from the Series . The red Thread - Part 1 .
Data Privacy Information
This privacy statement informs you about how we treat your data. To make the processing of your data transparent, we would like to provide you with the following information to give you an overview of these processing operations. To keep things fair, we additionally want to inform you about your rights pursuant to the EU-General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). 

We will inform you in detail about

I. General Information
II. Data Processing on our Website
III. Data Processing on our Social Media

Anja Diabaté is the controller of the data processing.

I. General Information
1. Contact
If you have any questions or feedback concerning this information or wish to contact me to exercise your rights, please send your enquiry to

Anja Diabaté
Am Berge 8
21371 Tosterglope/Ventschau - Germany


2. Legal Basis
The legal term 'personal data' refers to all information relating to an identified or identifiable natural person.
I process personal data in compliance with the data protection regulations, in particular the GDPR and the BDSG. I solely process data based on law. I process personal data
 •solely with your consent (Art. 6 section 1 letter a) GDPR),
 •to perform a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6        section 1 letter b) GDPR),
 •to comply with a legal obligation (Art. 6 section 1 letter c) GDPR) or
 •where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 section 1 letter f) GDPR). 

3. Period of Storage
Unless otherwise stated in the following, I will only store your data for as long as required to achieve the intended processing purpose or to fulfil my contractual or statutory obligations. In particular, such statutory retention requirements may result from regulations under commercial or tax law.

4. Recipients of Data
For certain processing activities, I rely on service providers as so-called ‘processor’. These processing activities include, for example, hosting or maintenance and support for IT systems. A ‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors process data not for their own purposes but solely for the controller and are contractually obliged to implement appropriate technical and organizational measures ensuring data protection.

Should your data be transferred to further recipients, you can find this information under the description of the respective processing activity.

5. Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 15 to 22 GDPR, I process the personal data transferred in order for us to grant you your rights and to acquire proof thereof. For the purpose of providing information and preparing such information, I will process the stored data only for this purpose as well as for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. These processing operations are based on Art. 6 section 1 letter c) GDPR in combination with Art. 15 to 22 GDPR and section 34 para. 2 BDSG. 

6. Your rights
As the data subject, you are entitled to exercise your rights against me. In particular, you have the following rights:
• Pursuant to Art. 15 GDPR and section 34 BDSG, you have the right of access to information confirming whether and, if so, to what extent we are processing personal data concerning you.
•Pursuant to Art. 16 GDPR, you have the right to rectification of your data.
•Pursuant to Art. 17 GDPR and section 35 BDSG, you have the right to erasure of your personal data.
•Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
•Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.
•Where you have granted us specific consent to a processing activity, you can withdraw such consent at any time pursuant to Art. 7 section 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
•If you are of the view that the processing of your personal data infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

7. Right to object
Pursuant to Art. 21 section 1 GDPR, you have the right to object to processing activities based on Art. 6 section 1 letter e) or letter f) GDPR on grounds relating to your particular situation. If I process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 section 2 and section 3 GDPR.

II. Data processing on our website
During use of my website, information that you provide yourself is collected. In addition, certain information about your use of the Site is automatically collected during your visit to the Site. In data protection law, the IP address is also considered personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.  

1. Processing of Server-Log-Files
When using my website for informative purposes only, general information that your browser transfers to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out in pursuit of my legitimate interests and is based on Art. 6 section 1 letter f) GDPR. This processing serves the technical administration and security of the website. The data collected will be deleted after seven days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. I am unable to identify you as a data subject based on the information collected. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 section 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles. 

2. Contact
If you send me a message via the contact e-mail provided, I will use the data provided for the purpose of answering your inquiry.
If your inquiry is directed at the conclusion or implementation of a contract with me, Art. 6 section 1 letter b) GDPR is the legal basis for data processing. Otherwise, I use the data due to my legitimate interest in getting in contact with requesting persons. The legal basis for data processing is then Art. 6 section 1 letter f) GDPR.

3. Cookies
The website uses cookies and similar technologies on our website. Cookies are small text files that are stored by your browser when you visit a website. This makes the browser identifiable so it can be recognised by our web server. The website uses so-called ‘session cookies’, which are deleted when the browser session is ended. Other cookies (‘persistent cookies’) are automatically deleted after a specific period, which may vary depending on the cookie.    
In part, the use of cookies is necessary to maintain functionality and operation of our website. Apart from that, the website uses cookies and similar technologies to measure the coverage of my website and analyse the use of my website.
Cookies are stored on the computer of the user. Therefore, you as the user have full control over the use of cookies. You can delete cookies in the security settings of your browser at any time. You can object to the use of cookies entirely or for certain cases in your browser settings. Further information from the Federal Office for Information Security is available at

III. Data processing on our Social Media
I operate profiles on multiple social media platforms via which I offer further opportunities to obtain information about may work and for exchange. I operate profiles on the following social media platforms: 

- Facebook
- Instagram
- Behance

Visiting a profile on social media can result in your personal data being processed. The information in your social media account constitutes personal data. This also encompasses messages and statements made with the account. Additionally, certain information about your visit to a company page is often collected automatically during your visit.

1. Data Processing during the Visit of a Social Media Page
a) Facebook and Instagram Page
Certain information about you is processed relating to your visit to my Facebook or Instagram page on which I present my work. Facebook Ireland Ltd (Ireland/EU – ‘Facebook’) is the sole controller of this processing. Further information about the processing of personal data by Facebook is available via 
Facebook provides the opportunity to object to certain processing activities; corresponding information and opt-out-methods are available via 

Facebook provides me with anonymised statistics and insights for our Facebook and Instagram page, which enable me to gain knowledge about the ways in which people interact with our page (so called ‘insights’). These insights are created based on certain information about persons who have visited my page. Facebook and I are joint controllers of this processing. The processing serves my legitimate interest in evaluating the ways in which people interact with my page and improving my page based on this. This finds its legal basis in Art. 6 section 1 letter f) GDPR. It is impossible to match the information obtained via insights to individual accounts which interact with my Facebook page. I have concluded an agreement with Facebook on joint controllership in which the data protection duties are allocated between Facebook and us. Details of the processing of personal data for the creation of insights and of the agreement we concluded with Facebook are available via about page insights data. Regarding these processing activities, you may also exercise your rights (see above ‘Your Rights’) against Facebook directly. Further information is available in Facebook’s privacy statement via
Please note that user data is also processed in the USA and other third countries according to Facebook’s data protection guidelines. Facebook only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR. 

b) Behance
Generally, Adobe Inc. (USA) is the sole controller of the processing of your personal data relating to your visit to my Behanceprofile. Further information on the processing of personal data by AdobeInc. is available via

2. Processing of Data you Share with me via my social media profiles
Additionally, I process information which you provide me with via the respective social media platform. Such information can include the username, contact details or a message to us. Generally, I only process this personal data if I have expressly requested you to share this data with me. I am the sole controller of such processing activities.
I process this data in pursuit of my legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 section 1 letter f) GDPR.
Additionally, I might process such data shared with me for purposes of evaluation or marketing. Such processing is based on Art. 6 section 1 letter f) GDPR and serve our legitimate interest to develop my offer and inform you about my work. Further data processing can take place if you have consented (Art. 6 section 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 section 1 letter c) GDPR).

August 2020
Back to Top