Privacy Policy — Website

of the Fontwerk GmbH, Prenzlauer Allee 186, 10405 Berlin, Germany (“Fontwerk”)

The protection of personal data is very important for Fontwerk. How personal data is collected when visiting the website and for what purpose it is processed is explained in the following privacy policy. Fontwerk complies with all applicable legal regulations for the protection of personal data and data security.

The legal basis for data processing is for consents Art. 6 para. 1 a) and Art. 7 GDPR, for the performance of services and implementation of contractual obligations Art. 6 para. 1 b) GDPR, for the fulfillment of legal obligations Art. 6 para. 1 c) GDPR and for the protection of legitimate interests Art. 6 para. 1 f) GDPR.

I. Name and Contact Details of the Person in Charge (“Controller”)

The person responsible for the processing of personal data within the meaning of Article 4 GDPR is:

Fontwerk GmbH
Ivo Gabrowitsch
Prenzlauer Allee 186
10405 Berlin

II. Nature of the Data Processed and Legal Basis

1. Server Log Files

Every time the server on which the website is accessed, data, so-called server log files, are automatically collected. These server log files contain the IP address, the date, time and duration of the visit, title and URL of the access, screen resolution being used, time in local user"s timezone, files that were clicked and downloaded, links to an outside domain that were clicked, page speed, location of the user (country, region, city, approximate latitude and longitude), main language of the browser being used, the browser type, operating system, and device used as well as a coded message as to whether the page view was successful or failed. Additional personal data, such as names or specific location data, are not recorded.

The legal basis for data processing is Art. 6 para. 1 b) and f) GDPR.

2. Contacting Us

If you contact us using the postal or email address provided on our website or via the company profiles in social media that we provide, we will process the personal data you provide - postal or email address, social media contact and your name and any additional contact information, if provided – for the purpose of responding to your request.

The legal basis for data processing is Art. 6 para. 1 a), b) and f) GDPR.

III. Purpose of the Processing

Personal data is only collected, stored and processed to the extent necessary for the provision of the online offer, communication with the users, the provision of services, the execution of the contractual/business relationship as well as for the optimization of business processes and the design of our services in line with requirements.

We process your personal data only in strict compliance with data protection regulations. In particular, corresponding data will only be processed if a legal permission has been granted.

In detail:

1. Server Log Files

We process the above-mentioned data in order to establish a smooth connection to our website. The processing is necessary to ensure the security and stability of the system and a comfortable use of our website. In addition, we use the log data for statistical evaluations, for the purpose of optimising processes and the security of the services.

We reserve the right to check the log data retrospectively if, based on concrete evidence, there is a suspicion of illegal use of the service provided.

2. Contacting Us

If you contact us via the postal or email address we provide or via our company profiles in social media, the processing of the contact data you use is essential in order to be able to answer your request. If data is processed in addition, such as name, address or similar, processing serves to individualize the respective user and thus to be able to respond to his/her request in the best possible way.

IV. Duration of Storage

Your data will be stored as long as it is necessary to fulfil the above mentioned purposes. As soon as this is no longer the case, e.g. after complete termination of the contractual/business relationship, they shall be deleted or blocked if and as long as commercial or tax law retention obligations require this (Art. 6 para. 1 p. 1 c) GDPR). From the point in time at which statutory storage obligations no longer conflict with this, the data shall be deleted, unless you have expressly consented to further use (Art. 6 Para. 1 p. 1 a) GDPR).

Server log files are finally deleted after 14 days.

V. Transfer of Data to Third Parties; Transfer to Third Countries

In principle, the data you provide will not be made available to third parties. In individual cases, however, it may be necessary to pass on your personal data to companies that are entrusted by us with the provision of individual services (e.g. web host, programmers, server solutions, cookie service providers, payment service providers) in order to execute the contract.

If, in the course of our processing, we disclose data to third parties, transfer it to them or otherwise grant them access to the data, this is only done on the basis of a legal permit, your consent, a legal obligation or our legitimate interests. If we commission third parties to process data on the basis of a so-called “Data Processing Agreement”, this is done on the basis of Art. 28 GDPR.

For their part, the third parties are obliged to comply with the statutory provisions when handling and processing this data.

It is possible that the registered office of a third party is located in a third country, i.e. in a country in which the GDPR has no direct legal effect. In this case, data will only be transferred if your consent has been given, an adequate level of data protection prevails, for example due to individual agreements, the use of EU standard contractual clauses, the existence of an EU adequacy decision, or other legal permission exists.

Transmission to authorities and state institutions entitled to receive information is also possible, but will only take place within the scope of the statutory duties to provide information and in the event of a court ruling that makes this mandatory. In such cases, Fontwerk may provide the information, e.g., to assert, exercise and defend legal claims, enforce existing contracts, in connection with allegations of fraud, security measures or generally applicable legal regulations. Personal data will not be passed on outside the scope described here without express consent.

Under no circumstances will Fontwerk sell or rent personal data to third parties.

VI. Third Party Services in the Operation of This Website

We would like to point out the following third-party provider whose services we use in the operation of our website:

MSISP, Malterstraße 28, 01159 Dresden, Germany (“MSISP”):

MSISP is a cloud infrastructure provider that hosts our website as well as our domain service provider. We use the MSISP server for our emails and for creating automatic backups of the website.

You can find more information about MSISP's privacy policy here.

We have concluded a Data Processing Agreement with MSISP and fully implement the strict requirements of the German data protection authorities when using MSISP.

We expressly point out that we ourselves have no influence on the scope of the data that these companies collect. Therefore, with regard to data protection, we must rely on the data use guidelines of the respective companies.

If necessary, please inform yourself further about the purpose and scope of data collection as well as your rights and settings options to protect your privacy. The links to the data protection declarations have been provided above.

VII. Online Presences; Company Profile in Social Media

Our company has online presences on various social media and platforms, namely Twitter, Instagram, LinkedIn, Behance, Mastodon and YouTube. This makes it easier for interested parties to find our services, current developments and offers an additional channel of communication. The purpose of the processing of user data by the respective social media and platforms is usually user-specific advertising, i.e. individualized advertising can be placed which corresponds to the presumed interests of the user or results from the user"s previous usage behavior. For this purpose, cookies are stored on the users#"end devices. These cookies can store the user behaviour and thus map the areas of interest.

It is possible that the headquarters of a social medium or platform is located in a third country, i.e. in a country in which GDPR has no direct legal effect. In this case, data will only be transferred if your consent has been obtained, if an appropriate level of data protection prevails or if another legal permission has been granted.

We would like to make it clear that users should contact the respective third party providers directly in the event of requests for information and/or the assertion of other data subject rights. These third parties have access and rights of access to the user data stored and processed there and can provide information and/or take measures accordingly. Should you contact us directly, we will try to support your request in the best possible way. However, since we have no access to the data stored by third parties, our options for action are limited.

Please inform yourself about the data processing principles of the respective companies by referring to the corresponding data protection declarations.

Further information on the handling of user data can be found here: Twitter, Instagram, LinkedIn, Behance, Mastodon and YouTube.

VIII. Rights of Data Subjects

As a person affected by the processing of personal data, you are entitled to the rights listed below. These rights result from the provisions of the basic data protection regulation and are reproduced here, in some cases in simplified form.

1. Right to Withdraw Consent

In accordance with Art. 7 Para. 3 GDPR, you have the right to withdraw your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until withdrawal shall not be affected. The right of withdrawal can be exercised by means of an informal declaration. A written declaration or, alternatively, an email to the above-mentioned contact address shall be sufficient.

2. Right of Access

In accordance with Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to access to this personal data and the information mentioned in Art. 15 para. 1 GDPR. This includes, in particular, the purpose of the processing, the categories of data processed, the recipients to whom data have been or will be disclosed, as far as possible the planned duration of storage or the criteria for the duration of storage.

3. Right to Rectification

In accordance with Art. 16 GDPR, you have the right to obtain from us the rectification of any inaccurate personal data concerning you without undue delay. In consideration of the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

4. Right to Erasure

In accordance with Art. 17 GDPR, you have the right right to obtain from us the erasure of personal data concerning you without undue delay. We shall be obliged to delete personal data immediately if one of the provisions of Art. 17 para. 1 GDPR applies. Such reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.

5. Right to Restrict Processing

In accordance with Art. 18 GDPR, you have the right to obtain from us the restriction of processing if one of the conditions specified in Art. 18 GDPR applies. This includes, for example, that you dispute the accuracy of the personal data. In this case, we may only process the data to a limited extent for as long as it takes to verify the accuracy of the personal data.

6. Right to Data Portability

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format. You have the right to transfer this data to another data controller, i.e. another body which processes data, without hindrance, provided that the original processing was based on consent or was necessary for the performance of a contract.

7. Right to Object

In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you, if such data is processed on the basis of Art. 6 Par. 1 e) or f) GDPR and there are reasons arising from your personal situation. An objection may be lodged at any time against the processing of data for the purpose of direct marketing. Personal data will then no longer be processed for this purpose. The right of objection can be exercised by means of an informal declaration. A written declaration or, alternatively, an email to the above-mentioned contact address is sufficient.

8. Automated Individual Decision-Making, Including Profiling

In accordance with Art. 22 GDPR, you have the right not to be subjected to a decision based solely on automated processing - including profiling – which has legal effect on you or significantly affects you in a similar manner. Art. 22 Para. 1 GDPR provides for exceptions to this, whereby Art. 22 Para. 4 GDPR again provides for partial exceptions.

9. Right to lodge a complaint with a Supervisory Authority

In accordance with Art. 77 GDPR and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement is committed, if you consider that the processing of personal data relating to you is in breach of this Regulation.

In this case, the competent supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin
Phone: +49 30 13 889-0
Fax: +49 30 215-5050

IX. Technical and Organizational Measures

We take technical and organizational measures to ensure that the security and protection requirements of GDPR are fulfilled and that personal data is protected against loss, destruction, manipulation or access by unauthorized persons. The measures are always adapted to the current state of the art.

X. Changes to the Privacy Policy

We reserve the right to change this privacy policy at any time. We kindly request that you regularly familiarize yourself with the content of the Privacy Policy.

Last updated: January 2023

Further questions?

You may find the answer in our FAQ, but if you still have questions, do feel free to get in touch.

Contact us