Data protection declaration according to GDPR

The protection of personal data is important to us. Therefore, we process personal data in accordance with applicable European and national law.

You can, of course, revoke your consent(s) at any time with future effect. Please contact the controller in accordance with Section 1 to do so.

The following statement provides an overview of the types of data we collect, how this data is used and shared, the security measures we take to protect your data, and how you can obtain information about the information you provide to us.

Legal basis for the processing of personal data

To the extent that we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to implement pre-contractual measures.

To the extent that the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 (1) (c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

Data deletion and storage period

Die personenbezogenen Daten der betroffenen Person werden gelöscht oder gesperrt, sobald der Zweck der Speicherung entfällt. Eine Speicherung kann darüber hinaus erfolgen, wenn dies durch den europäischen oder nationalen Gesetzgeber in unionsrechtlichen Verordnungen, Gesetzen oder sonstigen Vorschriften, denen wir unterliegen, vorgesehen wurde. Eine Sperrung oder Löschung der Daten erfolgt auch dann, wenn eine durch die genannten Normen vorgeschriebene Speicherfrist abläuft, es sei denn, dass eine Erforderlichkeit zur weiteren Speicherung der Daten für einen Vertragsabschluss oder eine Vertragserfüllung besteht.

§ 1 The responsible person and the data protection officer

(1) Name and address of the controller

AKWISO LTD | Data Protection and IT Security
Dieter Grohmann
Branch Office: Eleftheriou Aristodimou, 60E PANORAMA 2 Kouklia
8510, Paphos, Zypern

E-Mail: dg@akwiso.com
Phone: +357-97 457215
Telefon: +49 (0) 8374 / 5865 – 266

(2) Name and address of the data protection officer

Der Datenschutzbeauftragte des Verantwortlichen ist:

AKWISO LTD | Data Protection and IT Security
Dieter Grohmann
Branch Office: Eleftheriou Aristodimou, 60E PANORAMA 2 Kouklia
8510, Paphos, Zypern

E-Mail: dg@akwiso.com
Phone: +357-97 457215
Telefon: +49 (0) 8374 / 5865 – 266

§ 2 Definition

This privacy policy is based on the terminology used by the European Union when adopting the General Data Protection Regulation (hereinafter referred to as „GDPR“). This privacy policy is intended to be easy to read and understand. To ensure this, the most important terms are explained below:

  1. Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the „data subject“). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
  3. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  4. Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  5. Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  6. Controller or controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are specified by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  7. Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  8. Recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, authorities that may receive personal data in the context of a specific investigation under Union or Member State law are not considered recipients.
  9. A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons authorised to process the personal data under the direct authority of the controller or processor.
  10. Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

§ 3 Provision of the website and creation of log files

If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the accessing computer each time you access the website:

  1. The user’s IP address
  2. Information about the browser type and version used
  3. The user’s operating system
  4. The user’s Internet service provider
  5. Date and time of access
  6. Websites accessed by the user’s system via our website
  7. Content of the visits (specific pages)
  8. Amount of data transferred in each case
  9. Language and version of the browser software
 

The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of log files is Art. 6 (1) (f) GDPR.

The temporary storage of the IP address by the system is necessary to

enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

optimize the content of our website and its advertising.

ensure the functionality of our information technology systems and the technology of our website.

provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack.

Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also exists for these purposes.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected – in this case, at the end of the usage process.

The collection of data to provide the website and the storage of data in log files is essential for the operation of the website, which is why there is no possibility of objection.

§ 4 Use of cookies

§ 5 Disclosure of personal data to third parties

  1. Links to external websites
    This website contains links to external websites. We are solely responsible for our own content. We have no influence on the content of external links and therefore are not responsible for it, and in particular, we do not adopt their content as our own. If you are redirected to an external website, the privacy policy provided there applies. If you notice any illegal activities or content on this website, please feel free to inform us. In this case, we will review the content and respond accordingly (notice and takedown procedure).

  2. Matomo
    We use the open-source web analytics service Matomo (formerly Piwik) on our website to analyze and regularly improve website usage. The statistics collected enable us to improve our offering and make it more interesting for you as a user.
    Matomo technology only stores and uses anonymized data (e.g., shortened IP addresses, date and time of page access, length of stay, or the page from which you accessed our website). IP addresses are anonymized immediately after processing and before storage. They do not allow the identification of visitors to this website. Your data will not be shared with third parties. Matomo also uses so-called „cookies.“

    The legal basis for the use of Matomo is Art. 6 (1) (f) GDPR. You have the option to object to the analysis. When you visit our website, we display a so-called „banner.“ There, you have the option to prevent Matomo from analyzing your data by clicking on „Adjust settings“ and unchecking the „Statistics“ box. You can also object to the analysis directly via the consent manager tool we use or by clicking „Reject“ in the banner. In this case, no analysis of your website usage will take place. In this case, an opt-out cookie will be set, which ensures that no usage data will be analyzed.

    If you delete your cookies, the opt-out cookie will also be deleted and you may need to reactivate it.

    Information on Matomo’s privacy policy can be found at:
    https://matomo.org/privacy-policy/.

    Hosting
    We host Matomo exclusively on our own servers, so all analysis data remains with us and is not passed on.

§ 6. Contact form and email contact

Our website has a contact form that can be used to contact us electronically. If you choose to do so, the data entered in the input mask will be transmitted to us and stored. This data is:When the message is sent, the following data is also saved: IP address of the user Date and time of registration Your consent to the processing of the data is obtained during the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the email address provided. In this case, the personal data transmitted with the email will be saved. If this information relates to communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel if necessary to answer your query. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. If the user has given their consent, the legal basis for processing the data is Art. 6 (1) (a) GDPR. The legal basis for processing data transmitted when sending an email is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 (1) (b) GDPR. The processing of personal data from the input mask serves us solely to process the contact. We will of course only use the data from your email enquiries for the purpose for which you make it available to us when you contact us. If you contact us by email, the necessary legitimate interest in processing the data lies in answering the enquiry. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. You have the option of revoking your consent to the processing of your personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Regarding the revocation of consent/objection to storage, we ask you to contact the controller or the data protection officer in accordance with Section 1 via email or post. In this case, all personal data stored during the contact process will be deleted.

§ 7. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information

Right to rectification

Right to restriction of processing

Right to erasure

Right to notification

Right to data portability

Right to object to processing

Right to withdraw consent to data processing

Right not to be subject to automated decision-making

Right to lodge a complaint with a supervisory authority

1. Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request from the controller at any time, free of charge, information about the personal data stored about you and the following information:

the purposes for which the personal data is being processed;

the categories of personal data that are being processed;

the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

the planned duration of storage of the personal data concerning you or, if this is not possible, criteria for determining the duration of storage;

the existence of a right to rectify or erase personal data concerning you, a right to restrict processing by the controller or a right to object to such processing;

the existence of a right to lodge a complaint with a supervisory authority;

all available information about the origin of the data if the personal data is not collected from the data subject;

the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information on whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to obtain from the controller the rectification of inaccurate personal data concerning you, or to have incomplete personal data concerning you completed.

3. Right to restriction of processing

Under the following conditions, you may request that the controller immediately restrict the processing of personal data concerning you:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

the controller no longer needs the personal data for the purposes of the processing, but you require it for the assertion, exercise, or defense of legal claims; or

you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may – with the exception of storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

You may request the controller to erase personal data concerning you without undue delay if one of the following grounds applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

You withdraw your consent on which the processing is based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal basis for the processing.

You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

The personal data concerning you has been processed unlawfully.

The erasure of the personal data concerning you is necessary for compliance with a legal obligation to which the controller is subject under Union law or the law of the Member States.

The personal data concerning you has been collected in relation to the services offered by information society in accordance with Art. 8 para. 1 GDPR.

If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, it shall take reasonable measures, including technical measures, to inform controllers processing the personal data of the deletion of the personal data, taking into account the available technology and implementation costs, so that the controllers are informed of the deletion. that you, as the data subject, have requested the erasure of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not apply if the processing is necessary

for exercising the right of freedom of expression and information;

for compliance with a legal obligation which requires processing in accordance with Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

on grounds of public interest in the area of public health pursuant to Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;

for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or

for the establishment, exercise or defense of legal claims.

5. Right to notification

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to obtain information about these recipients from the controller.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

To exercise the right to data portability, the data subject may contact the controller at any time.

7. Right to object

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option, notwithstanding Directive 2002/58/EC, of exercising your right to object by means of automated procedures using technical specifications.

To exercise the right to object, the data subject may contact the controller directly.

8. Right to withdraw consent to data protection

You have the right to withdraw your consent to data protection at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can contact the controller for this purpose.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary

for the conclusion or performance of a contract between you and the controller,

is authorized by Union or Member State law to which the controller is subject and that law provides for appropriate measures to safeguard your rights and freedoms and legitimate interests, or

is based on your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and appropriate measures to protect your rights and freedoms and legitimate interests have been taken.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

If the data subject wishes to exercise rights relating to automated decisions, they may contact the controller at any time.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

§ 8. Changes to the Privacy Policy

We reserve the right to modify our privacy practices and this policy to reflect changes in applicable laws or regulations or to better serve your needs. Any changes to our privacy practices will be posted here. Please refer to the current version date of the privacy policy: January 24, 2025