Privacy Policy

Graham Miranda IT Consulting & Services

Effective Date: October 6, 2025
Last Updated: October 6, 2025

1. General Information

1.1 Data Controller

Graham Miranda
Hasselfelder Str. 23
38889 Blankenburg (Harz)
Germany

Email: graham@rsp-home
Phone: +49 15678 397267
Tax Number: 117/249/02725

1.2 Purpose of This Privacy Policy

This privacy policy explains what personal data we collect, how we use it, and what rights you have. It applies to all our websites and services:

• GrahamMiranda.com
• seo.grahammiranda.com
• eSIM.grahammiranda.com
• hosting.grahammiranda.com
• network.grahammiranda.com
• services.grahammiranda.com

2. Data Collection

2.1 Automatically Collected Data

When you visit our website, the following data is automatically collected:

• IP address (required to provide the website)
• Browser type and version
• Operating system
• Date and time of access
• Pages accessed
• Referrer URL (previous website)

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)
Purpose: Technical provision and security of the website
Retention Period: 30 days

2.2 Contact Forms and Email Communication

When you contact us, we collect:

• Name
• Email address
• Message content
• Time of inquiry

Legal Basis: Art. 6 para. 1 lit. b GDPR (contract initiation)
Purpose: Processing your inquiry and customer communication
Retention Period: 3 years after last communication

2.3 Service-Specific Data

eSIM Services:

• Order data (name, email, payment information)
• Device information (IMEI, if provided)
• Usage data (activation status)

Hosting Services:

• Account information (name, email, address)
• Domain information
• Technical logs

IT Consulting:

• Project-related data
• Communication data
• Analysis results

3. International Data Transfers

3.1 Server Locations

Our services use servers in the following countries:

3.1.1 RackNerd VPS (France)

• Provider: RackNerd LLC
• Location: France (EU)
• Purpose: VPS hosting for applications
• Legal Basis: Art. 6 para. 1 lit. f GDPR
• Safeguards: EU data protection law applicable

3.1.2 RackNerd Web Hosting (USA, Los Angeles)

• Provider: RackNerd LLC
• Location: Los Angeles, USA
• Purpose: Email hosting and web services
• Legal Basis: Art. 6 para. 1 lit. f GDPR
• Safeguards:
• EU-US Data Privacy Framework
• Standard Contractual Clauses (SCC)
• Additional technical safeguards

3.1.3 CloudFlare CDN

• Provider: Cloudflare Germany GmbH
• Headquarters: USA, subsidiaries in Germany
• Purpose: Content Delivery Network, DDoS protection
• Legal Basis: Art. 6 para. 1 lit. f GDPR
• Safeguards:
• EU-US Data Privacy Framework certification
• Data Processing Agreement under Art. 28 GDPR
• Local subsidiary in Germany

3.2 Additional Safeguards

For all transfers outside the EU, we have implemented:

• Encryption of all data transfers (TLS 1.3)
• Minimization of transferred data
• Regular security reviews
• Data Processing Agreements with all providers

4. Cookies and Similar Technologies

4.1 Necessary Cookies

• Session cookies for website functionality
• Security cookies to protect against CSRF attacks
• Load balancing cookies (CloudFlare)

Legal Basis: Art. 6 para. 1 lit. f GDPR
Retention Period: Session-based

4.2 CloudFlare Cookies

CloudFlare sets the following cookies:

• __cf_bm (Bot management, 30 minutes)
• __cfruid (Rate limiting, Session)

Legal Basis: Art. 6 para. 1 lit. f GDPR
Purpose: Security and performance

5. Your Rights

5.1 Right of Access (Art. 15 GDPR)

You have the right to know what data we have stored about you.

5.2 Right to Rectification (Art. 16 GDPR)

You can request correction of incorrect data.

5.3 Right to Erasure (Art. 17 GDPR)

You can request deletion of your data, unless legal retention obligations exist.

5.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request restriction of processing.

5.5 Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured format.

5.6 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests.

5.7 Withdrawal of Consent

You can withdraw any consent given at any time.

6. Data Security

6.1 Technical Safeguards

• TLS encryption for all transfers
• Secure server configurations
• Regular security updates
• Firewall protection
• Monitoring and intrusion detection

6.2 Organizational Measures

• Access control only for authorized persons
• Regular training
• Incident response plan
• Data protection impact assessment

6.3 IT Liability Insurance

We maintain IT liability insurance with Markel Insurance SE:

• Policy Number: ON.MPI.64092
• Coverage Amount: €300,000 (financial losses)
• Additional: €3,000,000 (personal/property damage)

7. Retention Periods

7.1 General Periods

• Contact data: 3 years after last communication
• Contract data: 10 years (HGB)
• Tax-relevant data: 10 years (AO)
• Log data: 30 days

7.2 Service-Specific Periods

• eSIM data: 2 years after contract end
• Hosting data: Contract term + 1 year
• IT consulting: Project end + 3 years

8. Complaint to Supervisory Authority

You have the right to lodge a complaint with the competent data protection supervisory authority:

State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover
Germany
Email: [email protected]
Phone: +49 511 120-4500

9. Changes to Privacy Policy

We may update this privacy policy as needed. The current version is always available on our website.

10. Contact

For questions about data processing, contact us:

Graham Miranda
Email: graham@rsp-home
Phone: +49 15678 397267

Last Updated: 6 October 2025