Last edit: 4.01.2023


Our Privacy Commitment


As a GDPR consulting provider, we are fully committed to handling your personal and company data securely while delivering the best user and service experience that exceeds your expectations. 

Please read below our privacy statement, which goes beyond the information we’re legally obliged to provide you with, as we believe that transparency and trust are the currency of business.

This information applies to the processing activities in the course of using this website, communication with us, providing services, and our interaction on social media.

✓ Our website currently uses strictly necessary cookies only

Created with Sketch.

Should it ever change, you will be able to set your cookie preferences here.

✓ We only use a handful of trusted providers for necessary business operations 

Created with Sketch.

We only use external parties for essential activities to make it possible for us to communicate, provide you with our services, and seamlessly run the business.

 

We only choose service providers that provide sufficient guarantees to meet the GDPR standards and ensure we have appropriate contracts in place. Whenever possible, we use EU-based providers that are certified for their high-security standards. 

✓ You can always enforce your data protection rights 

Created with Sketch.

To the extent stipulated by the GDPR, you’ve got the following data protection rights: 

  • Access 
  • Rectification 
  • Erasure 
  • Restriction 
  • Portability 
  • Withdrawal of your consent
  • Object to the processing

 

Please contact us if you'd like to enforce them.

 

The right to lodge a complaint 

 

If you believe that our processing of your data infringes European privacy laws, you have a right to file a complaint with a data protection authority, e.g. in your country.

 

✓ We regularly update this privacy statement

Created with Sketch.

to give you the latest overview of how your data is processed when interacting with us.

✓ We reply to you as fast as possible

Created with Sketch.

You can easily contact us if you have any questions or feedback about this privacy statement, or if you’d like to enforce your rights:

Klaudia Kosinska-Galue 
contact(at)klaudiagalue.com

Below, you can find more details on how your personal data is processed in the course of individual processing activities, such as:

Website access

Created with Sketch.

Information
Usage data (e.g. web pages visited, access times), communication data (e.g. browser type, operating system, or IP addresses)


Purposes + legal basis

  • Provision of a stable and secure online offer that is easy to use 
  • Analyzing and maintaining the technical operation of the servers, 
  • Assisting with anti-abuse measures 
  • Protecting the security of the hosting platform

 based on a legitimate interest (Art. 6 (1) f GDPR)


Recipients + transfers

Website hosting provider (Jimdo, Germany using the AWS with data centers in Ireland) and its technical processors (Content Delivery Network Providers, SSL certificate providers (USA), etc.)


Retention period

We store HTTP data and server log files for a maximum of three (3) months unless there is a security incident (such as a DDoS attack). In the event of a security incident, server log files will be stored until the incident has been rectified and fully investigated.


Co-browsing session data is generally erased no later than 30 days afterward.


Nature of data provision

The data provision is neither legally, nor contractually required, but it's technically impossible to access the website without this data transmission.


Website statistics

Created with Sketch.

If you visit our website, we collect information about your use of our website by means of a web analysis function developed by our website hosting provider and store it in a pseudonymous way. This tool collects your IP address and user agent, merges them, and truncates and stores this data using a so-called hash function. In this way, we generate a visitor identifier that will be encrypted using a random value, the so-called SALT, which changes every 24 hours. This ensures that your IP address cannot be recovered from the visitor identifier we store and that you cannot be identified personally. Furthermore, we do not merge this data with other data and only store it on the server of the website hosting provider.

Information

Usage data (e.g. web pages visited, access times), communication data (e.g. browser type, operating system, or IP addresses) 


Purpose + legal basis

Measuring the number of website visitors and visited pages in aggregated form based on a legitimate interest (Art. 6 (1) f GDPR)


Recipients + transfers

Website hosting provider (EU)


Retention period

Visitor identifier (SALT) changes every 24 hours


Nature of data provision

The data provision is neither legally, nor contractually required, but it's impossible to access the website without this data transmission.

Contact & booking

Created with Sketch.

Information

Your name, contact details, and company information


Purpose + legal basis

For entering into a contract or meeting our contractual obligations based on Art. 6 (1) b GDPR


Recipients + transfers

Microsoft Office 365 (EU)


Retention period

Max. 1 year from receiving the data 


Nature of data provision

We need to collect personal data to enter into or carry out a contract, and if you do not provide the data, we will not be able to conclude it or provide you with our services. 

Payment processing

Created with Sketch.

Information

  • Billing information necessary for a bank transfer or card payment (normally includes your company data rather than personal information, such as: business name, address, account number, bank routing number, credit card number - if applicable, invoice amount, currency, and transaction number.)
  • Communication data: e.g. IP addresses, browser type, operating system. 


Purpose + legal basis

Payment processing and/or offering of external payment providers for various payment options, based on Art. 6 (1) b GDPR for meeting our contractual obligations.


Recipients + transfers

Banking or payment provider (PayPal)

To meet customer expectations and provide an easier payment, we offer the possibility of payment with PayPal. Please note that PayPal is a separate controller for the personal data they process.
 
To learn more about how PayPal processes your data, please read the privacy policies of PayPal.

Please note that PayPal transfers the data to the USA and is subject to laws that compromise data protection standards provided by the EU laws.


Retention period

We store transaction data for 10 years as required by applicable local law.


Nature of data provision

We need to collect personal data to enter into or carry out a contract, and if you do not provide the data, we will not be able to conclude it or provide you with our services. 

Accounting and taxes

Created with Sketch.

Information

Invoices (name of a contact person at your company and legally required company details) and transaction data 


Purpose + legal basis

For meeting our legal obligations based on Art. 6 (1) c GDPR.


Recipients + transfers

Accounting services (Accountable, Germany) and German tax authorities


Retention period

10 years as required by applicable local law


Nature of data provision

We need to collect personal data to meet our legal obligations, and if you do not provide the data, we will not be able to provide you with our services. 

Social Media

Created with Sketch.

Information 

Public profile,  insights, and statistics


Purpose + legal basis

We use social media to present our work through widely used communication channels, like Instagram and Linkedin based on a legitimate interest (Art. 6 (1) f GDPR).


Recipients + transfers + retention

Social media platforms are separate controllers for the personal data they process. 
 
To learn more about how the following social media platforms process your data, we encourage you to read their privacy policies:

 
Please note that these platforms transfer data to the USA and are subject to laws that compromise data protection standards provided by the EU laws.


Nature of data provision

You sign up to social media platforms on a voluntary basis, subject to the policies of social media platforms.