Privacy

Legal Notice & Privacy Policy

Information according to § 5 TMG (German Telemedia Act)

Nikolas Artadi Cogorno
Oberseestr. 103
13053 Berlin
Germany

Email: privacy@artadini.eu
VAT ID: 32/459/01390

Responsible for content according to § 55 para. 2 RStV:
Nikolas Artadi Cogorno, Oberseestr. 103, 13053 Berlin, Germany

Privacy Policy

Last updated: 23.08.2025

1. Data Controller & Contact

Data Controller:
Nikolas Artadi Cogorno
Oberseestr. 103
13053 Berlin
Germany

Privacy Contact: privacy@artadini.eu
Response Time: We respond to privacy inquiries within 72 hours

2. Data Collection Overview

a) Automatically Collected Data (Server Logs)

When you visit our website, our hosting provider (Netlify) automatically logs:

  • IP address (anonymized after 30 days)
  • Date and time of access
  • Browser type and version
  • Operating system and device type
  • Referrer URL and pages visited
  • HTTP response codes and data transfer volume

Purpose: Security monitoring, performance optimization, legal compliance
Legal Basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR)
Storage: 30 days, then anonymized

b) Voluntarily Provided Data

We collect personal data only when you:

  • Submit contact forms
  • Schedule appointments
  • Subscribe to communications
  • Engage in business correspondence

Data Types: Name, email address, phone number, company information, project details
Purpose: Communication, service delivery, contract fulfillment
Legal Basis: Contract performance (Art. 6 para. 1 lit. b GDPR) or consent (Art. 6 para. 1 lit. a GDPR)

3. Third-Party Services & Data Processors

a) Web Analytics & CRM — HubSpot

  • Service: HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA
  • Purpose: Web analytics, visitor tracking, contact management, email automation

Data Collected:

  • Page views, session duration, scroll behavior
  • Form submissions and conversion tracking
  • Contact information and interaction history
  • Marketing campaign performance data
  • Device fingerprinting and user identification

Tracking Methods:

  • First-party cookies (hubspotutk, messagesUtk)
  • Pixel tracking and form analytics
  • Cross-device tracking capabilities

Legal Basis: Your explicit consent (Art. 6 para. 1 lit. a GDPR)
Data Transfer: USA (EU-US Data Privacy Framework participant)
Cookie Duration: Up to 13 months for persistent cookies, session cookies expire on browser close
Opt-Out: Available through cookie consent manager or browser settings

b) Email Services & Document Storage — Proton

  • Service: Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland
  • Purpose: Secure business email, encrypted document storage, client communication

Data Processed:

  • Email addresses and contact lists
  • Message content and attachments
  • Business documents and project files
  • Communication metadata (timestamps, subject lines)

Security Features: End-to-end encryption, zero-access architecture
Legal Basis: Legitimate business interests (Art. 6 para. 1 lit. f GDPR), contract performance
Data Location: Switzerland (adequate level of protection under EU law)
Retention: Email data retained for business purposes, documents as needed for service delivery

c) Appointment Scheduling — Cal.com

  • Service: Cal.com Inc., 2261 Market Street, San Francisco, CA 94114, USA
  • Purpose: Meeting scheduling, calendar integration, appointment management

Data Collected:

  • Contact information (name, email, phone)
  • Meeting preferences and availability
  • Calendar integration data
  • Communication preferences and timezone

Features: GDPR-compliant data processing, SOC 2 Type II certified
Legal Basis: Contract performance (Art. 6 para. 1 lit. b GDPR)
Data Transfer: USA with appropriate safeguards
Data Control: You can modify or delete appointment data anytime

d) Team Communication — Slack

  • Service: Slack Technologies, LLC, 500 Howard Street, San Francisco, CA 94105, USA
  • Purpose: Client project communication, file sharing, workflow coordination

Data Processed:

  • Project communications and messages
  • Shared files and documents
  • User profiles and contact information
  • Workflow and collaboration data

Access: Limited to active project participants only
Legal Basis: Legitimate business interests (Art. 6 para. 1 lit. f GDPR) and consent
Data Transfer: USA under EU-US Data Privacy Framework
Retention: Project data retained during engagement plus 12 months for business records

e) Website Hosting — Netlify

  • Service: Netlify Inc., 2325 3rd Street, Suite 296, San Francisco, CA 94107, USA
  • Purpose: Website hosting, content delivery, performance optimization

Data Processed:

  • Server logs and access patterns
  • Performance metrics and error logs
  • Geographic location data (for CDN optimization)

Legal Basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR)
Data Transfer: Global CDN with data processing in USA and EU
Security: ISO 27001 certified infrastructure, SOC 2 compliance

4. Cookies & Tracking Technologies

Strictly Necessary Cookies:

  • Session management and security
  • Language preferences and accessibility settings
  • GDPR consent management
    Duration: Session-based, deleted when browser closes

Analytics & Performance Cookies:

  • Website traffic analysis (HubSpot Analytics)
  • User behavior tracking and heatmaps
  • Conversion and goal tracking
    Duration: Up to 13 months

Marketing & Communication Cookies:

  • Email campaign tracking
  • Social media integration
  • Personalized content delivery
    Duration: 60 days (Hugoplate default) or as specified by service

Consent Management:

  • Granular control through our cookie banner
  • Consent can be withdrawn anytime via footer link
  • Settings are remembered for 60 days

Browser Controls:

  • All cookies can be blocked through browser settings
  • Instructions available for major browsers
  • Some functionality may be limited without necessary cookies

Third-Party Opt-Outs:

  • HubSpot: Available through privacy settings
  • Industry-wide: Digital Advertising Alliance opt-out tools

5. Data Purposes & Legal Basis

Primary Purposes:

  • Service Delivery: Responding to inquiries, project execution, client communication
  • Business Operations: Contract management, invoicing, relationship management
  • Website Operations: Security, performance monitoring, technical improvements
  • Marketing: Newsletter distribution, service announcements (with consent)
  • Legal Compliance: Record keeping, regulatory requirements, dispute resolution

Legal Foundations:

  • Consent (Art. 6.1.a GDPR): Marketing communications, optional cookies
  • Contract (Art. 6.1.b GDPR): Service delivery, appointment scheduling
  • Legitimate Interest (Art. 6.1.f GDPR): Business operations, security, analytics
  • Legal Obligation (Art. 6.1.c GDPR): Tax records, regulatory compliance

6. Data Retention & Deletion

Automated Deletion Schedules:

  • Web server logs: 30 days
  • Marketing cookies: 60 days maximum
  • Email communications: 3 years for business records
  • Project documents: Duration of engagement + 2 years
  • Contact information: Until service relationship ends or deletion requested

Manual Retention for Legal Purposes:

  • Financial records: 10 years (German tax law)
  • Contract documents: 6 years minimum
  • Correspondence: 3 years for business purposes

7. International Data Transfers

Transfer Safeguards:

  • USA: EU-US Data Privacy Framework, Standard Contractual Clauses
  • Switzerland: EU adequacy decision
  • Other countries: Only with appropriate safeguards under GDPR Art. 44-49

Your Rights: You can object to international transfers; this may limit service availability

8. Your Comprehensive Rights (GDPR)

Access Rights (Art. 15):

  • Complete data inventory and processing details
  • Information about data sources and recipients
  • Copy of your personal data in portable format

Correction Rights (Art. 16):

  • Immediate correction of inaccurate data
  • Completion of incomplete records
  • Update preferences and contact information

Deletion Rights (Art. 17 - “Right to be Forgotten”):

  • Complete data deletion when no longer needed
  • Deletion of data processed unlawfully
  • Withdrawal of consent-based processing

Restriction Rights (Art. 18):

  • Temporary processing limitation during disputes
  • Alternative to deletion where legally required retention applies

Objection Rights (Art. 21):

  • Opt-out of marketing communications anytime
  • Object to legitimate interest-based processing
  • Stop automated decision-making or profiling

Data Portability (Art. 20):

  • Machine-readable export of your data
  • Direct transfer to another service provider where technically feasible

Complaint Rights:

  • File complaints with supervisory authorities
  • Seek judicial remedy for GDPR violations
  • Compensation for damages from non-compliance

Exercise Your Rights: Contact privacy@artadini.eu with clear identification and specific request

9. Data Security Measures

Technical Safeguards:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Multi-factor authentication, role-based permissions
  • Infrastructure: SOC 2 certified hosting, regular security audits
  • Backups: Encrypted, geographically distributed, regularly tested

Organizational Measures:

  • Staff Training: Regular privacy and security education
  • Incident Response: 72-hour breach notification procedures
  • Vendor Management: Due diligence on all data processors
  • Documentation: Complete records of processing activities

Monitoring & Updates:

  • Security Scanning: Continuous vulnerability assessment
  • Software Updates: Automatic security patches and updates
  • Privacy Reviews: Annual assessment of data handling practices

10. Special Situations

Business Transfers:
In case of merger, acquisition, or sale, your data may be transferred to new owners with equivalent privacy protections

Legal Disclosure:
We may disclose data when required by valid legal process, court orders, or regulatory investigations

Emergency Situations:
Data may be processed without consent to protect vital interests of individuals or public safety

11. Children’s Privacy

This website is intended for business purposes and not directed at children under 16. We do not knowingly collect data from minors without parental consent.

12. Updates to This Policy

  • Notification: Material changes will be communicated via email or website notice
  • Effective Date: Changes take effect 30 days after notification unless immediate compliance required
  • Version Control: Previous versions available upon request

Disclaimer

Content Accuracy: While we strive for accuracy, we cannot guarantee completeness or current relevance of all information
External Links: We are not responsible for privacy practices or content of linked external websites
Limitation of Liability: Our liability is limited to the extent permitted by German and EU law
Intellectual Property: All content is protected under German copyright law