Privacy Policy

1. Subject of this Privacy Policy
   The protection of your personal data (hereinafter referred to as “data”) is a major and very important concern for us. In the following, we would like to inform you in detail about which data we collect and how it is processed or used by us, as well as the accompanying protective measures we have taken in both technical and organizational terms.
   
2. Name and Contact Details of the Controller / Service Provider
   The controller according to Art. 4 No. 7 GDPR and other national data protection laws of the member states as well as other data protection regulations, and at the same time the service provider within the meaning of the Digital Services Act (DSA), is:

Milkana Mladenova, Landscape Architect AKNW
Address: upon request
Phone: 0211/15207382
Email: info@milkanasdecorum.com/site/preview/site/site/site/site

3. Contact Details of the Data Protection Officer
   You can reach our Data Protection Officer at info@milkanasdecorum.com/site/preview/site/site/site/site.
   
4. Purposes and Legal Basis for Processing Your Data and Storage Duration
   All personal data that we collect from you will only be collected, processed, and used for the stated purpose. In doing so, we ensure that this only happens within the framework of the applicable legal regulations or otherwise only with your consent.
   The scope and type of processing of your data differ depending on whether you visit our website only to retrieve information or to make use of the services we offer:

a) Internet Use
For purely informational use of our website, we only collect and use the data that your internet browser automatically transmits to us. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until automated deletion:

• Date and time of access to one of our web pages
• Your browser type
• The browser settings
• The operating system used
• The last page you visited
• The amount of data transferred and the access status (file transferred, file not found, etc.) as well as
• Your IP address.
  We collect and process this data for the purpose of enabling the use of the web pages you have called up and to improve our website. Furthermore, we process the data for the purposes of ensuring system security and stability, including the defense against and analysis of attacks on our website, as well as for other administrative purposes.

We do not store the IP address. Your IP address is stored by Hostinger: further information can be found here: https://www.hostinger.com/de/legal/datenschutz-bestimmungen
In the event of a security-related incident, server log files are stored until the security-related incident has been resolved and fully clarified. Any evaluation for statistical purposes takes place in anonymized form at most. This data is not merged with other data sources.
The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR. The legitimate interest arises from the purposes listed.

b) Use of Offers or Data Use for Task Fulfillment
If you wish to make use of services offered by us, it is necessary for you to provide us with the personal data required for this purpose. This refers to the data necessary for the respective processing and handling of your request. You may provide further information voluntarily; these are marked by us as optional.
The processing of your data is carried out for the purpose of processing your request and providing the services you require. The legal basis for data processing is Art. 6 Para. 1 lit. b GDPR, insofar as it concerns the initiation and, if applicable, execution of a contract. Otherwise, the legal basis is Art. 6 Para. 1 lit. f GDPR; our legitimate interest lies in answering and processing your request, for which the stored data is necessary. Your data is generally deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e., your request has been processed or the service you requested has been fully provided. Beyond this, storage only takes place insofar as this is necessary to comply with legal obligations, in particular retention obligations (e.g., from tax law such as according to § 147 AO) according to Art. 6 Para. 1 lit. c GDPR or for the assertion, exercise, and defense of possible legal claims in connection with our services within the applicable limitation periods (e.g., according to §§ 195 ff. BGB) or if you have given us your consent according to Art. 6 Para. 1 lit. a, Art. 7 GDPR for this purpose.

c) Processing for Advertising and Marketing Purposes
In addition to processing the services you request, we naturally offer – only if you have explicitly consented to this in a separate place – a website tailored to your interests as well as the possibility that we occasionally send you interesting news from our company and information on current topics, projects, or events by post or email (in the form of our newsletter). Furthermore, we process your personal data for market research purposes, provided you have given your consent for this in a separate place. For these purposes, it is necessary for us to combine your accumulated and provided data into usage profiles and evaluate these for the aforementioned purposes. Such a combination and evaluation of your data takes place exclusively for the aforementioned purposes and only to the extent permitted by your consent.

The legal basis for processing based on your consent is Art. 6 Para. 1 lit. a GDPR. You have the right to revoke your data protection consent declaration at any time for the future. To do so, you can either send us an informal email to info@milkanasdecorum.com/site/preview/site/site/site/site. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Your data will be deleted as soon as it is no longer required to achieve the aforementioned purposes or you have revoked your consent.

5. Recipients of the Data
   a) General
   Your data may be passed on to service providers supporting us for the aforementioned purpose, whom we have naturally selected carefully and obligated to comply with data protection law. These may be, in particular, technical service providers or shipping service providers (e.g., lettershop, etc.). Furthermore, your data will only be passed on to other third parties if (1) this is necessary to fulfill a legal obligation according to Art. 6 Para. 1 lit. c GDPR, (2) we have received your explicit consent according to Art. 6 Para. 1 lit. a GDPR (e.g., transmission to providers of communication, tracking, and web analysis tools that process the data on our behalf for the purpose of user analysis and statistical evaluation), (3) the transfer is necessary to safeguard our legitimate interests or the legitimate interests of a third party and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, or (4) the transfer is legally permissible and necessary for the processing of contractual relationships with you.

b) Data Transfer to Third Countries
Service providers who process personal data on our behalf outside the European Union (so-called third countries) will only be used without your consent according to Art. 49 Para. 1 lit. a GDPR if an adequacy decision by the European Commission or suitable guarantees exist for this third country at the recipient. If you consent to the transfer of your personal data to third countries, we will transmit your data in connection with the following services without suitable data protection guarantees to the following third countries:

Information here: https://www.hostinger.com/de/legal/datenschutz-bestimmungen

The transfer of personal data to third countries that do not offer an adequate level of data protection carries the risk that the data may be processed for third-party purposes without your knowledge and that protection of the data against access by third parties may not be guaranteed.

6. Use of Cookies
   Our website does not use cookies.

7. Data Security
   We have taken technical and organizational security measures to protect personal data occurring or collected on our website, in particular against accidental or intentional manipulation, loss, destruction, or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.
   Insofar as we provide you with various online forms and services with which you can send personal data to us, these forms are protected against inspection by third parties through the use of TLS encryption. Depending on the service, you may also be asked for various entries for identification or to prevent misuse:
   a) For identification when delivering data, the entry of a user-defined ID or other suitable authentication may be required. The data is protected against access by third parties via SFTP or HTTPS, provided the user uses the data transmission methods recommended by us.
   b) To prevent use by machines, so-called CAPTCHAS can be used, which contain images or tasks that cannot be processed by computer scripts.
   
8. Rights of Data Subjects
   Under applicable laws, you have various rights in connection with the processing of your personal data. If you wish to assert these rights, please send your request by email or by post, clearly identifying yourself, to the email or postal address mentioned in section 2 of these data protection notices. Below is an overview of your rights:
   a) Right to Information
   You have the right at any time to obtain information from us as to whether personal data concerning you is being processed. If this is the case, you have the right to request information from us about the personal data stored about you and the information listed in Art. 15 Para. 1 and 2 GDPR in connection with the processing of your data. Within the scope of your right to information, you have the right to request a copy of your personal data under the conditions of Art. 15 Para. 3 GDPR. The first copy is free of charge for you; for further copies, a reasonable fee may be charged. The provision of a copy is subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy according to Art. 15 Para. 4 GDPR. Furthermore, the restrictions on your right to information according to § 34 BDSG must be observed.

b) Right to Rectification
According to Art. 16 GDPR, you can immediately request the rectification of incorrect or completion of your personal data stored by us.

c) Right to Erasure (“Right to be Forgotten”)
Under the conditions of Art. 17 GDPR, you have the right to demand that we delete personal data concerning you without delay. You are entitled to a right to erasure according to Art. 17 Para. 1 GDPR, among other things, if

• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
• you have revoked your consent on which we based the processing according to Art. 6 Para. 1 lit. a GDPR and there is no other legal basis for the processing,
• you have lodged an objection to the processing according to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or if you have
  lodged an objection to the processing for direct marketing purposes according to Art. 21 Para. 2 GDPR,
• your personal data has been processed unlawfully.
  The right to erasure is subject to certain restrictions according to Art. 17 Para. 3 GDPR, § 35 BDSG. Accordingly, the right to erasure does not exist, among other things, insofar as the processing is necessary for the assertion, exercise, or defense of legal claims or for the fulfillment of a legal obligation that requires processing under the law of the Union or the Member States to which the controller is subject.

d) Right to Restriction of Processing
Under the conditions of Art. 18 Para. 1 GDPR, you have the right to demand that we restrict processing. If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

e) Right to Data Portability
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us. In exercising your right to data portability, you have the right to demand that we transmit your personal data directly to another controller, insofar as this is technically feasible. The right to data portability is subject to the restrictions of Art. 20 Para. 3 and 4 GDPR.

f) Revocation of Consent
According to Art. 7 Para. 3 GDPR, you are entitled to revoke your consent once given to us at any time. This also applies to data protection consents that you gave us before the GDPR came into effect. The revocation means that we may no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

g) Right to Object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 Para. 1 lit. e or lit. f GDPR. We will then no longer process this data unless
we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (Art. 21 GDPR).
If your personal data is processed by us for direct marketing purposes, you have the unrestricted right to object at any time to the processing of personal data concerning you for such purposes; this also applies to profiling insofar as it is associated with such direct marketing. Profiling means the use of personal data to analyze or predict certain personal aspects (e.g., interests).

9. Changes to this Privacy Policy
   This Privacy Policy is currently valid.
   Due to the further development of our website and offers through it or due to changed legal or official requirements, it may become necessary to change this Privacy Policy. The current Privacy Policy can be accessed and printed out by you here at any time.
   
10. Right to Lodge a Complaint with a Supervisory Authority
    Regardless of other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you by us violates the GDPR, Art. 77 GDPR. You can assert this right with a supervisory authority in the Member State of your place of residence, your place of work, or the place of the alleged violation. The contact details of the supervisory authorities in Germany can be found
    at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
    Please note that for architectural firms, the “supervisory authorities for the non-public sector” are relevant.