Privacy Policy

Introduction

The protection of your personal data is important to us. It is a crucial part of our development and sales activities. With the following privacy policy, we would like to inform you about the types of personal data (hereinafter referred to as “data”) we process for what purposes and to what extent.

Name: Marcus Jacobi
Company Name: Kavala Online
Address: Posidonos 28, 65302 Kavala, Greece
Email: info@kavala-online.com
Data Protection Officer: Marcus Jacobi

Processing overview

Below you will first find an overview of the types of data processed and the persons affected by the processing.

Types of data processed

We divide the processed data into the following types:

1. Usage data: This includes in particular websites visited and content interests.
2. Metadata: This refers to the data generated during the communication process, such as IP addresses, browser identification and device information.
3. Content data: This refers to the data that is made available when using our services (texts, images, forms).
4. Contact details: This includes email addresses, telephone numbers and postal addresses.

Categories of data subjects

We divide the persons affected by data processing into the following categories:

1. Users: visitors to our websites and online services.
2. Interested parties: People who are interested in our services and contact us about them.
3. Communication partners: people who communicate with us.

Purposes for which the processing is carried out

In general, personal data is processed for the following purposes:

1. Contact requests and communication : processing contact requests etc.
2. Provision of our online offering : We process data in order to be able to provide our online offering at all.
3. Collecting feedback : Requesting and evaluating feedback on services and performance.
4. Security measures : Measures to protect our technical infrastructure

Overview and explanation of the legal basis

Below we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. In addition to the provisions of the GDPR, national regulations of the country of residence or domicile of the respective user may apply.

1. Legitimate interests (Article 6 (1) sentence 1 lit. f GDPR): Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail.
2. Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b. GDPR): The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
3. Legal obligation (Article 6 (1) sentence 1 lit. c. GDPR): The processing is necessary to fulfill a legal obligation to which the controller is subject.
4. Protection of vital interests (Article 6 (1) sentence 1 lit. d. GDPR): Processing is necessary to protect the vital interests of the data subject or of another natural person.
5. Consent (if requested) (Article 6 (1) sentence 1 lit. a GDPR): The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
6. Storage of information in the end user’s terminal equipment with their consent (Section 25 Paragraph 1 Clause 1 TTDSG): We use storage areas of the terminal equipment of our users for certain functions with their express and informed consent.
7. Storage of information in the end user’s terminal equipment due to necessity (Section 25 Paragraph 2 No. 2 TTDSG): Unless we have asked you for permission when visiting our website or using individual functions, we use the memory of your terminal device for the technical presentation and delivery of our telemedia service if this is technically absolutely necessary.
8. Processing for the purposes of public interest (Article 6 (1) (e) GDPR): Where processing is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.

Safety measures

In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, Art. 32 GDPR. The security measures we have taken include in particular the following.

• Secure Sockets Layer | Transport Layer Security (SSL) : We use SSL/TLS to encrypt the transmission of data between our visitors’ devices and our server. This significantly reduces the risk of unauthorized access to the transmitted data.

Transmission and disclosure of personal data to third parties

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that data is disclosed to them. The recipients of this data may include in particular:

• IT service providers : These include service providers for the provision of hosting, mail services and server technology

In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to adequately protect the data. We select third parties to whom we disclose data carefully and conscientiously. To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply to the relationship between the users and the providers.

Data processing in third countries

If we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or if the processing is carried out by third parties outside this area, this processing will only take place in accordance with the applicable legal provisions. Subject to the express consent of the data subject or legally required transfers, we only process or have data processed in third countries with an appropriate level of protection. This includes in particular countries that process on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).

General information on deletion of data

The data we process is deleted in accordance with legal requirements as soon as the consent to its processing has been revoked or other permissions (e.g. legitimate interests, legal obligations, etc.) no longer apply. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Further information on the deletion of personal data can be found under the individual points of this data protection declaration.

---

special part

Use of cookies

A “cookie” is a small text file that is stored on our visitor’s computer at the request of our systems and if the browser settings allow it. This has a key and a value and is used to identify the end device beyond a request-response cycle (perpetuation of the session). The key and value of the cookie are processed by the system that placed it with each request. Below you will find a list of the cookies we use and the associated information.

Technically necessary cookies

We transmit the request to set the following cookies to our visitors’ systems when they first access a page.

Name | Domain	User | Party	Explanation | Details	Retention period
cookieyes-consent | kavala-online.com		None	364T, 23H
wordpress_test_cookie |  kavala-online.com	The local person responsible	This cookie is set by our framework to test whether cookies can be set.	End of Session

If you do not agree to the use of the cookies mentioned above, you can configure your browser to refuse their installation. This may result in our website no longer functioning properly.

Types of data processed: Usage data, meta and communication data .
Affected persons: Users of our website.
Legal basis: The use of these cookies is absolutely necessary for the operation of the website and is based on our legitimate interest in the effective delivery of our online offer, Art. 6 Para. 1 S.1 lit. f GDPR and Section 25 Para. 2 No. 2 TTDSG.

Used memory areas of the end device

We use storage areas of the end user’s device that the browser makes available to us (sessionStorage, localStorage).

None

Data processing by external service providers and processors

ALL-INKL.COM – New Media Muennich

Information and description

We use services from all.ink.com to securely host our services. This includes in particular web hosting and related services, such as the operation of email services.

function

Server and network infrastructure

We use the services of a specialized and reputable company to operate and maintain our server and network infrastructure (data centers).

Data processed: usage data, metadata, content data, contact data, contract data

Affected persons: Users

Legal basis for processing: Legitimate interests

Legitimate interests:

• Freedom from maintenance: Our legitimate interest in using technology that requires little or no maintenance. This also ensures a consistently high level of security for the services.
• High availability: Our legitimate interest in using a highly available service.

Provider information

ALL-INKL.COM – Neue Medien Münnich ; Hauptstraße 68, 02742 Neusalza-Spremberg, https://all-inkl.com/datenschutzinformationen/

---

CookieYes Limited

CookieYes

Information and description

In order to obtain and document consent to the use of third-party content or cookies for advertising purposes or to measure performance on our website, we need a consent tool (consent management). For this purpose, we use the “CookieYes” tool.

When used, your IP address can be passed on to the operator of CookieYes in masked form as a pseudonym so that your consent (or rejection) is documented in a comprehensible manner for us.

We have concluded a data processing agreement with CookieYes within the meaning of Art. 28 GDPR.

Data processed: Usage data, metadata

Affected persons: Users

Legal basis for processing: Legitimate interests

Legitimate interests:

• Enabling the operation of a website: The processing is based on our legitimate interest in being able to maintain a website at all.;
• Security: Our legitimate interest in protecting our offerings from unauthorized and malicious access.;
• Logging: Our legitimate interest in logging the user’s consent for verification purposes.

Provider information

CookieYes Limited; Warren Yard Warren Park, Wolverton Mill Milton Keynes, MK12 5NW United Kingdom, https://www.cookieyes.com/privacy-policy/

This provider may process data outside the scope of the European Union.
company number 13074037 VAT number GB381305513.

---

Rights of the data subjects

The persons concerned have rights, about which we will inform you below.

• Right to object (Article 21 GDPR): You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
• Right to information (Art. 15 GDPR): You have the right to request confirmation as to whether data concerning you is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification (Article 16 GDPR): In accordance with the statutory requirements, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be rectified.
• Right to erasure and restriction of processing (Art. 17, 18 GDPR): You have the right, in accordance with the statutory requirements, to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory requirements.
• Right to data portability (Article 20 GDPR): You have the right to receive the data concerning you that you have made available to us in a structured, common and machine-readable format in accordance with the statutory requirements or to request that it be transmitted to another controller.
• Complaint to the supervisory authority (Article 77 GDPR): You also have the right, in accordance with the statutory provisions, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
• Right to withdraw consent (Article 7 (3) GDPR): You have the right to withdraw consent you have given to the controller at any time.

glossary

Below you will find a list with explanations of the most commonly used terms in this context.

Personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR).

processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or linking, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).

Responsible

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be provided for by Union or Member State law (cf. Art. 4 No. 7 GDPR).