Privacy Policy

‍

1) Introduction and Contact Information of the Responsible Party

1.1

We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data includes all data that can personally identify you.

1.2

The responsible party for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Osaia Consulting GmbH, Revaler Str. 1, 10243 Berlin, Germany, Email: management@osaia.consulting. The entity responsible for processing personal data is the individual or legal entity that alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1

When using our website for informational purposes only, i.e., when you do not register or otherwise provide us with information, we collect only the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

• The website visited

• Date and time of access

• Amount of data transmitted in bytes

• Source/reference from which you accessed the page

• Browser used

• Operating system used

• IP address used (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or used for other purposes. However, we reserve the right to review server log files subsequently if there are specific indications of unlawful use.

2.2

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

3.1 Webflow

For hosting our website and displaying its content, we use the system of the following provider:

Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA

All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

3.2 Cloudflare

We use a content delivery network (CDN) from the following provider:

Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA

This service allows us to deliver large media files, such as images, page content, or scripts, faster through a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6(1)(f) GDPR. We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.

4) Contacting Us

When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected through a contact form is visible in the respective form. This data is used exclusively for the purpose of responding to your inquiry and for the technical administration associated with it.

The legal basis for processing this data is our legitimate interest in responding to your inquiry under Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after your inquiry has been fully processed unless legal retention obligations prevent deletion.

5) Website Functionalities

Google Web Fonts

This website uses web fonts provided by the following provider to ensure a uniform display of fonts:

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you visit a page, your browser loads the required web fonts into its cache to display texts and fonts correctly, establishing a direct connection to the provider’s servers. Certain browser information, including your IP address, is transmitted to the provider.

Data may also be transferred to Google LLC, USA.

The processing of personal data in connection with accessing the font provider’s servers occurs only if you have given your explicit consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time by disabling this service via the “Cookie Consent Tool” on our website. If your browser does not support web fonts, a standard font will be used instead.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with European data protection standards.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

6) Data Subject Rights

6.1

Under applicable data protection law, you have the following rights regarding the processing of your personal data:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to notification (Art. 19 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to withdraw consent (Art. 7(3) GDPR)

• Right to lodge a complaint (Art. 77 GDPR)

6.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS PURSUANT TO ART. 6(1)(F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, CONTINUED PROCESSING MAY BE PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME. YOU MAY EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU OBJECT TO PROCESSING FOR DIRECT MARKETING PURPOSES, WE WILL STOP PROCESSING YOUR DATA FOR SUCH PURPOSES.

7) Duration of Storage of Personal Data

The duration of storage of personal data is determined based on the respective legal basis, the processing purpose, and, if applicable, legal retention periods (e.g., commercial and tax-related retention periods).

If the processing of personal data is based on explicit consent under Art. 6(1)(a) GDPR, the data will be stored until you withdraw your consent.

If statutory retention periods apply to data processed under Art. 6(1)(b) GDPR for contractual purposes, the data will be routinely deleted after these periods expire unless continued storage is necessary for contract fulfillment or initiation, or there is a legitimate interest in further storage.

If data is processed under Art. 6(1)(f) GDPR, storage continues until you exercise your right to object under Art. 21(1) GDPR unless compelling legitimate grounds exist for continued processing.

Unless otherwise specified in this statement, stored personal data will be deleted once it is no longer necessary for its collected purpose.