Privacy Policy

Last updated: April 2026

 

Introduction

This Privacy Policy explains how personal data is processed in connection with my business and the services offered. It applies to all inquiries, contractual relationships, and communications with private individuals, companies, organizations, and other business partners.

Controller within the meaning of the General Data Protection Regulation (GDPR):

ida – from idea to design to administration
Claudia Stein
Laen Kærvej 2
8585 Glesborg
Denmark
Telephone: +45 50105935
Email: cs@ida-administration.eu
CVR number: 46145941
VAT identification number (EU VAT ID): DK46145941

The protection of your personal data is important to me. Personal data is processed confidentially and in accordance with applicable data protection laws and this Privacy Policy.

Personal data means any information relating to an identified or identifiable natural person (e.g., name, email address, telephone number).

Where personal data is provided, it is stored solely for the purpose of responding to inquiries and/or within the scope of an existing business relationship. The data is used exclusively by me. Personal data is only disclosed if there is a legal obligation to do so or if it is necessary for the performance of a contract.

Note on the Role as a Data Processor: Where personal data is processed on behalf of companies in the course of providing services (e.g., project organization, administration, or accounting), such processing is carried out exclusively on the basis of a separate Data Processing Agreement pursuant to Article 28 GDPR. In these cases, I do not act as the controller within the meaning of the GDPR but process the data solely in accordance with the instructions of the respective company.

 

Categories of Data Processed

Only personal data actively provided by you or your organization is processed, in particular:

  • Name
  • Email address
  • Phone number
  • Content of communication
  • Contract and billing data

Special categories of personal data within the meaning of Article 9 GDPR are not actively collected.
If such data is voluntarily shared, it is processed solely within the scope of the respective communication or contractual relationship.

 

Website Access and Server Log Files

When accessing this website, technical data is automatically recorded by the hosting provider in server log files. This may include:

  • IP address (possibly shortened)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL

This data is processed exclusively to ensure technical security and stability of the website. This data is not combined with other data sources.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in secure and stable website operation).

 

Contact and Cooperation

If you contact me by email or phone, your information will be stored for the purpose of handling your enquiry.

Legal basis may include:

  • Article 6(1)(b) GDPR (pre-contractual measures / contract performance)
  • Article 6(1)(c) GDPR (legal obligations, e.g. accounting requirements)
  • Article 6(1)(f) GDPR (legitimate interest in communication and business operations)
  • Where applicable, Article 6(1)(a) GDPR (consent)

Services are usually provided online (e.g. via video call or email communication).

 

Hosting and Service Providers

The hosting of the websites is provided by Netgiganten ApS, Denmark, as well as by servers of STRATO GmbH, Germany.

Communication and online meetings are conducted using the services of Proton AG, Switzerland (e.g., Proton Mail, Proton Meet, and Proton Calendar).

Data Processing Agreements in accordance with Article 28 GDPR have been concluded with the service providers. Proton AG provides its Data Processing Agreement in standardized form, which serves as the contractual basis.

 

Order Processing via Digistore24

For certain products and services, order and payment processing is carried out via the external platform Digistore24.

When accessing the order page, personal data required for processing the order (e.g., name, billing details, and payment information) is processed directly by Digistore24.

For the checkout and payment process, Digistore24 acts as an independent controller within the meaning of Article 4(7) GDPR. Further information on data processing by Digistore24 can be found in their respective Privacy Policy.

 

Transfer of Data to Third Countries

Personal data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA) only where necessary for the performance of a contract or where technically required by a service provider.

Proton AG is headquartered in Switzerland. Switzerland benefits from an adequacy decision by the European Commission pursuant to Article 45 GDPR, ensuring a level of data protection comparable to that of the EU.

Should data be transferred to other third countries in individual cases, such transfers will be carried out exclusively on the basis of appropriate safeguards pursuant to Articles 44 et seq. GDPR, in particular through the use of Standard Contractual Clauses issued by the European Commission.

 

Data Retention

Personal data is retained only for as long as necessary to fulfill the respective purposes.

  • Inquiries without a contractual relationship are generally deleted no later than 12 months after completion. 
  • Contractual and billing data are retained for five years in accordance with Danish accounting laws. 

After expiry of the respective retention periods, the data will be deleted or anonymized.

 

Your Rights

Under the GDPR, you have the following rights:

  • Access (Article 15 GDPR)
  • Rectification (Article 16 GDPR)
  • Erasure (Article 17 GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Objection (Article 21 GDPR)
  • Withdrawal of consent at any time (Article 7(3) GDPR)

To exercise your rights, simply contact me using the contact details provided above.

 

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

The competent authority for my business is:

Datatilsynet
www.datatilsynet.dk

 

Data Security

Appropriate technical and organizational measures are implemented to protect personal data against loss, misuse, or unauthorized access. These include in particular:

  • SSL/TLS encryption 
  • Password protection 
  • Two-factor authentication 
  • Access restrictions to authorized persons only 

 

Cookies and Tracking

My websites do not use cookies and does not employ any tracking, analytics, or third-party tools that collect information about visitors.

 

Updates and Amendments

This Privacy Policy may be updated to reflect changes in legal requirements or technical developments.