Data protection information in accordance with Art. 13 GDPR
Name and address of the person responsible
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is
Ioanna Mitroulaki
Kolonnenstr. 8
10827 Berlin
Telefon: +49 15735463775
E-Mail: contact@iomitroulaki.dev
General information on data processing
Legal basis for the processing of personal data
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not specified in the data protection notice, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a i.V.m. Art. 7 GDPR. The legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as for answering enquiries is Art. 6 para. 1 lit. b GDPR. The legal basis for processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c GDPR. If the processing of your data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Data erasure and storage duration
We adhere to the principles of data minimisation in accordance with Art. 5 para. 1 lit. c GDPR and storage limitation in accordance with Art. 5 para. 1 lit. e GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the retention periods stipulated by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to a website outside our responsibility, please note that these websites have their own data protection information. We accept no responsibility or liability for these third-party websites and their data protection notices. Therefore, before using these websites, please check whether you agree with their data protection declarations.
You can recognise external links either by the fact that they are displayed in a different colour from the rest of the text or underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. In particular, the operator of the other website receives your IP address, the time at which you clicked on the link, the page on which you clicked on the link and other information that you can find in the data protection information of the respective provider.
Please also note that individual links may lead to a data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not have any legal remedies against this data access. If you do not want your personal data to be transferred to the link destination or even exposed to unwanted access by foreign authorities, please do not click on any links.
Rights of the data subject
As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The data subject rights arising from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right of cancellation:
Some data processing can only take place with your express consent. You have the option to withdraw your consent at any time. However, this does not affect the legality of data processing up to the point of revocation.
Right of objection:
If the processing is based on Art. 6 para. 1 lit. e or f GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You also have this right in the case of profiling based on these provisions within the meaning of Art. 4(4) GDPR. Unless we can demonstrate a legitimate interest in the processing that outweighs your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims, we will refrain from processing your data after the objection has been made.
If the processing of personal data serves the purpose of direct marketing, you also have the right to object to this at any time. The same applies to profiling in connection with direct advertising. Here too, we will no longer process personal data as soon as you object.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
Right to data portability:
If your data is processed automatically on the basis of consent or fulfilment of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. You also have the right to request the transfer and provision of the data to another controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to obtain information about your processed personal data with regard to the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions on this topic or other topics relating to personal data, you can of course contact us using the contact details provided in the legal notice.
Right to restriction of processing:
You can request the restriction of the processing of your personal data at any time. To do so, you must fulfil one of the following requirements:
- You contest the accuracy of the personal data. You have the right to request a restriction of processing for the duration of the verification of accuracy.
- If the processing is unlawful, you can request the restriction of the use of the data as an alternative to erasure.
- If we no longer need your personal data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims, you can request the restriction of processing as an alternative to erasure.
- If you object to the processing pursuant to Art. 21 (1) GDPR, your interests and ours will be weighed up. Until this balancing has taken place, you have the right to request the restriction of processing.
Restriction of processing means that, with the exception of storage, personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Provision of the website (web host)
Our website is hosted in server by:
Contabo GmbH
Aschauer Straße 32a
81549 München
Deutschland
When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.
These are:
- IP address of the website visitor’s end device
- Device used
- Host name of the accessing computer
- Operating system of the visitor
- Browser type and version
- Name of the retrieved file
- Time of the server request
- Amount of data
- Information on whether the retrieval of the data was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company), which we have named above in this case. The personal data collected by this website will then be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores contact requests, contact data, names, website access data, meta and communication data, contract data and other data generated via a website for us, for example.
The legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is accessed in order to enter into contractual negotiations with us or to conclude a contract, another legal basis is Art. 6 para. 1 lit. b GDPR. In the event that we have commissioned a hosting company, there is an order processing contract with this service provider.
Use of local storage items, session storage items and cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables the storage of data within the browser on your end device. This data usually contains user preferences, such as the “day” or “night” mode of a website, and is retained until you delete the data manually. Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects may also be stored on your device by third-party companies when you visit our website (third-party requests). This enables us as the operator and you as a visitor to this website to utilise certain third-party services that are installed on this website. Examples of this include the processing of payment services or the display of videos.
These mechanisms can be used in a variety of ways. They can improve the functionality of a website, control shopping basket functions, increase the security and convenience of website use and carry out analyses of visitor flows and behaviour. Depending on the individual functions, these must be categorised under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping basket function) or serve to optimise the website (e.g. cookies to measure visitor behaviour), they are used on the basis of Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the storage of local storage items, session storage items and cookies for the technically error-free and optimised provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Art. 6 para. 1 lit. a GDPR).
If local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.
Use of external services
External services are used on our website. External services are services from third-party providers that are used on our website. This can be done for various reasons, for example for embedding videos or for the security of the website. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a legitimate interest in the use of these services, we will obtain your consent as a visitor to our website, which can be revoked at any time, before using them (Art. 6 para. 1 lit. a GDPR).
Analytics
We process the personal data of website visitors in order to analyse user behaviour. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to increase the user-friendliness of our website. The analysis tools used can be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognise our website visitors the next time they visit our website, to measure their click/scroll behaviour, their downloads, to create heat maps, to recognise page views, to measure the duration of visits or bounce rates and to trace the origin of website visitors (city, country, which page the visitor comes from). The analysis tools help us to improve our market research and marketing activities.
Processing will only take place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.
Google Analytics
We use the Google Analytics service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.
Consent Management
To comply with data protection requirements, we use a consent management tool on our website. We use this tool to obtain the necessary consent for the setting of cookies or the use of external services. The consents are stored.
The processing is necessary for the fulfilment of a legal obligation to which the controller (operator of the website) is subject. Art. 6 para. 1 lit. c GDPR is therefore used as the legal basis for processing.
CCM19 Cookie Consent Manager
We use the CCM19 Cookie Consent Manager service on our website. The service provider is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany. Further information can be found in the provider’s privacy policy at the following URL: https://www.ccm19.de/datenschutzerklaerung.html.
Newsletter-Tools
As part of our marketing activities, we offer you the opportunity to subscribe to our newsletter via our website. To subscribe to the newsletter, you go through a registration process during which we check whether you are the owner of the e-mail address provided and whether you agree to receive our newsletter. The data will remain with us or with the newsletter service commissioned by us for the duration of your voluntary registration until you unsubscribe from the newsletter. If you unsubscribe from the newsletter, you will be deleted from the distribution list. This list will not be merged with other data. However, cancellation of the newsletter subscription does not mean that data stored for other purposes (e.g. customer accounts) will also be deleted.
Processing will only take place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.
We use GHL as our newsletter software.
Content Management System
A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more appealing website.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest lies in the technically error-free presentation and optimisation of the website.
WordPress
We use the WordPress service on our website. The provider of the service is Automattic Inc, 60 29th Street #343, 94110 San Francisco (CA), USA.
The use of the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s data protection information at the following URL: https://automattic.com/privacy/.
Display optimisation
We use tools that serve to optimise the presentation of our website. Among other things, these tools help us to display the website in other languages or to make it more accessible.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR). This consists of a website that is as visually appealing as possible and the use of design options for the ideal presentation of information.
Polylong
We use the Polylang service on our website. The service provider is WP Syntex, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France.
As this service is hosted locally on the web server, there is no data transfer to third parties.
This application is required to ensure the unrestricted functionality of the website. This is a tool which is used for the linguistic optimisation of the website.
Interface software
Business processes are cheaper, faster and more error-free when they are automated with the help of software via interfaces. This allows them to be efficiently integrated into company processes via your own website or social networks. We use interface software on our website to link different applications with each other and to transfer personal data securely from one application to another.
Processing will only take place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.
Google Tag Manager
We use the Google Tag Manager service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.
Contact form
You have the option of contacting us via a contact form on our website. In particular, your contact details are required to contact us via this form.
The legal basis for this is the processing for the purpose of contract fulfilment or pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR. There may also be a legitimate interest in maintaining business relationships or responding to your enquiry for other reasons.
The legal basis for the processing of your data in this case would be Art. 6 para. 1 lit. f GDPR.
The data will be deleted when we have finally answered your enquiry and there are no other retention obligations to the contrary.
Contact by telephone or e-mail
We have provided a telephone number and email address on our website in accordance with legal requirements. The data transmitted via these channels is automatically stored by us in order to process corresponding enquiries or to be able to contact the person making the enquiry. We will not pass this data on to third parties without your consent.
If contact is made by telephone or via our e-mail address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Art. 6 para. 1 lit. b GDPR. For all other forms of contact on your part, the processing of personal data by us is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Communication
We use Zoho Mail to manage our email communications. When you sign up for our newsletters or contact us via email, we may collect personal information, including your firstname, lastname, company, website URL and email address. This information is stored securely with Zoho Mail and is used solely for the purpose of communication. We do not share your personal information with third parties without your consent.
For more information about Zoho Mail’s data practices, please refer to their Privacy Policy.
Social networks
Social networks process your users’ personal data on a large scale. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to assign IP addresses to individual users. We have no influence on this data processing. We would like to point out that you use our profiles on the social networks and their functions on your own responsibility. Details on data processing can be found in the operator’s privacy policy.
The purpose of our profiles on social media platforms is to increase our online presence and thus raise our profile. Therefore, the legal basis is legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Furthermore, with regard to the processing activities by the social networks, please refer to their own legal bases (e.g. consent pursuant to Art. 6 para. 1 lit. a GDPR), which you can find in the respective privacy policy.
In principle, we are jointly responsible with the social media platform for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with Art. 15 et seq. of the GDPR against the social media platform as well as against us. However, we would like to point out that we have no influence on data processing by the social media platform.
Presence on Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Detailed information on the handling of personal data can be found in the following Instagram privacy policy: https://help.instagram.com/519522125107875.
Presence on X
We have a profile with X. The provider is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Details can be found in the privacy policy of X: https://twitter.com/de/privacy.