CASA NATA

Privacy policy

Thank you for visiting our website. The protection and security of your personal information when using our website is very important to us, so we would like to tell you about which of your personal data we collect when you visit our website and what purposes it is used for.
This data privacy policy applies to the website of the Casa Nata OHG, which can be accessed under the domain casa-nata.com, and its various subdomains (“our website”).

Who is responsible and how can I contact casa nata?

The data controller
responsible for processing personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

Casa Nata OHG
Elvirastrasse 10
80636 München
Germany

Tel.: 089 – 12023618

Web: https://www.casa-nata.com
Email: contact@casa-nata.com

 

What is this data privacy policy about?

This data privacy policy meets the legal requirements for transparency around the processing of personal data.
Personal data is any information relating to an identified or identifiable individual. This can include information such as your name, age, address, telephone number, date of birth, e-mail address, IP address and user behaviour when visiting a website. Information which we cannot relate back to you personally (without disproportionate effort), e.g. anonymised information is not personal data.
The processing (e.g. collection, retrieval, use, storage or transmission) of personal data always requires a legal basis and a defined purpose. Any personal data we store will be deleted as soon as the purpose of the processing has been achieved and there are no further legitimate reasons for continuing to store it. Please find information on the specific storage periods or criteria for storage provided in the information on the individual processing operations below. Irrespective of this, in individual cases we store your personal data to assert, exercise or defend legal claims and where required to do so by statutory retention obligations.

Who gets my data?

The personal data which we process on our website is only passed on to third parties if necessary for the fulfilment of the purposes and is covered in each individual case by the legal basis (e.g. consent or protection of legitimate interests). In addition, in individual cases we pass on personal data to third parties if this serves the establishment, exercise or defence of legal claims. Examples of possible recipients may be law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website, who process personal data on our behalf as part of contract data processing in accordance with Article 28 GDPR, these may be recipients of your personal data. Further information on the use of contract data processors and web services can be found in the overview of the individual processing operations.

Do you use cookies?

Cookies are small text files sent by us to the browser of your device during your visit to our website and stored there. As an alternative to the use of cookies, information may also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies enable us to carry out various analyses, for example so that we can recognise the browser you are using when you return to our website and to transmit various pieces of information to us (non-essential cookies). With the help of cookies, we can make our website more user-friendly and effective for you, among other things, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot run programs and nor can they contain viruses.
This data privacy policy provides information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.

What are my rights?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), as a data subject, you have the right to:
• Right of access / information, pursuant to Art. 15 GDPR, about the data stored about you. This must be supplied in meaningful form, explaining the details of the processing, and be accompanied by a copy of your data;
• Rectification, pursuant to Art. 16 GDPR, of incorrect or incomplete data stored by us;
• Erasure, pursuant to Art. 17 GDPR, of the data stored by us, insofar as the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• Restriction of processing, pursuant to Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing of the data is unlawful, we no longer need the data, and you reject its deletion because you need it to assert, exercise or defend legal claims, or you have objected to the processing of your data pursuant to Art. 21 GDPR.
• Data portability, pursuant to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 para. 1(a) GDPR, or on the basis of a contract pursuant to Art. 6 para. 1(b) GDPR, and the data has been processed by us using automated procedures. You will receive your data in a structured, common, machine-readable format, or we will transmit the data directly to another data controller, as far as this is technically feasible.
• Objection, pursuant to Art. 21 GDPR, to the processing of your personal data, insofar as this is based on Art. 6 para. 1(e)(f) GDPR and there are reasons for this arising from your particular situation, or the objection is against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing are proven or the processing is carried out to assert, exercise or defend legal claims. Insofar as the right to object to individual processing operations does not exist, this is stated there.
• Withdrawal pursuant to Art. 7 para. 3 GDPR of your consent with effect for the future.
• Complaint, pursuant to Art. 77 GDPR, to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How, exactly, is my data processed?

Below we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.

Provision of the website

Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in what is known as a log file:
• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which our website is accessed (referrer URL)
• Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is hosted not by ourselves but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of the GDPR.

Purpose and legal basis

The data is processed to safeguard our overriding legitimate interest in displaying our website and ensuring its security and stability on the basis of Art. 6 para. 1 (f) GDPR. The collection and storage of the data in log files is essential for the operation of the website. There is no right to object to processing due to the exception under Art. 21 para. 1 GDPR. Insofar as the further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 (c) GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to access our website without providing the data.

Retention period

The aforementioned data will be stored for the duration of the display of the website.

Contact form
Type and scope of processing
On our website we invite you to contact us via the form provided. The information collected via the mandatory fields in this form is required to process your request. You can also provide additional information voluntarily that you believe is necessary for processing your contact request.
When using the contact form, your personal data will not be passed on to third parties.

Purpose and legal basis

When you use our contact form, your data is processed for the purpose of communicating and processing your request on the basis of your consent in accordance with Art. 6 para. 1(a) GDPR. If your request relates to an existing contractual relationship with us, the processing of your data for the purpose of fulfilling the contract is based on Art. 6 para. 1(b) GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.
Retention period
If you use the contact form, on the basis of your consent, we store the collected data of each request for a period of three years, starting at the completion of your request, or until you revoke your consent.
If you use the contact form in the context of a contractual relationship, we store the collected data of each request for a period of three years from the end of the contractual relationship.

Newsletter

Type and scope of processing
If you register on our website to receive our newsletter, we collect your e-mail address and store this information together with the date of your registration and your IP address. You will then receive an e-mail in which you must confirm your registration for the newsletter (double opt-in). If you do not confirm the registration within 28 days, it will automatically expire and the data will not be processed for sending the newsletter.
To send the newsletter, we use a service of the provider MailChimp, which processes your personal data on our behalf in accordance with Art. 28 GDPR.  See below for more information.

Purpose and legal basis

We process your data for the purpose of sending newsletters on the basis of your consent in accordance with Art. 6 para. 1(a) GDPR. You can withdraw your consent at any time by unsubscribing from the newsletter with effect for the future in accordance with Article 7 para. 3 GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without the provision of your data.

Retention period

Once you have registered for the newsletter, we save your data until you confirm your registration, but longer than that. Once your registration has been successfully confirmed, we store your data until you revoke your consent (unsubscribe from the newsletter).

Facebook page

When you visit our Facebook page, Facebook (Meta) collects data such as your IP address and other information that is available on your device in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides further information on this here: https://facebook.com/help/pages/insights.
We cannot infer anything about individual users based on the statistical information that is transmitted. We only use the information to be able to respond to the interests of our users, and to continuously improve our online presence and ensure its quality.
We collect your data via our fan page only to enable communication and interaction with us. The data we collect usually includes your name, message content, comment content, and the profile information you provide “publicly”.
The processing of your personal data for the aforementioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Article 6 para. 1(f) GDPR. If you, as a user, have given your consent to data processing to the respective provider of the social media platform, the legal basis of the processing extends to Art. 6 para. 1(a), Art. 7 GDPR.
Because the actual data processing is carried out by the provider of the social media platform, our access options to your data are limited. Only the provider of the social media platform is authorised to have complete access to your data. For this reason, only the provider can directly take and implement appropriate measures to fulfil your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert your rights is therefore directly via the respective provider.
Together with Facebook, we are responsible for the personal content of the fan page. Rights of data subjects can be asserted with Meta Platforms Ireland Ltd. as well as with us.
According to the GDPR, the primary responsibility for the processing of Insights data lies with Facebook, and Facebook must fulfil all obligations under the GDPR with regard to the processing of Insights data. Meta Platforms Ireland Ltd. makes the essentials of the Page Insights Addendum available to the data subjects.
We do not make any decisions regarding the processing of Insights data or the storage duration of cookies on user devices.
Further information can be found directly on Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
Further information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use, can be found in Facebook’s privacy policy/cookie policy: 
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

https://www.facebook.com/policies/cookies

Instagram page

When you visit our Instagram page, Instagram (Meta) collects data such as your IP address and other information that is available on your device in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides further information on this under the link below (Note: Clicking on the following link will take you to the website of the social media platform Facebook, also part of the Meta Group, but the information provided via the link also applies to the social media platform Instagram): https://facebook.com/help/pages/insights.
We cannot infer anything about individual users based on the statistical information that is transmitted. We only use the information to be able to respond to the interests of our users, and to continuously improve our online presence and ensure its quality.
We process data collected via the Fanpage exclusively for communication and interaction purposesThe data we collect usually includes your name, message content, comment content, and the profile information you provide “publicly”.
The processing of your personal data for the aforementioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Article 6 para. 1 (f) GDPR. If you, as a user, have given your consent to data processing to the respective provider of the social media platform, the legal basis of the processing extends to Art. 6 para. 1 a), Art. 7 GDPR.
Because the actual data processing is carried out by the provider of the social media platform, our access options to your data are limited. Only the provider of the social media platform is authorised to have complete access to your data. For this reason, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert your rights is therefore directly via the respective provider.
Together with Instagram, we are responsible for the personal content of the fan page. Rights of data subjects can be asserted with Meta Platforms Ireland Ltd. as well as with us.
According to the GDPR, the primary responsibility for the processing of Insights data lies with Instagram, and Instagram must fulfil all obligations under the GDPR with regard to the processing of Insights data. Meta Platforms Ireland Ltd. makes the essentials of the Page Insights Addendum available to the data subjects.
We do not make any decisions regarding the processing of Insights data or the storage duration of cookies on user devices.
Further information can be found directly on Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
Further information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use, can be found in Instagram’s privacy policy/cookie policy. (Note: Clicking the link below will take you to the website of the social media platform Facebook):
 https://help.instagram.com/519522125107875/?helpref=uf_share
This information can also be viewed in the Help section of Instagram’s website, via the following link:
https://help.instagram.com/581066165581870

Google reCAPTCHA

Type and scope of processing
We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to identify whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the length of the user’s stay on the website and mouse movements in order to distinguish automated queries from human ones. This data is processed exclusively for the aforementioned purposes and to maintain the security and functionality of Google reCAPTCHA.
Purpose and legal basis
The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG
Retention period
The specific retention period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=de&gl=de.

MailChimp

Type and scope of processing
We have integrated components of the MailChimp service on our website. MailChimp is a service of The Rocket Science Group, LLC and provides marketing automation for businesses.
MailChimp uses cookies to store and transmit data entered into forms, send marketing e-mails and automated messages, and create targeted campaigns.
In addition, MailChimp offers us the possibility to analyse whether the e-mails we send have been opened, how many users have received an e-mail and whether users have unsubscribed from the newsletter after receiving an e-mail.
In this case, your data will be passed on to the operator of MailChimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308, United States.
Purpose and legal basis
The use of MailChimp is based on your consent in accordance with Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG (Telecommunications and Telemedia Data Protection Act).
Retention period
The specific retention period of the processed data cannot be influenced by us but is determined by The Rocket Science Group, LLC. Further information can be found in the privacy policy for MailChimp: https://mailchimp.com/legal/privacy/.

Vimeo Videos

Type and scope of processing
We have integrated Vimeo Video on our website. Vimeo Video is a component of the video platform of Vimeo, LLC where users can upload and share content over the Internet and receive detailed statistics.
Vimeo Video allows us to integrate content from the Vimeo Video platform into our website.
Vimeo Video uses cookies and other browser technologies to evaluate user behaviour, recognise users and generate user profiles. This information is used, among other things, to analyse the activity of the listened-to content and to create reports.
When you access this content, you connect to servers of Vimeo, LLC, 555 W 18th St, New York, New York 10011, United States, transmitting your IP address and, if applicable, browser data such as your user agent.
Purpose and legal basis
The use of the service is based on your consent in accordance with Art. 6 para. 1(a) GDPR.
Data transfer to the USA
Insofar as personal data is transmitted to Google servers in the USA when using Vimeo, this is done on the basis of your consent in accordance with Art. 49 para. 1(a) GDPR. We would like to point out that data processing in the USA without the existence of an adequacy decision and without suitable guarantees may be associated with special risks, in particular due to possible access rights by secret services and security authorities.
Retention period
The specific retention period of the processed data cannot be influenced by us but is determined by Vimeo, LLC. Further information can be found in the privacy policy for Vimeo Video: https://vimeo.com/privacy.

Borlabs Cookie

This website uses a Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie preferences.
Borlabs Cookie does not collect any personal data.
The borlabs-cookie cookie stores the consent you have given when you entered the website. If you wish to revoke these consents, simply delete the cookie from your browser. If you re-enter/reload the website, you will be asked again for your cookie consent.

The cookie preferences can be viewed and changed here:
Cookie Preferences