Privacy Policy

1. Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data includes all data that can personally identify you.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Theodora Stergiou, Römerstraße 18, 71296 Heimsheim, #.

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a Data Protection Officer, who can be reached as follows:
Stergiou Theodora, Römerstraße 18, 71296 Heimsheim, #.

2. Data Collection When Visiting Our Website

2.1 If you visit our website for informational purposes only, meaning without registering or otherwise providing information, we only collect the data that your browser transmits to our server („server log files“). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

The website you visited
Date and time of access
Amount of data transmitted (in bytes)
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Article 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. This data is not passed on or otherwise used. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., inquiries to the controller). You can recognize an encrypted connection by the „https://“ prefix and the lock symbol in your browser’s address bar.

3. Hosting & Content Delivery Network

For hosting our website and displaying its content, we use a service provider that provides services exclusively on servers within the European Union, either directly or through selected subcontractors.

All data collected on our website is processed on these servers.

We have signed a data processing agreement with the provider to ensure the protection of our visitors‘ data and to prohibit unauthorized data transfer to third parties.

4. Cookies

To make visiting our website more attractive and to enable the use of certain functions, we use cookies – small text files stored on your device. Some cookies are automatically deleted after closing your browser („session cookies“), while others remain on your device longer to save preferences („persistent cookies“). The storage duration of persistent cookies can be found in your browser settings.

If personal data is also processed through cookies, this is done in accordance with:

Article 6(1)(b) GDPR (for contract fulfillment),
Article 6(1)(a) GDPR (if consent was given), or
Article 6(1)(f) GDPR (to protect our legitimate interest in an optimized website experience).

You can set your browser to notify you when cookies are placed and allow them on a case-by-case basis or disable them altogether. However, please note that disabling cookies may limit website functionality.

5. Contacting Us

When you contact us (e.g., via contact form or email), personal data is collected. The type of data collected via the contact form is indicated on the form itself. These data are stored and used only for processing your request and the associated administrative tasks.

The legal basis for processing is our legitimate interest under Article 6(1)(f) GDPR in responding to your inquiry. If your request is related to concluding a contract, the additional legal basis is Article 6(1)(b) GDPR.

Your data will be deleted once your request is fully resolved and unless statutory retention periods require otherwise.

6. Tools and Other Services

Cookie Consent Tool

This website uses a cookie consent tool to obtain legally valid user consent for cookies and cookie-based applications.

Upon visiting the website, an interactive interface appears where users can check boxes to allow or deny cookies.
Only cookies that require consent are loaded when the user explicitly consents.

This tool ensures that only necessary cookies are set unless explicit consent is given.

The tool itself uses technically necessary cookies to save user preferences. Generally, no personal data is processed. If, in exceptional cases, personal data (such as IP addresses) is stored for tracking consent, this is done under Article 6(1)(f) GDPR for legally compliant cookie management.

We have signed a data processing agreement with the provider to ensure compliance.

Further details about the operator and settings can be found directly in the cookie tool interface.

7. Data Subject Rights

According to applicable data protection law, you have the following rights regarding the processing of your personal data:

Right of access (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to notification (Article 19 GDPR)
Right to data portability (Article 20 GDPR)
Right to withdraw consent (Article 7(3) GDPR)
Right to lodge a complaint (Article 77 GDPR)

Right to Object (Article 21 GDPR):
If we process your personal data based on legitimate interest (Article 6(1)(f) GDPR), you have the right to object at any time, citing reasons related to your specific situation.

If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests or the data is needed for legal claims.

If we process your personal data for direct marketing, you have the right to object at any time. If you exercise this right, we will stop processing your data for marketing purposes.

8. Data Retention Period

The retention period of personal data depends on:

The legal basis for processing,

The purpose of processing, and

The applicable statutory retention period (e.g., commercial and tax law).

If processing is based on consent (Article 6(1)(a) GDPR), the data is stored until consent is withdrawn.

If processing is based on contractual necessity (Article 6(1)(b) GDPR), data is retained until the contract is fulfilled, unless legal obligations require longer retention.

If processing is based on legitimate interest (Article 6(1)(f) GDPR), data is stored until the right to object is exercised unless there are overriding legal reasons for continued processing.

Unless otherwise stated, personal data is deleted when it is no longer necessary for its intended purpose.