Privacy Policy
Privacy Policy
Graham Miranda UG (haftungsbeschränkt)
https://services.grahammiranda.com
Valid from: 15 December 2025
1. Responsible Party
Controller pursuant to Article 4 (7) GDPR:
Graham Miranda UG (haftungsbeschränkt)
Hasselfelder Str. 23
38889 Blankenburg (Harz)
Germany
Contact:
- Email: legal@grahammiranda.com
- Phone: +49 156 78397267
2. Your Data Protection Rights
You have the following rights:
- Access (Art. 15 GDPR): Which data we process
- Rectification (Art. 16 GDPR): Correct inaccurate data
- Erasure (Art. 17 GDPR): Right to be forgotten
- Restrict processing (Art. 18 GDPR): Limit processing
- Data portability (Art. 20 GDPR): Export your data
- Object (Art. 21 GDPR): Opt out of processing
- Withdraw consent (Art. 7(3) GDPR): Withdraw permission
Contact for requests: legal@grahammiranda.com
3. Scope of Data Processing
3.1 Website Visit
- IP address, browser type, operating system
- Date and time of access
- Retention period: 7 days
- Legal basis: Art. 6(1)(f) GDPR (legitimate interests)
3.2 Cookies and Tracking
- Essential cookies: No consent required
- Marketing cookies: Consent required
- Retention: 1-12 months depending on cookie type
- Legal basis: Art. 6(1)(a) GDPR (consent)
3.3 Customer Data
- Name, email, phone, billing address
- Project history and support tickets
- Retention: 7 years after contract end (German tax law)
- Legal basis: Art. 6(1)(b) GDPR (contract performance)
4. Data Processors (Sub-processors)
We use the following service providers:
| Provider | Location | Purpose | Privacy |
|---|---|---|---|
| Odoo Online | Belgium | ERP/CRM system | https://www.odoo.com/privacy |
| CloudFlare | USA/EU | CDN, DDoS protection | https://www.cloudflare.com/privacy/ |
| HostKey | Netherlands | VPS hosting | https://www.hostkey.com/privacy |
| AWS | USA/Ireland | Email hosting | https://aws.amazon.com/privacy/ |
| Google Analytics | USA | Website analytics | https://policies.google.com/privacy |
Third-country transfers: For US providers, we use Standard Contractual Clauses (SCC) as safeguard.
5. Security
We implement the following security measures:
- TLS 1.2+ encryption for all data transfers
- Two-factor authentication for admin access
- 24/7 system monitoring
- Regular security updates
- Daily backups (30 days online)
6. Exercising Your Data Protection Rights
Submit requests to: legal@grahammiranda.com
Response time: 30 days (may be extended by 2 months)
7. Data Retention and Deletion Periods
Legal Retention Requirements
We are required to retain certain data for specific periods due to commercial and tax law requirements:
According to § 147 German Tax Code (AO) – 10 years:
- Invoices and accounting vouchers
- Customer contracts and orders
- Tax-relevant documents
- Books and records
According to § 257 German Commercial Code (HGB) – 6 years:
- Business correspondence
- Business letters
Deletion of Personal Data
Personal data not subject to legal retention obligations will be deleted as soon as:
- The purpose of processing no longer exists
- You have revoked your consent
- You have objected to the processing
- The data was processed unlawfully
Standard Deletion Periods:
- Contact inquiries: 2 years after completion of correspondence
- Newsletter subscriptions: Immediate deletion after unsubscribing
- Server log files: 7 days
- Cookie data: According to cookie policy
8. Lodge Complaint with Supervisory Authority
The State Commissioner for Data Protection and Freedom of Information of Saxony-Anhalt
Leiterstraße 9
39104 Magdeburg
Germany
Email: poststelle@lfd.sachsen-anhalt.de
Valid from: 15 December 2025 / 15. Dezember 2025
Last Updated: 15 December 2025 / 15. Dezember 2025