Privacy Policy
I. Data Controller
The data controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Afua Adusei-Poku-Erken
Heisterbacherhofstr 9
53111 Bonn
Germany
Phone: +49 175 586 5688
Email: info@sankofa-house.com
Represented by:
Afua Adusei-Poku-Erken
II. Data Protection Officer (DPO)
Since the company generally does not constantly employ at least 20 persons dealing with the automated processing of personal data, there is no legal obligation to appoint a Data Protection Officer according to Section 38 of the German Federal Data Protection Act (BDSG).
III. General Information on Data Processing
1. Scope of Processing of Personal Data
As a matter of principle, we only process personal data of our users insofar as this is necessary to provide a functioning website as well as our content and services. The processing of personal data of our users regularly only takes place with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation, Art. 6 (1) lit. c GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.
3. Data Erasure and Storage Duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by European or national legislators. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
IV. Hosting and SSL/TLS Encryption
1. External Hosting
This website is hosted by an external service provider (Prepaid-Hoster.com). The personal data collected on this website is stored on the hoster’s servers. This may primarily include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website. The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) lit. f GDPR).
2. SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.
V. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data from the computer system of the accessing computer. The following data is collected: Browser type/version, operating system, internet service provider, IP address, date and time of access, websites from which the system reaches our website, and websites accessed by the system via our website. This data is also stored in the log files of our system.
2. Legal Basis and Purpose of Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR. The temporary storage of the IP address is necessary to enable delivery of the website. Storage in log files is done to ensure the functionality and security of the website. These purposes also constitute our legitimate interest.
3. Duration of Storage and Objection
The data is erased as soon as it is no longer required to achieve the purpose. In the case of data collection for the provision of the website, this is the case when the respective session has ended. Log files are deleted or anonymized after seven days at the latest. The collection of data is absolutely necessary for the operation of the website, hence there is no option to object.
VI. Contact Form and Email Contact
1. Description and Scope
If you send us inquiries via the contact form or email, your details from the form/email, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.
2. Legal Basis, Purpose, and Storage Duration
The processing of this data is based on Art. 6 (1) lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this was requested. The data will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage lapses (e.g., after your inquiry has been processed).
VII. Web Analysis by Matomo (Cookieless)
1. Scope of Processing
We use the open-source software tool Matomo to analyze surfing behavior. We have configured Matomo so that no tracking cookies are stored on your device. The data collected includes: truncated IP address, accessed website, referrer, subpages, length of stay, and frequency of access. IP addresses are masked before storage (e.g., 192.168.xxx.xxx), making personal identification impossible. The software runs exclusively on our website’s servers. Data is not passed on to third parties.
2. Legal Basis and Purpose
The legal basis for processing is Art. 6 (1) lit. f GDPR. The processing allows us to analyze surfing behavior to improve the website. IP anonymization and the omission of cookies sufficiently account for the protection of personal data.
3. Right to Object (Opt-Out)
If you do not agree to the storage and evaluation of this data, you can object to the storage and use at any time with a click below. In this case, an opt-out cookie will be placed in your browser, which means Matomo will not collect any session data. [Developer Note: Ensure the Matomo Opt-Out iFrame is embedded here!]
VIII. Rights of the Data Subject
You have the following rights regarding your personal data:
Right of Access: You have the right to request information about your personal data processed by us (Art. 15 GDPR).
Right to Rectification: You have the right to immediately request the correction of incorrect or completion of your data stored by us (Art. 16 GDPR).
Right to Erasure: You have the right to request the deletion of your data, unless processing is necessary to exercise the right to freedom of expression, to fulfill a legal obligation, or to assert legal claims (Art. 17 GDPR).
Right to Restriction of Processing: You can request the restriction of processing if you dispute the accuracy of the data or the processing is unlawful (Art. 18 GDPR).
Right to Data Portability: You have the right to receive your data in a structured, common, and machine-readable format or to request transmission to another controller (Art. 20 GDPR).
Right to Withdraw Consent: You can withdraw your consent at any time (Art. 7 (3) GDPR).
Right to Object: You have the right to object to processing at any time, provided the processing is based on legitimate interests (Art. 21 GDPR).
Right to Lodge a Complaint: You have the right to complain to a data protection supervisory authority (Art. 77 GDPR).
