Last edit: 4.01.2023
Our Privacy Commitment
As a GDPR consulting provider, we are fully committed to handling your personal and company data securely while delivering the best user and service experience that exceeds your expectations.
Please read below our privacy statement, which goes beyond the information we’re legally obliged to provide you with, as we believe that transparency and trust are the currency of business.
This information applies to the processing activities in the course of using this website, communication with us, providing services, and our interaction on social media.
✓ Our website currently uses strictly necessary cookies only
Should it ever change, you will be able to set your cookie preferences here.
✓ We only use a handful of trusted providers for necessary business operations
We only use external parties for essential activities to make it possible for us to communicate, provide you with our services, and seamlessly run the business.
We only choose service providers that provide sufficient guarantees to meet the GDPR standards and ensure we have appropriate contracts in place. Whenever possible, we use EU-based providers that are certified for their high-security standards.
✓ You can always enforce your data protection rights
To the extent stipulated by the GDPR, you’ve got the following data protection rights:
- Access
- Rectification
- Erasure
- Restriction
- Portability
- Withdrawal of your consent
- Object to the processing
Please contact us if you'd like to enforce them.
The right to lodge a complaint
If you believe that our processing of your data infringes European privacy laws, you have a right to file a complaint with a data protection authority, e.g. in your country.
✓ We regularly update this privacy statement
to give you the latest overview of how your data is processed when interacting with us.
✓ We reply to you as fast as possible
You can easily contact us if you have any questions or feedback about this privacy statement, or if you’d like to enforce your rights:
Klaudia Kosinska-Galue
contact(at)klaudiagalue.com
Below, you can find more details on how your personal data is processed in the course of individual processing activities, such as:
Website access
Information
Usage data (e.g. web pages visited, access times), communication data (e.g. browser type, operating system, or IP addresses)
Purposes + legal basis
- Provision of a stable and secure online offer that is easy to use
- Analyzing and maintaining the technical operation of the servers,
- Assisting with anti-abuse measures
- Protecting the security of the hosting platform
based on a legitimate interest (Art. 6 (1) f GDPR)
Recipients + transfers
Website hosting provider (Jimdo, Germany using the AWS with data centers in Ireland) and its technical processors (Content Delivery Network Providers, SSL certificate providers (USA), etc.)
Retention period
We store HTTP data and server log files for a maximum of three (3) months unless there is a security incident (such as a DDoS attack). In the event of a security incident, server log files will be stored until the incident has been rectified and fully investigated.
Co-browsing session data is generally erased no later than 30 days afterward.
Nature of data provision
The data provision is neither legally, nor contractually required, but it's technically impossible to access the website without this data transmission.
Website statistics
If you visit our website, we collect information about your use of our website by means of a web analysis function developed by our website hosting provider and store it in a pseudonymous way. This tool collects your IP address and user agent, merges them, and truncates and stores this data using a so-called hash function. In this way, we generate a visitor identifier that will be encrypted using a random value, the so-called SALT, which changes every 24 hours. This ensures that your IP address cannot be recovered from the visitor identifier we store and that you cannot be identified personally. Furthermore, we do not merge this data with other data and only store it on the server of the website hosting provider.
Information
Usage data (e.g. web pages visited, access times), communication data (e.g. browser type, operating system, or IP addresses)
Purpose + legal basis
Measuring the number of website visitors and visited pages in aggregated form based on a legitimate interest (Art. 6 (1) f GDPR)
Recipients + transfers
Website hosting provider (EU)
Retention period
Visitor identifier (SALT) changes every 24 hours
Nature of data provision
The data provision is neither legally, nor contractually required, but it's impossible to access the website without this data transmission.
Contact & booking
Information
Your name, contact details, and company information
Purpose + legal basis
For entering into a contract or meeting our contractual obligations based on Art. 6 (1) b GDPR
Recipients + transfers
Microsoft Office 365 (EU)
Retention period
Max. 1 year from receiving the data
Nature of data provision
We need to collect personal data to enter into or carry out a contract, and if you do not provide the data, we will not be able to conclude it or provide you with our services.
Payment processing
Information
- Billing information necessary for a bank transfer or card payment (normally includes your company data rather than personal information, such as: business name, address, account number, bank routing number, credit card number - if applicable, invoice amount, currency, and transaction number.)
- Communication data: e.g. IP addresses, browser type, operating system.
Purpose + legal basis
Payment processing and/or offering of external payment providers for various payment options, based on Art. 6 (1) b GDPR for meeting our contractual obligations.
Recipients + transfers
Banking or payment provider (PayPal)
To meet customer expectations and provide an easier payment, we offer the possibility of payment with PayPal. Please note that PayPal is a separate controller for the personal data they process.
To learn more about how PayPal processes your data, please read the privacy policies of PayPal.
Please note that PayPal transfers the data to the USA and is subject to laws that compromise data protection standards provided by the EU laws.
Retention period
We store transaction data for 10 years as required by applicable local law.
Nature of data provision
We need to collect personal data to enter into or carry out a contract, and if you do not provide the data, we will not be able to conclude it or provide you with our services.
Accounting and taxes
Information
Invoices (name of a contact person at your company and legally required company details) and transaction data
Purpose + legal basis
For meeting our legal obligations based on Art. 6 (1) c GDPR.
Recipients + transfers
Accounting services (Accountable, Germany) and German tax authorities
Retention period
10 years as required by applicable local law
Nature of data provision
We need to collect personal data to meet our legal obligations, and if you do not provide the data, we will not be able to provide you with our services.
Social Media
Information
Public profile, insights, and statistics
Purpose + legal basis
We use social media to present our work through widely used communication channels, like Instagram and Linkedin based on a legitimate interest (Art. 6 (1) f GDPR).
Recipients + transfers + retention
Social media platforms are separate controllers for the personal data they process.
To learn more about how the following social media platforms process your data, we encourage you to read their privacy policies:
Please note that these platforms transfer data to the USA and are subject to laws that compromise data protection standards provided by the EU laws.
Nature of data provision
You sign up to social media platforms on a voluntary basis, subject to the policies of social media platforms.