1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. The following information explains how we handle your personal data when you use our website. Personal data refers to any information that can personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is studio8020 Pankoke & Schäfer Consulting GbR, Bonner Strasse 528d, 50968 Cologne, Germany, Tel.: +49 151 40771024, Email: romina@studio8020.de. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only – that is, if you do not register or otherwise provide us with information – we collect only the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary to display the website to you:

• Website visited
• Date and time of access
• Amount of data sent in bytes
• Referrer source (the website from which you came)
• Browser used
• Operating system used
• IP address (possibly in anonymized form)

The processing takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for other purposes. However, we reserve the right to check the server log files retrospectively if there are specific indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. inquiries or orders), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the padlock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

We use a hosting provider to operate our website and display its content. The provider performs its services, either directly or through selected subcontractors, exclusively on servers located within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and to prohibit unauthorized disclosure to third parties.

4) Cookies

To make your visit to our website more attractive and to enable certain functions, we use cookies – small text files that are stored on your device. Some cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain stored longer on your device to save your preferences (so-called “persistent cookies”). You can check the storage duration in your browser’s cookie settings.

If personal data is processed through the use of cookies, this processing is based either on Art. 6(1)(b) GDPR (for contract performance), Art. 6(1)(a) GDPR (if consent has been given), or Art. 6(1)(f) GDPR (for our legitimate interest in ensuring the optimal functionality of the website and a user-friendly experience).

You can configure your browser to inform you when cookies are set and decide individually whether to accept them, or to refuse cookies in specific cases or in general. Please note that disabling cookies may limit the functionality of our website.

5) Contact

5.1 Zeeg

To provide an online appointment booking function, we use the services of the following provider: Zeeg GmbH, Friedrichstrasse 114A, 10117 Berlin, Germany.

For the purpose of scheduling appointments, first and last name as well as email address (and, if a phone appointment is desired, the phone number) are collected pursuant to Art. 6(1)(b) GDPR, and transferred to the provider pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in effective customer management and efficient appointment scheduling. The data are stored by the provider for appointment organization purposes.

After the appointment has taken place or after the agreed time period has expired, your data will be deleted by the provider.

We have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and to prohibit unauthorized disclosure to third parties.

5.2 When contacting us (e.g. via contact form or email), personal data are collected. The type of data collected depends on the contact form used. These data are stored and used exclusively for the purpose of responding to your inquiry and for related technical administration.

The legal basis for processing these data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your inquiry is intended to conclude a contract, Art. 6(1)(b) GDPR also applies. Your data will be deleted once your inquiry has been fully processed, unless statutory retention obligations apply.

6) Tools and Other Services

Cookie Consent Tool

This website uses a “cookie consent tool” to obtain valid user consents for cookies and cookie-based applications that require consent. The cookie consent tool is displayed to users as an interactive interface upon visiting the site, allowing them to provide consent for specific cookies and/or applications by ticking checkboxes. Cookies and services requiring consent are only loaded if the user has provided such consent. This ensures that such cookies are only set if consent has been granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data are generally not processed in this context.

If, in individual cases, personal data (such as an IP address) are processed to store or log cookie settings, such processing takes place pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in lawful, user-specific, and user-friendly cookie consent management, and pursuant to Art. 6(1)(c) GDPR to comply with our legal obligations to obtain consent for non-essential cookies.

Where required, we have concluded a data processing agreement with the provider to ensure the protection of visitors’ data and to prohibit unauthorized disclosure to third parties.

Further information about the provider and available settings for the cookie consent tool can be found directly in the corresponding interface on our website.

7) Rights of the Data Subject

7.1 Under applicable data protection law, you have the following rights with respect to the processing of your personal data:

• Right of access (Art. 15 GDPR);
• Right to rectification (Art. 16 GDPR);
• Right to erasure (Art. 17 GDPR);
• Right to restriction of processing (Art. 18 GDPR);
• Right to notification (Art. 19 GDPR);
• Right to data portability (Art. 20 GDPR);
• Right to withdraw consent (Art. 7(3) GDPR);
• Right to lodge a complaint (Art. 77 GDPR).

7.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS (PURSUANT TO ART. 6(1)(F) GDPR), YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE MAY CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR DATA FOR SUCH MARKETING. IF YOU OBJECT, WE WILL STOP PROCESSING YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.

8) Duration of Storage of Personal Data

The period for which personal data are stored depends on the applicable legal basis, the purpose of processing, and, if relevant, statutory retention periods (e.g. commercial or tax regulations).

Where processing is based on consent pursuant to Art. 6(1)(a) GDPR, the data will be stored until consent is withdrawn.

If there are statutory retention obligations for data processed under contractual or pre-contractual obligations pursuant to Art. 6(1)(b) GDPR, such data will be routinely deleted after the retention period expires, unless they are still required for contract performance or we have a legitimate interest in continued storage.

For data processed pursuant to Art. 6(1)(f) GDPR, they will be stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing serves legal claims.

For data processed for direct marketing purposes under Art. 6(1)(f) GDPR, they will be stored until you exercise your right to object under Art. 21(2) GDPR.

Unless otherwise stated in this policy, personal data will be deleted once they are no longer necessary for the purposes for which they were collected or otherwise processed.