Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the ‘Information on the responsible body’ section of this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.
Other data is collected automatically or with your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other order enquiries.

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the responsible supervisory authority.

You can contact us at any time if you have any questions about this or other data protection issues.

Analysis tools and third-party tools

When you visit this website, your surfing behaviour may be statistically evaluated. This is mainly done using so-called analytical programmes. Detailed information about these analytical programmes can be found in the following privacy policy.

2. Hosting

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.

We use the following host:

A2 Hosting LLC (operating under the brand “Hosting.com”), 1201 North Market Street, Suite 111-N73, Wilmington, DE 19801 USA.

Data processing agreement:
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transfer over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Information about the responsible body

The responsible body for data processing on this website is:

Julia Ertle
Bahnerstraße 4
89415 Lauingen
Germany

Email: surf[at]vayunawaves[dot]com

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Retention period

Unless a more specific retention period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will take place once these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data are processed in accordance with Art. 9(1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25(1) TDDDG. Consent can be revoked at any time. If your data is necessary for the fulfilment of a contract or for the execution of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if it is necessary to fulfil a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. The relevant legal basis in each individual case is explained in the following paragraphs of this privacy policy.

Note on data transfer to third countries that are not secure under data protection law and transfer to US companies that are not DPF-certified

Among other things, we use tools from companies based in third countries that are not secure in terms of data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not secure in terms of data protection law.

We would like to point out that the US, as a secure third country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permissible if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional protections in place. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

As part of our business activities, we work with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary for the fulfilment of a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in passing on the data in accordance with Art. 6 (1) lit. f GDPR, or if another legal basis permits the transfer of data. When using processors, we only pass on our customers’ personal data on the basis of a valid contract for data processing. In the case of joint processing, a contract for joint processing is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw your consent at any time. The legality of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 (1) E OR F OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE REGULATIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN PROVE THAT THERE ARE LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFENCE OF LEGAL INTERESTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PER ART. 21(2) GDPR).

Right to file a complaint with the responsible supervisory authority

According to Art. 77 GDPR, you have the right to file a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged violation. The right to file a complaint exists without limitation of other administrative or legal remedies.

The following supervisory authority is generally responsible for us:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Telephone: +49 (0) 981 53 1300
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

In addition, you can contact any other data protection supervisory authority in the European Union.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another party responsible, this will only be done if it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal regulations, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correct or delete this data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. The right to restriction of processing applies in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have filed an objection under Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.


If you have restricted the processing of your personal data, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

To exercise your rights, simply send an email to: surf[at]vayunawaves[dot]com.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising emails

We hereby object to the use of contact data published within the scope of the legal notice obligation for sending unsolicited advertising and information material. The operators of the pages explicitly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example through spam emails.

4. Data collection on this website

Consent management (Borlabs Cookie)

We use the consent management tool Borlabs Cookie (Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany) on our website to obtain, document and manage consent to the use of cookies and similar technologies in a legally compliant manner.

The technically necessary cookie ‘borlabs-cookie’ only stores the user’s consent status. No personal data is stored in the cookie itself. Consent can be withdrawn at any time via the consent banner or by deleting the cookie.

Legal basis:
Processing is carried out on the basis of Art. 6 (1) lit. c GDPR, as we are legally obliged to manage consent in a legally compliant manner. In addition, processing may be carried out on the basis of Art. 6 (1) lit. f GDPR (legitimate interest) in order to ensure the management of consent and to be able to operate the website in a legally compliant manner.

Further information: https://borlabs.io/privacy/

Cookies and similar technologies

Our website uses cookies and similar technologies to analyse the use of our website, provide functions and display personalised content. Cookies are only stored if they are technically necessary or if you have given your prior consent via our consent banner (Borlabs Cookie).

Legal basis:
Cookies are stored and processed on the basis of Art. 6 (1) (c) GDPR, as this is necessary to comply with legal requirements. In addition, processing may be carried out on the basis of Art. 6 (1) lit. f GDPR (legitimate interest) in order to provide the website in a functional and user-friendly manner. Insofar as third-party cookies are used, processing is also carried out on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR.

Cookie list

All cookies currently in use are automatically displayed by Borlabs Cookie in a dynamic list. This list contains information on:

  • Name of the cookie
  • Provider/service
  • Purpose of storage
  • Storage period
  • Legal basis

Cookie List: https://vayunawaves.com/cookie-list/

Information about third-party cookies

Third-party cookies are only loaded after you have given your consent. You can change or withdraw your consent at any time via the Borlabs banner. The following services may load external scripts:

  • Matomo: for anonymised web analysis
  • hCaptcha / Antispam Bee: for security and spam prevention

Server log files

When you visit our website, information of a general nature is automatically stored in so-called server log files. This information is automatically transmitted to us by your browser and may contain personal data. This includes:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address


This data is not merged with other data sources. The server log files are used exclusively for technical security, error diagnosis and optimisation of our website.

Retention period:
The data is stored for a maximum of 12 months and then automatically deleted or anonymised.

Legal basis:
Art. 6 (1) (f) GDPR (legitimate interest in a secure and functional website).

5. Functional data collection

Comment section on this website

When you leave a comment on our website, the data you provide will be processed. This includes, in particular:

  • Name or pseudonym
  • Email address
  • Content of the comment
  • Optional: Commenter’s website
  • Date and time of creation
  • IP address


The data is processed in order to display comments on our website and to operate the comment function. All comments are checked and approved by the administrator before they are published.

Retention period:
Comments are stored for as long as they are displayed on the website. You can request the deletion of your comment at any time.

Legal basis:
Processing is based on your consent (opt-in) in accordance with Art. 6 (1) (a) GDPR, which you give by submitting your comment. In addition, processing may be based on Art. 6 (1) (f) GDPR (legitimate interest) in order to protect our website from misuse.

We use security services such as hCaptcha and Antispam Bee to protect against automated entries and spam. The relevant data protection information can be found in the corresponding sections of our privacy policy.

Contact form and enquiries by e-mail

If you contact us via the contact form (WPForms Lite) or directly by email, the information you provide (e.g. name, email address, message) will be processed exclusively for the purpose of handling your enquiry and for any follow-up questions.
We use the external service provider Brevo (formerly Sendinblue) for the technical processing of email correspondence. Details on data processing can be found in the section ‘Brevo (email and newsletter service)’ of this privacy policy.

Retention period:
The data you provide in the form or in your email will remain with us until you request us to delete it, revoke your consent or the purpose of data storage no longer applies (e.g. after your enquiry has been processed). Legal retention obligations remain unaffected.

Legal basis:
This data is processed on the basis of Art. 6(1)(b) GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, we rely on our legitimate interest in effective communication (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if you have given it.

We use hCaptcha to protect against misuse. Details can be found in the ‘Security tools’ section of this privacy policy.

Newsletter

When you subscribe to our newsletter, the necessary data (name, email address) will be processed in order to send you periodic information. Registration is done via the double opt-in procedure to ensure that the registration was actually authorised by you.
Our newsletters are sent via Brevo (formerly Sendinblue). Details on data processing can be found in the section ‘Brevo (email and newsletter service)’ of this privacy policy.

Newsletter content
Our newsletters contain information about our own offers, promotions and services. In addition, individual emails may contain advertising content for affiliate products and services from third parties. By subscribing to the newsletter, you agree that we may also send you such advertising content as part of the newsletter.

Legal basis:
Processing is carried out exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter. The legality of data processing operations that have already taken place remains unaffected by the revocation.

We use hCaptcha to protect against misuse. Details can be found in the ‘Security tools’ section of this privacy policy.

Brevo (email and newsletter service)

We use the service provider Brevo (formerly Sendinblue) to send all emails (e.g. contact enquiries, communication, newsletters). The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Processed data:

  • Contact form/email enquiries: name, email address, message content, communication metadata (e.g. sending times, IP address when sending).
  • Newsletter: email address, name if applicable, time of registration (double opt-in), interaction data (open rate, clicks on links, unsubscriptions).
  • System emails (e.g. confirmations, technical messages): email address, technical metadata for sending.


Purpose of processing:

  • Processing and responding to enquiries made via the contact form or directly by email.
  • Sending our newsletter and evaluating its performance (opens/clicks) in order to optimise our offers.
  • Ensuring reliable and secure email delivery.


Retention period:

  • Enquiries via email/contact form: stored for as long as necessary for processing.
  • Newsletter data: stored until you unsubscribe from the newsletter or withdraw your consent.
  • Contract and communication data: may be stored for up to 6 or 10 years due to commercial and tax law retention obligations.


Data processing:
We have signed a data processing agreement with Brevo in accordance with Art. 28 GDPR. The data is stored exclusively on servers within the European Union and is not passed on to third parties.

Legal basis:

  • Contact form/enquiries by email: Art. 6(1)(b) GDPR (fulfilment of a contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
  • Newsletter: Art. 6(1)(a) GDPR (consent).
  • System emails: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable delivery).

WonderPush (integrated into Brevo)

In addition to the email functions, Brevo uses the WonderPush service (provider: WonderPush, 19 avenue d’Italie, 75013 Paris, France) to provide browser push notifications.

Processed data:

  • Browser and device information
  • Push token / unique user ID
  • IP address
  • Time and status of consent
  • Interactions with push notifications (e.g. clicks)


The data is used for the purpose of sending and managing push notifications, in particular to support our newsletter or to provide relevant information.

Retention period:
The data is deleted as soon as the purpose no longer applies or you withdraw your consent.

Legal basis:
Processing is carried out solely on the basis of your consent (Art. 6(1)(a) GDPR).

Data processing:
WonderPush is integrated into the Brevo data processing agreement. Any data transfers are carried out on the basis of the applicable standard contractual clauses of the EU Commission.

Further information on data protection at Brevo & WonderPush can be found at:
https://www.brevo.com/de/legal/privacypolicy
https://www.wonderpush.com/policies/privacy

6. Social media

General note

We maintain publicly accessible business accounts on Instagram, Pinterest and TikTok. When you visit these profiles, personal data is processed by the platform operators and, where applicable, by us. This includes, in particular, interaction and communication data (e.g. messages, comments, likes).

Legal basis:

  • Processing is based on our legitimate interest under Art. 6(1)(f) GDPR in communicating with users, achieving engagement and providing information about our services.
  • If consent is required (e.g. when setting cookies or retrieving embedded content), processing is carried out on the basis of Art. 6 (1) (a) GDPR.
  • Insofar as the platforms process data for their own purposes (e.g. tracking, analysis), this is done on the basis of the consent provided by users to the platform (Art. 6(1)(a) GDPR).


We only process your data within the scope of our social media accounts to the extent necessary for communicating with users or providing information about our offers.

Instagram

We operate an Instagram profile under the name ‘Vayunawaves’ (https://www.instagram.com/vayunawaves/).

Instagram is not actively integrated into our website. We only link to our Instagram page. When you visit our website, no data is transferred to Instagram. Instagram’s privacy policy applies only when you click on the link.
Privacy policy: https://privacycenter.instagram.com/.

Pinterest

We operate a Pinterest profile under the name ‘Vayunawaves’ (https://www.pinterest.de/vayunawaves/).
We use Pinterest to publish pins that link to our website.

No Pinterest scripts or widgets are loaded on our website, so no data is transferred to Pinterest when you visit our pages. Data processing takes place exclusively on Pinterest when you view or interact with our pins there.
Privacy policy: https://policy.pinterest.com/de/privacy-policy.

TikTok

We operate a TikTok profile under the name ‘Vayunawaves’ (https://www.tiktok.com/@vayunawaves).

TikTok is not integrated into our website, but is linked only via a button/link. TikTok’s privacy policy applies only when you click on the link.
Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/de.

7. Affiliate programmes and external content

So-called affiliate links are regularly integrated into our website. These serve the purpose of monetising recommendations for products and/or services. The affiliate partners provide us with special links for this purpose, which enable the proper calculation of commissions.

All affiliate links are marked as such and are clearly recognisable to you as a visitor to our website. Personal data is only processed when you click on an affiliate link. In this case, we consider your action to be active consent within the meaning of Art. 6 (1) (a) GDPR.

When using affiliate links, personal data is processed. This processing is carried out under joint responsibility in accordance with Art. 26 GDPR. The general information on data processing in this privacy policy applies to the processing activities that we carry out as website operators.

Our affiliate partners use tracking measures to ensure correct commission billing. Please refer to the data protection information of the individual partners for the type and scope of these tracking measures and the respective data processing. Below you will find a list of all affiliate programmes used and the corresponding partners.

8. Plugins and tools

Google Fonts (local hosting)

This site uses Google Fonts, which are provided by Google, to ensure consistent font display. Google Fonts are installed locally. No connection to Google servers is established.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Matomo (self-hosted)

We use Matomo, a web analytics tool, to evaluate the use of our website anonymously. Matomo is operated on our own server. To protect privacy, the following applies:

  • Do Not Track is respected
  • IP addresses are shortened by 2 bytes (anonymised)
  • Tracking without cookies is enabled
  • Raw data from all visits is deleted after 365 days. Aggregated reports are not deleted.


The data collected only includes technical information for the anonymised analysis of user behaviour, e.g. page views and length of stay.

Purpose of processing:
The anonymised analysis serves to optimise our website and improve its content and functionality.

Legal basis:
Processing is carried out on the basis of Art. 6 (1) (f) GDPR (legitimate interest in the anonymised analysis of website usage).

You can deactivate tracking via Matomo at any time:

Rank Math

Rank Math is used to optimise our website for search engines. In the free version, no personal data is actively transmitted to Rank Math or external servers unless user actions are performed within the WordPress backend.

Purpose of processing:
The analysis of SEO-relevant content serves to optimise our website and improve its visibility in search engines.

Legal basis:
Processing is carried out on the basis of Art. 6 (1) (f) GDPR (legitimate interest).

Polylang

Polylang enables the presentation of content in multiple languages (e.g. German and English). The plugin does not process any personal data unless it is linked to comment forms or logins.

Purpose of processing:
The provision of multilingual content on our website.

Legal basis:
Processing is carried out on the basis of Art. 6 (1) (f) GDPR (legitimate interest).

9. Security tools

General note

To ensure the security of this website and protect it from misuse, spam and attacks, we use various security and anti-spam services. These services are essential to ensure the integrity, availability and functionality of the website and the security of user interactions (e.g. contact forms, comment areas or login processes). It is not possible to deactivate these services as they are an essential part of our security concept.

Legal basis:
Processing is therefore carried out on the basis of our legitimate interest according to Art. 6 (1) (f) GDPR in defending against attacks, misuse and spam.
Separate consent in the cookie banner is not required; nevertheless, we transparently indicate the use of these essential security services there.

Antispam Bee

We use the WordPress plugin Antispam Bee to combat spam comments. The provider is pluginkollektiv (open-source project, Germany).

Antispam Bee analyses incoming comments based on various technical criteria (e.g. language, keywords used, patterns in the comment text) to distinguish spam from legitimate comments. In particular, the following data may be processed:

  • Comment content
  • Name, email address and, if applicable, website URL of the commenter
  • IP address (if enabled in the settings)


Retention period:
Spam filtering takes place locally on our server and works entirely within our WordPress installation. In the configuration we have chosen, no IP addresses are stored permanently and no personal data is transferred to third countries.

Legal basis:
Data processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest lies in providing a secure and spam-free comment section on our website.

Further information: https://github.com/pluginkollektiv/antispam-bee.

hCaptcha

We use the hCaptcha service to protect form entries (e.g. contact form, newsletter registration, comment section, login/registration processes) from automated entries (bots). The provider is Intuition Machines, Inc., 1065 SW 8th St #704, Miami FL 33130, USA.

hCaptcha analyses the behaviour of website visitors using various technical information in order to distinguish between humans and bots. In particular, the following data may be processed:

  • IP address
  • Referrer URL
  • Information about the operating system and browser
  • Inputs and mouse movements on the page
  • Duration of stay on the page
  • Device and network information


Retention period:
According to hCaptcha, personal data is only stored for as long as is necessary to provide the service. The data is usually deleted within a few weeks once it is no longer required for security checks.

Legal basis:
Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in securing our website and the services offered on it). Insofar as hCaptcha requests explicit consent, data processing is also carried out on the basis of Art. 6(1)(a) GDPR.

Data processing:
The data is processed by hCaptcha on servers, including in the United States. We have entered into a data processing agreement (DPA) with hCaptcha. For data transfers to the USA, hCaptcha relies on the Standard Contractual Clauses (SCCs) approved by the EU Commission, which are part of the terms and conditions of the agreement.

Further information: https://www.hcaptcha.com/privacy.

Wordfence

We use the Wordfence Security plugin to secure our website. The provider is Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA.

Wordfence protects our website from malware, brute force attacks and unauthorised access. In particular, the following data is processed:

  • IP address of the requesting devices
  • Information about the browser and operating system used
  • Date and time of access
  • Pages accessed within our website
  • Suspicious login attempts


Retention period:
This data is stored locally on our server and is usually deleted automatically after 30 days.

Legal basis:
Data processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest lies in reliably securing our website and protecting our visitors from attacks and misuse.

To improve protection, our website participates in the Wordfence Real-Time Threat Defense Feed. This involves comparing suspicious IP addresses with Wordfence’s servers in the USA.

Data processing:
We have entered into a data processing agreement (DPA) with Defiant. For data transfers to the USA, Wordfence relies on the Standard Contractual Clauses (SCCs) approved by the EU Commission, which are part of the terms and conditions of the agreement.

Further information: https://www.wordfence.com/privacy-policy/.

10. Changes to this privacy policy

We reserve the right to amend this privacy policy at any time to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy (e.g. when introducing new services or technologies). The current version of the privacy policy for Vayunawaves.com replaces the previous version in its entirety.

Language Versions and Legal Validity

This privacy policy is available in both German and English. In the event of discrepancies or differences in interpretation, the German version shall be legally binding. The English translation is provided for convenience only and does not have any independent legal effect.

Notice on Preparation

This privacy policy has been individually compiled for our website. It is based on the requirements of the General Data Protection Regulation (GDPR), applicable case law, and publicly available templates from professional sources, and has been adapted to fit our specific website.

As of 18 October 2025

Scroll to Top