our users the opportunity to use our website in another language.

We are not aware of any data being transferred to SC Reflection Media SRL in the process.

The legal basis for the use of TranslatePress is Art. 6 para. 1 lit. f) GDPR. The use of TranslatePress is in the interest of easy accessibility and accessibility of our online offers for international visitors. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

You can find more information on the handling of user data in the TranslatePress privacy policy at https://translatepress.com/privacy-policy/.

Wordfence (Firewall)

We use the Wordfence plugin to secure our website against hacking and unauthorized access and to protect personal data. The provider of this service is Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA. The program sets cookies for the administrator and other registered members of the website and filters IP addresses that attack the website.
We have concluded an order processing contract with Defiant in accordance with Art. 28 GDPR.
The legal basis is our legitimate interest in operating and maintaining the operational security of these websites in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information can be found in the Wordfence privacy policy, available at: https://www.wordfence.com/privacy-policy/

System and information security

We secure our website and our other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of the stored data by unauthorized persons. Despite controls, however, complete protection against all risks is not possible. The connection to the Internet and the resulting technical possibilities alone mean that no guarantee can be given that content and the flow of information will not be viewed and recorded by third parties.

Objection to unauthorized advertising by e-mail

We have published general contact details and an e-mail address on our website as part of our obligation to provide an imprint in accordance with Section 5 of the German Telemedia Act (TMG). We hereby object to the use of this contact data for the unsolicited sending of information material, advertising or spam e-mails that we have not explicitly requested.

Status of the privacy policy: 26.4.2025