Privacy

Scope of application

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TTDSG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Responsible

Seven Whys Ltd.
Danny Giebe
26 Anthipolochagou Georgiou M.Savva Shop 1-2
8201 Paphos, Cyprus

Types of data processed:

  • - Inventory data (e.g., names, addresses).
  • - Contact data (e.g., e-mail, telephone numbers).
  • - Content data (e.g., text entries, photographs, videos).
  • - Usage data (e.g., websites visited, interest in content, access times).
  • - Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as "users").

Purpose of the processing

  • - Provision of the website, its functions and content.
  • - Responding to contact requests and communicating with users.
  • - Security measures.
  • - Reach measurement/marketing

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Security Measures

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

Note on the transfer of data to third countries that are not secure under data protection law and the transfer to US companies that are not DPF-certified

Among other things, we use tools from companies based in third countries that are not secure under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not secure under data protection law. We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transfer personal data to these external bodies. We only pass on personal data to external bodies if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in the transfer in accordance with Art. 6 para. 1 lit. f GDPR or if another legal basis permits the transfer of data. When using processors, we only pass on our customers' personal data on the basis of a valid contract for order processing. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction or deletion of this data at any time. You can contact us at any time if you have further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restriction of processing exists in the following cases: If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted. If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.

If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure. If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Storage period

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Business-related processing

We also process

  • - Contract data (e.g., subject matter of the contract, term, customer category).
  • - Payment data (e.g., bank details, payment history) of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care.

Agency services

We process our customers' data as part of our contractual services, which include conceptual and strategic consulting, software and design development/consulting or maintenance, implementation of processes/handling, server administration, data analysis/consulting services and training services.

We process inventory data (e.g. customer master data, such as names or addresses) or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g, bank details, payment history), usage and metadata (e.g. in the context of the evaluation and performance measurement of marketing measures). We do not process special categories of personal data personal data, unless these are part of commissioned processing. processing. The data subjects include our customers, interested parties and their customers, users, website visitors or employees and third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal bases of the processing result from Art. 6 para. 1 lit. b GDPR (contractual services), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization, security measures). We process data required for the establishment and fulfillment of the contractual services are necessary and point out the necessity of their disclosure. Disclosure to external parties only takes place if it is necessary in the context of an order is necessary. When processing the data provided to us as part of an data provided to us as part of an order, we act in accordance with the instructions of the clients and the legal requirements for commissioned processing pursuant to Art. 28 GDPR and do not process the data for any purposes other than those purposes in accordance with the order.

We delete the data after the expiry of statutory warranty and comparable obligations. comparable obligations. The necessity of the storage of the data is data is reviewed every three years; in the case of statutory archiving archiving obligations, the deletion takes place after their expiry (6 J, acc. § 257 para. 1 HGB, 10 J, according to § 147 para. 1 AO). In the case of data that disclosed to us by the client within the scope of an order we delete the data in accordance with the specifications of the order order, generally after the end of the order.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks and organization of our business, financial accounting and compliance with legal obligations, such as archiving. Here we process the same data that we process as part of the provision of our contractual contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. From the customers, interested parties, business partners and website website visitors are affected. The purpose and our interest in the processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that are necessary to the maintenance of our business activities, the performance of our tasks and the provision of our services. The deletion of the data with regard to contractual services and contractual communication communication corresponds to the information mentioned in these processing activities.

We disclose or transmit data to the tax authorities, advisors, such as tax consultants or auditors, as well as other fee fee offices and payment service providers.

Furthermore, on the basis of our business interests, we store interests, we store information on suppliers, event organizers and other business partners, e.g. for the purpose of contacting them at a later date. This mainly company-related data, we generally store it permanently. permanently.

Contact

When contacting us (for example by contact form or contact form or e-mail), the user's details are stored for the purpose of processing the request and in the event that follow-up questions arise, stored.

The use of the contact data published in the imprint or comparable information published contact data such as postal addresses, telephone and fax numbers and e-mail addresses by third parties for the purpose of sending expressly requested information is not permitted. Legal steps against the senders of so-called spam mails in case of violations against this prohibition are expressly reserved.

Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, the information of the users for the purpose of spam detection.

These services support the provider in the management of tasks, collaboration and general productivity management. When using such services, User Data is processed and, depending on the processing purpose, possibly stored. These services may be integrated with other third-party services listed in this privacy policy to enable the import and export of the required data.

Calendly (Calendly, LLC)
Calendly is an online appointment booking service offered by Calendly, LLC. Processed personal data: Email; calendar entries; name; phone number. Place of processing: United States - Privacy Policy.

Hosting und E-Mail-Versand

We host the content of our website with the following provider:

Hetzner

The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). Details can be found in Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz. Hetzner is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

E-Mails
Uberspace is used for sending e-mails. With the provider concluded an order processing contract with the provider.

The hosting services used by us serve to provision of the following services: Storage space and database services, e-mail dispatch, security services and technical maintenance services maintenance services that we use for the purpose of operating this online online offer.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data communication data of customers, interested parties and visitors to this online online offer on the basis of our legitimate interests in an efficient and secure provision of this online service pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (conclusion of order processing contract).

Collection of access data and log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be recorded.