top of page

Privacy Policy

Data Protection

PRIVACY POLICY

 

Name and address of the person responsible:

The person responsible according to the EU General Data Protection Regulation and other data protection regulations is:

Katherine Flatley

Segeberger Landstr. 174F

24145 Kiel

Germany

+49 176 4598 6348

kathy@burnoutrevolution.com

www.burnoutrevolution.com

 

WE RESPECT YOUR DATA!

 

We are delighted you are interested in our website. The trust of all

visitors and customers, the security of your data and the protection of your privacy

are of central importance to us. We therefore treat your personal data in accordance with the applicable statutory data protection regulations and this privacy policy. Personal data is information that can be used to find out your identity, such as your real name, address or telephone number.

 

If you view and use our site without registering or otherwise expressly providing us with information, we will process the data that is sent to us with each request from your browser (see below "Protocol data"). If you expressly provide us with personal data, this will only be done for the purpose of the request or the respective order. We would like to point out that data transmission on the Internet can never be completely protected against access by third parties. Below we would like to explain in more detail which data we process, when and for what purpose. It explains how the services we offer work and how the protection of your personal data is guaranteed.

 

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

 

If we obtain consent from the data subject for processing personal data, Art. 6 Para. 1 lit. a GDPR serves as the legal basis.

 

For the processing of personal data that is necessary to fulfil a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

 

If processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.

 

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.

 

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for data processing.

 

DATA DELETION AND STORAGE PERIOD

 

The personal data of the person concerned will be deleted as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless there is a need to further store the data for the conclusion or fulfilment of a contract.

 

YOUR RIGHTS

 

You have the right to free information about the data we have stored about you and, if applicable, the right to correction, restriction of processing or deletion of this data. You also have the right to data portability. Finally, you also have the right to complain to the data protection supervisory authority about our processing of your personal data.

 

We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements of Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.

 

PROVISION OF INFORMATION

 

If you have any questions about the collection, processing or use of your personal data, for information, for the correction, blocking or deletion of data, as well as for the revocation of any consent given or to object to a specific use of data, please contact us using the following email address: kathy@burnoutrevolution.com.

 

PROTOCOL DATA

 

The automatic collection and storage of protocol data by the

provider of the Internet services (provider) is carried out because the processing of this data is

technically necessary in order to display our website to you and to ensure stability and security. The protocol data includes the following

information:

• Date and time of the respective request

• Internet address (URL) that was requested

• URL that the visitor visited immediately before

• Browser and language used

• Operating system used and its interface

• IP address and host name of the visitor

• Access status / HTTP status code

  • Amount of data transferred in each case

 

This data is transmitted to us automatically and cannot be assigned to you personally

with considerable effort. The legal basis for the processing of this data is our legitimate interest in accordance with Art. 6 (1)(1)(f) of GDPR, because this data processing is necessary for the operation and display of the website. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of collection of data to provide the website, this is the case when the respective session has ended. The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

COOKIES

 

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device and that store certain information for exchange with our system. The legal basis for the processing of this data is Art. 6 (1)(1)(f) of GDPR.

 

Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing the browser (transient cookies). These include in particular session cookies. These store a unique identifier (session ID). This session ID can be used to assign various requests from your browser to a common session. This allows your device to be recognised when you return to our website during a session. Session cookies are also deleted when you log out. Other cookies remain on your device for a specified period of time and enable us to recognise your browser or device the next time you visit (persistent cookies). Please note that certain cookies are already set as soon as you enter our website. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases, in particular cookies from third parties (third party cookies) or in general. If you do not accept cookies, the functionality of our website may be limited for you.

 

CONFIGURING COOKIE SETTINGS IN THE BROWSER

 

You have the option of preventing cookies from being saved on your computer by

 

using the appropriate browser settings. Each browser differs in the way it manages cookie settings. This is described in the help menuof each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links: Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-

allow-cookies 

Safari™: http://apple-safari.giga.de/tipps/cookies-in-safari-aktivieren-blockieren-

loeschen-so-geht-s/ 

and https://support.apple.com/kb/PH21411?locale=de_DE 

Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=9564 7 Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen 

Opera™: http://help.opera.com/Windows/10.20/de/cookies.html

 

ENCRYPTION THROUGH SSL

 

For security reasons, our website uses SSL encryption (Secure Sockets Layer). This protects transmitted data and prevents it from being read by third parties. You can recognise successful encryption by the fact that the protocol name in the browser's status bar changes from "http://" to "https://" and that a closed lock symbol is visible there.

 

 

 

 

Wix: 

 

Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website: https://de.wix.com/; Privacy Policy: https://de.wix.com/about/privacy; Data processing agreement: https://www.wix.com/about/privacy-dpa-users; 

Further information: As part of the aforementioned Wix services, data may also be transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA on the basis of standard contractual clauses or an equivalent data protection guarantee as part of further processing on behalf of Wix.

 

IONOS (domain)

 

We use the services of IONOS SE, Elgendorfer Str. 57, 56410 Montabaur for web hosting for our websites and have concluded a contract for order processing in accordance with Art. 28 GDPR with IONOS SE.

 

Further information can be found in the IONOS SE privacy policy

at https://www.ionos.de/terms-gtc/terms-privacy.

 

Legal basis

 

The legal basis for processing this data is our legitimate interest in operating and maintaining the operational security of these websites in accordance with Art. 6(1)(1)(f) GDPR.

​

WhatsApp

 

The provider is not a processor and is not responsible for the collection and use of personal data.

 

We would like to point out that the company could transfer data to the USA. However, WhatsApp is certified according to the EU-US Data Privacy Framework. Data transfer to the USA is therefore currently considered sufficiently secure.

 

SoundCloud

 

The provider is not a processor and is not responsible for the collection and use of personal data.

 

Brevo (newsletter)

 

With the information provided in this section, we will inform you about how the registration, dispatch, evaluation and content of our email newsletter are structured. We use the services of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (hereinafter referred to as "Brevo") to send our newsletter.

 

If you would like to subscribe to our email newsletter and read it regularly, you must

register with a valid email address and thus consent to us processing your personal data. Please note the declaration of consent on the newsletter registration form.

 

Before sending the newsletter, you must expressly confirm to us as part of the so-called double opt-in procedure that we should activate the email newsletter service for you. We do this to avoid using third-party email addresses for registrations. You will receive a confirmation and authorisation email from us, in which we ask you to click on the link contained in this email and thereby confirm that you would like to receive our newsletter.

 

In connection with the registration, in addition to the email address, the registration time, the confirmation time, the IP address and the consent text are also saved and we use the email address exclusively for delivering the newsletter unless you have expressly consented to another use.

 

Small, "invisible" files (beacons) that are sent with the newsletter can be used to carry out various evaluations to improve our offers. The IP address, browser, time of retrieval and opening of the newsletter and the click behaviour on links contained in the newsletter are recorded and statistically evaluated.

 

You can cancel receipt by revoking your consent. You can unsubscribe from the newsletter at any time. Please use the link provided in the newsletter for this purpose. Unfortunately, a separate revocation of the dispatch or evaluation of user behaviour is not possible.

 

We have concluded a contract for order processing with the provider in accordance with Art. 28 GDPR.

 

You can view the data protection regulations of the shipping service provider

at https://www.brevo.com/de/legal/privacypolicy/.

 

Legal basis

 

The dispatch of the newsletter and the analysis of the opening and click rates are carried out on the basis of the consent of the recipient in accordance with Art. 6 Para. 1 Letter a, Art. 7 GDPR in conjunction with Section 7 Para. 2 No. 3 UWG.

 

The analysis of the opening and click rates is carried out on the basis of our legitimate interest in accordance with Art. 6 Para. 1 Letter f GDPR. Our interest is to create the most suitable offers possible for our users and to achieve this by analyzing user behavior and to continuously optimize it.

 

Calendly (appointment scheduling)

 

In order to be able to offer you the modern service of simplified online appointment booking, we use the services of Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA (hereinafter "Calendly").

 

When you use Calendly, browser-specific data and your IP address are transferred to Calendly.

 

By clicking the "Book appointment" button, your personal data such as name, email address and other data you provide are also transferred to Calendly. We have no knowledge of further processing and the duration of storage.

We would like to point out that there is a possibility that data will be transferred to the USA and processed by US authorities. However, Calendly is certified according to the EU-US Data Privacy Framework. Data transfer to the USA is therefore currently considered sufficiently secure.

 

To protect your data, we have concluded a data processing agreement with Calendly

in accordance with a contract for order processing in accordance with Art. 28 GDPR.

 

We would also like to point out that you are not obliged to use this service to

arrange an appointment. If you do not want to do this, please use one of the other contact options offered to arrange an appointment.

 

You can find further information on this in Calendly's privacy policy at

https://calendly.com/de/pages/privacy and at

https://help.calendly.com/hc/de/articles/360007032633-DSGVO-FAQs

 

Legal basis

 

The legal basis for the use of the Calendly online appointment booking is your

consent in accordance with Art. 6 Para. 1 Letter a GDPR.

 

reCAPTCHA

 

To protect against unwanted bots, we use the reCAPTCHA service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is a service that runs in the background and helps us to exclude machines from using our services. Google Ireland Limited processes the data in the EU.

 

To protect your personal data, we have concluded a data processing agreement with Google Ireland Limited in accordance with a contract for order processing in accordance with Art. 28 GDPR.

 

It cannot be ruled out that data will also be processed in the USA. However, the parent company Google LLC, based in the USA, is certified according to the EU-US Data Privacy Framework.

 

Data transfer to the USA is therefore currently considered sufficiently secure. Further information on Google reCAPTCHA can be found at

https://www.google.com/recaptcha

Further information on data usage by Google can be found on the overview page:

https://policies.google.com/technologies/ads, Google's privacy policy

can be found at https://policies.google.com/privacy.

Legal basis

The legal basis for this processing of data is your consent in accordance with Art. 6 Para. 1 Letter a of GDPR.

 

As part of our offering, we use the services of Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA, represented by Lionheart Squared, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, DO2 EK84, Republic of Ireland, for online meetings, webinars and video conferences. Zoom is a product of Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

We would like to point out that there is a possibility that data will be transferred to the USA and processed by US authorities.

Zoom Video is not certified according to the EU-US Data Privacy Framework.

We have concluded a data processing agreement with Zoom Video in accordance with a contract for order processing in accordance with Art. 28 GDPR. Zoom has committed itself to complying with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses - SCC).

Further information on the standard contractual clauses can be found at

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-

data-protection/standard-contractual-clauses-scc_de and at

https://blog.zoom.us/de/sicherheit-und-datenschutz-bei-zoom-unsere-antworten-

auf-ihre-fragen/ .

Further information can be found in Zoom's privacy policy,

https://zoom.us/de-de/privacy.html, and at https://zoom.us/de-de/gdpr.

 

Legal basis

 

The legal basis for this processing of data is your consent in accordance with Art. 6 Para. 1

Lt. a GDPR and your express consent in accordance with Art. 49 Para. 1 Lt. a GDPR.

 

YouTube

 

Our website uses YouTube functions. When you visit our site, a connection is established to YouTube's servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you give YouTube the opportunity to assign your user behaviour directly to your personal YouTube profile. You can avoid this by logging out of your YouTube account.

 

We have no knowledge of further processing or the duration of storage.

 

The service is operated by Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA.

 

We would like to point out that there is a possibility that data will be transferred to the USA and processed by US authorities. However, Google LLC is certified according to the EU-US Data Privacy Framework. Data transfer to the USA is therefore currently considered sufficiently secure.

 

We have concluded a data processing agreement with the provider in accordance with a contract

for order processing in accordance with Art. 28 GDPR.

You can find further information on how YouTube handles user data in YouTube's privacy policy at:

https://www.google.de/intl/de/policies/privacy

 

Legal basis

 

The legal basis for this processing of data is your consent in accordance with Art. 6 Para. 1 Letter a GDPR.

 

 

PayPal

 

To process the payment process in the course of our sales offer, we use, among other things, the services of the payment service provider PayPal Europe S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

 

During the payment process, after pressing the button "Order with payment" or "Buy now", your personal data will be forwarded to PayPal for further processing. If you select a payment method during the order process in the online shop, your data will be automatically transmitted to PayPal. By selecting a payment option, you consent to this transmission of personal data for the purpose of processing the payment. The personal data transmitted to PayPal is usually:

First name, last name, address, email address, telephone number and other data that is necessary to process a payment.

 

Personal data that is related to the respective order is also necessary to process the purchase contract. In particular, there may be a mutual exchange of payment information such as bank details, card number, expiration date and CVC code, data on goods and services prices.

 

The purpose of the transmission of data is in particular to verify identity, payment administration and fraud prevention. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit agencies. This transmission is for the purpose of identity and credit checks.

 

PayPal also passes on the personal data to service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed.

 

You have the option of revoking your consent to the handling of personal data at any time to PayPal. A revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing.

 

We would like to point out that there is a possibility that personal data will be transferred to the USA and processed by US authorities. The parent company PayPal has its headquarters in the USA. This company is not certified under the EU-US Data Privacy Framework. PayPal has committed to complying with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses - SCC). You can find more information on the standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-

data-protection/standard-contractual-clauses-scc_de Despite the standard contractual clauses we have concluded with PayPal, these regulations may not be a sufficient means of ensuring the effective protection of personal data transferred to the USA in practice. Further information can be found in PayPal's privacy policy

https://www.paypalobjects.com/marketing/ua/pdf/DE/de/privacy-full.pdf

PayPal is not a processor within the meaning of Art. 4 No. 8 GDPR. It has its own

responsibility.

 

Legal basis

 

The legal basis for the processing of personal data during a booking or payment process arises from Art. 6 Para. 1 Letter b GDPR.

 

SYSTEM AND INFORMATION SECURITY

 

We secure our website and our other systems through technical and organisational measures against loss, destruction, access, modification or distribution of the stored data by unauthorised persons. Despite controls, however, complete protection against all dangers is not possible. The connection to the Internet and the resulting technical possibilities alone mean that no guarantee can be given that content and the flow of information will not be viewed and recorded by third parties.

 

OBJECTION TO UNAUTHORISED ADVERTISING BY E-MAIL

 

As part of the imprint obligation in accordance with Section 5 DDG, we have published general contact details and an e-mail address on our website. We hereby object to the use of these contact details for the unsolicited sending of information materials, advertising or spam emails that we have not explicitly requested.

 

Status of the data protection declaration: September 13, 2024

bottom of page