Privacy Declaration

Preamble

The following privacy policy informs you about the nature, scope, and purposes of the processing of your personal data (hereinafter referred to as "data"). This privacy policy applies to all data processing operations carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, and within external online presences such as our social media profiles (collectively referred to as the "online offering").

The terminology used is not gender-specific.

As of: July 25, 2025

Table of Contents

  1. Preamble

  2. Controller

  3. Overview of Data Processing

  4. Relevant Legal Bases

  5. Security Measures

  6. Transfer of Personal Data

  7. International Data Transfers

  8. General Information on Storage and Deletion

  9. Business Services

  10. Provision of the Online Offering and Web Hosting

  11. Use of Cookies

  12. Registration, Login, and User Accounts

  13. Community Features

  14. Blogs and Publication Media

  15. Contact and Inquiry Management

  16. Newsletters and Electronic Notifications

  17. Promotional Communication via Email, Mail, Fax, or Telephone

  18. Web Analytics, Monitoring, and Optimization

  19. Social Media Presence

  20. Amendments and Updates

Controller Mia Tasci
Gertrud-Meyer-Str. 5
22335 Hamburg, Germany
Email: mia@miayu.de
Legal Disclosure: www.miayu.de/legal

Overview of Data Processing

The following overview summarizes the types of data processed, the purposes of their processing, and the data subjects concerned.

Types of Processed Data

  • Inventory data

  • Payment data

  • Contact data

  • Content data

  • Contract data

  • Usage data

  • Meta, communication, and procedural data

  • Log data

Categories of Data Subjects

  • Service recipients and clients

  • Interested parties

  • Communication partners

  • Users

  • Business and contractual partners

  • Educational and course participants

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations

  • Communication

  • Security measures

  • Direct marketing

  • Reach measurement

  • Office and organizational procedures

  • Conversion measurement

  • Organizational and administrative procedures

  • Server monitoring and error detection

  • Feedback

  • Marketing

  • User profile creation

  • Provision of our online offering and user-friendliness

  • IT infrastructure

  • Public relations

  • Sales promotion

  • Business processes and economic procedures

Relevant Legal Bases

Under the GDPR:

  • Consent (Art. 6 para. 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.

  • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR) – Processing is necessary for the performance of a contract or for pre-contractual measures.

  • Legal obligation (Art. 6 para. 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation.

  • Legitimate interests (Art. 6 para. 1 lit. f GDPR) – Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party.

National data protection regulations in Germany: In addition to the GDPR, national regulations such as the German Federal Data Protection Act (BDSG) apply, covering rights of access, deletion, objections, and specific conditions for processing special categories of data.

Note on the applicability of the GDPR and Swiss FADP: This privacy notice serves to comply with both the GDPR and the Swiss Federal Act on Data Protection (FADP). Terminology from the GDPR is used for broader clarity.

Security Measures We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including access controls, data separation, and regular procedures for rights management and incident handling.

Transfer of Personal Data Personal data may be disclosed to other entities for processing (e.g. IT service providers), in compliance with legal requirements and data processing agreements where necessary.

International Data Transfers If data is transferred outside the EU/EEA, we ensure appropriate safeguards such as the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs) to ensure lawful data protection.

General Information on Storage and Deletion Data is deleted when it is no longer needed or upon withdrawal of consent unless retention is required by law (e.g. tax records).

Business Services Data of business partners, clients, and students is processed for the performance of contracts and communication. This may include payment, contact, usage, and contract data.

Provision of the Online Offering and Web Hosting We process IP addresses and other metadata to deliver our website content. Hosting is provided by external providers such as Squarespace (Squarespace Ireland Ltd.) and CDN services such as Fastly and Instart.

Use of Cookies We use cookies for functionality, security, analytics, and marketing. Consent is obtained where required. Cookies may be session-based or persistent, and users may revoke consent at any time.

Registration, Login, and User Accounts User accounts involve processing login data and metadata to protect against misuse. Users may be informed of technical or content-related updates via email.

Community Features We offer public community features that allow user interaction. Posts may be publicly visible and are subject to moderation and deletion for legal compliance.

Blogs and Publication Media User comments and content in blogs may be stored for legal protection, spam prevention, and analytics.

Contact and Inquiry Management When users contact us, their submitted data is processed solely for response and communication purposes.

Newsletters and Electronic Notifications Newsletters are sent based on user consent and may include tracking for open and click rates. Consent may be revoked at any time.

Promotional Communication via Email, Mail, Fax, or Telephone Data may be used for promotional contact as permitted by law. Users may object at any time. Data related to opt-outs is retained for up to three years.

Web Analytics, Monitoring and Optimization We use tools to analyze website usage, track performance, and optimize content (e.g., IP masking, A/B testing). These are used based on consent or legitimate interests.

Social Media Presence We maintain social profiles (e.g. Instagram, YouTube). Data processing by social networks may occur outside the EU. We refer to their privacy policies for further details.

Amendments and Updates We reserve the right to update this privacy policy as our services evolve. Significant changes requiring user consent will be communicated accordingly.

Created using the free privacy policy generator from Dr. Thomas Schwenke – https://datenschutz-generator.de