1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Sabine Niederreuther, Vasiliki Studio Attica Greece, Neue Mühlgasse 43, 76761, Germany, Phone.: +49 172 7648332, e-mail: info@studio-vasiliki.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data Collection When You Visit Our Website
2.1 When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
For the hosting of our website and the presentation of the page content, we use a provider that provides its services itself or through selected subcontractors exclusively on servers within the European Union.
All data collected on our website is processed on these servers.
We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.
4) Cookies
In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after the browser is closed (so-called "session cookies"), in other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the duration of the storage in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies set by us, the processing is carried out either in accordance with Art. 6 (1) point b GDPR for the performance of the contract, in accordance with Art. 6 (1) point a GDPR in the case of consent given or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that the functionality of our website may be limited if cookies are not accepted.
5) Contacting Us
5.1 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp news service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose we use the so-called "Business Version" of WhatsApp.
If you contact us via WhatsApp in connection with a specific business transaction (e.g. an order placed), we will store and use the mobile telephone number you use at WhatsApp and - if provided - your first name and surname in accordance with Art. 6 para. 1 lit. b. GDPR to process and answer your request. On the basis of the same legal basis, we will ask you via WhatsApp to provide further data (order number, customer number, address or e-mail address), if necessary, in order to be able to allocate your enquiry to a specific transaction.
If you use our WhatsApp contact for general enquiries (e.g. about the range of services, availability or our website), we will store and use the mobile phone number you use at WhatsApp and - if provided - your first and last name in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our justified interest in the efficient and prompt provision of the requested information.
Your data will always be used only to answer your request via WhatsApp. Your data will not be passed on to third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book stores only the WhatsApp contact data of those users who have also contacted us via WhatsApp.
This ensures that each person whose WhatsApp contact data is stored in our address book has already consented to the transmission of his WhatsApp telephone number from the address books of his chat contacts in accordance with Art. 6 Para. 1 lit. a GDPR when using the app on his device for the first time by accepting the WhatsApp terms of use. The transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and setting options for protecting your privacy, please refer to WhatsApp's data protection information: https://www.whatsapp.com
In the course of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
5.2 When you contact us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration.
The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary.
6) Site functionalities
6.1 YouTube Videos
This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland
Data may also be transmitted to: Google LLC., USA.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. This involves certain information, including your IP address, being transmitted to the provider.
If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, to create playback statistics and to prevent abusive behavior.
If you are logged into a user account maintained by the provider during your visit to the site, your data will be directly assigned to your account when you click on a video. If you do not wish to have your data assigned to your account, you must log out before clicking on the play button.
All the above-mentioned processing, in particular the setting of cookies for reading out information on the end device used, only takes place if you have given us your express consent in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the "cookie consent tool" provided on the website.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
6.2 Google Maps
Our website uses Google Maps (AP’I) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and will make it easier for you to find us.
When you access the sub-pages that contain the Google Maps map, information about your use of our website (such as your IP address) is transmitted to and stored by Google on servers. When using Google Maps, personal data may also be transmitted to the servers of Google LLC. in the USA. This is regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place according to Art. 6 (1) point f GDPR, on the basis of the legitimate interests of Google in the insertion of personalized advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles. If you want to do so, you must contact Google to exercise this right.
If you do not agree to the future transmission of your data to Google in the context of using Google Maps, you may completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. In this case, Google Maps as well as the map display on this website cannot be used.
The Google terms of use can be found at: https://policies.google.com
You can find detailed information on data protection in connection with the use of Google Maps on Google's website ("Google Privacy Policy") at: https://policies.google.com
To the extent required by law, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the procedure described above for submitting an objection.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information on Google's privacy standards can be found here: https://business.safety.google
7) Tools and Miscellaneous
7.1 This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. Through the use of the tool, all cookies/services requiring consent are only loaded if the respective user provides the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
Further legal basis for the processing is Art. 6 (1) point c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
7.2 All-In-One Security
For security purposes, this website uses the service of the following provider: Updraft WP Software Ltd., 11, Barringer Way, St. Neots, Cambs. PE19 1LW, UK
The provider protects the website and the associated IT infrastructure from unauthorised third-party access, cyber attacks and viruses and malware. The provider collects the IP addresses of users and, if necessary, further data on their behaviour on our website (in particular URLs accessed and header information) in order to detect and defend against illegitimate page accesses and dangers. In doing so, the collected IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, the provider can automatically block it from accessing the website. The information collected in this way is transferred to a server of the provider and stored there.
The described data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.
For a data transfer to the provider location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
7.3 Wordfence
For security purposes, this website uses the service of the following provider: Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA
The provider protects the website and the associated IT infrastructure from unauthorised third-party access, cyber attacks and viruses and malware. The provider collects the IP addresses of users and, if necessary, further data on their behaviour on our website (in particular URLs accessed and header information) in order to detect and defend against illegitimate page accesses and dangers. In doing so, the collected IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, the provider can automatically block it from accessing the website. The information collected in this way is transferred to a server of the provider and stored there.
The described data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.
If visitors to the website have login rights, the provider also sets cookies (= small text files) on the respective end device used by the visitor. With the help of the cookies, certain location and device information can be read, which makes it possible to assess whether the login-authorised access originates from an authorised person. At the same time, access rights can be evaluated via the cookies and released via a website-internal firewall according to the authorisation level. Finally, the cookies are used to register irregular access by website administrators from new devices or new locations and to notify other administrators of this. These cookies are only set if a user has login rights. The provider does not set cookies for website visitors without login authorisation. Insofar as personal data is processed via the cookies, the processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in preventing illegitimate access to the website administration and in the defence against unauthorised administrator access.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.
For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
8) Rights of the Data Subject
8.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:
- Right of access by the data subject pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to be informed pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw a given consent pursuant to Art. 7 (3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
8.2 RIGHT TO OBJECT
IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
9) Duration of Storage of Personal Data
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and - if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).
If personal data is processed on the basis of an express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until the data subject revokes his consent.
If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after expiry of the storage periods if it is no longer necessary for the fulfillment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage.
When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 (1) GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed for the purpose of direct marketing on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection pursuant to Art. 21 (2) GDPR.
Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.
Our social media appearances
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
Individual social networks
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Meta on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Meta are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.