The following notes provide an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. This privacy policy explains what data I collect and how I use it. It also explains how and for what purpose this happens. As the operator of this website, I take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. Furthermore, I would like to point out that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
This privacy policy applies to the website accessible at https://www.tyvesoben.com ("Website"). It does not apply to third-party services referenced only via a link on the website.
1. Purpose and controller
2. General information on data processing
3. Processing of personal data
3.1. General information on the legal bases of data processing on this website
3.2 Storage period
4. Collection of access data
5. Hosting
6. Cookies & reach measurement
7. Users' rights to information and deletion of data
8. Your rights as a data subject
8.1 Right to object to data collection in special cases and to direct marketing
8.2 Right to lodge a complaint with the competent supervisory authority
8.3 Right to data portability
8.4 Right to restriction of processing
9. Presence on social media platforms
10. Changes to this privacy policy
11. SSL/TLS encryption
This privacy policy explains the type, scope and purpose of the processing (including collection, processing and use, as well as obtaining consent) of personal data within our online offering and the associated websites, functions and content (collectively referred to as "online offering" or "website"). This privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offering is operated.
The provider of the online offering and the party responsible for data protection is Tyves Oben, owner: Tyves Oben, Bleßbergstraße 2, 96528 Schalkau, Germany (hereinafter referred to as "provider", "I"). For contact details, please see my Legal Notice.
The term "user" includes all customers and visitors of my online offering. Terms used, such as "user", are to be understood as gender-neutral.
Your data is collected, on the one hand, through information you provide to me. This may be data you enter, for example, in an email you send me. Other data is collected automatically by the IT systems when you visit the website. This is primarily technical data (e.g. browser type, operating system, or time of page access), which you can review in item 4. This data is collected automatically as soon as you access this website.
Data is collected solely to ensure error-free provision of the website or to process your request. This includes the provision, execution, maintenance, optimization and security of our services and user services, as well as ensuring effective customer service and technical support.
I only transmit user data to third parties if this is necessary for billing purposes (e.g. to a payment service provider) or for other purposes that are necessary to fulfil my contractual obligations towards users (e.g. address disclosure to a supplier).
When you contact me (by email), the user's information is stored for the purpose of processing the request and in case of follow-up questions. Personal data is deleted once it has served its purpose and no retention obligations prevent its deletion.
If you send me an email inquiry, your details from the email, including the contact information you provide there, will be stored by me for the purpose of processing the request and in the event of follow-up questions. I will not disclose this data without your consent.
This data is processed on the basis of Art. 6(1)(b) GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on my legitimate interest in the effective handling of inquiries addressed to me (Art. 6(1)(f) GDPR).
Data you send me by email remains with me until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data pursuant to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), the data processing is additionally based on § 25(1) TDDDG (German Telecommunications-Digital Services Data Protection Act). Consent may be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. We also process your data if this is necessary to fulfil a legal obligation, on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on my legitimate interest under Art. 6(1)(f) GDPR. The relevant legal bases applicable in each individual case are set out in the following sections of this privacy policy.
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with me until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will take place after these reasons cease to apply.
For technical reasons, every access to this website may result in your IP address and other usage data (such as date and time of access, name of the page accessed, amount of data transferred, and the requesting provider) being collected and processed on the server. This is necessary to carry out the communication process you requested with this website. This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, server log files must be collected.
Log data (server log files): The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to me. This includes: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, IP address.
This data is not combined with other data sources, in particular no other personal data of the user. I generally do not disclose personal data to third parties, unless this is necessary to fulfil a contract (for example, transmitting address data to a shipping company), permitted under applicable legal provisions, or you have given your consent.
IONOS: I host this website with IONOS. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter "IONOS"). When you visit this website, IONOS collects various log files, including your IP address.
For more information, please see IONOS' privacy policy: https://www.ionos.de/datenschutzerklaerung.
The use of IONOS is based on Art. 6(1)(f) GDPR. I have a legitimate interest in the most reliable presentation of this website possible. Where appropriate consent has been requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data processing agreement: I have entered into a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider processes website visitors' personal data only according to my instructions and in compliance with the GDPR.
This website does not use cookies for analysis, marketing, or tracking purposes. Only technically necessary connections are established to provide the website.
Within the scope of applicable statutory provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data. If your data is incorrect or incomplete, you may request correction or completion at any time. Please note that I may be obliged, due to statutory retention periods, to store certain data for the duration of the legally specified period. Otherwise, your data will be deleted as soon as it is no longer required for its intended purpose or you revoke your consent and no statutory retention obligations remain. For this, as well as for further questions on the topic of personal data, you may contact me at any time. Please submit your request in writing via the contact details provided on this website.
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right, at any time, for reasons arising from your particular situation, to object to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, I will no longer process your affected personal data unless I can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21(1) GDPR). If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).
You can exercise your right to complain with the competent supervisory authority:
Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI)
Häßlerstraße 8, 99096 Erfurt, Germany
Postal address: Postfach 900455, 99107 Erfurt, Germany
Phone: +49 (361) 57-3112900
Fax: +49 (361) 57-3112904
Email: poststelle@datenschutz.thueringen.de
The right to complain exists without prejudice to any other administrative or judicial remedy.
You have the right to have data that I process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.
You have the right to request the restriction of the processing of your personal data. You may contact me at any time for this purpose. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored by me, I generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
If I no longer need your personal data, but you need it to assert, exercise or defend legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests and mine must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data. If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.
This online presence serves the purpose of communicating with active customers, interested parties and users there, and informing them about my services. The profile is also used to create posts, promote upcoming events, and for other informational purposes regarding Tyves Oben. Personal data is processed selectively in this context.
I am jointly responsible for data processing together with the social networks listed below. This can, however, only be guaranteed within their respective areas. I have no influence over the data collected and the data processing operations, nor am I fully aware of the scope of data collection, the purposes of processing, or the storage periods. I also have no information regarding the deletion of collected data. Data subjects may assert their rights with the respective companies, e.g. LinkedIn Ireland Unlimited Company, as well as with me.
I would like to point out that user data may be processed outside the European Union in this context. This may pose risks for users, as it could, for example, make it more difficult to enforce users' rights. The companies mentioned are headquartered in the USA. An adequacy decision exists for data transfer to the USA. The data recipients are also certified under the EU-US Data Privacy Framework.
Further settings and objections regarding the use of data for advertising purposes are possible within the respective profile settings of the social networks. These settings apply across platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.
I maintain an online presence with the following social networks:
Instagram:
Registered office: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Further information on the processing of personal data by Instagram is available at: https://privacycenter.instagram.com/policy/
LinkedIn:
Registered office: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Further information on the processing of personal data by LinkedIn is available at: https://www.linkedin.com/legal/privacy-policy
Please note that, according to their respective privacy policies, personal data is also processed by LinkedIn and Instagram in the USA or other third countries. According to its own statements, LinkedIn only transfers personal data to countries for which an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists, or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.
I reserve the right to amend this privacy policy in order to adapt it to changed legal situations, or to changes in the service and data processing. This applies, however, only to statements regarding data processing. Where user consent is required, or where parts of this privacy policy contain provisions of the contractual relationship with users, changes will only be made with the consent of the users.
Users are requested to inform themselves regularly about the content of this privacy policy.
For security reasons and to protect the transmission of confidential content, such as inquiries you send to me as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock icon in your browser's address bar. When SSL or TLS encryption is active, data you transmit to me cannot be read by third parties.
Last updated: 10 July 2026