1. Our contact details
If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please send your request to:
Pana Investments UG (haftungsbeschränkt)
Starstrasse 2, 22305 Hamburg, Germany
Email: hello@actmeraki.com
2. On what basis do we process your data?
"Personal data" refers to any information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, particularly the GDPR. We only process personal data based on legal authorization. This means we process your data only with your consent (Art. 6 (1) (a) GDPR), for the performance of a contract to which you are a party or at your request to implement pre-contractual measures (Art. 6 (1) (b) GDPR), to comply with a legal obligation (Art. 6 (1) (c) GDPR), or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 (1) (f) GDPR).
3. Your rights
You decide on your data! As a data subject, you have the right to assert your data subject rights against us. You have the following rights within the scope of the data protection laws applicable to you:
- In accordance with Art. 15 GDPR, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
- You have the right to demand that we rectify your data in accordance with Art. 16 GDPR.
- You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR.
- You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.
- In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
- If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
- If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.
If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights and in order to provide proof of this. We will only process data stored for the purpose of providing information and its preparation for this purpose and for the purposes of data protection monitoring and otherwise restrict processing in accordance with Art. 18 GDPR. This processing is based on the legal basis of Art. 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR.
4. Where do we process your data?
In principle, we process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we send your data. Some data processing may involve the transfer of certain personal data to third countries, i.e., countries in which the GDPR is not applicable law. Such a transfer is permitted if the European Commission has determined that an adequate level of data protection is provided in such a third country. This applies to all transfers to countries listed here: Adequacy Decisions.
If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are suitable guarantees in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.
Unless there is an adequacy decision and unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data from the scope of the GDPR to third countries. You have the option of obtaining or viewing a copy of these EU standard data protection clauses. Please contact us at the address provided under Contact.
If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 (1) (a) GDPR.
5. To whom and why do we pass on your personal data?
To provide our services and operate economically as a company, we use various external companies to whom we transfer personal data in some cases. If specific recipients receive personal data for certain groups of data subjects, we will inform you about this in Part B.
Recipient and reason for disclosure:
Hosting provider: We do not have our own servers, so we commission service providers to host our IT systems, including the website.
IT service provider and SaaS provider: We use the services of various providers who help us as processors to provide you with our services.
Authorities: To comply with legal requirements or to respond to court orders or other similar official requests.
6. How long do we store your data?
Unless otherwise stated in the following information, we only store the data for as long as necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise, in particular, from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for ten years and personal data contained in commercial letters and contracts for six years. Additionally, we will retain data related to consents requiring proof and complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
7. How do we use "cookies" and other tracking technologies?
We use cookies and similar technologies on our website and in the provision of our services. Unless we only use cookies that do not require consent due to their technical necessity, we will obtain your consent via a cookie banner. There, you will also find a list of other companies that place cookies on our websites, a list of cookies that we place, and an explanation of how you can refuse certain types of cookies. No cookie banner means no cookies requiring consent 😊.