Privacy Policy

The controller responsible for data processing is:

We process personal data only where there is a legal basis under the GDPR. The relevant legal bases are usually:

• Art. 6(1)(b) GDPR: performance of a contract or pre-contractual measures.
• Art. 6(1)(c) GDPR: compliance with legal obligations.
• Art. 6(1)(f) GDPR: legitimate interests.
• Art. 6(1)(a) GDPR: consent, where consent is required.

When you visit our website, technical access data may be processed automatically. This may include:

• IP address.
• Date and time of access.
• Requested pages or files.
• Referrer URL.
• Browser type and version.
• Operating system and device information.
• HTTP status codes.

This processing is necessary to deliver the website, maintain security, detect abuse, and ensure technical stability.

Legal basis: Art. 6(1)(f) GDPR.
Legitimate interest: secure and reliable operation of the website.
Retention: server log data is deleted or anonymised after it is no longer required for security and operational purposes, unless longer retention is legally required.

Our website is hosted by:

Vercel processes technical data required to provide, secure, and deliver this website. This may include IP addresses, request data, and server log data.

Where required, we use appropriate contractual and legal safeguards for data transfers outside the EU/EEA.

Legal basis: Art. 6(1)(f) GDPR.
Legitimate interest: secure, fast, and reliable hosting of our website.

If you contact us by email, contact form, preview request form, or similar means, we process the information you provide. This may include:

• Name and business name.
• Website URL.
• Email address and phone number.
• Project details and message content.
• Communication history.

We process this data to respond to your inquiry, prepare offers, provide previews, negotiate contracts, and perform requested services.

Legal basis: Art. 6(1)(b) GDPR where the communication relates to a contract or pre-contractual inquiry; otherwise Art. 6(1)(f) GDPR.
Retention: inquiry and communication data is retained as long as necessary to handle the inquiry and for applicable limitation periods. Business correspondence may be retained longer where legally required.

If you request a website preview, we process the data required to understand your business and prepare the preview. This may include your business name, current website, public business information, design preferences, and contact details.

We may also review publicly available information about your business, such as your website, public Google Business profile, public social media pages, or other public business listings, if this is necessary to prepare a relevant preview.

Legal basis: Art. 6(1)(b) GDPR for pre-contractual measures; Art. 6(1)(f) GDPR for processing publicly available business information.
Legitimate interest: preparing a relevant business proposal and avoiding generic or misleading previews.

If you become a customer, we process data required to create, perform, manage, and invoice our services. This may include:

• Name, business name, and billing address.
• Email address and phone number.
• Project requirements and contractual documents.
• Invoices and payment status.
• Login or access information you voluntarily provide.
• Project communication.

Legal basis: Art. 6(1)(b) GDPR.
Retention: contract and invoice data is retained for the applicable statutory retention periods, especially under German commercial and tax law.

Payments may be processed by bank transfer and/or external payment providers such as Stripe.

If Stripe is used, payment data is processed by Stripe for payment execution, fraud prevention, compliance, and related purposes.

Legal basis: Art. 6(1)(b) GDPR for payment processing; Art. 6(1)(c) GDPR for tax and accounting obligations; Art. 6(1)(f) GDPR for fraud prevention and payment security.

We use email to communicate with prospects, customers, service providers, and business contacts. Email communication may contain personal data depending on the content of the message.

Legal basis: Art. 6(1)(b) GDPR for contract-related communication; Art. 6(1)(f) GDPR for general business communication; Art. 6(1)(c) GDPR where retention is legally required.

Our website uses only technically necessary cookies or similar technologies unless stated otherwise.

Technically necessary technologies may be used to provide core website functionality, security, form handling, session management, or user preferences.

Legal basis: Art. 6(1)(f) GDPR and, where applicable, Section 25(2) TDDDG.

We do not use non-essential analytics, advertising, retargeting, or tracking technologies unless you have given prior consent.

Legal basis for non-essential technologies: Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

We do not use personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you.

We may share personal data with service providers where necessary to operate our business and deliver our services. This may include:

• Hosting providers.
• Email providers.
• Payment providers.
• Accounting or tax advisors.
• Project management tools.
• Domain or hosting providers used for client projects.
• Legal advisors, if necessary.

Where required, we conclude data processing agreements with processors pursuant to Art. 28 GDPR.

Some service providers may process data outside the EU/EEA, especially in the United States. Where this happens, we rely on appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions, the EU-U.S. Data Privacy Framework where applicable, or other legally recognised transfer mechanisms.

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless legal retention obligations require longer storage.

Typical retention periods:

• Server logs: short-term security and operational retention.
• Inquiries: for the duration of communication and applicable limitation periods.
• Contracts and business correspondence: according to applicable statutory periods.
• Invoices and accounting records: according to German tax and commercial law.
• Consent records: as long as necessary to prove consent.

You have the following rights under the GDPR, subject to the legal requirements:

• Right of access.
• Right to rectification.
• Right to erasure.
• Right to restriction of processing.
• Right to data portability.
• Right to object to processing based on Art. 6(1)(f) GDPR.
• Right to withdraw consent at any time with future effect.
• Right to lodge a complaint with a data protection supervisory authority.

For Hessen, the competent supervisory authority is:

You are not legally required to provide personal data when visiting our website. However, certain data is technically necessary to display the website.

If you contact us, request a preview, or enter into a contract, we need the data required to process the inquiry or perform the contract. Without this data, we may not be able to respond or provide services.

We may update this Privacy Policy if our website, services, legal obligations, or data processing practices change.