Privacy Policy


Welcome to my website. I would like to show you as a customer, by observing and implementing the legal provisions on data protection, my professional way of working and thus offer the basis for a successful cooperation. I am convinced that this can only be done through a transparent presentation of the data protection provisions and their compliance. Therefore I would like to present below which data I process for which purpose, at what time and on which legal basis. The processing of personal data on my website is discussed and checked with our internet service provider, Solutionsforweb Online Marketing GmbH, Regensburg. You are also welcome to contact our partner. If you have any questions about the data collected or processed, I am at your disposal at any time and will be happy to answer them. The security of your data is of everyone’s concern and for me the basis of the relationship of trust between you as a customer and me.


Responsible body

Carolyn Steen, located at Aldringenstraße 12 in 80639 München (hereinafter: I) is the operator of the website, responsible according to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR).

If you have any questions, I am available to you at any time by email. Please use the address


You have the following rights towards Carolyn Steen regarding your personal data:

  • Right to confirmation about the categories of the processed data, the processing purposes, the storage period and the recipient of the data. (Art. 15 GDPR)
  • Right to correct or delete inappropriate or incomplete data. (Art. 17 GDPR)
  • Right to restrict the processing of your data in the event that deletion is not possible or is in dispute. (Art. 18 GDPR)
  • Right to object to the processing of his data if the data processing of your data took place as a result of a legitimate interest. (Art. 21 Para. 1 GDPR)
  • Right to withdraw consent given so that you can withdraw it for the future. (Art. 7 Para. 3 GDPR)
  • Right to data transfer in a common format (e.g. Word, Excel, etc.). (Art. 20 GDPR)
  • Right to complain to a data protection supervisory authority about the processing of your personal data by me (Art. 77 GDPR) – you are welcome to contact me in advance, I take your concern very seriously and check possible violations in advance, so that these can be remedied immediately.



I secure my website and the other systems used with technical and organizational measures against loss, destruction, access or distribution by third parties, especially unauthorized persons. This also applies to your data.

In particular, your personal data are encrypted to protect the transmission of confidential content. I use the SSL encryption system, you can recognize an encrypted connection by the fact that the address line of the browser changes to https: //. In addition, a lock symbol can be seen in many browsers.

Please note that the transmission of information via the Internet is never completely secure, which is why I cannot guarantee the security of the data transmitted from our website 100%.


Data transmission to third countries outside the EU Information that I receive about you through the use of my website is generally managed on servers that are located within the European Union. Your data will only be transmitted or processed in third countries without your express consent if this is provided for by law and the level of data protection to be expected is guaranteed in the third country. Your data is very important to me, so I handle it with care.



Basically, I do not pass your data on to third parties. There are two exceptions to this:

    1. You have consented to the data transfer or
    2. I am entitled or obliged to pass on data based on legal provisions or official or judicial orders. Examples include the provision of information for law enforcement purposes, for security purposes or for the enforcement of intellectual property rights.

I may transfer your personal data to external service providers to simplify my own data processing. In this case, my processor is contractually obliged in accordance with Art. 28 of the General Data Protection Regulation (GDPR). As a result, the processor must offer guarantees for suitable technical and organizational measures to ensure processing in accordance with the requirements of the GDPR and to protect your rights as a data subject.


Server log files

Every time you visit my website, general information (so-called server log files) is sent from your browser to my server.



  • IP address of the user
  • Browser type & browser version
  • Operating system used
  • Your internet service provider
  • The website from which your access came
  • Status and the amount of data transferred
  • Date and time of the request

The IP address of your computer is only saved for the time you use the website and then deleted or partially blurred by shortening it. These data are not assignable to any persons. The rest of the data is stored for a limited period of time. The legitimate interest in using this data results from the necessity for the proper operation of my website, in particular in order to determine and eliminate errors on the website. It also enables me to make improvements, ensure the security of the system and control workloads.

The legal basis for the use of the server log files is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing).


My website uses so-called cookies. Cookies serve to make my offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser for the next session.

Most of the cookies I use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain on your device until you delete them. These cookies enable me, for example, to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases. There is also the option to activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted, but you can still use them without cookies.

If you wish, you can restrict or prevent the setting of cookies in the browser settings. You can also have the set cookies automatically deleted when the browser window is closed, so that no website tracks your cookies. To make this as easy as possible for you, I have attached the procedure for the most common browsers here.

Apple Safari

Google Chrome

Microsoft Internet Explorer

Mozilla Firefox

The use of these cookies only serves the legitimate interest of the provider in improving the functionality of the website and is based on Art. 6 Para. 1 f) GDPR.

You can find an overview of the cookies used on my website under the following link:


My website offers you as a potential customer the opportunity to contact me directly. You agree to the processing and storage of your data by sending the contact form or an email to me. The data will not be passed on to third parties.

I process the data you send to me until the respective purpose of contacting you has been reached (e.g. answering your request, sending a brochure or similar), but at most up to 7 days after reaching the purpose.

According to Art 6 Para. 2 b) GDPR, the contact request serves to fulfill a contract or pre-contractual measures.

You can object to this processing of your data at any time with future effect.

The legal basis for the use of the transmitted data lies in Art. 6 Para. 1 S. 1 Letter a) GDPR (consent of the data subject). You can withdraw your consent at any time in accordance with Art.7 Para. 3 GDPR.



I use third-party services for my website, such as templates, plugins or application programming interfaces (so-called APIs) to guarantee and expand the range of functions of my website. In doing so, data may be transmitted to the service provider, which I would like to introduce to you later.



Google services


My website uses products or services from Google LLC (“Google”), located at 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

The company Google fulfills the requirements of the “EU Privacy Shield”.

What is the Privacy Shield Agreement? The Privacy Shield Agreement regulates the protection of personal data (in this case your data) that is transferred from a member state of the European Union (e.g. Germany) to the United States of America (USA). The agreement thus ensures that the data transferred there is subject to a level of data protection that corresponds to that of the European Union.

The list of certified companies can be found at the following link: You can find more information on handling user data in Google’s data protection declaration itself:

Google reCAPTCHA


My website uses the abuse protection “Google reCAPTCHA” to be visited only by people and not by automated processing. The reCAPTCHA service helps me to prevent cyberattacks through “bots” by checking whether the user is a real person using an input field. As a user, you may be familiar with the different images, where you have to assign which elements a car or a street sign represent. This service enables me to use the website in a stable manner and protect it from misuse.

For this purpose, the data entered is usually transferred to a Google server in the USA and processed for verification. As a rule, this request transfers the following information and stores it there for several months: the website you visit, your entry in the input field and the IP address of your device.

The legal basis for the processing of your data in relation to the “Google reCAPTCHA” service is Art. 6 Para. 1 S. 1 Letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from my need to offer the customer effective protection of my online offer against cyberattacks and spam protection and to be able to operate the service stably.

Google Maps


In my website I use the external map service “Google Maps” to enable you to view my location as well as a route description. The interactive map shows you the location of my location and how you can reach me. By using the service, map material is loaded from an external Google server (located in the USA).

As a rule, this request means that the websites visited and the IP address of your device are transferred to a Google server in the USA.

If you as a user do not agree to this processing, there is the option of preventing the installation of cookies using the browser settings. You can find more information on this under the “Cookies” section, which also shows how you can completely prevent cookies.

The legal basis for the processing of your data in relation to the “Google Maps” service lies in Art. 6 Para. 1 S. 1 Letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from my need for an appealing presentation of our online offer and the easy location of the places specified on my website.


Google Web Fonts


To display the font on the website, I use external fonts in the form of “Google Fonts”. This service enables me to present my website consistently and attractively even with very differently configured user devices. This is done by loading the fonts from an external server instead of the user’s device.

The required fonts are requested directly from a Google server (usually located in the USA). By requesting the fonts, the websites visited and the IP address of your device are transmitted to the server and stored there.

The legal basis for the processing of your data in relation to the “Google Fonts” service is Art. 6 Para. 1 S. 1 Letter f) GDPR (legitimate interest in data processing). The legitimate interest of this use results from the need for an appealing and uniform presentation of my online offer, as is the legitimate interest of Google for the collection of personal data. More information can be found at:

If you have any questions about data protection or have found an error, please feel free to contact me at any time. The protection of your data is important to me and forms the basis for a trusting cooperation.

Status of the data protection declaration: 05.02.2020