(01) Name and contact details of the person responsible
The responsible party within the meaning of Art. 4 EU-DSGVO for the processing of personal data is:
Alina Uhlitz - MIADANA
At the Gelskamp 14
(02) What data is collected?
Server log files
We collect data, so-called server log files, about every access to the server on which the MIADANA website and the MIADANA online store are located. This access data includes, for example, the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
The legal basis for the data processing is Art. 6 para. 1 lit. f) EU-DSGVO.
If you contact us using the e-mail address provided on our website, we will process the personal data you provide - e-mail address as well as any additional contact information and your name - for the purpose of responding to your inquiry.
The legal basis for the data processing is Art. 6 para. 1 lit. b) and Art. 6 para. 1 lit. f) EU-DSGVO.
We offer a regular newsletter, for the receipt of which it is necessary to provide your e-mail address. Before the newsletter is sent, you must explicitly confirm that you would like to receive our newsletter as part of the so-called double opt-in procedure. Subsequently, you will receive a confirmation and authorization e-mail with a link. When you click on this link, you confirm that you would like to receive the newsletter. This registration is logged in order to be able to legally prove the registration process.
You can unsubscribe from the newsletter at any time. The corresponding link can be found in every newsletter sent. Alternatively, you can revoke your consent by contacting us at firstname.lastname@example.org.
The legal basis for the data processing is Art. 6 para. 1 lit. a) EU-DSGVO.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general, for example in the case of cookies from third-party providers. If you do not accept cookies, the functionality of our website may be limited.
The legal basis for data processing is Art. 6 para. 1 lit. f) EU-DSGVO.
(03) For what purposes is the data used?
Personal data is only collected, stored and processed to the extent necessary for the provision of the service, the execution of the contract or to respond to the inquiry.
We process your personal data only in strict compliance with data protection regulations. In particular, corresponding data will only be processed if a legal permission exists.
Server log files
We process the aforementioned data in order to establish a connection to our website. The processing is necessary to ensure the security and stability of the system.
We use the log data only for statistical analysis, for the purpose of business operations, security of the service and optimization of the offer.
We reserve the right to check the log data retrospectively if, based on concrete indications, there is a suspicion of illegal use of the service provided.
The processing of your e-mail address is essential in order to be able to answer your request. If additional data is processed, such as name, address or similar, the processing serves to individualize the respective user and thus to be able to respond to his request in the best possible way.
The purpose of the newsletter is to inform you about our offers and current developments. The collection of the e-mail address is used to send you the newsletter.
(04) Is data passed on to third parties and if so, which ones?
In principle, the data you provide will not be made available to third parties. In individual cases, however, it may be necessary to pass on your personal data to companies entrusted by us with the provision of individual services in order to execute the contract. The third parties, in turn, are obliged to comply with the statutory provisions when handling and processing this data.
We pass on your payment data to the commissioned credit institution in the course of payment processing.
When paying by credit card via PayPal or by direct debit via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, as part of the payment processing. You can find more information about the data protection of PayPal (Europe) S.à.r.l. et Cie, S.C.A. here.
When paying via the SumUp payment service, the data is passed on to SumUp Payments Limited, 32 - 34 Great Marlborough St, W1F 7JB, London, United Kingdom. You can find more information about SumUp's data protection here.
A transfer to authorities and government institutions entitled to receive information will only take place within the scope of the legal obligations to provide information and in the event of a court decision obligating us to do so. In these cases, we may provide the information, for example, for the assertion, exercise and defense of legal claims, enforcement of existing contracts, in the context of allegations of fraud, security measures or generally legally applicable regulations.
Personal data will not be disclosed outside the scope described here without express consent.
Under no circumstances will we sell or rent personal data to third parties.
(05) How long will the data be stored?
Your data will be stored for as long as it is required to fulfill the above-mentioned purposes. As soon as this is no longer the case, e.g. after complete execution of the contract, they will be deleted or blocked if required by commercial or tax retention obligations. From the point in time when legal storage obligations no longer conflict with this, the data will be deleted, unless you have expressly consented to further use.
Server log files are stored on the server for 30 days.
(06) Your rights as a data subject
As a person affected by the processing of personal data, you are entitled to the rights listed below. These rights are derived from the provisions of the Data Protection Regulation and are reproduced here in a partially simplified form.
Right to information
Pursuant to Art. 15 EU-DSGVO, you have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have a right to information about this personal data and the information specified in Art. 15 (1) Hs. 2 EU-DSGVO. This includes in particular the purpose of the processing, the categories of data processed, the recipients to whom data have been or will be disclosed, as far as possible the planned duration of storage or the criteria for the duration of storage.
Right to rectification
Pursuant to Art. 16 EU-DSGVO, you have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed - also by means of a supplementary statement
Right to erasure
Pursuant to Art. 17 EU-DSGVO, you have the right to demand that we delete personal data concerning you without undue delay. We are obliged to delete personal data without undue delay if one of the reasons listed in Art. 17 (1) EU-DSGVO applies. These reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.
Right to restriction of processing
According to Art. 18 EU-DSGVO, you have the right to demand that we restrict processing if one of the conditions listed in Art. 18 EU-DSGVO applies. This includes, for example, that you dispute the accuracy of the personal data. Then we may only process the data in a restricted manner for as long as it takes to verify the accuracy of the personal data.
Right to data portability
Pursuant to Art. 20 EU-DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another controller, i.e. another entity that processes data, without hindrance, provided that the original processing was based on consent or was necessary for the performance of a contract.
Right to object
Pursuant to Art. 21 EU-DSGVO, you have the right to object at any time to the processing of personal data relating to you if such data is processed on the basis of Art. 6(1)(e) or (f) EU-DSGVO and there are grounds for doing so based on your personal situation. You may object to the processing of data for the purpose of direct marketing at any time. Personal data will then no longer be processed for this purpose. The right to object can be exercised by means of an informal declaration. A written declaration sent by mail to the above postal address or, optionally, an e-mail to email@example.com is sufficient.
Right to revoke the declaration of consent
In accordance with Art. 7 (3) EU-DSGVO, you have the right to revoke your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected. The right of revocation can be exercised by an informal declaration. A written declaration sent by mail to the above postal address or, optionally, an e-mail to firstname.lastname@example.org is sufficient.
Automated decision in individual cases including profiling
Pursuant to Art. 22 EU-DSGVO, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Article 22 (1) of the EU GDPR provides for exceptions to this, although Article 22 (4) of the EU GDPR in turn provides for partial backdated exceptions.
Right to complain to a supervisory authority
Pursuant to Art. 77 EU-DSGVO, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data relating to you infringes this Regulation.
In the present case, the competent supervisory authority is:
The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
40213 Düsseldorf10969 Berlin
Telephone: 0211 38424 - 0
(07) Third party services
We use the following third-party services:
It is possible that the headquarters of a third-party provider is located in a third country, i.e., a country in which the GDPR does not have direct legal effect. In this case, data will only be transferred if your consent is given, an adequate level of data protection prevails, or other legal permission exists.
Google, Facebook/Instagram, Twitter, LinkedIn and MailChimp operate under the Privacy Shield agreement (EU-US Privacy Shield), which means that the requirements of the Privacy Shield agreement are equivalent to the level of data protection in the European Union and that the data is treated accordingly.
The purpose of the data processing is usually user-specific advertising, i.e., individualized advertising can be placed that corresponds to the presumed interests of the user or results from the user's previous usage behavior. For this purpose, cookies are stored on the end devices of the users. These cookies can store usage behavior and thus map areas of interest.
We would like to make it clear that in the event of requests for information and/or the assertion of other data subject rights, users should contact the respective third-party providers directly. These have inspection and access rights to the user data stored and processed there and can provide information and/or take measures accordingly. If you contact us directly, we will try to support your request as best we can. However, since we have no insight into or access to the data stored by third-party providers, our options for action are limited.
// 1. // Facebook, Instagram
We have integrated plugins of the social networks and services Facebook and Instagram on our MIADANA website and the MIADANA online store.
To ensure your maximum protection and to comply with the principle of data minimization, we use the 2-click method. Thus, the direct contact between the social network and you is only established when you actively click on the corresponding button. Unless the social network button is clicked, no data is collected, no activity is logged, and no surfing profile is created.
If the button is clicked, the respective service provider receives the information that you have accessed our website. This does not require a user account with the respective service, nor do you have to be logged in if you have a user account. If, however, you have a user account with the service provider and are logged in, this data is directly assigned to the account. This can be prevented by logging out of your user account of the corresponding service before clicking the button.
We have no way of influencing whether, to what extent, for what purpose and for how long the service providers and social networks collect personal data.
Further information on the handling of user data can be found here:
// 2. // MailChimp
Our email newsletter is sent via the service provider MailChimp. MailChimp offers statistical evaluation options for usage data, although the evaluation is generally group-related and not individual. The usage data generated by MailChimp is generally not evaluated individually. As far as possible, tracking offered by MailChimp is turned off. However, if you call up, for example, a newsletter for correct display via the link provided in the e-mail in a browser, the analysis tool Google Analytics is used on the website then displayed. Only MailChimp has access to the data generated by this. However, you can prevent tracking by Google Analytics by using certain browser plug-ins.
The data protection provisions can be viewed here.
(08) Technical and organizational measures
We take technical and organizational measures to ensure that the security and protection requirements of the EU-DSGVO are met and that personal data is protected against loss, destruction, manipulation or access by unauthorized persons. The measures are adapted to the current state of the art in each case.
(09) Changes to the data protection declaration
Status March 2020