Zum Inhalt springen

Privacy Policy

Privacy at a glance

Protecting your personal data matters to us. This website is deliberately data-minimal: it uses no cookies, no tracking and no analytics or advertising services. A cookie banner is therefore not required. We only process personal data if you contact us, e.g. via the contact form.

1. Controller

The controller responsible for data processing on this website is:

Lea Zobel – Tandl Jewellery
Höckelböschstraße 39
55743 Idar-Oberstein
Germany
Email: findtreasures@tandljewellery.de

2. Hosting

This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The servers are located in a data centre in Nuremberg; backups are stored in a data centre in Falkenstein. Both locations are in Germany (EU). Hetzner processes the data arising when the website is accessed on our behalf under a data processing agreement (Art. 28 GDPR). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing our website securely and efficiently).

3. Server log files

When the website is accessed, the web server / hosting provider may automatically record information transmitted by your browser in server log files, typically: IP address, date and time, page/file requested and status, volume of data transferred, referrer URL, browser and operating system. This data is used solely for the technical operation, security and stability of the website and is not combined with other sources. Legal basis: Art. 6(1)(f) GDPR. Log data is deleted as soon as it is no longer required.

4. SSL/TLS encryption

For security, this website uses SSL/TLS encryption (indicated by “https://” and the padlock icon), so data you send to us cannot be read by third parties.

5. No cookies, no tracking

We use no consent-requiring cookies and no tracking, analytics or marketing technologies (e.g. Google Analytics, Meta Pixel). No profiling takes place.

6. Fonts (self-hosted)

Fonts are served locally from our own server. No external font services (e.g. Google Fonts) are used; loading fonts therefore establishes no connection to third-party servers and transmits no IP address to third parties.

7. External links (Instagram, Etsy)

Our website contains links to our Instagram and Etsy profiles. Content from these services is not embedded; data is only transmitted to these providers once you actively click the link and visit the external site, where the respective provider's privacy policy applies.

8. Contact form and enquiries

If you send us a message via the contact form, we process the data you provide (name, email address, subject and message) and the time of submission in order to handle and answer your enquiry. The form content is stored in our content management system (Directus) on the server named above and is additionally delivered to us by email. The same applies if you contact us directly by email. Legal basis: Art. 6(1)(b) GDPR where your enquiry relates to a contract, otherwise our legitimate interest under Art. 6(1)(f) GDPR.

9. Email delivery

To send and receive email (including contact-form notifications) we use the following processors:

  • Lettermint – sending email via an SMTP relay service. [provider, address and registered office to be added]
  • Migadu – hosting of our email mailboxes. [provider, address and registered office to be added]

The data contained in the respective email (e.g. sender, recipient, content) is processed. Legal basis: Art. 6(1)(b) or (f) GDPR. Data processing agreements under Art. 28 GDPR are in place where required.

10. Processors at a glance

  • Hetzner Online GmbH – hosting (data centres Nuremberg and Falkenstein, Germany)
  • Lettermint – email sending / SMTP relay
  • Migadu – email hosting

11. Retention period

We store personal data only as long as necessary for the stated purposes or as required by statutory retention periods. Contact-form enquiries are kept until your request has been dealt with and no further questions are expected, then deleted unless statutory obligations require otherwise.

12. Your rights

Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and to object (Art. 21). An informal message to the controller above is sufficient to exercise your rights.

13. Right to object

Where processing is based on Art. 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation.

14. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34, 55116 Mainz, Germany
https://www.datenschutz.rlp.de

15. Updates

This privacy policy will be amended if our data processing or the legal framework changes. The current version published here applies.