Privacy Policy

Harmony & Apollo UG (haftungsbeschränkt) i.Gr.
Rostocker Straße 7, 41540 Dormagen
Managing Directors: Raphael Reinhart, Thomas Scislowski, Yvonne Scislowski
E-Mail: hello@harmony-apollo.com

We process personal data on the basis of Art. 6 (1) (a) (consent), (b) (contract fulfilment), (c) (legal obligation) and (f) (legitimate interest) GDPR.

Our website is hosted by Vercel Inc. (USA). Server log data is automatically collected when you visit (IP address, timestamp, browser type). Legal basis: Art. 6 (1) (f) GDPR. Data transfer to the USA based on the EU-US Data Privacy Framework (DPF).

Technically necessary cookies are set without consent (§ 25 (2) TTDSG). Statistics and marketing cookies only with explicit consent (§ 25 (1) TTDSG, Art. 6 (1) (a) GDPR). You can revoke your consent at any time via the cookie banner.

We use cookie-free, anonymised web analytics for reach measurement. No personal reference is established. Legal basis: Art. 6 (1) (f) GDPR. Object at any time via hello@harmony-apollo.com.

When using our forms, we process the data you enter (name, email, message) to handle your inquiry. Legal basis: Art. 6 (1) (b) GDPR. Deleted after completion of the inquiry, unless statutory retention obligations exist.

Confirmation and transactional emails are sent via an external service provider (USA). Legal basis: Art. 6 (1) (b) GDPR. Data transfer based on the DPF.

Newsletters are sent only with explicit consent (double opt-in). Legal basis: Art. 6 (1) (a) GDPR. Withdrawal at any time via unsubscribe link or email to hello@harmony-apollo.com. Dispatch via an EU-based service provider.

Payment processing is handled by Stripe Payments Europe Ltd. (Ireland). Stripe processes payment data as an independent controller. We do not store payment instrument data. Legal basis: Art. 6 (1) (b) GDPR.

Order data and customer inquiries are stored with a data processor on servers in the EU. Legal basis: Art. 6 (1) (b) GDPR.

To protect against abuse, we use security services that process IP addresses and browser signals. Data is stored only temporarily. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in IT security).

Invoice data is processed by an accounting service provider in Germany. Legal basis: Art. 6 (1) (c) GDPR (statutory retention obligations).

In our internal administration area, we use an AI service (USA) to analyse aggregated, anonymised usage statistics. No personal data is transmitted to the service. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in business optimisation). Data transfer based on the DPF.

External font services are used for typography. When you visit our site, a connection to the provider's servers is established, transmitting your IP address. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in consistent presentation). Data transfer based on the DPF.

We retain personal data only as long as necessary for the respective purpose:

• Order data and invoices: 10 years (§ 257 HGB, § 147 AO)
• Customer inquiries without contract: 3 years
• Server logs: maximum 14 days
• Newsletter subscribers: until withdrawal of consent

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability in a machine-readable format (Art. 20), and objection (Art. 21). Contact: hello@harmony-apollo.com.

Right to lodge a complaint: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Postfach 20 04 44, 40102 Düsseldorf, https://www.ldi.nrw.de.

We use the following service providers:

• Vercel Inc. — Hosting (USA, DPF)
• Supabase Inc. — Database (USA, servers in EU, DPF)
• Stripe Payments Europe Ltd. — Payment Processing (EU)
• Resend Inc. — Email Dispatch (USA, DPF)
• Cloudflare Inc. — Security services, Media storage (USA, DPF)
• Upstash Inc. — Security services (EU)
• Acumbamail S.L. — Newsletter (EU)
• Functional Software Inc. (Sentry) — Error Tracking (USA, DPF)
• Anthropic Inc. — AI-assisted Analysis (USA, DPF)
• Google LLC — Web Fonts (USA, DPF)
• sevDesk GmbH — Accounting (DE)

Data processing agreements pursuant to Art. 28 GDPR are concluded with all processors. Data transfers to the USA are based on the EU-US Data Privacy Framework (DPF) or EU Standard Contractual Clauses (SCCs).