Privacy policy - HS Homemade Studio

Effective Date: May 2019

We, HS Homemade Studio UG (haftungsbeschränkt) (hereinafter referred to as "Homemade Studio"), respect the privacy of all people visiting this website. We would therefore like to inform you how we use your personal data (i.e. all data that can be related to you personally, e.g. name, address, e-mail address, user behaviour). We encourage you to read this Privacy Policy so that you understand how we use your personal information. This Privacy Policy governs the use of your personal information by us through or in connection with https://homemadestudio.com website and all its sub-sites. Other websites and portals operated by us may have privacy policies that differ from this Privacy Policy.

We comply with all applicable data security and privacy laws, including the applicable EU data protection laws. We treat your personal information confidentially and in accordance with the legal requirements. In the following we would like to inform you about our handling of your data when using our website.

1. Contact information

(a) Name and contact details of the person responsible The person responsible for data collection, processing and use (“data processing”) within the meaning of the Data Protection Basic Regulation (DSGVO):

HS Homemade Studio UG (limited liability) Feurigstr. 19, 10827 Berlin, Germany represented by the managing directors: Guia Mondello, Paris Davis, ibid. hello@homemadestudio.com Tel: 00491771761687, 00491743244632

(b) Data processing on contact When you contact us via e-mail the data you provide us with (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions. We delete the data arising in this connection after the storage is no longer necessary, or restrict the processing if there are legal storage obligations.

The transmission of information within the framework of this website is secured by RSA Encryption (provided by Let’s Encrypt Authority X3, Free SSL Provider – https://letsencrypt.org/). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

(c) Booking form If you use the booking form on our website to send a request to us, we need the following information: First name, surname, e-mail address, mobile number, booking date, number of people, confirmation of insurance and company information including address, VAT number and Credit Cards details. By sending us your inquiry you give us your consent to the use of your transmitted data to answer your inquiry. We will then send you a confirmation email to the email address you provided. We use the so-called double opt-in procedure to answer your enquiry. This means that we will only send you an e-mail newsletter after you have expressly confirmed that you have submitted the request by clicking on a corresponding link. We delete the data arising from this connection after the storage is no longer necessary, or restrict the processing if there are legal storage obligations. By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a DS-GVO. As part of your request, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later point in time. The data collected by us will only be used to answer your query.

(d) Other If we wish to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you below in detail about the respective processes. We also specify the fixed criteria for the storage period.



2. General information on data processing

We are responsible for the data processing that takes place within the framework of use of this website. Our employees are committed to maintaining the confidentiality of personal data and have also been made aware of the special importance of data protection.

You can access, print or download this data protection declaration permanently and at any time at the address https://homemadestudio.com/privacy-policy

Scope of the processing of personal data The provision of the website requires the processing of various information, including the personal date of your IP address. In addition, the extent of data processing depends on your use of the functionalities of the website and to what extent you give us consent. Legal basis for the processing of personal data The processing of your personal data relies on various legal bases. These are shown in the following abstract.

Processing reason Legal basis in the DSGVO

Explanation

Performance of contract or implementation of pre-contractual measures

Art. 6 Para. 1 b)/ § 26 BDSG-new Processing shall only take place to the extent necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data processing by us is only carried out to this extent. Legitimate interest Art. 6 para. 1 f) Processing takes place, as far as a justified interest on our part is present and no opposing predominant interests on your part are evident. The concrete interest is explained in this data protection declaration in the context of the processing representation. Consent Art. 6 para. 1 a) Processing takes place, as far as you have agreed to this expressly and on the basis of transparent information about the type and the extent of the data processing. You can revoke your consent at any time. However, this does not affect the processing that has taken place up to this point. Legal obligation Art. 6 para. 1 c) Processing takes place, as far as it is necessary for the fulfilment of German or European legal obligations. Data erasure and storage duration We will delete your personal data as soon as the legal basis for its processing no longer applies and there are no legal storage obligations. A storage obligation can be provided for if this is regulated by the European or national legislator in ordinances, laws or other regulations to which we are subject.

Possibility of opposition and removal Wherever data processing takes place on the basis of your consent or a legitimate interest on our part, you have the right to object to such processing at any time. You can contact hello@homemadestudio.com to exercise your right of withdrawal. If you object to a processing based on our legitimate interest, we may nevertheless continue the processing if we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedom.

3. Your rights

If personal data is processed by us, you are affected in the sense of Art. 4 para. 1 DS-GVO. Therefore, you have the following rights in regards to personal data concerning you:

Right to information pursuant to Art. 15 DS-GVO,Right to rectification or deletion pursuant to Art. 16 and Art. 17 DS-GVO,Right to limitation of processing pursuant to Art. 18 DS-GVO,Right to object to the processing Art. 21 DS-GVO,Right to data transferability pursuant to Art. 20 DS-GVO,Right to revoke the declaration of consent under data protection law pursuant to Art. 7 para. 3 DS-GVO.

As a visitor of our website, you are not subject to automated decision-making within the meaning of Art. 22 DS-GVO. If you do not agree with the way in which we process your data, please contact us directly. Pursuant to Art. 77 DS-GVO, you also have the right to lodge a complaint with the supervisory authority responsible for you.



4. Collection of personal data when visiting our website

Establishing and maintaining a connection with our website If you access, view and use the features of our website (merely informational use of the website without registration or other transmission of information to us), the data processing processes described below are necessary to provide a correct presentation of the website and to guarantee the lasting functionality of the information technology systems and the technology of the website as well as the security of the IT. For this purpose, personal data transmitted by your browser to our server is processed by us as described in more detail below. Unless otherwise stated below, the data processing processes are carried out on the legal basis of our legitimate interest (pursuant to Art. 6 para. 1 sentence 1 lit f) DS-GVO) in the provision of our website and its continuous improvement.

Log files In order to establish and maintain the connection when simply viewing the website, server log files transmitted by your browser to us are automatically collected and stored. Specifically, the following data is required for presentation and IT security:

Your IP address / IP address used (if applicable: in anonymous form)Date and time of the request/accessTime zone difference to Greenwich Mean Time (GMT)Contents of the request (concrete page)Access status/HTTP status codethe transferred files and the respective amount of data transferred (size of



the files transferred during the connection) Amount of data sent in bytes Website from which the request originatesthe browser type, the browser versionOperating system and its interfaceLanguage and version of the browser softwarethe referrer URL (the previously visited page) – (source/reference)the page visited afterwards.

The listed personal data is also stored in the log files of the server. This stored data will not be merged with other data from you. The storage of the IP address serves the justified interest of the prevention of abusive use.

bb) Technically related cookies In addition to the aforementioned data, cookies are stored on your computer to establish and maintain the connection to and use of our website. Cookies are small text files containing information that is stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall. If you allow the use of cookies in your browser, this does not pose any danger to your computer. These cookies do not contain any personal data and are automatically deleted when you close your browser. You can prevent the storage of cookies in the settings of your browser. You may then no longer be able to use the website or individual functions.

This website uses the following types of cookies, the scope and functionality of which are explained below:

(1) Transient Cookies: Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

(2) Persistent cookies: Persistent cookies are automatically deleted after twelve months. You can delete the cookies in the security settings of your browser at any time.

You can configure your browser settings according to your wishes and for example refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website. We use cookies to identify you for subsequent visits. The Flash cookies used are not captured by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects store the required data regardless of the browser you are using and do not have an automatic expiration date. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, such as “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.



Web Fonts
This site uses web fonts, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), for the uniform display of fonts. When you access a page, your browser loads the required web fonts onto its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f) DS Block Exemption Regulation. If your browser does not support web fonts, a standard font will be used by your computer. More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

Duration of storage Stored log files will be deleted after 30 days at the latest, unless there is a legal obligation to retain them. Technical session cookies are deleted as soon as you close your browser. Other cookies may also remain stored for a few weeks.



5. Recipients of data and data transfers to third countries

a) Recipients of data The personal data which we collect from you within the framework of the website will only be transmitted to contract processors involved in data processing on the basis of a valid agreement to the contract agreement.

b) Transfer of data to third countries The personal data that we collect from you within the framework of the website is generally not transferred to third countries outside the European Economic Area. Only the use of Google Analytics/Web Fonts results in an (unabridged) transmission of your IP address to the USA, where it is first abridged (see section IV.2.). The recipient of the data Google LLC is certified under the EU-US Privacy Shield, so an adequate level of data protection is ensured.



6. Further functions and offers of our website

a) General information In addition to the purely informative use of our website (within the meaning of No. 4), we offer various services that you can use if you are interested. For this purpose, you will generally have to provide further personal data, which we will use to provide the respective service and to which the aforementioned data processing principles apply. To some extent, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly. We may also share your personal information with third parties when we work with partners to offer promotions, sweepstakes, contracts or similar services. You will receive further information on this when you enter your personal data or in the description of the offer below. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

Usage of Payment-Provider Stripe Connect As part of the booking procedure we use the service provider Stripe Connect (https://stripe.com/connect). The service provider makes it possible for payments to be made directly from the users to the users and, at the same time, for the commission to us in accordance with our GTC to be deducted and paid out. Additional information from the payment service provider can be taken from their business conditions and data privacy statements (https://stripe.com/en-de/connect-account/legal

and https://stripe.com/en-DE/privacy).

Objection or revocation against the processing of your data If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us. Insofar as we base the processing of your personal data on a weighing of interests, you may object to the processing. This is the case, if the processing is not necessary in particular for the fulfilment of a contract with you, which is represented by us in each case with the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing. You can of course object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising objection under the following contact data: hello@homemadestudio.com.



7. Use of the blog function

In our blog, in which we publish various articles on topics related to our activities, you can make public comments. Your comments will be published with your username. We recommend using a pseudonym instead of your real name. The user name and e-mail address are required, all further information is voluntary. If you make a comment, we will continue to store your IP address, which we will delete after [one week]. The storage is necessary for us to be able to defend ourselves against liability claims in cases of a possible publication of illegal content. We need your e-mail address in order to contact you if a third party should object to your comment as unlawful. The legal bases are Art. 6 para. 1 sentence 1 lit. b) and lit. f) DS-GVO. Comments are not reviewed before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties.



8. Use of our newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The goods and services advertised are specified in the declaration of consent. We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the given e-mail address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data. Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a DS-GVO. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to [hello@homemadestudio.com] or by sending a message to the contact details provided in the imprint.



9. Use of Web Analytics

We would also like to collect data or use collected data to analyse your use of the website and to improve the quality of the website itself and the range of services on offer on the basis of the information obtained. For this purpose, the data of the log files is analyzed and the following analysis cookies are set. The usage analysis is carried out on the basis of our justified interest in constantly improving the effectiveness of our website design and our range of services and adapting it to user requirements. The data processing for usage analysis takes place up to the time of its effective objection. In general, it should be noted that the legal basis for the processing of personal data is in particular your consent. The usage analysis that goes beyond this is carried out on the basis of our justified interest in constantly improving the effectiveness of our website design and our range of services and adapting it to the user’s needs. In general, the data processing for usage analysis shall continue until the time of its effective objection, unless otherwise stated in detail below.

Use of Google Analytics aa) This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting your data by setting an opt-out cookie that prevents your data from being collected in the future when you visit our website. Please click on this link: <a href=”javascript:gaOptout()”>Google Analytics deaktivieren</a>. The Opt-Out-Cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is excluded immediately and the personal data is deleted immediately.

We use Google Analytics to analyse the use of our website and to improve it regularly. The statistics obtained will enable us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f DS-GVO.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 Terms of Use: http://www.google.com/analytics/terms/de.html, Privacy Statement: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Statement: http://www.google.de/intl/de/policies/privacy.



10. Use of Social Media

Use of social media plug-ins

aa) We are currently using the following Social-Media-Plug-ins: Facebook and Instagram. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online service. In addition, the data mentioned under no. 4 of this declaration will be transmitted. In the case of Facebook, the IP address is anonymized immediately after collection, according to information provided by the respective provider in Germany. By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.

bb) We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. Also for the deletion of the collected data by the plug-in provider no information is available to us.

cc) The plug-in provider stores the data collected about you as user profile and uses these for the purposes of advertising, market research and/or the need-based design of its website. Such evaluation is carried out in particular (also for users who are not logged in) in order to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 S. 1 lit. f DS-GVO.

dd) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this allows you to avoid being assigned to your profile by the plug-in provider.

ee) Further information on the purpose and scope of the data collection and processing by the plug-in provider can be found in the following data protection declarations of these providers. Here you will also find further information on your rights in this regard and setting options to protect your privacy.

ff) Addresses of the respective plug-in providers and URL with their data protection information:
Facebook: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; For more information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; https://help.instagram.com/519522125107875.