Privacy statement
I. Name and address of the person responsible
Johanna Sengstock
c/o Postflex #6048
Emsdettener Str. 10
48268 Greven
No parcels or packages - they will not be accepted!
phone: +49 162 8949603
email: info@sketchesinrose.com
II. General information about data processing
Personal data of the users of this website are only collected and used, as far as this is necessary to provide a functional website and its contents and services. The collection and use of personal data of the users takes place regularly, only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.
Information on the purpose, scope and legal basis for the processing of the relevant personal data can be found in the relevant sections of this Privacy Policy.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Storage may also take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data also takes place if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a conclusion of contract or a fulfilment of the contract.
III. Information disclosure
A transfer of your personal data to third parties for purposes other than those listed below does not take place.
We only share your personal information with third parties if:
• You have given your express permission according to Art. 6 (1) clause 1 lit. a EU General Data Protection Regulation (GDPR),
• disclosure pursuant to Art. 6 (1) clause 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
• in the event that disclosure pursuant to Art. 6 (1) clause 1 lit. c GDPR a legal obligation exists, or that
• this is legally permissible and according to Art. 6 (1) clause 1 lit. b GDPR is required for the settlement of contractual relationships with you.
IV. Provision of the website and creation of log files
Visiting this website is possible without providing personal information. However, every time the website is accessed, our system automatically records data and information from the calling computer’s system, so your IP address is stored for a short time. This also constitutes personal data, so we need to highlight this to you.
In order to provide the website to you, it is necessary for information to be collected by the computer system of the calling computer (server log files). This concerns following access data:
• Name of the requested file
• IP address
• Date and time of retrieval
• data volume transferred
• requesting provider
The access data is used exclusively for the purpose of delivering the website content. An evaluation of the data for marketing purposes does not take place in this context. All access data will be deleted no later than seven days after the end of your page visit.
The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no effective possibility to appeal on the part of the user.
V. IONOS
1. IONOS Tracking MYWEBSITE
We use MyWebsite on our website. This is a service of 1 & 1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, hereinafter referred to as „MyWebsite“.
MyWebsite stores tracking cookies on your device via your internet browser, which are based on the Snowplow Analytics technology from Snowplow Analytics Limited, 32-38, Scrutton Street, London, United Kingdom.
With the help of these cookies, it can be evaluated e.g. how often you visit our website or which (sub) pages of our website are accessed. 1 & 1 IONOS SE states that no personal data will be recorded.
In case you have granted your consent to this processing the legal basis is Article 6 para. 1 lit. a GDPR. The legal basis can also be Article 6 para. 1 lit. f GDPR. Our legitimate interest lies in the improvement and optimisation of our website.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. You can find more information on this under “Cookies” above.
2. IONOS WebAnalytics
We use WebAnalytics on our website. This is an analysis service from 1 & 1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, hereinafter referred to only as “WebAnalytics”, with which we can analyse the use of our website.
For analysis, data is collected on the type and version of your internet browser, your operating system, the type of your device, the website from which you came to our site (referrer URL), the page(s) of our website that you visit or the files that you request, the date and time of the relevant access and the anonymized IP address of the internet connection from which the use of our website is made.
In case you have granted your consent to this processing the legal basis is Article 6 para. 1 lit. a GDPR. The legal basis can also be Article 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, optimisation and improvement, as well as the economic operation of our website.
More details provided by IONOS on their website:
1. Which technologies does IONOS use to collect the data?
The data is collected either by a pixel or by a log file. To protect personal data, Web Analytics does not use cookies. The visitor's IP is transmitted when a page is requested, immediately anonymized after transmission and processed without personal reference. (Source: https://www.ionos.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-11-ionos-produktes/webanalytics/)
2. What data does IONOS store from website visitors?
IONOS does not store any personal data from website visitors, so that no conclusions can be drawn about individual visitors. The following data is collected:
• Referrer (previously visited website)
• Requested website or file
• Browser type and browser version
• Operating system used
• Device type used
• Time of access
• IP address in anonymized form (only used to determine the location of access)
(Source: https://www.ionos.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-11-ionos-produktes/webanalytics/)
3. For what purpose is the data collected?
In WebAnalytics, data is collected exclusively for statistical evaluation and for technical optimization of the website. (Source: https://www.ionos.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-11-ionos-produktes/webanalytics/)
4. Transfer to third parties
No data is passed on to third parties. (Source: https://www.ionos.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-11-ionos-produktes/webanalytics/)
VI. Use of cookies
1. Cookies
We and our partners use cookies to provide the relevant services. This also applies when you visit our website or access our services.
A "cookie" is a small data packet that is assigned to your device when you visit a website from this website. Cookies are useful and can be used for different purposes. These include, for example, making it easier to navigate between different pages, automatically activating certain functions, saving your settings and optimizing access to our services. The use of cookies also enables us to show you relevant advertising tailored to your interests and to collect statistical information about your use of our services.
This website uses the following types of cookies:
a. "Session cookies" that ensure normal system use. Session cookies are only stored for a limited time during a session and are deleted from your device as soon as you close your browser.
b. "Permanent cookies" that are only read by the website and are not deleted when the browser window is closed, but are stored on your computer for a certain period of time. This type of cookie allows us to identify you on your next visit and, for example, save your settings.
c. "Third-party cookies" that are set by other online services that have their own content on the page you are visiting. These can be, for example, external web analytics companies that record and analyze access to our website.
Cookies do not contain any personal data that identifies you, but the personal data we store may be linked by us to the data contained in the cookies. You can remove cookies via the device settings on your device. Follow the instructions provided. Please note that deactivating cookies may result in the restriction of certain functions when using our website.
The tool used by IONOS is based on Snowplow Analytics technology. The data we collect about the use of our website includes, for example, how often users visit the website or which areas are accessed. The tool we use does not collect any personal data and is used by our web hosting provider and service provider solely to improve their own offering.
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.
The purpose of the data processing is the functionality of our website. The user data collected by technically necessary cookies will not be used to create user profiles. This will protect your interest in privacy. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these features, using cookies is necessary so that the browser is recognised even after a change of page.
Cookies are stored on the computer of the user and transmitted by this means on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in his Internet browser, the user can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully use all of the website’s functions.
2. consent management/cookie banner
We use the Usercentrics app as consent management (also known as a “cookie banner”), which integrates the Usercentrics Consent Management Platform into the website and is provided via IONOS. Usercentrics automatically recognizes the services used on the website, e.g. Google Analytics, and makes this information available to visitors via a cookie banner. The cookie banner takes visitors to the privacy settings. There, visitors can grant and manage consent to the use of cookies. Rejected cookies are blocked by Usercentrics. When the website is accessed, a cookie with the setting information is stored on the user's device so that the consent query does not have to be made again on a subsequent visit.
The cookie is required to obtain legally compliant consent from the user.
The user can prevent or stop the installation of cookies by adjusting their browser settings.
The user can access the privacy settings and adjust their settings at any time using the blue symbol (a fingerprint) on the edge of the website.
In addition, the "ID to request consent data" is displayed in the privacy settings under the tab "Services" . This ID is created by Usercentrics in order to clearly assign the consent data to the respective user or device. This means that the user can request their consent data from Usercentrics at any time by specifying the ID.
The user can prevent or stop the installation of cookies by adjusting their browser settings.
VII. Contact form and E-Mail Contact
On our website is a contact form that can be used for electronic contact. If a user has accepted this option, the data entered into the input screen will be transmitted to us and saved.
For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.
Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.
The legal basis for the processing of data is in the presence of the consent of the user Art. 6 (1) lit. a GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
Processing personal data from the input screen serves us only for contact purposes. In the case of contact via e-mail, this also includes the necessary legitimate interest in the processing of the data.
Any other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This is the case for personal data that is received via the contact form and that which is sent by e-mail, when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts are finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
The user has the opportunity to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot continue.
In this case, all personal data stored in the course of establishing contact will be deleted.
VIII. Google Web Fonts
This site uses Web Fonts, which are provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"), for consistent presentation of fonts. When you access a page, your browser loads the required web fonts into its browser cache to correctly display texts and fonts.
In order to do this, the browser you use must be able to connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services. If your browser does not support web fonts, a default font will be used by your computer.
US-based Google LLC is certified to the EU-US Privacy Shield, which ensures compliance with the level of data protection in the EU.
IX. Social Media
1. Instagram
To advertise our products and services as well as to communicate with interested parties or customers, we have a presence on the Instagram platform.
On this social media platform, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.
The data protection officer of Instagram can be reached via this contact form:
We have defined the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the reciprocal obligations, is available at the following link:
The legal basis for the processing of the resulting and subsequently disclosed personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.
The legal basis may also be your consent per Art. 6 para. 1 lit. a GDPR granted to the platform operator. Per Art. 7 para. 3 GDPR, you may revoke this consent with the platform operator at any time with future effect.
When accessing our online presence on the Instagram platform, Facebook Ireland Ltd. as the operator of the platform in the EU will process your data (e.g. personal information, IP address, etc.).
This data of the user is used for statistical information on the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for the creation of user profiles. Based on these profiles, Facebook Ireland Ltd. can provide advertising both within and outside of Instagram based on your interests. If you are logged into Instagram at the time you access our site, Facebook Ireland Ltd. will also link this data to your user account.
If you contact us via Instagram, the personal data your provide at that time will be used to process the request. We will delete this data once we have completely responded to your query, unless there are legal obligations to retain the data, such as for subsequent fulfillment of contracts.
Facebook Ireland Ltd. might also set cookies when processing your data.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. The instructions to do this depend on the browser and system being used. For Flash cookies, the processing cannot be prevented by the settings in your browser, but instead by making the appropriate settings in your Flash player. If you prevent or restrict the installation of cookies, not all of the functions of Instagram may be fully usable.
Details on the processing activities, their suppression, and the deletion of the data processed by Instagram can be found in its privacy policy:
It cannot be excluded that the processing by Facebook Ireland Ltd. will also take place in the United States by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025.
2. X (formerly Twitter)
We maintain an online presence on X to present our company and our services and to communicate with customers/prospects. Twitter is a service provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Twitter.
The privacy policy of Twitter can be found at
3. YouTube
We maintain an online presence on YouTube to present our company and our services and to communicate with customers/prospects. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA.
We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to YouTube.
The YouTube privacy policy can be found here:
4. WEBTOON
We maintain an online presence at WEBTOON to present our services and to interact with users. WEBTOON is a service of NAVER WEBTOON Ltd., TechONE Tower1 11-12F, 131, Bundangnaegok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea. There is also WEBTOON Entertainment Inc., 5700 Wilshire Blvd Suite 220, Los Angeles, CA 90036, United States. Since both companies are located outside the EU, there is a possibility that user data will be processed outside the European Union, particularly in Korea and the USA. This can increase the risks for users, for example by making it more difficult to access the user data later. We also have no access to this user data. Access is exclusively available to WEBTOON.
You can find WEBTOON's privacy policy at:
5. General linking to third-party profiles
The provider uses links to the social networks listed below on the website and, where applicable, also on the social media profiles mentioned above.
The legal basis for this is Article 6 para. 1 lit. f GDPR. The legitimate interest of the provider is to improve the quality of use of the website.
The plugins are integrated via a linked graphic. The user is only forwarded to the service of the respective social media by clicking on the corresponding graphic.
After the customer has been forwarded, information about the user is recorded by the respective social media. This is initially data such as IP address, date, time and page visited. If the user is logged into his/her user account of the respective social media at the same time, the social media operator can, if required, assign the information collected from the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective social media, this information can be stored in the user’s personal user account and, if required, be published. If the user wants to prevent the collected information from being directly assigned to his/her user account, the user must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.
The following social media are linked by the provider:
5.1. Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
6. Facebook plug-in
Our website uses the plug-in of the Facebook social network. Facebook.com is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.
In case you have granted your consent to this processing the legal basis is Article 6 para. 1 lit. a GDPR. The legal basis can also be Article 6 para. 1 lit. f GDPR. Our legitimate interest lies in improving the quality of our website.
Further information about the possible plug-ins and their respective functions is available from Facebook at
If the plug-in is stored on one of the pages you visit on our website, your browser will download an icon for the plug-in from Facebook’s servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of your visit to our website will also be recorded.
If you are logged in to Facebook while visiting one of our plugged-in websites, the information collected by the plug-in from your specific visit will be recognized by Facebook. The information collected may then be assigned to your personal account at Facebook. If, for example, you use the Facebook Like button, this information will be stored in your Facebook account and published on the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your browser to prevent the Facebook plug-in from loading.
Further information about the collection and use of data as well as your rights and protection options in Facebook’s privacy policy found at
X. Use of PayPal as a payment method
If you decide to pay with the online payment service provider PayPal during your order process, your contact data is transmitted to PayPal as part of the order thus triggered. PayPal is an offer of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal thereby assumes the function of an online payment service provider and a trustee and offers buyer protection services.
The personal data transmitted to PayPal is mostly first name, last name, address, telephone number, IP address, e-mail address, or other data, which is required for order processing,as well as data related to the order, such as the number of items, item number, invoice amount and tax percentage, billing information, etc.
This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship. Your data is therefore transmitted to PayPal on the basis of Article 6 para. 1 lit. b GDPR.
However, please note: PayPal may transfer the personal data to service providers, to subcontractors or other affiliated companies, to the extent necessary to fulfill the contractual obligations arising from your order or to process the data in the order on your behalf.
Depending on the payment method selected via PayPal, e.g., invoice or direct debit, the personal data transmitted to PayPal will be transmitted to credit agencies by PayPal. This transmission is used to check your identity and creditworthiness in relation to the order you have placed. For information on which credit agencies are involved and which data is generally collected, processed, saved and forwarded by PayPal, please refer to PayPal’s data protection statement at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
XI. Rights of the persons concerned
If personal data is processed by you, you are the affected person within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access
You may ask the controller for a confirmation as to whether personal data concerning you is being processed.
In addition, you have a right to access information about the purpose, categories of personal data, recipients, the planned duration of the storage and the existence of other rights such as rectification of the data or the existence of a right to complain to a supervisory authority.
2. Right to rectification
You have a right to rectification and / or completion vis-à-vis the controller, if the personal data you process is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restriction of processing
You may request a restriction on the processing of personal data concerning you,
• provided that the accuracy of your data is disputed
• if you refuse to have your data deleted due to improper data processing and instead demand a restriction on the processing of your data
• the controller no longer needs your personal information for processing purposes, but you need it to assert, exercise or defend legal rights
• if you have objected to the processing and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or those of a Member State.
If the restriction on processing has been limited, you will be notified by the controller before the restriction is lifted.
4. Right to erasure
You may demand that the controller delete personal data relating to you immediately if and to the extent that the requirements for this have been met. The controller is obliged to delete this data immediately.
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, the data subject, has requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
The right to erasure does not exist if processing is necessary
• to exercise the right to freedom of expression and information;
• in order to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of public authority delegated to the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
• for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
• to enforce, exercise or defend legal claims.
5. Right to information
If you have the right of rectification, erasure or restriction of the processing vis-à-vis the controller, they are obliged to notify all recipients of the personal data concerning you that it has been corrected or deleted or that its processing has been restricted, unless this proves to be impossible or involves a disproportionate amount of effort.
You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data that you have provided to the person responsible in a structured, conventional and machine-readable format, to transmit this data to another responsible person without hindrance by us, provided that the further requirements of Art. 20 GDPR be met.
7. Right to object
Under the conditions of Art. 21 GDPR you have the right to object to the processing of your personal data at any time. If the conditions for an effective objection apply, no further processing by us is permitted. The above general right of objection applies to all processing purposes described in this privacy statement, which are processed on the basis of Article 6 (1) lit. f GDPR.
Once you have exercised your right to object, we will no longer process your personal data for these purposes, unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
This does not apply if processing is for direct marketing purposes. We will not process your personal data for this purpose.
8. Right to revoke data protection consent declaration
You have the right to revoke your data protection consent declaration, with effect for the future, at any time. To make a revocation, please refer to the above contact details.
9. Automated individual decision-making, including profiling
You have the right to not be subjected solely to automated processing – including profiling – that has a legal effect on you or similarly adversely affects you.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you believe that the processing of the personal data concerning you infringes the GDPR.
XII. Updating and changing this privacy policy
This privacy policy is currently valid as of June 2024.
Due to further development of our website and its services or due to changes to legal or regulatory requirements, it may be necessary to change this privacy policy. You can access and print out the current privacy policy at any time from the website: https://www.sketchesinrose.com/
(adapted and more details added)