🇩🇪 | 🇬🇧

 

Privacy Policy

As of April 3, 2026

Controller

Maria Fardieva Kaiser
Amor Fati Berlin
Straßmannstraße 36
10249 Berlin

Contact:
Email: info(at)amorfati-berlin.com

Overview of Data Processing

The following provides a summary of the types of data processed, the purposes of processing, and the categories of data subjects.

Types of Data Processed

  • Master data

  • Employee data

  • Payment information

  • Contact data

  • Content-related data

  • Contract-related data

  • Usage data

  • Meta, communication, and process data

  • Log data

Categories of Data Subjects

  • Customers and clients

  • Employees

  • Interested parties

  • Communication partners

  • Users

  • Business and contractual partners

  • Other third parties

  • Whistleblowers

Purposes of Processing

  • Fulfillment of contractual services and obligations

  • Communication

  • Implementation of security measures

  • Reach analysis

  • Office and organizational processes

  • Administrative processes

  • Use of firewalls

  • Obtaining feedback

  • Creation of user profiles

  • Provision and optimization of our online services

  • Operation of IT infrastructure

  • Protection of whistleblowers

  • Public relations

  • Execution of business and economic processes

Legal Bases for Processing

Legal bases under the GDPR:

The following legal bases apply to the processing of personal data. National data protection regulations may also apply.

  • Consent (Art. 6(1)(a) GDPR): Processing is based on consent given for specific purposes.

  • Contract performance and pre-contractual measures (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or to take steps prior to entering into a contract.

  • Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary to comply with legal obligations.

  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is carried out to protect legitimate interests, provided these are not overridden by the interests of the data subject.

National regulations (Germany):

In addition to the GDPR, the German Federal Data Protection Act (BDSG) applies, including specific provisions on access, deletion, objection, and special categories of data.

Security Measures

We implement technical and organizational measures to ensure an appropriate level of protection, taking into account the state of the art, costs, scope, and risks of processing.

These include in particular:

  • Protection of confidentiality, integrity, and availability of data

  • Control of access and data processing

  • Procedures to safeguard data subject rights

  • Data protection by design and by default

TLS/SSL Encryption (HTTPS):

We use modern encryption technologies to secure data transmission and protect it from unauthorized access during transfer.

Disclosure of Personal Data

As part of our activities, it may be necessary to transfer data to third parties (e.g., IT service providers or integrated services). In such cases, we comply with all legal requirements and conclude appropriate agreements to protect the data.

Storage and Deletion of Data

Personal data is deleted as soon as the purpose of processing no longer applies or there is no longer a legal basis. Exceptions apply in the case of statutory retention obligations or legitimate interests.

Statutory retention periods (Germany):

  • 10 years: Accounting records, annual financial statements, etc.

  • 8 years: Accounting documents such as invoices

  • 6 years: Business correspondence and tax-relevant documents

  • 3 years: Data for the assertion of claims

Retention periods generally begin at the end of the calendar year in which the relevant event occurred.

Rights of Data Subjects

You have the following rights under the GDPR:

  • Right to object to certain processing activities

  • Right to withdraw consent

  • Right of access to stored data

  • Right to rectification of inaccurate data

  • Right to erasure or restriction of processing

  • Right to data portability

  • Right to lodge a complaint with a supervisory authority

Business Services

We process data from customers, partners, and interested parties for the initiation, execution, and handling of contracts.

This includes in particular:

  • Provision of services

  • Communication

  • Handling complaints and returns

  • Management of contractual relationships

Processed data includes in particular:

  • Master data (e.g., name, address)

  • Contact data

  • Contract and service data

  • Payment information

  • Communication history

Processing is carried out for contract performance, compliance with legal obligations, and based on legitimate interests.

Online Shop and E-Commerce

To process orders, we handle customer data and work with service providers (e.g., shipping companies, payment providers).

Payment Processing

We use external payment service providers to process payments. These providers process the necessary payment data independently.

Provision of Online Services

To provide our website, we process, among other things:

  • IP addresses

  • Usage data

  • Log data

This is necessary for functionality, security, and optimization of our services.

Cookies

Cookies are used for:

  • Ensuring functionality

  • Improving user experience

  • Analyzing usage

They are used either on the basis of consent or legitimate interests.

User Accounts

When users register, we process:

  • Login data

  • Usage information

  • IP addresses

This is necessary for providing and securing user accounts.

Contact

When you contact us, we process the transmitted data exclusively to handle your request.

Web Analysis and Optimization

We use pseudonymous procedures to analyze user behavior. No directly identifiable data is stored.

Social Media

We maintain profiles on social networks and process user data there for communication and information purposes. Data may also be processed outside the EU.

Changes to This Privacy Policy

We may update this privacy policy as needed. Please check it regularly for the latest version.

Definitions

The terms used correspond to the legal definitions. Explanations are provided for better understanding, e.g.:

  • Personal data: Information relating to an identified or identifiable person

  • Processing: Any operation performed on data

  • Controller: Entity that determines the purposes and means of processing

  • Usage data: Information about user behavior

  • Contract data: Content and conditions of contracts

  • Payment data: Information required for payment processing

 

amorfati-berlin
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.