• Legal
  • Privacy statement

Data privacy statement | Privacy policy

Privacy notice pursuant to Art. 12 ff. EU General Data Protection Regulation (GDPR) - last update: 11.02.2020

1. Preamble

We - the operator of this website (www.privatebudgeting.com), hereinafter referred to as either "we" or "privatebudgeting" - thank you for your interest in our website. We take the protection of your personal data and their confidential treatment very seriously. Your data will be processed solely in accordance with the applicable national and european data protection provisions regulations, specifically the EU General Data Protection Regulation (hereinafter: "GDPR") and the Federal Data Protection Act 2018 (BDSG new). We follow the latest GDPR policy recommendations and will support all new changes. This data privacy statement provides you with information about the processing of your personal data and your data protection rights when using our website(s). Personal data means any information linked to an identified or identifiable natural person, including details such as the name, postal address, email address, telephone number and user behaviour, though other details are also inevitably created while using our website, such as the beginning, end and extent of usage. This data protection declaration also applies to all of our other websites, which refer to this privacy notice published at www.haushalts-geld.de.

Below you will find an overview of the type, scope, purposes and legal basis of data processing on our website(s). The contact of the person responsible within the meaning of Article 4 (7) GDPR can be found in the legal notice ("Impressum") of this website; it's down to this person to organize data protection in such a way that its principles are implemented in practice and are verifiable at any time.

According to Art. 13 (1) GDPR, the catalogue of statutory information - to be provided by the person responsible - applies to our declaration on data protection. Persuant to Art. 12 GDPR, this information should be easily accessible in a clear and simple language and made available in a precise and transparent form. This also means that every user interaction with our website leading to the processing of personal data must be explicitly mentioned. Generally, you can visit any of our websites without directly providing information about yourself, though.

2. Collecting & processing of personal data in line with the GDPR

2.1. Principles

The GDPR incoprorates a number of fundamental principles that can be said to be the guiding core values of the regulation. Among other things, the data controller has to bear the following in mind when processing personal data:
  • Lawfulness, fairness and transparency - there must be a valid lawful basis under the GDPR in order to process personal data.
  • Purpose limitation - personal data may only be collected for specific, explicitly stated and legitimate purposes.
  • Data minimisation - the principles of data economy and data avoidance shall be taken into account when processing personal data - we only process data that is necessary for the intended purpose.
  • Accuracy - personal data needs to be accurate.
  • Storage limitation - personal data not longer needed has to be erased.
  • Integrity and confidentiality - personal data has to be protected, i.e., from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
  • Accountability - data controller have to be able to demonstrate that and how they live up to the GDPR.

2.2. Legal basis

As previously mentioned, one principle of the GDPR is the lawful processing of personal data. There are six available lawful bases for processing, which are set out in Art. 6 GDPR. Which basis is most adequate to use depends on the data controller's purposes for which the personal data are processed and the relationship with the individual. We only collect, use and pass on your personal data if this is permitted by law or if you consent to the data collection. If a corresponding legal basis is not explicitly mentioned in our privacy policy, below legal bases are used in individual cases when processing your personal data:

  • Art. 6 (1) lit. [a] GDPR, insofar as we obtain the data subject's consent for the processing of his or her personal data for one or more specific purposes;
  • Art. 6 (1) lit. [b] GDPR, when processing is necessary for a contract with an individual;
  • Art. 6 (1) lit. [c] GDPR, when processing is necessary to comply with a legal obligation to which the controller is subject;
  • Art. 6 (1) lit. [f] GDPR, when processing is necessary to safeguard the legitimate interests pursued by the controller or by a third party - within the bounds of respecting interests or fundamental rights and freedoms of the data subject which require protection of personal data.

2.3. Gathering of general access data by the access-provider

Whenever a user visits our website and each time a file is accessed, the user's web browser automatically transfers the data below to our web server (access provider) for technical reasons without our doing:

  • IP address of the requesting computer;
  • date and time of access;
  • name and URL of the retrieved file;
  • website from which access is made (referrer URL);
  • browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The legal basis for collecting the above mentioned data is Art. 6 (1) lit. [c] GDPR in accordance with the Telecommunications Act (TKG), which states that any access provider may collect and use the customer data and traffic data (where required) to put a stop to telecommunications service fraud and to resolve faults and malfunctions in telecommunications systems.

This data is recorded by the web service provider, without your and our intervention, and temproraly stored in a so-called log file. As with any data, it cannot completely be ruled out that third parties may acquire knowledge of saved data by illegal means and/or manipulate this data on the server side. With this in mind, the data mentioned are processed by the web hoster specifically for the following purposes: to ensure a smooth connection to and a comfortable use of the website, for evaluation of system security and stability as well for administrative purposes. The data recorded by the server will not be assigned to specific individuals and not merged with other data sources. However, the access provider reserves the right to check this data retrospectively if specific indications of illegal use arise. Usually after a maximum of seven days, this data will be deleted or IP addresses will be automatically anonymized so that even the access provider can not establish any personal reference anymore.

2.4. Gathering of general access data by the website operator

When you visit our website, we also may process your personal information for our own purposes, such as for administrative reasons, to guarantee stability and security. For example, in order to deliver the website to the user's terminal, the system temporarily needs to store the user's IP address. To this end, this IP address must be stored at least for the duration of the session. Unlike access provider though, personal data like IP addresses can at no time be assigned to specific people by us. We only evaluate anonymous information for statistic purposes in order to optimize our web presence as well as underlying technical processes and to guarantee the general security of our website. This constitutes our legitimate interest in data processing as per Art. 6 (1) lit. [f] GDPR. There is no merging of other data sources.

2.4.1. Processing of personal data when contacting us via contact form

Our website provides a contact form that you can use to contact us. If you use our contact form, we need the following mandatory personal details (marked as such with an asterisk): name, email address. Data provided in this context shall only be stored so as to process the conversation in a way that enables us to reply to you appropriately and to prevent spam. Any personal data that were additionally collected during the sending process, specifically the IP address when contact is made, are erased if they are no longer required for the purposes for which they were collected or otherwise processed. Your personal data is not shared with third parties.

2.4.2. Processing comments and contributions

If you leave a contribution or comment on this website, your IP address will be saved anonymously. This happens for legitimit reason within the meaning of Art. 6 (1) lit. [f] GDPR and aims to optimize our online appearance in terms of ensuring the security and general functionality of our service and preventing spam in particular - this happens also in the interest of the users of our website.

2.4.3. Registration on our website

If a user registers on our website, personal data may be collected by our system; this depends on whether the user voluntarily provides any personal details, such as the real name and email address or just a nick name. Any additional personal data, in particular the IP address, is processed on the basis of Art. 6 (1) lit. [f] GDPR for the purpose of preventing spam and banned users from registering under a new name. Registered users have the option to change or delete their (personal) data anytime by logging into their account.

2.5. Use of services and content from third parties

We use content provided by third-parties, i.e. StatCounter, on our website based on our legitimate interests within the meaning of Art. 6 (1) lit. [f] GDPR for the purpose of analyzing and optimizing the use of our website and for the economic operation of our webpages. This always requires that the provider of such content obtains the user's IP address - without the IP address the 3rd-party would not be able to send content to your browser. By visiting our website, 3rd-party providers may also set cookies on their part on your computer for processing pseudonymized visitor traffic for their own reasons, e.g. for statistical or marketing purposes. We try to only integrate content from providers who use your data exclusively for the delivery of the designated content. However, it's beyond our influence to dictate third-party providers how to further deal with any of the data involved in the process. If it becomes known to us that the scope of use exceeds the intended purpose, e.g. a 3rd party using your IP address for their own statistical purposes, we will inform you about it or find appropriate alternative third party solutions. Below you'll find an overview of eligible third-party providers we may use on our website(s):

2.5.1. Online payment

We accept certain online payment methods ("Online Payment Services"), currently only PayPal, which enable visitor to purchase our services securely online using a credit card or bank account. If you choose to pay via PayPal you will be securely redirected to a PayPal operated site or mobile app. Even though PayPal may appear to be part of our website, we will never see any of your financial information held by PayPal nor the username, email or password that you use to authenticate with PayPal. We will be notified, though, when the transaction has completed successfully or has failed, and we may be given a reason explaining why the transaction failed (e.g. 'insufficient funds', or 'card reported as stolen').

The use of the Online Payment Services is at the user's discretion and sole liability. It is the user's responsibility to abide by all the terms specified by the Online Payment Services' providers in their terms of conditions and their privacy policies, including but not limited to any age restrictions specified therein.

2.5.2. Use of reCAPTCHA

In order to protect our input forms, we use the "reCAPTCHA" service of Google Inc., hereinafter "Google". This service helps us to figure out whether the corresponding input is of human origin or is created improperly by automated machine processing. As far as we know, the following data is transmitted to "Google" when using this service: referrer URL, IP address, behaviour of the website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, user input behaviour and mouse movements in the "reCAPTCHA"" checkbox. The IP address provided as part of this service is not merged with other data from Google unless you are logged into your Google Account at the time the "reCAPTCHA" plug-in is used. If you don't want Google to transmit and store any of the aforementioned data on our website, you need to log out of your Google account before visiting our site or before using the "reCAPTCHA" plug-in. Google's terms of use can be found at: https://www.google.com/intl/de/policies/privacy/.

3. Cookies

3.1. What are cookies?

Cookies have become a common method of identifying users online and providing a personalized browsing experience. Cookies are small text files stored on a user's device by a web server or website you visit. A cookie allows the website to clearly identify whether a visitor has accessed this site before. When a previous visitor returns to the site, the browser which set the cookie retrieves the content of those cookies that belong to the website. Since web servers cannot directly access a user's hard disc to store and retrieve the cookie, they use the browser as intermediate to deal with this task: the browser stores the relevant data in a browser-specific folder on the user's device and fetches cookie data from there if needed.

3.2. What do cookies do?

Cookies have a very limited scope of action: they help your browser to deliver the full features designed into many of today's websites, including a user-friendly login, user preference settings, shopping carts, themes, and many more features. In doing so, cookies can store a wide range of information, such as personally identifiable information (i.e. your name, home address, email address, or telephone number) or language preferences. This way a website can present you with information customized to fit your needs.

3.3. What can't cookies do?

No matter what kind of data is stored in a cookie, it can only be stored if you provide it - websites cannot gain access to information you didn't provide to them in the first place, and they can't access other files on your system either. Since cookies are just plain text files, it's technically impossible for them to execute functions like a program or to make copies of themselves. Because of this, they also can not browse through your computer or otherwise snoop on you or scan or retrieve your personal data. Hence, cookies do not cause any harm to your computer and do not contain viruses - although, antivirus programs may flag suspicious spy-/adware cookies when scanning your system for viruses.

3.4. Technically required cookies

Technically required cookies are necessary for navigating certain webpages and for using their functions, such as remembering the last visited glossary item in our finance glossar (currently only available in german). They also facilitate the option to preserve the logged-in state on successful login and to remember you for repeat visits when filling out our contact form; depending on what data you provide in this context, these cookies may or may not contain personal data. If they do, then the data collected by technically necessary cookies are not used to create user profiles. The legal basis for processing personal data using technically required cookies is Art. 6 (1) lit. [f] GDPR.

3.5. Difference between 1st-party and 3rd-party cookies

Typically, cookies are divided into two types of cookies, first-party and third-party, even though there is no real difference between these two types of cookies, at least from a technical point of view: they both contain the same pieces of information in the form of simple character sequences and can perform the same functions. What’s different is how they are created and used by websites or web servers.

3.5.1. What are 1st-party cookies?

First-party cookies are created by the website operator or the person responsible when speaking in terms of the GDPR. Or in other words, these cookies originate from the domain the user is visiting. Generally speaking, these types of cookies are considered good as they help provide a better user experience; this also includes sessions. Using a session cookie in web pages is one way to store information in case the user leaves the web page or closes the browser currently in use and comes back later. This basically means the browser is able to remember certain information, such as what's in your shopping cart if you leave and come back, language preferences or your username and password.

3.5.2. What are 3rd-party cookies?

Unlike first-party cookies, which are created by the host site (the site the user is currently on), third-party cookies are created by domains other than the one the user is visiting. Third-party cookies allow website owners to provide certain services, such as live chats but are mainly used for tracking and online-advertising purposes. Third-party cookies are supported by all browsers, but many browsers have begun to block their creation by default, not least because many users delete third-party cookies from their system on a regular basis anyways. If you are in the European Economic Area ('EEA') and want to know more about web-based ads or online behavioural advertising, you can visit: 'www.youronlinechoices.eu/'.

3.6. Difference between session and persistent cookies

Cookies can furthermore be divided into persistent cookies and session cookies. Persistent cookies are typically saved on the client's hard disk until they expire or are deleted. Session or temporary cookies are stored in the browser's memory until the browser is closed, then they are removed from memory.

3.6.1. Session cookies

Cookies with no expiry date specified are considered temporary or session cookies. They are stored in the browser's memory and never written to disk, which means that when the browser session ends (when the browser is closed), all session cookies are removed - cookies with an expiration date in the past will also be removed from the browser.

3.6.2. Persistent cookies

Cookies that have a positive expiratione date specified (they expire in the future) are refered to as persistent cookies. Persistent cookies are stored on the computer's hard disc where the browser is installed and remain there until the date specified in the expiration or until they are deleted from the disk manually.

3.6.3. Tracking (3rd-party) cookies

Tracking cookies are kind of a sub-type of persistent cookies, if you like. These are usually stored on the computer for a longer period of time too. Tracking cookies may be used to retrace usage behaviour in anonymised form in order to better understand how visitors use the website, i.e. which parts of a websites are the most popular, where visitors are going or where they came from and how long they spend on this website.

Any tracking measures listed on this page are implemented on the basis of Art. 6 (1) lit. [f] GDPR for the purpose of pseudonymized reach measurement in order to statistically evaluate the use of our site so we can continuously optimize our web presence in terms of technical process and economic optimization - displaying content according to the visitor's preferences and exposing it to as many people as possible in the most user friendly manner. The respective data processing purposes and data categories can be found in the corresponding description of the tracking tool.

3.7. What cookies are used on our website?

4.7.1. Remember me option in our contact form (1st party cookie)

Persistent cookies help us to improve user experience by enabling our site to remember you for repeat visits. If you select the "Remember me" option in our contact form, a persistent cookie is created which stores the name and email entered into the form fields. When you return, our site recognizes you and preloads the input fields with the stored cookie values.

3.7.2. Preserve logged-in state on successful login (1st party cookie)

Your browser can also remember your credentials with the help of a persistent cookie, which in this case, holds your username and an encrypted reference to your password stored with us - this is to avoid hacking. More precisely, when you attempt to log in with our site, your username and password are verified with a database. On successful login, a randomly generated unique user id is stored in a session and in a database in the form of an entry matching your username. If the 'Remember me' option was checked during login, also a persistent cookie is set to store your username and the assigned user id for a specified expiration period (usually 30 days). You can revisit the site as often as you want to (even close your browser or shut down the computer in the meantime), as long as you have not logged out manually by then and are still within the 30 days expiry period of the cookie, our site checks the stored credentials in the cookie against the relevant record stored in our database and automatically logs you in on success. For security reasons, the cookie is automatically deleted after 30 days or when you log out - so you'd' have to log in again after 30 days at the latest.

3.7.3. StatCounter

Our website uses the following cookies solely to determine whether you are a first-time or returning visitor on each of our websites and to estimate your accumulated unique visits per site. In doing so, no personal information is collected or stored. First-party visitor cookie (sc_is_visitor_unique)
In connection with the use of StatCounter, our website sets a 1st-party cookie (sc_is_visitor_unique) with an expiration date of two years that stores a count of your returning visits. The first time it is set, a random id is generated and stored in the cookie in order to avoid multiple counts of the same visitor (e.g. if the same user browses on a mobile device with a different IP address). Third-party unique/returning cookie (is_unique)

If you visit our website, a third-party unique/returning cookie (is_unique) will usually be set on your computer by statcounter.com for the duration of five years to hold data on your visits to determine whether you are a first-time or returning visitor and to estimate your accumulated unique visits per site. It's possible to set up your computer to automatically refuse 3rd-party analytics cookies from statcounter.com. Further information on data processing by StatCounter can be found in the provider's data protection declaration: https://statcounter.com/about/legal/#privacy

3.7.4. PayPal

We recommend that you visit Paypal's website and review their privacy policy, available at "https://www.paypal.com/webapps/mpp/ua/privacy-full", which sets out how they protect your information.

3.8. Clear cookies

Although cookies are very useful to navigate the Internet and essentially harmless, some people still wish to delete them. So if you are concerned about what data websites might leave behind on your computer and how third-parties are accessing that data, you can clear unwanted cookies from your system. Different browsers use different procedures to clear cookies, so there is no one standardized way to remove them. However, common web browsers, such as Mozilla Firefox, Internet Explorer and Google Chrome all offer the same key combination to access their cookie settings: 'Ctrl + Shift + Delete'. If you want to prevent websites from storing cookies on your computer in the first place, you can do this via settings in the browser. Bear in mind, though, that deleting or blocking technically required cookies can limit the functionality of the website.

Furthermore, if you want to opt out of interest-based advertising delivered by member companies of the Network Advertising Initiative ('NAI') or the Digital Advertising Alliance ('DAA'), you can do this by following these links respectively: 'https://optout.networkadvertising.org', 'https://optout.aboutads.info'. These opt-outs will not block you from receiving web-based ads, though, but only allow you to control the collection and use of web viewing data for interest-based advertising and other applicable uses on this browser so that participating companies no longer show ads that have been tailored to your interests.

4. Your legal rights relating to your personal data

With regard to the collection of your personal data, if the respective legal requirements are met, you have the following rights, which we would like to inform you about in more detail further down this page.

If you'd like to exercise your individual rights, feel free to send us a message via this contact form. Please understand that in the event of a request in this regard, we may ask you for proof of your identity for privacy reasons in order to protect our users' right of appropriate security of their personal data, including protection against unauthorised processing. For user safety and to comply with our obligations under Art. 5 lit. [f] GDPR, we must refuse to process the request if we can't ascertain your identity.

You can exercise your rights to have your personal data corrected or deleted even more easily if you log into your account (if you have one) and edit your personal data yourself.

4.1. Right of access by the data subject (Art. 15 GDPR)

In line with Art. 15 GDPR, we will be happy to provide you with information about your personal data that is being processed by us. In particular, you can request disclosure of the following information: the purposes of the processing; the categories of personal data involved; the recipients or categories of recipients to whom your data has been or will be disclosed; if possible, the planned storage period or the criteria used to determine that period; the right of rectification, erasure, limitation of processing or objection to the processing; the right to file a complaint to a supervisory authority; the source of your personal data if they were not collected by us and if automated decision-making is used.

4.2. Right to rectification (Art. 16 GDPR)

Pursuant to Art. 16 GDPR, you are entitled to obtain from us without undue delay the rectification of inaccurate personal data concerning you or the completion of your personal data stored by us.

4.3. Right to erasure ['right to be forgotten'] (Art. 17 GDPR)

Pursuant to Art. 17 GDPR, you have the right to request the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. Personal data stored by us will be deleted insofar as they are no longer necessary for their intended purpose or you revoke a previously granted consent and there are no other overriding legitimate reasons or legal regulations, e.g. statutory retention periods. If deletion is not possible due to overriding legal requirements, your data will be blocked except for the fulfillment of the relevant legal obligations.

4.4. Right to restrict processing(Art. 18 GDPR)

The right to restriction is not an absolute right and only applies in certain circumstances. Pursuant to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data in these cases: you (the data subject) challenge the accuracy of the processed personal data, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful, but you refuse its deletion; we no longer require your personal data, but you require it to assert, exercise or defend legal claims; or you have filed an objection against the processing and the legal situation with regard to permitted processing has not yet been conclusively clarified.

4.5. Right of notification (Art. 19 GDPR)

Pursuant to Art. 19 GDPR, we have an obligation to inform each recipient to whom we have disclosed personal data of their rectification, erasure or restriction of processing, unless this exceeds the limits of waht is considered reasonable and practicable. We shall inform you, the data subject, about those recipients if the you requests it (see Art. 19 (2) GDPR).

4.6. Right to data portability (Art. 20 GDPR)

Pursuant to Art. 20 GDPR, you are entitled to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller.

4.7. Right to object (Art. 21 GDPR)

Should we process your personal data on the basis of legitimate interests pursuant to Art. 6 (1) [f] GDPR, you can object to the processing of this data in accordance with Art. 21 GDPR. Where personal data are processed for direct marketing purposes, you shall have the right to object to this kind of processing at any time and this data shall no longer be processed for such purposes; a justification on your part is not necessary. If the processing of personal data serves purposes other than direct advertising, then in line with the need to balance the relative claims of parties involved the data subject needs to give specific plausible reasons relating to his or her particular situation for a successful objection.

4.8. Right to complain with a supervisory authority (Art. 77 GDPR)

If you believe that personal data concerning you have been proccessed contrary to the GDPR or other national data protection regulations, then in accordance with Art. 77 GDPR you can lodge a complaint with the competent supervisory authority, in particular in the member state of your habitual residence, your workplace or place of the alleged infringement if you consider that the processing of your personal data infringes this regulation.

The contact details of the data protection officers in the federal states and the supervisory authorities for the non-public sector in Europe and other countries respectively can be found at: www.bfdi.bund.de

4.9. Right to withdraw consent at any time (Art. 7 GDPR)

Pursuant to Art. 7 (3) GDPR you are entitled to revoke your data processing consent at any time with future effect. As a result, the controller is no longer permitted to continue processing your data based on this consent in the future.

5. SSL-encryption

In order to protect the security of your data during transmission, i.e. inquiries or logins, we use encryption procedures according to the current state of the art, namely Secure Sockets Layer (SSL) or Transport Layer Security (TLS), which has become a standard security technology for establishing an encrypted link between a web server and web client, such as your browser. To assure visitors their connection is secure, browsers provide special visual cues like a (green) padlock or a branded URL bar. Beyond that, an encrypted connection can also be identified by the prefix "https://" in the page link in your browser’s address line - the important bit in this prefix is the "s"-part, which stands for "secure". If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

6. Changes to our provisions on data protection

Please be advised that we may amend this policy from time to time based on changes to applicable laws and regulations or other requirements relevant to us, changes in technology, or the developement of our website. So we encourage you to check back periodically and review this privacy policy to stay informed about our information practices and the ways you can help protect your privacy. Any amendments to our privacy policy in the future will be posted on this page - the effective date at the top of this page indicates when this page was last revised.

If you continue to use this website, we recognize continued use as active consent to this privacy policy. Even so, you may be required to separately indicate via checkbox that you accept our privacy policy before being able to use certain features on our website, such as downloading our Excel budget spreadhseet. Current changes to our privacy policy will not affect the fulfillment of orders already purchased by you before those changes were implemented.

7. Links to other websites

Our services may include links to third-party websites and services, which are not operated by us. Please note that when you follow such a link to an external website, you will be subject to the privacy policy and terms of usage agreement of the relevant website operator, not ours. Since our privacy statement does not extend to the data collection practices, policies or actions of third parties, you should refer to the individual privacy policies of such websites to make an informed decision as to whether or not you wish to use these websites on the basis of their privacy practices.

previous page

On this page