Privacy Policy
We take the protection of personal data very seriously. This Privacy Policy explains how we handle personal data in accordance with the General Data Protection Regulation (GDPR) and the German Telecommunications-Telemedia Data Protection Act (TDDDG).
The controller for data processing on this website is:
PURA VIDA Communications GmbH
Scheurenstr. 5
40215 Düsseldorf
Germany
Email: barbara@puravida-communications.com
No data protection officer appointed
1. Access Data and Hosting
Our website is hosted by Duda Inc., 577 College Ave, Palo Alto, CA 94306, USA, acting as our data processor under a Data Processing Agreement (DPA). Transfers to the USA are safeguarded by EU Standard Contractual Clauses (Art. 46 GDPR).
Logfiles: Each visit generates server logfiles (IP address, date, time, browser, pages viewed). Processing is based on Art. 6(1)(f) GDPR to ensure website functionality and security. Logfiles are deleted after [e.g. 14 days].
2. Cookies and Consent Management
Essential Cookies: Used to enable technical functionality (Art. 6(1)(f) GDPR, §25(2) TDDDG).
Non-Essential Cookies (e.g. Analytics): Set only with consent (Art. 6(1)(a) GDPR).
Consent is managed via Duda’s integrated Consent Management Platform (CMP). Your decision (IP address, timestamp, browser, consent status) is stored for 365 days. Consent can be withdrawn at any time via the cookie banner or by contacting us.
3. Analytics
We use Google Analytics 4 (Google Ireland Ltd., Gordon House, Dublin, Ireland) to analyze website use:
IP anonymisation is enabled.
Data processing only occurs after consent (Art. 6(1)(a) GDPR).
Retention period: [e.g. 14 months].
Data may be transferred to Google LLC, USA, under SCCs.
You may withdraw consent at any time via the cookie banner.
4. Contact and Communication
When contacting us (via e-mail or form), personal data (name, e-mail, message) is processed to respond to your request (Art. 6(1)(b) GDPR). Data is deleted within 6 months after final reply unless statutory retention applies.
5. Recipients / Third-Party Access
Hosting & CDN: Duda Inc. (USA, SCCs)
Analytics: Google Ireland/Google LLC (USA, SCCs)
E-Mail provider: [Name if applicable]
Consent Management: Duda CMP
6. Social Media
We maintain external pages on LinkedIn and XING. When you visit these pages, the respective providers collect and process personal data under their privacy policies. We are joint controllers for page insights with LinkedIn/XING in accordance with Art. 26 GDPR.
7. Data Retention
Personal data is stored only as long as necessary for the stated purposes or legal obligations (e.g. commercial/tax retention up to 10 years).
8. Your Rights
You have the following rights under GDPR:
Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17)
Restriction (Art. 18), Data Portability (Art. 20)
Object (Art. 21), Withdraw Consent (Art. 7(3))
Lodge a complaint with a supervisory authority (Art. 77 GDPR)
Supervisory authority:
Landesbeauftragte für Datenschutz NRW, Kavalleriestr. 2–4, 40213 Düsseldorf
9. Data Security
We apply appropriate technical and organizational measures (TOMs) such as SSL encryption, restricted access, and regular updates to protect data.
10. Children
Our website is not intended for children under 16. We do not knowingly collect such data. If we become aware of it, we will delete it immediately.
11. Automated Decision-Making
We do not use automated decision-making, including profiling, under Art. 22 GDPR.
12. Updates
We may update this Privacy Policy in line with legal or technical changes. The most current version will always be available on this page.