Privacy Policy

Privacy policy for papagrigoriou.com

1. Privacy at a Glance

This website collects as little personal data as possible. No cookies are set, no analytics or tracking tools are used, and no external resources (such as fonts or third-party content) are loaded. The only data processing that occurs when you visit this website is the recording of technical access data in server log files by the hosting provider.

If you contact me by email or phone, the data you provide will be stored for the purpose of handling your enquiry.

The following sections explain in detail what data is collected, on what legal basis, and what rights you have.

2. Controller

The party responsible for data processing on this website is:

Nikolaos Papagrigoriou
Höchster Str. 11
65835 Liederbach am Taunus
Germany

Phone: +49 69 2083 2497
E-mail: info@papagrigoriou.com

The controller is the person who decides, alone or jointly with others, on the purposes and means of processing personal data.

3. Hosting

This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter “Hetzner”). When you access this website, your browser establishes a connection to Hetzner’s servers. In doing so, technical data is inevitably transmitted (see section 4).

The use of Hetzner is based on Art. 6(1)(f) GDPR. I have a legitimate interest in the reliable and secure operation of my website.

I have concluded a Data Processing Agreement (DPA) with Hetzner pursuant to Art. 28 GDPR. This ensures that Hetzner processes the personal data of website visitors only in accordance with my instructions and in compliance with the GDPR.

For more information, see Hetzner’s privacy policy: https://www.hetzner.com/de/legal/privacy-policy/.

4. Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits with every page request. This includes:

  • IP address of the accessing computer (anonymised)
  • Date and time of the server request
  • HTTP request method, requested URL, and protocol version (e.g., “GET /page.html HTTP/1.1”)
  • HTTP status code (e.g., 200, 404)
  • Amount of data transferred in bytes
  • Referrer URL (the previously visited page)
  • User agent (contains information about browser type, browser version, and operating system used)

This data is not merged with other data sources. IP addresses are anonymised by the hosting provider at the web server level before being written to the log files (the last octet is replaced with a random value), making it impossible to identify individual visitors. The data is stored for technical reasons to ensure smooth operation of the website and to protect against misuse.

The legal basis is Art. 6(1)(f) GDPR. The legitimate interest lies in the technically reliable operation and security of the website.

Server log files are automatically deleted after 7 days. The server log files are additionally evaluated by server-side statistics tools (AWStats and Report Magic) provided by the hosting provider. The resulting reports contain only aggregated, anonymized data and do not constitute personal data.

5. Contact by Email or Phone

If you contact me by email or phone, your enquiry and all associated personal data (e.g. name, enquiry, contact details) will be stored and processed by me for the purpose of handling your request. This data will not be shared with third parties without your consent, except where technically necessary for the delivery of the service. Business email communication is processed via IONOS (IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany). I have concluded a Data Processing Agreement (DPA) with IONOS in accordance with Art. 28 GDPR. IONOS processes data exclusively within the EU. Further information can be found in the IONOS privacy policy: https://www.ionos.de/datenschutzerklaerung.

If the enquiry is related to a contract or pre-contractual measures, the legal basis is Art. 6(1)(b) GDPR. In all other cases, the processing is based on my legitimate interest in carefully handling enquiries directed to me (Art. 6(1)(f) GDPR).

The data you provide will remain with me until you request its deletion or the purpose for storage ceases to apply (e.g. after your request has been fully dealt with). Statutory retention obligations remain unaffected.

6. SSL/TLS Encryption

This website uses SSL/TLS encryption to protect data transmitted between your browser and the server. You can recognise an encrypted connection by the “https://” prefix in your browser’s address bar and the lock icon.

When encryption is active, data you transmit to this website cannot be read by third parties.

The use of SSL/TLS encryption is a security measure pursuant to Art. 32 GDPR.

7. Your Rights Under the GDPR

You have the following rights with regard to your personal data:

  • Access (Art. 15 GDPR): You may request information about whether and what personal data I process about you.
  • Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
  • Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
  • Restriction of processing (Art. 18 GDPR): Under certain conditions, you may request that the processing of your data be restricted.
  • Data portability (Art. 20 GDPR): You may request to receive your data in a commonly used, machine-readable format.
  • Objection (Art. 21 GDPR): You may object to the processing of your data where it is based on Art. 6(1)(f) GDPR. See the following section for details.
  • Withdrawal of consent (Art. 7(3) GDPR): If processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise your rights, an informal message to the contact details listed above is sufficient.

7.1. Right to Object Under Art. 21 GDPR

Where the processing of your personal data is based on a legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing at any time for reasons arising from your particular situation. I will then cease processing the data concerned unless there are compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.

Where your data is processed for direct marketing purposes, you may object at any time without giving reasons. The data will then no longer be used for that purpose.

8. Supervisory Authority

If you have a data protection complaint, you may contact the supervisory authority responsible for me:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany

Website: https://datenschutz.hessen.de
Phone: +49 611 1408-0

The right to lodge a complaint exists pursuant to Art. 77 GDPR without prejudice to any other legal remedies.

9. What This Website Does Not Use

For the sake of transparency, I explicitly state that this website:

  • does not set or read cookies,
  • does not use analytics or tracking tools (no Google Analytics or similar),
  • does not load external fonts (no Google Fonts or similar),
  • does not load content from external servers (no CDNs, no embedded media),
  • does not embed social media plugins,
  • does not provide a contact form,
  • does not offer user accounts,
  • does not use automated individual decision-making or profiling (Art. 22 GDPR), and
  • does not transfer data to third countries (both hosting and business email processing are handled by providers based in Germany; see sections 3 and 5).

All resources on this website are served from its own server.

10. Changes to This Privacy Policy

I reserve the right to update this privacy policy to reflect changes in legal requirements or changes to my website. The current version applies whenever you visit.

Last updated: February 2026