Name and contact details of the responsible person
The following entity is responsible for this website pursuant to Article 4 No. 7 of the General Data Protection Regulation (hereinafter: “Responsible Party”):
Archiepiskopou Makariou III
61 SERGHIDES HOUSE, 1st floor, Flat/Office 102
6017, Larnaca, Cyprus
Phone: +357 959 520 15
Data processing via means of communication
a) Scope of processing.
The data controller can be reached by mail, e-mail, contact form (if applicable), telephone, social networks and messenger (WhatsApp, Telegram) for your inquiries. Simple requests that do not require your identification can be made anonymously. Insofar as your identification should be necessary, e.g. in order to answer you or call you back, the responsible person collects your contact data.
If you write a message via the contact form of the responsible person, he collects the personal data you entered (first name, last name, e-mail address, message content). In addition, he collects your IP address and log files about the date and time of sending the message.
b) Purpose of processing
Your personal data is processed in order to identify you, to assign your message to an existing contract, a job advertisement, a job application process or any other business relationship, if applicable, to store it, to answer it or to forward it, if applicable.
c) Legal basis of the processing
If you have given the data controller consent on the occasion of correspondence with you, e.g. within the framework of the contact form, the data controller may process your data within the framework of your consent pursuant to Art. 6 (1) p. 1 lit a DSGVO.
In individual cases, the processing of your data may be necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request, Art. 6 (1) p. 1 lit. b DSGVO.
The processing of personal data may also be based on the legitimate interests of the controller pursuant to Art. 6 (1) p. 1 lit. f DSGVO.
d) Legitimate interests
The controller has a legitimate economic interest in being accessible via its contact forms and (electronic) means of communication for processing and responding to inquiries with interest in its products and to respond to your inquiries. In addition, he has a legitimate interest in processing your data insofar as you are, for example, a director, employee, job applicant, customer, potential customer or other representative of a contractual partner of the responsible party. The data controller also collects information in order to review your job application. He also processes your data for the purpose of contract performance, assertion or defense of claims.
e) Recipients or categories of recipients
As a rule, your personal data will be processed by the data controller. The latter will only pass on your personal data, which it has received via electronic means of communication, to external recipients to the extent that this is necessary in individual cases in order to process your request.
f) Transfer to third countries
The responsible party will not transfer your personal data abroad unless you agree to this.
g) Duration of storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and due to retention obligations under contract law, commercial law or tax law. Application documents are kept for at least two months after receipt of the rejection (§ 15 para. 4 AGG). Invoice documents are kept for 10 years, commercial letters for 6 years.
h) Possibility of objection and removal
As a user, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) sentence 1 lit. e or f DSGVO (Article 21 (1) DSGVO).
Insofar as the controller bases the processing of your data on your consent or on a contract, you do not have the right to object.
i) Obligation to provide
Your personal data such as title, first name, last name, e-mail address are required to transmit the request via the contact form to the controller. Otherwise, the provision of your personal data is voluntary. In the event that you do not provide your personal data, the person responsible may not be able to process or respond to your inquiries, requests or wishes. However, if you do not provide the person responsible with your e-mail address in the contact form or provide it incorrectly, he will not be able to answer you.
Data processing within the scope of the ACADEMY
a) Scope of processing
For registration with the ACADEMY, first name, last name, e-mail address and user name are collected. In the context of payment processing, your bank data or your means of payment are additionally collected by the payment service provider Copecart (CopeCart GmbH, Ufnaustraße 10, 10553 Berlin).
b) Purposes and legal basis of the processing
The collection of data is necessary to enter into and pay for the ACADEMY usage contract. The associated data processing is based on Art. 6 para. 1 p. 1 lit. b DSGVO.
c) Recipients or categories of recipients
Your personal data will be disclosed to the data processing department of the responsible party and to its contractors (Fa. CopeCart GmbH, Ufnaustraße 10, 10553 Berlin)and service providers contracted to host and provide IT resources for the operation of the website.
d) Third country transfer
The responsible party does not intend to transfer your personal data abroad.
e) Duration of storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and no retention periods (e.g. regular limitation of claims, 3 years) are opposed.
f) Obligation to provide data
The provision of your data is necessary for the conclusion of the contract (ACADEMY).
Definitions and data subject rights
a) Why is this information provided?
The legislator obliges the responsible party to inform users about the processing of their personal data in accordance with Art. 13 and Art. 14 of the General Data Protection Regulation (DSGVO). In the following, the extent to which the controller processes the user’s personal data and the rights to which the user is entitled are communicated.
In principle, no personal data of users will be processed, unless the processing is permitted by law (“legal grounds”). Consent given to the Controller by the User voluntarily and after prior information may also constitute a Legal Basis for the processing of the User’s personal data.
b) What is personal data and who is affected?
“Personal data” are, according to Art. 4 No. 1 DSGVO, any information relating to an identified or identifiable natural person (hereinafter “user”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are many circumstances in which the responsibility for processing such personal data lies with the controller, which makes the data subject a user. Users include, for example, users of the Controller’s websites, senders and recipients of letters, e-mails or other communications from the Controller, as well as callers and called parties, clients or other persons interested in legal advice, contractors, employees, customers, suppliers or cooperation partners of the Controller.
c) What are the legal bases?
Insofar as the controller has obtained the consent of the user for the processing operations of personal data, Art. 6 (1) p. 1 lit. a DSGVO serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the user is a party, Art. 6 (1) p. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures at the request of the user. Insofar as processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Art. 6 (1) p. 1 lit. c DSGVO serves as the legal basis. In the event that vital interests of the user or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of the controller or a third party and the interests, fundamental rights and freedoms of the user do not override the first-mentioned interest, Art. 6 (1) p. 1 lit. f DSGVO serves as the legal basis for the processing.
In this data protection information, the user is informed for which purposes and on the basis of which legal basis his personal data are processed.
d) How long is personal data stored or when is it deleted?
The user’s personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this if this is stipulated by the European or national legislator in Union regulations, laws or other regulations according to which the responsible party is obliged to store the personal data. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires; unless further storage of the data is necessary for the conclusion or performance of a contract.
e) What technical and organizational measures are used?
Ensuring data security is a particularly important concern for the controller. It therefore uses appropriate technical and organizational measures, in particular to protect the user’s personal data from risks during data transmissions and to protect against third parties gaining knowledge. The data security measures are reviewed and adapted in accordance with the current state of the art. The processing of personal data via the website of the responsible party is https-encrypted.
f) What rights do I have as a user?
Right to withdraw consent: The user has the right, in accordance with Art. 7 (3) DSGVO, to revoke his consent, once given, at any time vis-à-vis the responsible party. This has the consequence that the data processing, which was based on this consent, may no longer be continued for the future.
Right to information: In accordance with Art. 15 DSGVO, the user has the right to request information about his personal data processed by the controller. In particular, he may request information about the processing purposes, the category of personal data, the categories of recipients to whom his data have been or will be disclosed, the planned storage period, about the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of his data if it has not been collected by the controller, and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
Right to rectification: In accordance with Art. 16 DSGVO, the user has the right to demand the correction of inaccurate or incomplete personal data stored by the controller without undue delay.
Right to erasure and to be forgotten: The user has the right, pursuant to Art. 17 DSGVO, to request the erasure of his personal data stored by the controller, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
Right to restriction: In accordance with Art. 18 DSGVO, the user has the right to request the restriction of the processing of his personal data, insofar as the accuracy of the data is disputed by him, the processing is unlawful, but the user objects to its erasure and the controller no longer requires the data, but the user needs it for the assertion, exercise or defense of legal claims or the user has objected to the processing in accordance with Art. 21 DSGVO.
Right to data portability: in accordance with Art. 20 DSGVO, the user has the right to receive his or her personal data that he or she has provided to the controller in a structured, common and machine-readable format or to request that it be transferred to another controller.
Right to complain: The user may complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, he can contact the supervisory authority of his usual place of residence or workplace or the headquarters of the controller for this purpose.
Right to object: If the User’s personal data is processed on the basis of legitimate interests pursuant to Art. 6 UAbs. 1 para. 1 p. 1 lit. f DSGVO, the User has the right to object to the processing of his personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from the User’s particular situation.
To exercise the right to object, it is sufficient to send an e-mail to the data controller.
Source: Attorney Dr. Marc Maisch, Neuhauser Str. 15, 80331 Munich, Germany, Tel.: 089 265675 – www.socialmediaanwalt.com www.datenklau-hilfe.de www.gesunder-datenschutz.de
Status: June 2021