Data protection policy
[This page is automatically translated and for reference only. Please visit www.eliforia.com/de/datenschutzerklaerung for the original text.]
In the following, we (hereinafter ‘Eliforia Consulting’, ‘we’ or ‘us’) inform you about data protection in accordance with Art. 13 and 14 of the GDPR when you visit our website eliforia.com (hereinafter ‘website’) or otherwise contact us via digital media. If you enter into a contractual relationship with us, we will provide you with additional data protection information.
Responsible party
The responsible party is Eliforia Consulting GmbH (i.Gr.), represented by the associates Dimitra Ioannidou and Fiona Woo, Goethestr. 6, 18055, Rostock, +49 172 156 1462, info@eliforia.com
Purposes, legal bases and duration of data processing
Visiting the website
If you use the website purely for information purposes, i.e. if you do not contact Eliforia Consulting directly (e.g. via email) or fill out the contact form, no information that can be directly assigned to you will be processed.
However, additional information can be used to establish a personal reference for some data, which is why we treat this data as so-called pseudonymous data. This includes automatically processed information in so-called server log files that your browser transmits. These are browser type/version, operating system used, referrer URL (previously visited page), host name of the accessing computer and the time of the server request. This data is used to display the website you have accessed, so that the pre-contractual relationship with you in accordance with Art. 6 Para. 1 lit. b) GDPR is the legal basis for this processing.
So-called cookies are also used to display the website. These are small text files that are stored in your browser. The cookies used have a limited lifespan and contain a randomly generated unique identification number (so-called ID). A cookie enables you to navigate the website and makes it easier for you. At the same time, a cookie also stores whether you have been shown information about the use of cookies. The legal basis is therefore our legitimate interest in making your use of the website as pleasant as possible and at the same time providing you with appropriate information, Art. 6 Para. 1 lit. f) GDPR. The cookies expire automatically after their purpose has been fulfilled. The cookie for consenting to the use of cookies expires automatically after 1 year. You can also actively delete these cookies on your device yourself or set in your browser when cookies should be deleted.
For the presence of the website, we use Google Fonts from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on the website. Google records the use of CSS and the fonts used and stores this data securely. You can find out more about data processing by Google and other questions at https://developers.google.com/fonts/faq?tid=231549270488.
You can find out exactly which data is collected by Google and what this data is used for at https://policies.google.com/privacy
The use of Google Fonts is based on Art. 6 Paragraph 1 Letter f) GDPR. Our interest is in the optimal display of content for website visitors and the cost-effective structure of our website by using so-called WordPress templates (so-called themes). For the sake of simplicity, these use Google Fonts.
Presence in third-party portals
Eliforia Consulting is also present on other portals such as social networks (e.g. LinkedIn) (“third-party portals”). The aim is to increase our awareness and to be available to you as a contact person outside of our website. However, Eliforia Consulting does not operate these third-party portals. Rather, we can only use them within the framework of the form offered by the respective operator and by accepting the terms of use and data protection that apply there. You can find out more about the data protection conditions of the third-party portals here:
www.linkedin.com/legal/privacy-policy
Depending on which data processing you have agreed to with the portal operator, the purpose of the third-party portal is that we receive certain information about you when you interact with us on the portal (e.g. contacts on LinkedIn). Please note that any communication with us via these third-party portals is processed by these portal operators and may be accessible to them.
The legal basis for this is your contract with the portal operator in accordance with Art. 6 (1) (b) GDPR. Your interaction with us via and in the portals is voluntary. If you send us additional information (e.g. in a short message on the third-party portal), this is either for pre-contractual contact with us (Art. 6 (1) (b) GDPR) or you simultaneously and voluntarily give us your consent (Art. 6 (1) (a) GDPR). If you have given us your consent, you have the right to revoke your consent at any time with effect for the future in accordance with Art. 7 (3) GDPR. To do this, you must adjust the settings for your respective account on the third-party portal accordingly (e.g. stop following me). If you would like us to no longer use the data we have received up to that point in the future and to delete it, please contact us.
Communication
If you contact us by email or telephone, Eliforia Consulting will process your data to the extent necessary to answer your questions. The legal basis is therefore also the contract or the pre-contractual legal relationship with you, Art. 6 Paragraph 1 Letter b) GDPR.
The provisions of 2.a. apply to the storage period of the data. The transmission of emails is secured using TLS/SSL. Emails and email contents are encrypted if you so request.
Security
The hoster and email provider commissioned by Eliforia Consulting processes data in your interest and in the interest of Eliforia Consulting in order to guarantee the integrity, confidentiality and availability of the data processing systems, i.e. in particular the security and availability of your data. The legal basis for the processing of this data is Art. 6 Paragraph 1 Letter f) GDPR. Eliforia Consulting’s legitimate interest is in maintaining and securely providing services such as offering the website. The data for this purpose will be deleted if their processing is no longer necessary to maintain security.
Data storage
Eliforia Consulting stores information about its customers and contacts, including communication, in the Office 365 cloud solution offered by Microsoft Inc. (US). By using the Office 365 cloud, Eliforia Consulting pursues its legitimate interest in being able to work cost-effectively, efficiently and quickly at the same time, as the data security measures of the specialized cloud provider are much higher than Eliforia Consulting could guarantee. In addition, Eliforia Consulting can work independently of time and location thanks to online access to the data storage. The use of Office 365 is also based on a data processing agreement in accordance with Art. 28 GDPR (see below, points 3 and 4). The legal basis is therefore Art. 6 Para. 1 lit. f) GDPR.
If you would like a different location for data storage as part of the contract or communication, please inform Eliforia Consulting.
Recipient
We do not transmit your personal data to third parties unless you expressly consent to this beforehand or there is another legal permission or obligation to do so.
In addition, Eliforia Consulting uses a tax advisor to handle its accounting and tax matters. Eliforia Consulting has a legitimate interest in having these activities carried out correctly by an expert, Art. 6 Para. 1 lit f) GDPR.
For the storage of documents and for online communication, Eliforia Consulting has also commissioned the following categories of service providers to work for Eliforia Consulting under order processing contracts in accordance with Art. 28 GDPR:
- E-Mail provider
- Provider of accounting or project management software
- Provider for processing, in particular registration and research in connection with industrial property rights
Transfer to third countries
If Eliforia Consulting transfers personal data to other service providers bound by instructions outside the EU or the European Economic Area (EEA), the transfer will take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or in accordance with the principles of the so-called Privacy Shield and on the basis of so-called standard contractual clauses of the EU Commission.
Right of revocation and objection
If you have given us your consent to process your personal data, you have the right to revoke your consent at any time with effect for the future in accordance with Art. 7 Para. 3 GDPR. If you revoke your consent, your data will no longer be processed for the purpose to which you had consented. At the same time, this data will be deleted if there is no other legal basis for further processing of this data (e.g. contract fulfillment, statutory retention periods).
If the processing of your personal data is based on a legitimate interest, Art. 6 Para. 1 lit. f) GDPR, you can object to this processing at any time. The personal data will no longer be processed unless Eliforia Consulting can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Your other rights under the GDPR
In addition to the above-mentioned rights to withdraw consent and object to data processing, you have the following rights with regard to your personal data vis-à-vis Eliforia Consulting as the responsible party in accordance with the provisions of the GDPR:
- Right to information,
- Right to rectification,
- Right to restriction of processing,
- Right to erasure,
- Right to information,
- Right to data portability,
To do this, simply contact Eliforia Consulting directly by post or email (contact details see above).
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.