Est' 23

Berlin
Est' 23

Berlin
The controller within the meaning of the GDPR is:
Bahlsen Schmidt GbR, Käthe-Niederkirchner-Str.31, 10407 Berlin, Email: [verena@gezeiten-design.com]
You have the right at any time to:
You may withdraw any consent given at any time with effect for the future.
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI) Alt-Moabit 59–61, 10555 Berlin, Germany mailbox@datenschutz-berlin.de
Our website is hosted and managed via the Webflow platform operated by Webflow, Inc. (USA). When the site is accessed, Webflow processes technical data (including IP address, browser type, time of access) to the extent necessary for the secure and stable provision of the website.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a secure, efficient operation of the website). A data processing agreement (Art. 28 GDPR) is in place with Webflow. For transfers to the USA, see section 10.
Parts of the website are provided and delivered via the infrastructure of Netlify, Inc. (USA) (deployment, content delivery network). In doing so, Netlify processes technical connection data including the IP address in order to deliver content and ensure security.
Legal basis: Art. 6 (1) (f) GDPR. A data processing agreement is in place with Netlify. For transfers to the USA, see section 10.
When you visit the website, information is automatically collected in server log files that your browser transmits: browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request, and IP address. This data is not merged with other data sources.
Legal basis: Art. 6 (1) (f) GDPR. The collection is necessary for the technical operation and security of the website.
When you contact us via the contact form, we process the data you provide (in particular your name, email address, and message) in order to handle your enquiry. For the technical sending and delivery of these messages, we use the Resend service provided by Resend, Inc. (USA). The form contents are processed and transmitted via Resend.
Legal bases: Art. 6 (1) (b) GDPR (initiation/performance of a contract) and/or Art. 6 (1) (f) GDPR (legitimate interest in responding to enquiries). A data processing agreement is in place with Resend. For transfers to the USA, see section 10. We store your enquiry until the purpose of processing no longer applies; statutory retention periods remain unaffected.
To statistically evaluate the use of our website, we use Umami Cloud, a service provided by Umami Software, Inc. (USA). Umami works without cookies and does not create individual user profiles. No personal data in the conventional sense (no names, no email addresses, no cross-device recognition) is stored. Only aggregated information is collected, such as pages viewed, referrer, approximate location (country), device type, and browser.
The analytics data is processed and stored in Umami Cloud's EU data region (Germany). As the provider of the service is based in the USA, the information on third-country transfers in section 10 applies in addition.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in privacy-friendly reach measurement). Since no information is stored on or read from your device, consent under § 25 TDDDG is not required. A data processing agreement (Art. 28 GDPR) is in place with the provider.
For security reasons, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” in your browser's address bar.
Some of the services mentioned above (Webflow, Netlify, Resend, Umami Cloud) are operated by providers based in the USA, which means that personal data may be processed in a third country. For Umami Cloud, the EU data region (Germany) is selected, so analytics data is stored in the EU; a third-country transfer may nonetheless arise from the provider's US incorporation. Transfers are based on the EU-US Data Privacy Framework (where the respective provider is certified) and/or the Standard Contractual Clauses of the EU Commission (Art. 46 GDPR) as appropriate safeguards.
Insofar as processing is based on Art. 6 (1) (f) GDPR, you have the right to object at any time, on grounds relating to your particular situation. We will then no longer process the data concerned, unless we can demonstrate compelling legitimate grounds.
This Privacy Policy is dated [Month/Year]. As the website evolves or legal requirements change, it may become necessary to update it.