1. Who we are?
This website is operated by Epiambient.
Website: https://epiambient.com
Controller: Dr. Álvaro Perdomo-Sabogal
Contact email: contact@epiambient.com
Postal address: Vor den Höfen 8, 30916 Isernhagen, Germany
As the controller, we decide which personal data is processed and for what purposes.
2. General information on data processing
We process personal data only as far as this is necessary to:
- provide a functional and secure website,
- respond to enquiries,
- deliver our offerings (e.g. stress questionnaire, appointments), or
- comply with legal obligations.
Depending on the situation, the legal basis is in particular:
- performance of a contract or steps prior to entering a contract (Art. 6(1)(b) GDPR),
- our legitimate interests, such as secure, stable operation of this website (Art. 6(1)(f) GDPR),
- your consent (Art. 6(1)(a) GDPR), where you choose to give it.
Providing personal data is generally voluntary. In some cases, it is required for us to respond to your enquiry or provide a service (for example when you ask for an appointment or a stress profile).
3. Hosting and server log files
Our website is hosted by Raidboxes GmbH (Münster, Germany). Raidboxes provides the technical infrastructure, performs backups and processes log data to ensure security and stable operation.
When you visit our site, the server automatically processes the following information:
- IP address of the requesting device
- Date and time of access
- Requested page/file and URL
- Amount of data transferred
- Notification whether the request was successful
- Browser type and version
- Operating system used
This information is stored temporarily in server log files and is not combined with other data sources. The legal basis is our legitimate interest in a secure and stable website (Art. 6(1)(f) GDPR).
4. Contact via form or email
If you contact us via a contact form or email, we process:
- your name (if provided),
- your email address,
- the content of your message,
- technical metadata of the transmission (time, IP address, browser information) where needed for security and troubleshooting.
We use this data solely to handle your enquiry and any follow-up questions.
Where your enquiry relates to a (potential) contract or service, the legal basis is Art. 6(1)(b) GDPR. In other cases, the processing is based on our legitimate interest in responding to enquiries (Art. 6(1)(f) GDPR).
We keep enquiries only as long as necessary to handle them and for a reasonable follow-up period, unless legal retention obligations require longer storage.
5. Questionnaire / forms: Stress, Grit, Anxiety (Forminator)
On this website we use the Forminator plugin to provide forms, including a stress and resilience questionnaire.
Depending on the form, we process:
- email address and name (if requested in the form),
- your answers in the questionnaire (e.g. assessments of stress, load, daily situation),
- technical metadata (time of submission, IP address, browser information) where necessary for security or misuse prevention.
This data is stored in our WordPress installation on servers hosted by Raidboxes within the EU. Unlike cloud-based survey tools, your responses remain on our secure servers in Germany and are not transferred to third-party platforms.
We use this data to:
- evaluate the stress questionnaire and provide you with feedback where applicable,
- improve and refine our services in anonymised or aggregated form form (e.g., to calibrate scoring bands based on statistical trends),
- prepare individual support if you explicitly ask for it.
The legal basis is usually your consent (Art. 6(1)(a) GDPR). Where the processing relates directly to a requested service or offer, Art. 6(1)(b) GDPR also applies.
You can withdraw your consent at any time with effect for the future. The lawfulness of processing based on consent before its withdrawal remains unaffected.
We aim to store personally identifiable questionnaire data only as long as needed for evaluation and feedback. Afterwards, answers may be anonymised so they no longer relate to an identifiable person.
6. Appointment bookings
For scheduling calls or sessions we use a booking solution integrated into WordPress.
In doing so we process, for example:
- name,
- email address,
- preferred dates/times,
- short description of your request (if you choose to provide it).
This data is used to plan, confirm and manage appointments. In some cases, appointments may be transferred to our calendar system (for example, exported as an .ics file into a calendar such as Google Calendar or an equivalent tool).
The legal basis is Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering into a contract).
7. Cookies
This website uses cookies where technically necessary or helpful to provide certain functions (for example, language or layout preferences, admin login sessions).
Typical cases include:
- Technically required cookies – for example, a temporary cookie to check whether your browser accepts cookies. This cookie does not contain personal data and is deleted when you close your browser.
- Login cookies (admin/editor accounts only) – when you log into the administrative area of the site, WordPress sets cookies that store your login information and view options. These cookies are relevant only for users with website accounts (not for normal visitors).
We currently do not use advertising cookies or tracking cookies to build detailed usage profiles.
You can configure your browser to inform you about the setting of cookies, to allow cookies only in specific cases, or to block them entirely. You can also delete stored cookies in your browser at any time. If cookies are disabled, some functions of the website may not work as intended.
8. Embedded content and external services
Content on this website may include embedded elements from other services (for example, videos, maps or images).
Embedded content from other websites behaves as if you had visited the other website directly. These external sites may:
- collect data about you,
- use cookies,
- include additional third-party tracking,
- monitor your interaction with the embedded content.
If you are logged into an account with that external provider (for example, YouTube), your interactions may be linked to this account.
We choose embedded content carefully and use external services only where they are useful for presenting our work.
9. Sharing of data with third parties
We only share personal data with third parties where one of the following applies:
- it is necessary to perform a contract or to take steps before entering into a contract (Art. 6(1)(b) GDPR),
- there is a legal obligation (Art. 6(1)(c) GDPR),
- there is a legitimate interest on our side which is not overridden by your interests or fundamental rights (Art. 6(1)(f) GDPR), or
- you have given your explicit consent (Art. 6(1)(a) GDPR).
Typical recipients include:
- our hosting provider Raidboxes GmbH (server operation, backups),
- email and calendar providers that we use to communicate with you or to manage appointments.
If we use service providers outside the EU/EEA, this will only be done where appropriate safeguards for data protection are in place (for example, standard contractual clauses).
10. Storage periods
We retain personal data only for as long as required for the respective purpose or as long as legal retention obligations exist.
In practice this means, for example:
- Contact enquiries: are deleted once your request has been fully processed and no further follow-up is expected.
- Stress questionnaires: identifiable data is stored only as long as needed for evaluation and feedback, then may be anonymised.
- Appointment data: is retained as long as necessary for scheduling, documentation and any follow-up related to the appointment.
- Server log files: are generally deleted automatically by the hosting provider after a short period, unless needed longer in the event of technical issues or security incidents.
11. Your rights
You have various rights in relation to your personal data under applicable data protection law, including the GDPR. In particular, you may:
- request information about the personal data we hold about you,
- request correction of incorrect or incomplete data,
- request deletion of data where there is no obligation or overriding reason to retain it,
- request restriction of processing in certain circumstances,
- object to specific types of processing, especially where they are based on Art. 6(1)(f) GDPR (legitimate interests),
- request that data you have provided be made available to you in a structured, commonly used and machine-readable format, where applicable.
To exercise these rights, please contact us at: contact@epiambient.com
If you have concerns about how we process personal data, you can also contact a data protection supervisory authority.
12. Changes to this privacy policy
We may update this privacy policy if our website, our services or legal requirements change. The version published on this page is the current one.
