We appreciate your visit to our website www.fabionobile.de and your interest in our company. To provide you with the highest level of transparency, we inform you below about the type, scope, and purpose of the collection, processing, and use of personal data that occurs when using our website. You can access the full General Data Protection Regulation (hereinafter referred to as "GDPR") document here.

1. Definitions

The following terms, used in our privacy policy, are defined in Article 4 of the GDPR. Below is an excerpt from Article 4 of the GDPR. All definitions can be found in the GDPR (available here).

• Personal Data (Art. 4 No. 1 GDPR): Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  
  

• Processing (Art. 4 No. 2 GDPR): Processing refers to any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  
  

• Pseudonymization (Art. 4 No. 5 GDPR): Pseudonymization refers to the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures that ensure the data is not attributed to an identified or identifiable natural person.
  
  

• Controller (Art. 4 No. 7 GDPR): The controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.
  
  

• Processor (Art. 4 No. 8 GDPR): A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

• Third Party (Art. 4 No. 10 GDPR): A third party is a natural or legal person, public authority, agency, or other body other than the data subject, controller, processor, and persons authorized to process personal data under the direct authority of the controller or processor.
  
  

• Consent (Art. 4 No. 11 GDPR): Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of their personal data.
  
  

• Company (Art. 4 No. 18 GDPR): A company refers to a natural or legal person engaged in an economic activity, regardless of its legal form, including associations or partnerships that regularly engage in economic activity (Art. 4 No. 18 GDPR).

2. Controller According to Art. 4 No. 7 GDPR

Fabio Nobile Design Co.
Sole proprietorship of Fabio Nobile

Schaezlerstr. 38
86152 Augsburg

Germany

Phone and WhatsApp: +49 151 106 89427 

Email: hey@fabionobile.de

3. Legal Bases for Processing

For each processing operation described in this privacy policy, we specify the relevant legal basis under which the processing takes place. The following categories determine when processing is lawful:

• You have given consent for processing your personal data for one or more specific purposes (Art. 6(1)(a) GDPR).

• Processing is necessary for the performance of a contract or for pre-contractual measures requested by you (Art. 6(1)(b) GDPR).

• Processing is necessary for compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR).

• Processing is necessary to protect vital interests of you or another natural person (Art. 6(1)(d) GDPR).

• Processing is necessary for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR).

• Processing is necessary for the purposes of legitimate interests pursued by us or a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override these interests (Art. 6(1)(f) GDPR).

4. Cookies & Consent Management Tool

Our Internet pages uses so-called "cookies ”. Cookies are small text files that are stored on your end device and processed by your browser. They do no harm and do not contain viruses or malware.

Cookies can be stored temporarily (session cookies) or permanently (persistent cookies):

• Session cookies: These are automatically deleted after leaving the website.

• Persistent cookies: These remain stored on your end device until they are deleted or expire.

4.1 Cookie management & consent

Our website only uses cookies that are technically necessary for website functionality. According to the ePrivacy Directive, we are not required to obtain user consent for these necessary cookies. Therefore, no cookie banner is required.

Should a cookie banner be displayed on this website (e.g., if additional features are added in the future), you can change your cookie settings at any time by clicking on the cookie icon in the bottom left-hand corner of the screen.

5. Data Storage & Deletion

Within the processing described in our privacy policy, we will inform you of the corresponding storage period or the times of deletion or blocking of data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.

Data may be stored beyond the defined periods if statutory provisions to which we are subject (e.g. Section 147 AO, Section 247 HGB) provide for a different storage period.‍

Following the storage period, the personal data will be deleted or blocked unless further storage is required by us on a legal basis. In addition, storage beyond the specified period is possible in the event of a (possible) legal dispute with you or other legal proceedings.

6. Collection of personal data

Below we will inform you about the collection of personal data (such as name, email address, address or user behavior).

6.1 Exclusively informational use of our website

If you do not register on our website (for example in the form of a newsletter) or send us data in any other way (for example by using a contact form), only the personal data that is sent from your browser to our server will be collected. This is data that is technically necessary for us to make the website available for you to view while ensuring a secure and stable display. This is the following information, which results from a log file line:

• Internet protocol address (IP address)

• Time and date of the respective access

• Time zone difference to Greenwich Mean Time (GMT)

• The specific page accessed

• Status of the access / Hypertext Transfer Protocol (http)

• Amount of data that was transferred in each case

• Website from which our website was accessed (referrer URL)

• Internet browser used (including language and version)

• Operating system used
  
  

The legal basis for collecting the data listed arises from Art. 6 Para. 1 Clause 1 Letter f of GDPR. We have a legitimate interest in ensuring an error-free connection and comfortable use of our website, as well as analyzing system stability and security and using the data for other administrative purposes.

6.2 Contact by email

If you contact us via the email address provided in section 2 or other email addresses of our company that are published on our website, your email address and other contact details contained in your email (e.g. your name or telephone number) will be stored by us in order to process your request. This data will be deleted immediately as soon as further storage is no longer necessary. If there are statutory retention periods with regard to the data, the processing will be restricted accordingly instead of deleting the data. Depending on the reason for sending the email, the legal basis for processing the data arises from Art. 6 Para. 1 Clause 1 Letter b GDPR or Art. 6 Para. 1 Clause 1 Letter f GDPR, i.e. it is either done to process the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting parties interested in our services.

6.3 Contact form

When you contact us using the contact form on our website, the contact details you provide will be stored and processed by us in order to process your request. Depending on the reason for contact, the legal basis for processing the data is Art. 6 Para. 1 Clause 1 Letter b GDPR or Art. 6 Para. 1 Clause 1 Letter f GDPR, i.e. it is either used to process the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting parties interested in our services.

6.4 Declaration of intent

When you contact us using the declaration of intent on our website, the contact details you provide will be stored and processed by us in order to process your request. Depending on the reason for contacting us, the legal basis for processing the data is Art. 6 (1) sentence 1 lit. b GDPR or Art. 6 (1) sentence 1 lit. f GDPR, i.e. it is either used to process the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting those interested in our services.

6.5 Applications

Vacancies are published on our website. If you click on the "Apply now" button, an email window will open so that you have the opportunity to apply to us by email.

When you apply, the data you provide will be stored by us and processed for the purposes of the application process. The legal basis for processing this data is the fulfillment of our pre-contractual obligations as part of the application process in accordance with Art. 6 (1) sentence 1 lit. b GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG). Furthermore, an additional legal basis may arise from Art. 6 (1) (f) GDPR, if the data processing is required, for example, in the context of legal proceedings. If applicants voluntarily submit special categories of personal data in accordance with Art. 9 (1) GDPR, these will be processed by us in accordance with Art. 9 (2) (b) GDPR. If we request data in accordance with Art. 9 (1) GDPR, the data processing will always be carried out on the basis of your express consent.

7. Framer

Our website is hosted via the services of Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. Framer provides website hosting and utilizes Amazon Web Services (AWS) for infrastructure and AWS CloudFront as a content delivery network (CDN) to ensure optimized performance.

The use of Framer as a hosting provider is based on Art. 6 Para. 1 lit. f GDPR (legitimate interest), as we aim to provide a fast, secure, and stable website. If consent is required (e.g., for cookies or tracking technologies used by Framer), data processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR.

Further details on data processing by Framer can be found in the provider’s privacy policy:
Framer Privacy Policy https://www.framer.com/legal/privacy-statement

7.1 Hosting & Content Delivery Network (CDN)

Framer utilizes AWS CloudFront as a content delivery network (CDN) to optimize website speed and performance. This service ensures that website content is efficiently delivered to users by caching content closer to their location.

More details about Framer’s hosting infrastructure can be found here:https://www.framer.com/help/articles/guide-to-framer-hosting-infrastructure/

7.2 Data Processing by Cloud Hosting Services

Framer relies on Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (AWS) for its cloud hosting infrastructure. This may involve the processing of personal data, such as IP addresses.

To ensure GDPR compliance, we have signed a Data Processing Agreement (DPA) with Framer in accordance with Art. 28 GDPR, which regulates how personal data is processed and protected.

Data transfers outside the European Economic Area (EEA) are carried out based on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

Further details on data processing by AWS can be found in AWS’s privacy policy: https://aws.amazon.com/de/privacy/

7.3 framerusercontent.com

Our website loads images and other media content via the domain framerusercontent.com, a subdomain provided by Framer B.V. for hosting static files (e.g., images, PDFs, scripts). These files are served through AWS CloudFront, a content delivery network (CDN) used to optimize performance and speed.

This may involve data transfers outside the EEA. Data transfer is based on EU Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

Further details on data processing:

• Framer data protection: https://www.framer.com/legal/privacy-statement

• AWS data protection: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_10.28.24_DE-DE.pdf

7.4 Legal basis

The legal basis for data processing within the meaning of the above is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and is justified in our interest in providing you with a fast, secure and user-friendly website. As far as the fact of data processing in the third country USA is concerned, the legal basis, as explained, arises from Art. 44 and 45 GDPR (since all companies involved are active participants in the so-called "EU/US Data Privacy Framework"), as well as from Art. 46 Paragraph 1, Paragraph 2 Letter c of GDPR (standard contractual clauses).

8. Use of Framer Analytics (events.framer.com)

Our website uses Framer Analytics, a web analytics service provided by Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. Since our website is hosted on Framer, the analysis of website usage is carried out via events.framer.com as a first-party service (first-party cookie).

8.1 What data is collected?

Framer Analytics collects information on website performance and usage, including:

• Technical metrics (e.g. loading times such as Time to First Byte, Largest Contentful Paint, First Input Delay),

• Interactions with the website (e.g. clicks, scrolling behaviour),

• Pages visited and navigation behaviour,

• Device information (e.g. screen resolution, operating system, browser type).
  
  

This data is collected automatically to analyze and optimize the performance of the website.

8.2 Cookies and storage

Framer Analytics does not store any personal identification data, but rather aggregated performance data to improve the user experience. Cookies or other technologies may be used to measure website usage.

Since our website is hosted directly on Framer, this data is processed as a first-party service within the Framer infrastructure. It is not passed on to external third parties (e.g. Google Analytics).

8.3 Legal basis

The legal basis for data processing, as outlined above, is Art. 6 Paragraph 1 Clause 1 Letter f GDPR, as it is in our interest to provide a fast, secure, and user-friendly website.

For data processing in third countries, the legal basis is derived from:

• Art. 44 and 45 GDPR (where applicable under the EU-US Data Privacy Framework)

• Art. 46 Para. 1, Para. 2 Letter c GDPR (Standard Contractual Clauses (SCCs))

To ensure full GDPR compliance, we have concluded a Data Processing Agreement (DPA) with Framer under Art. 28 GDPR.

You can find more information in Framer's privacy policy: https://www.framer.com/legal/privacy-statement

8.4 Data transfer and storage

The data collected is transmitted to Framer B.V. Data may be transferred to third countries (e.g. USA). The transfer is based on the EU standard contractual clauses (SCCs) and/or the EU/US Data Privacy Framework.

You can find further information in Framer's privacy policy: https://www.framer.com/legal/privacy-statement

9. YouTube

We embed YouTube videos on our website. This is a video portal from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, legal notice: https://www.google.de/intl/de/contact/impressum.html. The parent company of this company based in Ireland is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de. We have embedded the videos in what is known as "extended data protection mode", which ensures that no cookies are set and - according to Google - the playback of the video is not used by Google to personalize the use of the YouTube platform. Likewise, according to Google, the playback of the video is not used to personalize advertising.

Data is transferred to the USA and thus to a third country. The data transfer to this third country is justified in accordance with Art. 44 and 45 GDPR, as Google is an active participant in the Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).

This is a data protection agreement between the EU and the USA, in which the level of data protection for certified companies in the USA is declared adequate (“adequacy decision”). The legal basis for processing the data arises from Art. 6 Paragraph 1 Clause 1 Letter f GDPR, and is therefore based on our legitimate interest in making videos available to our website users so that they can find out about our services. When you play the video, the local and session storage are also described, which is technically necessary for you to be able to play the video.

10. Your rights

Below we will explain your rights under the GDPR.

• Right to information according to Art. 15 Para. 1 GDPR‍ You have the right to request confirmation from us as to whether personal data concerning you is being processed. If the answer is yes, in addition to the right to information about this personal data, you have the right to information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your personal data have been or will be disclosed in the future (in particular recipients in third countries or international organizations), the storage period or criteria for determining the storage period, the existence of a right to rectification or erasure of the personal data concerning you or the right to restrict processing on our part, as well as the existence of a right to object to this processing, the existence of a right to lodge a complaint with a supervisory authority, all available information about the origin of the data (in the event that it was not collected by us), the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved as well as the scope and intended effects of such processing.
  
  

• Right to rectification according to Art. 16 GDPR‍ You have the right to request that we immediately rectify inaccurate personal data and complete incomplete personal data concerning you.

• Right to erasure ("right to be forgotten") according to Art. 17 Para. 1 GDPR‍ You have the right to request that we immediately delete the personal data concerning you. However, according to Art. 17 Para. 3 GDPR, this right does not exist if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest or to assert, exercise or defend legal claims.
  
  

• Right to restriction of processing in accordance with Art. 18 Para. 1 GDPR‍ You have the right to request that we restrict the processing of your personal data if you contest the accuracy of your personal data (the restriction applies for the period that enables us to verify the accuracy), the processing of your personal data is unlawful and you refuse to delete it, we no longer need your personal data for the processing purposes, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 Para. 1 GDPR (the restriction applies as long as it has not yet been determined whether our legitimate reasons outweigh yours).
  
  

• Right to data portability according to Art. 20 GDPR‍ You have the right to receive the personal data concerning you from us in a structured, common and machine-readable format and to have it transmitted to another responsible party without hindrance on our part (or to request that we transmit it directly to another responsible party, if this is technically possible) if the processing by us was based on consent or a contract or was carried out using automated procedures.
  
  

• Right to revoke consent granted according to Art. 7 Para. 3 GDPR‍ You have the right to revoke consent once given to us at any time with effect for the future, so that the data processing that was carried out on the basis of the consent can no longer be continued in the future, but the legality of the processing carried out up to your revocation is not affected by this.
  
  

• Right to complain under Art. 77 GDPR‍ Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. As a rule, you can contact the supervisory authority of your habitual residence, your place of work or the place of the alleged infringement. Further information on this can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information: https://www.bfdi.bund.de/DE/Home/home_node.html

11. Right of objection

In addition to the rights mentioned above, you also have the right to object at any time to the processing of your personal data, which is carried out on the basis of the performance of a task carried out in the public interest or in the exercise of official authority (Article 6, Paragraph 1, Sentence 1, Letter e of GDPR) or to protect legitimate interests on our part (Article 6, Paragraph 1, Sentence 1, Letter f of GDPR), with effect for the future, provided that there are reasons for this that arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. In the event of your personal data being processed for the purpose of direct advertising or profiling, provided there is a connection to direct advertising, you have a general right to object without reasons arising from your particular situation having to exist. In the event of an objection, we will immediately stop processing the personal data for these purposes. To exercise your right of revocation or objection, simply send an email to: hey@fabionobile.de

12. Data security

Our website uses the encryption and communication protocol TLS 1.3 (Transport Layer Security). The TLS certificate we use, issued by a certification authority, enables encrypted data exchange between the web browser and web server, meaning that sensitive data cannot be read by third parties. We use the method with the highest level of encryption that your browser supports, usually 256-bit encryption. The higher the number of bits, the longer the key and therefore the better the protection against third parties.