a) ‘Personal data’ – information such as name, address, e-mail address or phone number that can be used to identify a person.
b) ‘Data subject’ – a person who has personal data processed by us.
c) ‘Processing’ – any operation or set of operations performed on personal data (including collection, recording, storage and usage for the purpose for which it was collected).
d) ‘Data controller’ – a person or people who determine the purposes and means of processing personal data at a company.
e) ‘Data processor’ – a person who processes personal data on behalf of the controller.
f) ‘Consent’ – specific, informed and clear affirmative action by a data subject indicating that they agree to the processing of personal data relating to them.
g) ‘Third party’ – a person or public authority, agency or body other than the data subject, data controller or data processor.
2. Rights of the data subject
Data subjects are entitled to:
– get confirmation as to whether or not personal data concerning them is being processed
– get information about their personal data stored at any time
– revoke consent to the processing and storage of their personal data
– have their personal data erased
– receive their personal data in a structured, commonly used and machine-readable format
Email your request to Alex McDonald, email@example.com, Flat 5, Basil House, Wyvil Road, London, SW8 2SW
3. Collection of general data when visiting website
The website of Jodi Goldman Ltd collects general data and information when a data subject views the website. This general data and information is stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the specific pages visited on our site (5) the date and time of access to the site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, Jodi Goldman Ltd analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
4. Subscription to newsletter and marketing material
On the website of Jodi Goldman Ltd, users are given the opportunity to subscribe to our newsletter and marketing material (which is then delivered via e-mail). These emails may only be sent to the data subject if they have specifically and voluntarily supplied their name and a valid email address. This personal data is only used by Jodi Goldman Ltd to provide these emails.
A double-opt in email will be sent to the data subject which is used to obtain their consent to receiving our newsletter and marketing material. If this consent is not given then they will not receive this material and their personal data will be deleted.
During the data subject’s registration for the newsletter and marketing material, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
There will be NO TRANSFER of personal data- used to send the newsletter and marketing material to data subjects – to third parties.
The newsletter and marketing material of Jodi Goldman Ltd contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Jodi Goldman Ltd may see if and when an e-mail was opened by a data subject and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the emails is stored and analysed by the controller in order to optimise the shipping of the newsletter and marketing material, as well as to adapt the content of future material even better to the interests of the data subject. This personal data will NOT be passed on to third parties.
The subscription to our newsletter and marketing material – and consent to the storage and processing of personal data related to this – may be terminated by the data subject at any time. To this end, an unsubscribe link is provided on any emails sent to the data subject. It is also possible to unsubscribe at any time by contacting the data controller directly:
Alex McDonald, firstname.lastname@example.org, Flat 5, Basil House, Wyvil Road, London, SW8 2SW
5. Contact via the website contact form
If a data subject contacts us by e-mail or via contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to us is stored on our email system for the purpose of processing or contacting the data subject. There is NO transfer of this personal data to third parties.
6. Comments function on website blog
Jodi Goldman Ltd offers users the ability to leave comments on our individual blog pages. If a data subject voluntarily leaves a comment on a blog published on this website, the comments made by the data subject are stored and published, as well as information on the date of the commentary and the user’s pseudonym.
In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of this personal data is, therefore, in the own interest of the data controller, so that he or she can exculpate in the event of an infringement. This collected personal data will NOT be passed to third parties, unless such a transfer is required by law or serves the aim of the defence of the data controller.
As is standard for almost all websites and servers, the website of Jodi Goldman Ltd uses ‘cookies’ (small text files that are created and stored on a data subject’s web browsing device).
Only the website or server that created the cookie can retrieve or read the contents within it and for most purposes a website sending a cookie does not need to know who the data subject is – it just needs to remember that it has seen the data subject’s browser before. However, to do this, the cookie will typically use a unique identifier (the cookie ID) that allows websites and servers to identify a specific browser. This can leave traces which, when combined with other information received by servers, may be used to identify an individual and therefore as suggested by recital 30 of the GDPR, cookies constitute a form of personal data.
Consent and how you can control cookies
Should a data subject choose to, they can change their cookie settings at any time. If they choose to block our cookies, some of the functionality of the website may not be available and this may adversely affect the performance and experience of the site.
8. Data Protection provisions about the application and use of WordPress plugins and social media
On this website, the data controller has integrated components of the WordPress plugin AddThis. AddThis is a so-called bookmarking provider. The service allows for simplified bookmarking of Internet pages via buttons. By clicking on the AddThis component with the mouse, or by clicking on it, a list of bookmarking and sharing services is displayed.
By calling up one of the individual pages of the website, which is operated by the controller, and on which an AddThis component has been integrated, the Internet browser of the data subject is automatically prompted by the respective AddThis component to download data from the website www.addthis.com. Within the framework of this technical procedure, AddThis is informed of the visit and the specific individual page of this website that was used by the data subject with the help of information technology. In addition, AddThis is informed about the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject, the browser type and language, the web page accessed before our website, the date and the time of the visit to our website. AddThis uses this data to create anonymous user profiles. The data and information transmitted to AddThis in this way will enable AddThis, as well as affiliates or their partner-enterprises, to contact visitors of the web pages of the controller with personalised and interest-based advertising.
AddThis displays personalised and interest-based advertising on the basis of a cookie set by the plugin. This cookie analyses the individual surfing behaviour of the computer system used by the data subject. The cookie saves the computer-based outgoing visits to Internet pages.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent AddThis from setting a cookie on the information technology system of the data subject.
The data subject also has the possibility of objecting permanently to the processing of personal data by AddThis. For this purpose, the data subject must click on the opt-out button under the link http://www.addthis.com/privacy/opt-out, which sets an opt-out cookie. The opt-out cookie used for this purpose is placed on the information technology system used by the data subject. If the data subject deletes the cookies from his system, then the data subject must call up the link again and set a new opt-out cookie.
With the setting of the opt-out cookie, however, the possibility exists that the websites of the controller are not fully usable anymore by the data subject. The applicable data protection provisions of AddThis may be accessed under http://www.addthis.com/privacy/privacy-policy.
On this website, the controller has integrated components of the enterprise Facebook.
With each call-up to one of the individual pages of this website which is operated by the controller and into which a Facebook component (Facebook plug-in) has been integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it explains what setting options Facebook offers to protect the privacy of the data subject. Different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.
On this website, the controller has integrated the component of Google Analytics (with the anonymiser function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimisation of a website and in order to carry out a cost-benefit analysis of Internet advertising.
For web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our website, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyse the use of our website. With each call-up to one of the individual pages of this site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America.
Google may pass this personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html.
On this website, the controller has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results. The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on Google search engine results.
If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or cancelled a sale of goods.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimise our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass this personal data collected through the technical procedure to third parties.
The data subject may, at any time, prevent the setting of cookies by our website, as stated above, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.
The data subject has a possibility of objecting to the interest based advertisement of Google. Therefore, the data subject must access from each of the browsers in use the link www.google.com/settings/ads and set the desired settings.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.
On this website, the controller has integrated components of YouTube.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognises with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
9. Legal basis for the processing of personal data
Art. 6(1) lit. a of the GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
10. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data erased in accordance with legal requirements.
11. Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.
We are committed to ensuring that your information is secure. Jodi Goldman Ltd has implemented suitable physical, electronic and managerial procedures in order to protect personally identifiable information from loss, misuse, alteration or destruction. Only authorised Jodi Goldman Ltd employees are provided access to personally identifiable information and these employees have agreed to maintain the confidentiality of this information.