As a professional, I treat your data and your material confidentially.

Data privacy


Kiefheim's legal owners are Katja Heimann-Kiefer and Frank Kiefer. We will treat your data with the same respect as we would like our own data to be treated.

This statement explains what kind of data we collect about you, what we use it for, how we protect it and also explains the rights that you have in relation to us storing your data. This statement applies to this website, email communication, delivery and invoicing of our services and invoice tracking.

Who we are

Kiefheim is:
Frank Kiefer and Katja Heimann-Kiefer GbR
Lindholz 98
31139 Hildesheim
Phone +49-5121-28 36 40

What information do we collect?

We do not collect any personal information when you visit our website. Our webhost will collect some information on your browser, your operating system and your rough geographic location. We cannot prevent that but do not really use this data. Out of curiosity we may occasionally have a look at it. We cannot identify any individuals based on this information.

Our website does not use any cookies, trackers or embedded contents from other websites.

When you send us an email your emails will be processed by our webhost’s systems. However, your data is safe with our webhost, as they confirmed to us in a contract.

When we negotiate about a project that you would like us to do for you, or actually do that project later on, we will need you to provide more information about yourself: your name, company, address, email, ideally also your phone number. This is needed in order to contact you while we are working on your project and in order to invoice you after completion. This is the kind of data that is normally exchanged between business partners.

We are legally required to keep data of our business partners for ten years.

We do not collect data about anybody from third parties.

How do we use personal information?

We will use your data in order to negotiate about projects, to provide our services to you and to invoice you when the work is done. And in order to manage our business relationship, like letting you know about non-availability during our vacation (and to send you a Christmas card at the end of the year!).

What legal basis do we have for processing your personal data?

The legal grounds for us processing your personal data are described in GDPR article 6, (1) b, c and f: b means our fulfilment of our contract with you, c means we are legally obliged to process it and f means that it is in our legitimate interest (building and managing a business relationship with our customers).

When do we share personal data?

We will keep your data confidential. We might share it with trustworthy subcontractors, if necessary, and if you are a one-person business your name will be among the data that we send to our tax accountant who prepares our tax return. But no worry, he’s a professional and we have a contract about confidential processing with him as well.

Where do we store and process personal data?

We store your data in our home office, which can be locked. All data media are stored in a locked place.

Our webhost and mail provider has data centres in Europe and the USA but has assured us in a contract that they make sure to fully comply with the European GDPR.

How do we secure personal data?

Our computers are password protected and use constantly updated antivirus software. We make daily backups which are stored in a locked place.

How long do we keep your personal data for?

German law requires us to store data about our jobs and projects for up to ten years. After that, we put our archives through the paper shredder and break any archive CDs. We will delete emails generated from inquiries that never turned out to become projects twice a year.

Your rights in relation to personal data

Under the GDPR you as the data subject have certain rights: You can demand to be informed about the data we hold about you, you can demand data to be corrected and deleted, to be transferred to another entity and you can object to us processing your data. If you have any questions along these lines, please contact us via the email address given above. Due to our legal requirements to store certain data we may not be able to fulfil all requests for deletion.

Use of automated decision-making and profiling

We do not use any profiling or other automated decision-making.

How to contact us?

If you have any questions or concerns about our data protection practices, please contact us by any of the way detailed above under the heading “Who we are”.

For the blog:

In the blog articles we use special pixels that generate cookies used for counting page views. This is the basis for a small amount of payment for the articles (not from you!). The cookies contain no personally identifiable information about you.

If you subscribe to the email notification for new blog articles, your data will be processed by MailPoet. They certify to handle your data according to the GDPR regulations.