This is the English-language overview. The legally binding version under EU data-protection law (GDPR) is the German Datenschutzerklärung.
This policy describes which personal data is processed when you visit palmamidwife.com, for what purpose, on which legal basis, and for how long. It addresses visitors from the European Economic Area (EEA) and is based on the EU General Data Protection Regulation (GDPR).
Email: mona@airfy.com
AirZen Networks Inc. has not appointed an EU representative. The conditions for the exemption under Art. 27(2)(a) GDPR apply: data processing on palmamidwife.com is occasional, does not include the large-scale processing of special categories of data within the meaning of Art. 9 GDPR, and is unlikely to result in a risk to the rights and freedoms of data subjects.
Data-protection enquiries can be sent directly to mona@airfy.com.
There is no statutory obligation to appoint a Data Protection Officer. The controller employs fewer than 20 people in the processing of personal data, and the core activity requires neither systematic monitoring of individuals nor the large-scale processing of special data categories.
When the website is accessed, the web server processes technically necessary connection data:
Purpose: Page delivery, stability, abuse prevention.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation).
Retention: max. 14 days, then automatic deletion.
Sharing: none.
When you use the form on the home page, the following data is processed:
The data is validated by the server (length checks, spam protection) and forwarded by email to mona@airfy.com. The enquiry is not persistently stored on the server (no database entry, no file).
Bot protection: Hidden honeypot field, minimum time between page load and submission, and a rate limit per IP address.
IP address: For spam prevention and abuse forensics, the IP address is forwarded together with the enquiry by email to the receiving address and is subject there to the same retention as the enquiry itself (max. 12 months). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in preventing abuse of the contact form).
Purpose: Answering your enquiry and arranging a session.
Legal basis: Art. 6(1)(b) GDPR (initiation of free counsel) and Art. 6(1)(f) GDPR (legitimate interest in spam prevention).
Retention: Enquiries are kept in the email inbox for a maximum of 12 months and then deleted, unless a longer statutory retention obligation applies.
palmamidwife.com sets no cookies. There is no tracking. No analytics, advertising, or social-media tools are loaded.
The Spectral font is delivered from the same server (locally hosted). No connection is made to Google Fonts or other third-party font providers.
To operate the website and process your enquiry, the following service providers are used:
Server hosting (the web server behind palmamidwife.com).
Seat: Industriestr. 25, 91710 Gunzenhausen, Germany.
Contract: Data processing agreement under Art. 28 GDPR.
Data flow: within the EU.
Sending the email triggered by the contact form to mona@airfy.com.
Seat: 1801 California Street, Suite 500, Denver, CO 80202, USA.
Third-country transfer: yes, USA. Legal basis: EU-US Data Privacy Framework (Art. 45 GDPR, adequacy decision of 10 July 2023). SendGrid is DPF-certified.
The mailbox mona@airfy.com, where enquiries from the contact form arrive and are stored, is run with Google Workspace.
Seat: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Third-country transfer: yes, USA. Legal basis: EU-US Data Privacy Framework (Art. 45 GDPR). Google LLC is DPF-certified.
Where personal data is transferred to the USA (sections 5.2 and 5.3), this is done on the basis of the EU-US Data Privacy Framework. The EU Commission decided on 10 July 2023 that an essentially equivalent level of protection to EU law exists at certified US companies (Art. 45 GDPR). The named providers are DPF-certified.
You have the right at any time to:
Send enquiries informally by email to mona@airfy.com. The reply is free of charge and within the statutory deadline of one month (extendable by two further months for complex requests, Art. 12(3) GDPR).
You have the right to lodge a complaint with a data-protection supervisory authority — usually the authority responsible for your residence, place of work, or place of the alleged infringement in the EEA (Art. 77 GDPR).
The website is delivered exclusively over HTTPS (TLS encryption). The contact form is additionally protected against automated abuse by honeypot, timing checks, and rate limiting. Server logs contain no content from submitted forms.
This privacy policy is updated whenever legal requirements or the services used change. The current version is available here; the date at the end of the page shows the status.
This policy is valid as of 4 May 2026.