1. Introduction

At Jimdo, we understand that data protection can be a complex topic, especially for small businesses. The maze of laws and regulations can seem overwhelming while you're running your day-to-day business.

To help you get started, we've created this help article. Here you'll find a selection of sample texts for your privacy policy that briefly describe how data processing works on Jimdo websites. Please note that data processing may vary depending on the content and settings you make on your website. It is therefore important to read this information carefully and adapt it to your specific needs, rather than accepting it as is.

For additional security, we recommend consulting an expert, such as a lawyer or a data protection officer.

If you find this too time-consuming, we have a practical solution for you: Jimdo's Legal Text Manager in collaboration with Trusted Shops. With this add-on, you can easily create individual legal texts (legal notice, privacy policy, terms and conditions and revocation policy) for your website and your store and integrate them automatically. And best of all: they are updated automatically as soon as laws change! You are also protected by the comprehensive warning letter protection from Trusted Shops. Click here to find out more about our offer and keep your website on the safe side legally.

2. What is a Privacy Policy?

You should see the Privacy Policy of your Jimdo site like a personal letter directed to the visitors of your website. The general purpose of a Privacy Policy is to inform your visitors and customers exactly about how you collect and use their personal data on your website, how it is protected, what rights they have, etc.. In case data protection laws are applicable to you (e.g. the well-known General Data Protection Regulation - GDPR), this Privacy Policy is one step to your data protection compliance.

3. How do I edit my Privacy Policy?

In this Jimdo help center article we explain how you can edit your website’s Privacy Policy.

4. What information do I need in my Privacy Policy?

This is a tough question to answer since the level of detail and the amount of information that needs to be provided depends entirely on how you use your website, what service you have integrated, the type and amount of data that is processed, and many more factors. We unfortunately cannot give you a definitive answer on this, but we can give you an idea of what we believe are topics that could be mentioned according to Art. 13 and Art. 14 of the GDPR.

Before we start, it is important to note that this article focuses on GDPR requirements. Depending on your location, other specific laws of EU member states or data protection laws of non-EU countries such as the CCPA for California, USA, may apply. Please reach out to your legal advisor for clarification.

Following you will find some pointers what information should be included in your Privacy Policy:

I. Contact details

Here you should provide the visitors of your website with the name and contact details of the person or business in charge of the website and data processing. That is usually yourself.

II. Data Protection Officer

Under certain conditions, the General Data Protection Regulation (GDPR) requires you to appoint a Data Protection Officer (DPO). You need to check if you are required to name a DPO and add their contact information here. In Germany for example you could check § 38 BDSD to see if you are required to appoint a DPO.

III. Data Processing

Your Privacy Policy is a kind of personal letter directly to your website visitors and customers and should mention all services (Data Processing Activities) you are providing. Please note, that this could also include services that will be provided or conducted by other parties you use, such as Jimdo.

To give you an overview about which potential processing activities could take place on your website, we have created the following sample texts that you are free to use and to amend.

Provision of the online offer and web hosting

Description: Our website is hosted by a dedicated website hosting provider that uses cloud-based servers located within the EU to provide a stable and secure hosting platform. Our website is distributed using a content delivery network provider with servers located all over the world to ensure a fast and safe delivery of our website.
Types of data processed:Usage data: e.g. web pages visited, access times, all entries made within our online offer or from websites
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Provision of a stable and secure online offer that is easy to use.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
Recipients or Categories of Recipients: Website hosting providers, SSL certificate providers, Content Delivery Network Providers
Data Transfer in Third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Collection of log files

Description: We save log files for analyzing and maintaining the technical operation of the servers as well as assisting anti-abuse measures and protecting the security of the hosting platform.
Types of data processed:
Usage data: e.g. web pages visited, access times.
Communication data: e. g. browser type, operating system or IP addresses.
Data subjects: Users (website visitors).
Purpose of processing: Improving the stability and functionality of our website.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR). Our legitimate interest is to ensure the stability and functionality of the website.
Recipients or Categories of Recipients: Website hosting providers, website analysis providers
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: The log files are stored for 7 days and deleted afterwards.

Contact Form

Description: We offer a contact form function on our website which gives you the opportunity to contact us by submitting your contact details and request and clicking on “submit”.
Types of data processed:
Usage data: name, email address and content of the message, web pages visited, access times
Communication data: e.g. IP addresses, browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Processing of contact and pre-contractual inquiries via our website.
Legal basis: Legitimate interest (Art. 6 Abs. 1 p. 1 lit. f. GDPR), Contract fulfillment and/or pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR). Our legitimate interest is to answer your inquiry.
Recipients or Categories of Recipients: Website hosting providers, transactional email providers
Data Transfer in Third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Lead Capture feature “Smart Forms”

Description: We offer Smart Forms on our website which gives you the opportunity to contact us and submit additional information which we need to answer your enquiry.
Types of data processed:
Usage data: logfiles, access times
Communication data: e.g. content of the message, name, phone number, time stamps (e.g. time of sending the form), IP address, browser type, operating system 
Data subjects: Website visitors
Purpose of processing: Initiate contact and conduct pre-contractual enquiries via our website.
Legal basis: For pre-contractual inquiries the processing is necessary in order to take steps at the request of you, the data subject, prior to entering into a contract with us (Art. 6 para. 1 p. 1 lit. b. GDPR). For any other enquiries it is our legitimate interest to receive and answer your inquiries (Art. 6 Abs. 1 p. 1 lit. f. GDPR).
Recipients or Categories of Recipients: website hosting provider, transactional email providers, our email service provider
Data Transfer in Third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Captcha

Description: We have implemented a third party captcha tool in the contact form to check whether the entries on the contact form are made by human visitors of this website or by machines or automated programs (also called "bots").
Types of data processed:
Usage data: e.g. website accessed and date and time of the access
Communication data: e.g. IP addresses, browser type, operating system, IP addresses
Data subjects: Users (e.g. website visitors, users of online services).
Purpose of processing: Securing the contact form with a spam protection
Legal basis: Legitimate interest (Art. 6 Abs. 1 p. 1 lit. f. GDPR). Our legitimate interest is to prevent misuse of our contact form.
Recipients or Categories of Recipients: Website hosting providers, captcha provider
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Online Store Order Confirmations

Description: When you order products in our shop on our website you will receive an order confirmation. To deliver these order confirmations we use a transactional email provider to ensure a quick and secure delivery.
Types of data processed:
Usage data: name, address, email-address, shopping cart, invoice amount, currency and transaction number.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (website visitors).
Purpose of processing: Sending of order confirmations to webshop users (customers).
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO).
Recipients or Categories of Recipients: Website hosting provider, transactional email provider
Data Transfer in Third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Online Store Payment Service Provider

Description: We use external payment providers for the webshop on this website to offer our customers various payment options. The data processed will be disclosed solely for the purpose of processing the payment with the payment service provider and only to the extent necessary for this purpose. We do not store any credit card details ourselves.
Types of data processed:
Usage data: name, address, account number, bank routing number, credit card number (if applicable), invoice amount, currency and transaction number.
Communication data: e.g. IP addresses, browser type, operating system.
Data subjects: Users (website visitors).
Purpose of processing: Offering of external payment providers for the webshop on this website to offer customers various payment options.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO).
Recipients or Categories of Recipients:
Optional: Paypal, PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://stripe.com/de/privacy
Optional: Stripe, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, https://stripe.com/de/privacy
Website hosting provider, transactional email provider
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Website Analytics (Jimdo Statistics)

Description: If you visit our website, we collect information about your use of our website by means of a web analysis function developed by our website hosting provider and store it in a pseudonymous way. This tool collects your IP address and user agent, merges them, and truncates and stores this data using a so-called hash function. In this way, we generate a visitor identifier that will be encrypted using a random value, the so-called SALT, which changes every 24 hours. This ensures that your IP address cannot be recovered from the visitor identifier we store and that you cannot be identified personally. Furthermore, we do not merge this data with other data and only store it on the server of the website hosting provider. We also process web analytics, HTTP data and web analytics profile data. The web analysis function we use generates and stores the web analysis profile. This includes information about the use of our website, in particular page views, call frequency and dwell time on accessed pages as well as the client user agent of your terminal device.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Analyzing user behavior in aggregated form to improve our website including presentation and content.
Legal basis: Legitimate interest (Art. 6 para. 1 lit. (f) GDPR). Our legitimate interest is to conduct web measurement to improve our products and website.
Recipients or Categories of Recipients: website hosting provider
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Jimdo Contact List

Description: We use a Customer Relationship Management (CRM) tool to use and manage customer data in an optimal way.
Types of data processed:
Usage data: name, email-address, order data, shopping cart, payment data, transaction email data, registration data
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (e.g. website visitors, users of online services).
Purpose of processing: Management of customer data, newsletter registration and sending of newsletters.
Legal basis: Contract fulfillment and/or pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR).
Recipients or Categories of Recipients: Website hosting provider
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Jimdo Booking Tool

Description: On our website, we offer visitors the option to book appointments and/or time slots for our services via an integrated booking system.
Types of data processed:
Usage data: Name, email address, phone number, booking data, shopping cart, transactional email data, registration data of your customers/website visitors.
Communication data: e.g. browser type, operating system, or IP addresses.
Data subjects: Users (e.g. website visitors, users of online services).
Purpose of processing: Providing website visitors with the ability to book our services, sending appointment confirmations and reminders.
Legal basis: Contract performance and/or pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b GDPR).
Recipients or categories of recipients: Website hosting providers, booking tool providers, subscription management service providers, transactional email providers, transactional SMS and messaging providers.
Data transfers to third countries: We transfer your personal data to processors in the United States for this purpose. For more information about the transfer of personal data to third countries, please refer to the section Transfer to third countries.
Retention periods or criteria used to determine retention periods: For more information, please see the section Storage Period.

Embedded Maps (Google Maps)

Description: We embed maps on this website by using a plugin of a map service provider to provide an appealing presentation of our online offers and an easy location of the places indicated by us on the website. After you give consent via the consent layer or the cookie banner, the map element is loaded and data is transferred to the servers of the map provider.
Types of data processed:
Usage data: e.g. web pages visited, access times.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (e.g. website visitors, users of online services).
Purpose of processing: Appealing presentation of our online offers and an easy location of the places indicated by us on the website.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR).
Recipients or Categories of Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Video Content (Vimeo, Youtube)

Description: We embed videos content on our website to provide you with an appealing presentation of our online offers. After you give consent via the consent layer or the cookie banner, the video content is loaded and data is transferred to the servers of the video hosting provider.
Types of data processed:
Usage data: e.g. web pages visited, access times.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers by implementation of video content.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR).
Recipients or Categories of Recipients:
Optional: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA, https://vimeo.com/features/video-privacy
Optional: YouTube by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Data Transfer in Third Countries:
Vimeo: Your personal data is transferred to above mentioned processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Youtube: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Audio Content (Apple Music, Spotify)

Description: We embed audio content on our website to provide you with an appealing presentation of our online offers. After you give consent via the consent layer or the cookie banner, the audio content is loaded and data is transferred to the servers of the audio hosting provider.
Types of data processed:
Usage data: e.g. web pages visited, access times.
Communication data: e.g. browser type, operating system or IP addresses.
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers and implementation of video content.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Recipients or Categories of Recipients:
Optional: Apple Music by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA, https://www.apple.com/privacy/
Optional: Spotify USA Inc, 4 World Trade Center, 150 Greenwich Street, 62nd Floor, New York, NY 10007, USA, https://www.spotify.com/us/legal/privacy-policy/
Data Transfer in Third Countries: Your personal data is transferred to above mentioned processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Google Ads

Description: We use Google Ads to display ads on Google and through the Google advertising network based on our campaigns.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system, IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Delivery of personalized content to users based on their interests and increase of website visits and traffic.
Legal basis: Consent (§ 25 para. 1 TTDSG, Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

External Services via Jimdo Smart Apps

Jimdo offers our users the option to integrate third party services on your website via a third party tool. We call this integration Jimdo Smart Apps. Only after consent is given by the website visitor a connection to the servers of the third party tool provider is established, the legal basis here is consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR). After the website visitor gives consent the integration app stores cookies on the device of the website visitor which store data to enable you to implement certain apps/third party services on your website.

Social Media (Instagram, Facebook, Pinterest, TikTok, Tumblr, Twitter, Dribble)

Description: We use third party elements of social media services on this website to present our social media profiles and posts to you.
Types of data processed:
Usage data: e.g. web pages visited, access times.
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers
Legal basis: Consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients:
Optional: Dribbble Holdings (US) Ltd., 524 Yates St, Victoria, Canada, https://dribbble.com/privacy
Optional: Facebook by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland,https://www.facebook.com/about/privacy/
Optional: Instagram by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, https://help.instagram.com/519522125107875
Optional: Pinterest Inc, 505 Brannan Street San Francisco, CA 94107, USA, https://policy.pinterest.com/en/privacy-policy
Optional: TikTok Inc., 5800 Bristol Pkwy, Los Angeles, CA 90034, United States, https://www.tiktok.com/legal/privacy-policy-eea
Optional: Tumblr, Inc., 35 E. 21st St., 9th Floor New York, NY 10010, USA, https://www.tumblr.com/privacy/en_eu
Optional: Twitter, Inc., 1355 Market St #900, San Francisco, CA 94103, USA, https://twitter.com/en/privacy
Data Transfer in Third Countries:
Optional: Twitter, Tumblr, TikTok, Pinterest: Your personal data is transferred to above mentioned processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Optional: Dribble: Your personal data is transferred to a country with an EU adequacy decision.
Optional: Facebook, Instagram: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Flickr Integration

Description: We use a plugin on this website to present our Flickr profile, posts and photostream to you.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers
Legal basis: Consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients: Flickr, Inc., 390 Fremont St (Harrison St), San Francisco, CA 94105, USA, https://www.flickr.com/help/privacy
Data Transfer in Third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Video Content (Dailymotion, Twitch, Vimeo, Youtube)

Description: We embed videos content on our website to provide you with an appealing presentation of our online offers. After you give consent via the consent layer or the cookie banner, the video content is loaded and data is transferred to the servers of the video hosting provider.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers
Legal basis: Consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients:
Optional: Dailymotion SA, 140 boulevard Malesherbes - 75017 Paris, France, https://www.dailymotion.com/legal/privacy
Optional: Twitch Interactive, Inc., 350 Bush Street, Second Floor, San Francisco, CA 94104, USA, https://www.twitch.tv/p/de-de/legal/privacy-notice/
Optional: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA, https://vimeo.com/features/video-privacy
Optional: YouTube by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://www.google.de/intl/de/policies/privacy
Data Transfer in Third Countries:
Optional: Twitch, Vimeo, Youtube: Your personal data is transferred to above mentioned processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Optional: Dailymotion: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Audio Content (Anchor, Bandcamp, Soundcloud)

Description: We embed audio content on our website to provide you with an appealing presentation of our online offers. After you give consent via the consent layer or the cookie banner, the audio content is loaded and data is transferred to the servers of the audio hosting provider.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers
Legal basis: Consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients:
Optional: Anchor by Spotify AB, of Regeringsgatan 19, 111 53 Stockholm, Sweden, https://anchor.fm/privacy
Optional: Bandcamp, Inc., 48 Gold St San Francisco, CA, 94133-5103, USA, https://bandcamp.com/privacy
Optional: SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, https://soundcloud.com/pages/privacy
Data Transfer in Third Countries:
Optional: Bandcamp: Your personal data is transferred to above mentioned processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Optional: Soundcloud & Anchor: Bandcamp: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Booking Tool (AirBnB, Calendly)

Description: We use plugins of booking service providers on this website to enable you to book appointments.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers
Legal basis: Consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients:
Optional: Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA, https://calendly.com/de/pages/privacy
Optional: AirBnB, Inc, 888 Brannan St, San Francisco, CA 94103, USA, https://www.airbnb.com/help/article/2855/privacy-policy
Data Transfer in Third Countries: We transfer your personal data to processors in the USA for this purpose. Information on the transfer of personal data to third countries can be found in section Transfer to third countries.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Surveys (Typeform)

Description: We use plugins of survey providers which enable us to embed online questionnaires on our website.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers
Legal basis: Consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients: Typeform S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain, https://admin.typeform.com/to/dwk6gt
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

Google Integrations (Google Calendar, Google Sheet, Google Docs, Google Drive, Google Forms)

Description: We use plugins of Google Ireland Limited on our website that enable us to embed documents, files or calendars on our website.
Types of data processed:
Usage data: e.g. web pages visited, access times
Communication data: e.g. browser type, operating system or IP addresses
Data subjects: Users (website visitors).
Purpose of processing: Appealing presentation of our online offers
Legal basis: Consent (Art. 6 Abs. 1 p. 1 lit. a. GDPR)
Recipients or Categories of Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
Data Transfer in Third Countries: Your personal data is processed within the EU.
Storage Period or criteria on the basis of which the Storage Period is determined: Further information can be found in the section Storage Period.

IV. Storage Periods

Under this point you should explain to your website visitors and users how long the data you collect and process on your website is stored.

A text for this part could look like this:

In general, we process and store your personal data for the duration for which the respective purpose of use requires corresponding storage. If applicable, this also includes the periods of the initiation of a contract (pre-contractual legal relationship) and the processing of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

Fulfillment of legal retention obligations (commercial or tax law)

Retention of evidence taking into account the statute of limitations

assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

V. Transfer to Third Countries

At this point you should inform your website visitors about whether data collected on the website is transferred to third countries outside the European Union (EU) in case the GDPR is applicable.

A text for this part could look like this:

We ensure that your data is processed in the EU or in the European Economic Area. Should this no longer be possible and data needs to be transferred to a third country, Jimdo will ensure, after prior review, that an adequate level of data protection that meets the requirements of the Court of Justice of the European Union and the EU Commission is adhered to in the country the data is transferred to.

In these cases, the data is transferred on the basis of an Adequacy Decision of the European Commission or the Standard Contractual Clauses for the transmission of personal data to third countries in its currently valid version. These can be accessed here.

Data transmission to a third country may also take place on the basis of your consent. You will be provided with details of this separately, if applicable.

VI. The rights of your visitors and users (Data Subject Rights)

According to the GDPR, your website visitors and users have certain data protection related rights that should also be mentioned in your Privacy Policy.

A text for this part could look like this:

• Access to Information
  You can request access to information about your personal data processed by us.
• Correction
  If your data is not (or no longer) correct, you can request that your data be corrected. If your data is incomplete, you can request that it be completed.
• Deletion
  You have the right to request the deletion of your data in accordance with applicable data protection laws. Please note that a request for deletion may depend on the existence of a legitimate reason and the absence of a legal reason that oblige us to retain your data.
• Restriction of processing
  You have the right to request the restriction of the processing of your data. Please note that a request for restriction of processing depends on the existence of a legitimate reason.
• Objection
  You have the right to object to the processing of your data on grounds relating to your particular situation. In the event of a justified objection, we will no longer process your data.
• Objection to the processing of your data for direct marketing purposes
  You have the right to object at any time to the processing of your data for direct marketing purposes. This also applies to profiling in connection with direct advertising. You can send your objection form-free to us, preferably to the contact details above, stating the keyword "Objection to the processing of my personal data for advertising purposes".
• Right to lodge a complaint
  You are entitled to lodge a complaint with a data protection supervisory authority if you do not agree with the processing of your data.
• Data portability
  You have the right to receive personal data that you have provided to us in an electronic format.
• Withdrawal of your consent
  You have the right to withdraw your consent that you have given to us at any time. The easiest way to withdraw your consent is to send an email to the contact details above. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal