Privacy Policy

1. Identity of the Data Controller

The data controller within the meaning of the GDPR is:

2. Scope of This Policy

This Privacy Policy applies to all pages accessible under the domain associated with Iestia. It covers data processing activities arising from:

• Visiting and navigating the website
• Submitting the general inquiry form on the Contact page
• The storage of your cookie consent preference

This site does not operate user accounts, subscription services, e-commerce functionality, or any other data-intensive service. Data collection is strictly limited to what is described in this document.

3. Server Log Data

When you access this website, the hosting server automatically records certain technical data in server log files. This information is necessary for the secure and stable operation of the site and includes:

• IP address of the requesting device
• Date and time of the request
• URL of the page requested
• HTTP status code returned
• Browser type and version
• Operating system of the requesting device
• Referring URL (if applicable)

This data is processed solely for technical purposes — maintaining site integrity, detecting errors, and identifying security incidents. It is not combined with other data sources, not used to identify individual users, and is deleted after a maximum of seven (7) days. The legal basis is Art. 6(1)(f) GDPR (legitimate interests in maintaining website security and functionality).

4. Contact Form Data

The contact form on this site collects only an email address and a free-text message. This data is used exclusively to respond to your general inquiry regarding the informational content of the site. We do not use this data for marketing purposes, do not share it with third parties, and do not add it to any mailing list.

The legal basis is Art. 6(1)(a) GDPR (consent, by voluntary submission) and, where applicable, Art. 6(1)(b) GDPR (steps taken at your request prior to a potential communication exchange). Data submitted via the form is retained only for the duration necessary to process your inquiry, and no longer than thirty (30) days.

5. Cookies and Local Storage

This website uses only essential cookies and browser local storage, strictly necessary for the basic operation of the site. No tracking cookies, advertising cookies, analytics cookies, or third-party cookies are set. Your cookie consent preference (Accept or Decline) is stored in your browser's localStorage to avoid repeated display of the consent notice. This does not constitute data transfer to any external party.

For a full description of cookies used, please refer to our Cookie Policy.

6. Third-Party Services

This website does not integrate third-party analytics platforms (e.g., Google Analytics), advertising networks, social media plugins, or tracking pixels. Google Fonts is loaded via a CSS @import directive from Google's servers. When your browser requests a font file from Google, your IP address is technically transmitted to Google. If you wish to prevent this, you may configure your browser to block external font requests. For information on Google's data handling, refer to Google's own privacy documentation.

No other third-party services receive personal data in connection with your use of this site.

7. Your Rights Under the GDPR

As a data subject under the GDPR, you hold the following rights with respect to your personal data:

• Right of access (Art. 15 GDPR): You may request confirmation of whether we process personal data about you and obtain a copy of that data.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate personal data.
• Right to erasure (Art. 17 GDPR): You may request deletion of your personal data, subject to applicable retention obligations.
• Right to restriction of processing (Art. 18 GDPR): You may request that processing be restricted in certain circumstances.
• Right to data portability (Art. 20 GDPR): Where processing is based on consent and carried out by automated means, you may request your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw that consent at any time without affecting prior lawful processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframe required by applicable law (generally 30 days).

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In Germany, the competent supervisory authority is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit (Hessian Commissioner for Data Protection and Freedom of Information), or the supervisory authority of the EU member state in which you reside.

9. Data Security

Iestia implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. The site is served via HTTPS to ensure encrypted transmission. Given the minimal nature of data processing on this site, the associated security risk is correspondingly low.

10. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in applicable law or our processing activities. Any updated version will be published on this page with a revised date. We encourage you to review this page periodically. Continued use of the site after publication of a revised policy constitutes acknowledgment of the changes.