Logo
Logo
Artworks News About Contact
DE / EN
Work materials

Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “Online Offering”).

Last updated: December 2, 2025

Table of Contents

Controller

Larisa Semke, Dipl.-Ing. (FH)
Kopernikusstr. 12
52353 Düren
Germany

Email: info@larigami.de

Overview of Processing Operations

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of Data Processed

  • Inventory data
  • Contact data
  • Content data
  • Usage data
  • Metadata and communication data

Categories of Data Subjects

  • Users

Purposes of Processing

  • Security measures
  • Web analytics
  • User profiling
  • Provision of our Online Offering and user experience
  • IT infrastructure

The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be applicable in individual cases, we will inform you of these in the privacy policy.

  • Legitimate Interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated individual decision-making, including profiling. The data protection laws of the individual German federal states may also apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability, and segregation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Moreover, we consider the protection of personal data from the outset in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

TLS Encryption (https): To protect your data transmitted via our Online Offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transfer of Personal Data

In the context of our processing of personal data, it may happen that the data is transferred to, or disclosed to, other entities, companies, legally independent organizational units, or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if the processing takes place in the context of the use of third-party services or disclosure or transfer of data to other persons, entities, or companies, this shall only occur in accordance with legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection (e.g., through an adequacy decision such as the EU-US Data Privacy Framework), on the basis of contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as the consents granted for processing are revoked or other permissions cease to apply (e.g., if the purpose of processing this data has ceased to exist or they are not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our privacy notices may also contain further information on the retention and deletion of data, which shall take priority for the respective processing operations.

Provision of the Online Offering and Web Hosting

We process user data in order to provide our online services to them. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the user’s browser or device.

  • Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); metadata and communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our Online Offering and user experience; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).

Further Information on Processing Operations, Procedures, and Services:

  • Provision of Online Offering on Rented Storage Space: For the provision of our Online Offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as “web host”); Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).
  • Collection of Access Data and Log Files: Access to our Online Offering is logged in the form of so-called “server log files.” Server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (particularly in the case of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure server utilization and stability; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Deletion of Data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
  • Netlify: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service Provider: Netlify Inc., 2325 3rd Street, Suite 29, San Francisco, CA 94104, USA; Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF). Netlify Inc. is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection for transfers to the USA (Art. 45 GDPR); Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://www.netlify.com/; Privacy Policy: https://www.netlify.com/privacy/; Data Processing Agreement: https://www.netlify.com/pdf/netlify-dpa.pdf.

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate the visitor flows of our Online Offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our Online Offering or its functions or content are most frequently used or invite reuse. We can also understand which areas require optimization.

In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our Online Offering or its components.

Unless otherwise stated below, profiles, i.e., data aggregated for a usage process, may be created for these purposes, and information may be stored in a browser or device and read from it. The information collected includes, in particular, websites visited and elements used therein, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored in the context of web analytics, A/B testing, and optimization, but rather pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of users, but only the information stored in their profiles for the purposes of the respective procedures.

  • Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); metadata and communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Web analytics (e.g., access statistics, detection of returning visitors); user profiling (creation of user profiles).
  • Security Measures: IP masking (pseudonymization of the IP address).
  • Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR).

Further Information on Processing Operations, Procedures, and Services:

  • Plausible: Plausible is a privacy-friendly web analytics software that is used without cookies. The detection of returning users is carried out using a so-called “digital fingerprint” that is changed every 24 hours. With this “digital fingerprint,” user movements within our Online Offering are recorded using pseudonymized IP addresses in combination with user-side browser settings in such a way that conclusions about the identity of individual users are not possible. No personal data is stored permanently; the data is processed in pseudonymized form only. The user data collected in the course of using Plausible is processed only by us and is not shared with third parties; Legal Bases: Legitimate Interests (Art. 6(1)(f) GDPR); Website: https://plausible.io/.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Where we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and please verify the information before contacting us.

Rights of Data Subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw any consent given at any time.
  • Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to access such data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right, in accordance with legal requirements, to request the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to request that personal data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request restriction of the processing of the data.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to demand that it be transferred to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined primarily in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.

  • Personal Data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • User Profiling: The processing of “user profiles,” or “profiling” for short, includes any form of automated processing of personal data that consists of using such personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc.) (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.
  • Web Analytics: Web analytics (also referred to as “reach measurement”) is used to evaluate the visitor flows of an online offering and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes in order to recognize returning visitors and thus obtain more accurate analyses of the use of an online offering.
  • Controller: “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, be it collection, evaluation, storage, transmission, or erasure.