You agree to the privacy policy below, and the Privacy Policy for Substack, the technology provider.
Privacy Policy
The following statement provides an overview of what types of personal data are collected and stored, and for what purposes, when accessing our website or using our online services and contact options.
We also inform you about your rights as a data subject and indicate, among other things, which entity is responsible for data processing and compliance with data protection regulations.
1. Name and Address of the Responsible Party
Mariam Dvalishvili
c/o ARFMANN Rechtsanwaltsgesellschaft mbH
Amalienstr. 24
76133 Karlsruhe
2. Contact Information of the Responsible Party
Email: hello@systemdesign.one
3. Notes on Data Processing / Storage of Information / Definitions
3.1 Definition of Personal Data
"Personal data" refers not only to obvious personal information such as a person's name or address but also to IP addresses and details about the web pages a person has visited (user behaviour).
3.2 Legal or Contractual Obligations for Data Provision
Depending on the context of the processing, providing personal data may be legally or contractually required, or necessary for contract conclusion. Where applicable, we will explicitly indicate this and inform you about potential consequences of not providing the data. Automated decision-making or profiling under Article 22(1) and (4) GDPR will only occur if explicitly stated.
3.3 Consequences of Not Providing Data
Failure to provide data as described in sections 4 below will result in the inability to use the service, function, or contact option concerned.
3.4 Information Storage and Access During Website Use
When accessing our website, information is typically stored on the end user's device or accessed from previously stored information. This is detailed in Section 4.2. Storage and access generally require consent under § 25(1) TTDSG unless an exception under § 25(2) TTDSG applies, such as when the data is necessary for website display or content transmission.
3.5 Cookies and Other Technologies
Information storage or access may occur via cookies and other technologies, varying by user configuration settings.
3.6 What Are Cookies?
Cookies are small text files stored by your browser on your device. They can be essential for website functionality, enhance usability, analyze visitor behavior, or enable personalized advertising. Users can control cookie usage by adjusting their browser settings to disable or restrict cookies or delete stored cookies.
Note: Disabling cookies may limit website functionality and access to various tools.
3.7 First-Party vs. Third-Party Cookies
First-party cookies are set by the website operator (see Section 4.3), while third-party cookies are placed by third-party services integrated into the website, often providing behavioral data to third parties.
Session Cookies vs. Persistent Cookies:
Session cookies are deleted when the browser is closed.
Persistent cookies remain stored for a set duration or until deleted.
3.8 Consent for Cookies and Technologies
We indicate if specific cookies or technologies require user consent. This is particularly relevant for embedded services.
3.9 Consent for Subsequent Data Processing
Processing personal data generated by non-essential cookies requires additional user consent. Both consents can be obtained through a single action, as per data protection authorities' guidance.
Note: Required consents are requested via our cookie banner.
3.10 Data Sharing with Third-Party Service Providers
We may involve third-party providers (processors as defined in Art. 28 GDPR), such as hosting services, for data processing. These providers are carefully selected, instructed, and regularly monitored. Data is disclosed to other recipients only as explicitly noted.
3.11 Contact Requests
If you contact us (e.g., via email), the data you provide (e.g., name, email address) will be processed.
Purpose of Processing:
To respond to your inquiry or address your concerns.
Legal Basis:
The processing is based on legitimate interests as per Art. 6(1)(f) GDPR, derived from the need to address your request.
Storage Duration:
Data will be deleted once it is no longer required, with consideration given to statutory limitation periods for civil claims (§ 199 BGB) or criminal prosecution (§§ 78, 79 StGB).
4. Data Processing via Website
4.1 Encryption
For details on encryption, please refer to the explanations at https://substack.com/privacy.
4.2 Visiting Our Website
For details on data processing during website visits, please refer to the explanations at https://substack.com/privacy.
4.3 Our Cookies (First-Party Cookies)
For details on our use of cookies, please refer to the explanations at https://substack.com/privacy.
4.4 Newsletter
We use the services of Substack to send email newsletters.
As part of the subscription and delivery process, personal data is processed. To verify your information, you will receive a confirmation email after signing up to ensure that you own the specified email address (double opt-in process).
Purpose of Processing:
We process the email addresses of newsletter recipients for the purpose of sending newsletters, thereby fulfilling our obligations.
Legal Basis:
The processing of personal data is based on your consent (Article 6(1)(a) GDPR and § 25(1) TTDSG).
Storage Duration:
Your personal data will be deleted as soon as it is no longer required. The specific timing depends on the individual case, but at the latest, it will be deleted when any civil law claims under § 199 BGB expire, or criminal prosecution is no longer possible due to the statute of limitations (§§ 78, 79 StGB).
5.1 Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics collects, analyses, and evaluates data on website visitors' behavior. It uses cookies to transmit data to Google for analysis.
The following data is typically collected and stored on Google's servers:
Referrer URL
Subpages accessed
Frequency and duration of subpage views
IP address
Access time
Access location
Frequency of website visits
We have activated the "_gat._anonymizeIp" function in this service. This ensures that Google shortens and anonymizes your IP address when accessing our website from an EU member state or a contracting party of the European Economic Area agreement. In exceptional cases, the full IP address is transmitted to a Google server in the USA and shortened there.
Purpose of Processing:
Google Analytics is used to analyse visitor traffic on our website. The data helps us evaluate website usage and generate reports on website activity. This enables us to optimize our site and evaluate the cost-effectiveness of our online advertising.
Legal Basis:
Google Analytics-related cookies are only used with your consent. Consent is obtained via a cookie banner on our website. The use of Google Analytics is based on § 25(1) TTDSG and Article 6(1)(a) GDPR.
Storage Duration:
Google retains data collected through Google Analytics for a maximum of 24 months.
Transfer to Third Countries:
Data is generally transmitted to Google's servers in the USA and stored there.
Disclosure to Third Parties:
Google may share data collected during this process with third parties.
Withdrawal of Consent:
Consent provided via the cookie banner can be revoked at any time.
Additionally, you can prevent Google Analytics from collecting and processing data related to your use of this website by installing a browser add-on. Download it from https://tools.google.com/dlpage/gaoptout. This add-on notifies Google Analytics via JavaScript to prevent data from being transmitted. If your IT system is reformatted, reinstalled, or otherwise altered, you must reinstall the add-on to disable Google Analytics.
Further Information:
For more details on Google’s data protection practices, see https://www.google.de/intl/en/policies/privacy/ and https://www.google.com/analytics/terms/. More about Google Analytics is explained at https://www.google.com/intl/en/analytics/.
5.2. Stripe
On our website we use the Stripe payment service of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland).
The data processing serves the purpose of offering you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to be able to fulfill the contract with you with the selected payment method.
This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If required, Stripe reserves the right to obtain a credit report on the basis of mathematical-statistical procedures using credit rating agencies. For this purpose, Stripe transmits the personal data required for a credit assessment to a credit rating agency and uses the obtained information on the statistical probability of payment default in order to reach a reasonable decision on the establishment, implementation, or termination of the contractual relationship. The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognized mathematical-statistical methods and include, among other things, address data. Your legitimate interests will be taken into account in accordance with the legal requirements. The data processing serves the purpose of a credit check for contract initiation. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default if Stripe pays in advance.
For reasons that arise from your particular situation, you have the right to object to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. f GDPR at any time by notifying Stripe. The provision of the data is necessary for the conclusion of the contract with the payment method of your choice. Failure to provide such data shall mean that the contract cannot be concluded with the payment method you have selected.
All Stripe transactions are subject to the Stripe Privacy Policy. You can find these at https://stripe.com/de/privacy
6. Information on Data Subject Rights
As a data subject under the GDPR, you are entitled to the following rights regarding the processing of your personal data. Below, we (referred to as the "Controller") outline these rights:
Right of Access (Article 15 GDPR)
You have the right to request confirmation from the Controller about whether your personal data is being processed. If so, you are entitled to access the information listed in Article 15 GDPR.
Right to Rectification (Article 16 GDPR)
You have the right to request the rectification or completion of your personal data if it is inaccurate or incomplete.
Right to Erasure ("Right to Be Forgotten," Article 17 GDPR)
Under Article 17 GDPR, you have the right to request the erasure of your personal data from the Controller.
Right to Restriction of Processing (Article 18 GDPR)
As a data subject, you have the right to request the restriction of the processing of your personal data under the conditions outlined in Article 18 GDPR.
Right to Notification (Article 19 GDPR)
Under Article 19 GDPR, you have the right to be informed about recipients to whom your personal data has been disclosed. The Controller is obliged to notify these recipients about your request for rectification, erasure, or restriction of data processing.
Right to Data Portability (Article 20 GDPR)
Subject to the conditions of Article 20 GDPR, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request the direct transmission of this data to another Controller where technically feasible.
Right to Object to Processing (Article 21 GDPR)
You have the right to object at any time to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.
Right Not to Be Subject to Automated Decision-Making, Including Profiling (Article 22 GDPR)
As a data subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, which significantly affects you or produces legal effects concerning you.
Right to Withdraw Consent (Article 7 GDPR)
You have the right to withdraw your consent for the processing of your personal data at any time under Article 7 GDPR.
Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR)
Without prejudice to other legal remedies, you have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data violates the GDPR.