1. Controller & Contact

As a sole proprietor and AI innovator, we are responsible for processing your personal data on this website.

2. General Information on Data Processing

2.1 Scope of Processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Processing generally takes place with your consent or where permitted by law.

2.2 Legal Bases

Where we obtain consent for processing operations, Art. 6(1)(a) GDPR is the legal basis.

For processing necessary to perform a contract or pre-contractual measures, the legal basis is Art. 6(1)(b) GDPR.

Where processing is necessary for compliance with a legal obligation, the legal basis is Art. 6(1)(c) GDPR.

Where processing is necessary for the purposes of legitimate interests, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interests include the optimization and efficient operation of our website.

2.3 Erasure & Storage Period

Your personal data will be erased or blocked as soon as the purpose for storage no longer applies. Storage may continue if required by European or national legislation. Data will also be erased when a statutory retention period expires unless further storage is necessary for the conclusion or performance of a contract.

3. Your Rights

Under the GDPR you have the following rights:

• Right of access (Art. 15 GDPR): Obtain information about the personal data we process about you.
• Right to rectification (Art. 16 GDPR): Have inaccurate or incomplete data corrected without undue delay.
• Right to erasure (Art. 17 GDPR): Request deletion of your personal data, unless statutory retention obligations apply.
• Right to restriction (Art. 18 GDPR): Request restriction of processing.
• Right to data portability (Art. 20 GDPR): Receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21 GDPR): Object at any time to processing, in particular for direct marketing.
• Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time with effect for the future.
• Right to lodge a complaint (Art. 77 GDPR): Lodge a complaint with a supervisory authority.

4. Website Provision & Log Files

4.1 Hosting by IONOS

Our website is hosted by IONOS SE:

4.2 Automatically Collected Data (Server Log Files)

Each time our website is accessed, our hosting provider automatically collects the following information in server log files:

• IP address of the requesting device
• Date and time of access
• Name and URL of the requested file
• Amount of data transferred
• HTTP response code
• Browser type and version
• User’s operating system
• Referrer URL (previous page)
• User’s ISP

Purpose: Technical operation and security of the website, error analysis.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in functionality and security).
Storage period: Log files are automatically deleted after 7 days.
Processor: We have a data processing agreement with IONOS under Art. 28 GDPR.
Further information: IONOS Privacy Policy

5. Cookies & Local Storage

5.1 What Are Cookies?

Cookies are small text files stored on your device that help record information about your use of the website.

5.2 Cookie Categories Used

5.3 Cookie Management

You can adjust your cookie preferences at any time via our cookie banner. You can also manage or delete cookies in your browser settings.

Note: Disabling cookies may limit website functionality.

6. Google Analytics 4

6.1 Use of Google Analytics

We use Google Analytics 4, a web analytics service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

6.2 Scope of Processing

Google Analytics uses cookies and similar technologies to analyze your use of our website. The following information is collected:

• Page views and navigation paths
• Dwell time
• Bounce rates
• Device type and screen resolution
• Browser type and version
• Geographical origin (country, city)
• Referrer URL
• Truncated IP address (IP anonymization enabled)

6.3 IP Anonymization

We have enabled IP anonymization. Your IP address is truncated within the EU before being sent to Google servers. Only in exceptional cases is the full IP address transferred to servers in the USA and truncated there.

6.4 Data Transfers to the USA

Google also processes data on servers in the USA. Transfers are based on:

• EU Standard Contractual Clauses under Art. 46 GDPR
• The EU-US Data Privacy Framework (where applicable)
• Your consent under Art. 49(1)(a) GDPR

6.5 Purpose of Processing

• Analyze user behavior
• Optimize website structure and content
• Improve user experience
• Create visitor statistics

6.6 Legal Basis

Art. 6(1)(a) GDPR (consent via cookie banner)

6.7 Storage Period

Data collected by Google Analytics is automatically deleted after 14 months.

6.8 Objection & Opt-Out

You can object to Google Analytics:

• Via our cookie banner (disable analytics cookies)
• By installing the Google Analytics Opt-Out Browser Add-on
• By deleting cookies in your browser

Further information:

• Google Privacy Policy
• Google Analytics & Privacy

7. Google Fonts (locally hosted)

7.1 Local Hosting

For consistent typography we use Google Web Fonts. Important: Google Fonts are stored locally on our server. No connection to Google servers is made when you visit our website.

7.2 No Data Transfer

Because fonts are locally hosted, no personal data is transmitted to Google. Your IP address is not shared with Google.

7.3 Purpose

Consistent, appealing presentation across devices.

7.4 Legal Basis

Art. 6(1)(f) GDPR (legitimate interest in professional web design)

8. Social Media Links

8.1 Type of Integration

We link to various social media platforms. Integration is via simple links only (no plugins or iframes).

8.2 Linked Platforms

• Instagram
• LinkedIn
• YouTube
• Vimeo
• Other social media channels

8.3 Data Transfer

Data is transmitted only when you actively click a link and visit the respective platform. Before that, no data is sent to social media providers.

8.4 Responsibility

Once you leave our site and visit an external platform, that provider’s privacy policy applies. We have no influence over their processing.

8.5 Legal Basis

Art. 6(1)(f) GDPR (legitimate interest in presenting our work and networking)

9. Video Embeds

9.1 YouTube (Enhanced Privacy Mode)

We embed YouTube videos using Enhanced Privacy Mode (youtube-nocookie.com).

How it works: Cookies and tracking activate only when you actually play a video. Simply loading the page does not trigger data transfers.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in multimedia presentation).

9.2 Vimeo

We use Vimeo, provided by Vimeo, Inc., 555 West 18th Street, New York, NY 10011, USA.

Data processing: When playing Vimeo videos, the following data may be collected:

• IP address
• Date and time of access
• Referrer URL
• Browser information

Legal basis: Art. 6(1)(f) GDPR
Vimeo Privacy: vimeo.com/privacy

10. Contact Form & Email

10.1 Contact

When you contact us via form or email, we process:

• Name
• Email address
• Subject and message content
• Time of request
• Optional: phone number, company, additional details

10.2 Purpose

• Handling your request
• Communication
• Project discussions and quotations

10.3 Legal Basis

Art. 6(1)(b) GDPR (pre-contractual/contractual) or Art. 6(1)(f) GDPR (legitimate interest in responding).

10.4 Storage Period

We delete your data once the request is resolved and no statutory retention applies. If a contract is concluded, statutory retention (up to 10 years) applies.

10.5 Email Security

Emails over the internet are generally unencrypted. For confidential information, we recommend encrypted channels.

11. Chatbot – Tidio

11.1 Use of the Chat Service

We use Tidio by Tidio LLC, 2035 Sunset Lake Road, Suite B-2, Newark, Delaware 19702, USA.

11.2 Data Processed

When you use the chat, the following data may be processed:

• Name (if provided)
• Email address (if provided)
• Message content
• Time of conversation
• IP address
• Browser information

11.3 Purpose

• Customer support and advice
• Responding to inquiries
• Improving usability

11.4 Legal Basis

Art. 6(1)(a) GDPR (consent at chat start) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

11.5 Transfers to the USA

Tidio processes data on US servers based on EU Standard Contractual Clauses.
Tidio Privacy: tidio.com/privacy-policy

12. AI Tools & Generative Technologies

12.1 AI Tools Used

We use the following AI technologies in projects:

12.2 Data Processing with AI Tools

Important: AI tools are used internally for content creation. Website visitors do not directly interact with these tools.

Project-based use:

• For project requests, client data (e.g., briefings) may be used to create AI-generated content
• Processing occurs only on the basis of an assignment and with client consent
• Sensitive client data is not sent to AI services without explicit permission
• We select AI tools per project based on privacy and security standards

12.3 Transfers to Third Countries

Many AI providers are based in the USA. Transfers are based on:

• EU Standard Contractual Clauses (Art. 46 GDPR)
• EU-US Data Privacy Framework (where applicable)
• Consent under Art. 49(1)(a) GDPR (upon engagement)

12.4 Data Protection in AI Projects

For each project we assess:

• Which AI tools are appropriate
• Which data protection measures are required
• Whether a data processing agreement is necessary
• Whether a data protection impact assessment is required

12.5 Transparency to Clients

We inform clients about:

• Which AI tools are used
• Which data is processed
• Where data is processed (server locations)
• Which data protection measures are in place

12.6 Legal Basis

Art. 6(1)(b) GDPR (contract performance) and/or Art. 6(1)(a) GDPR (client consent).

13. Anti-Bot Service – hCaptcha

13.1 Use of hCaptcha

We use hCaptcha by Intuition Machines, Inc., Los Angeles, CA, USA, to protect our website from spam and abuse.

13.2 How It Works

hCaptcha analyzes user behavior to distinguish humans from bots. The analysis runs automatically in the background.

13.3 Data Processed

• IP address
• Date and time of visit
• Browser and device information
• Mouse movements and interaction patterns
• Time spent on the website

13.4 Legal Basis

Art. 6(1)(f) GDPR (legitimate interest in protection against automated abuse).
hCaptcha Privacy: hcaptcha.com/privacy

14. jQuery CDN

14.1 Integration of jQuery

To optimize load performance, we use the jQuery library via a CDN.

14.2 Data Processing

When loading the files, your IP address is transmitted to CDN servers. This is technically necessary to deliver the files.

14.3 Legal Basis

Art. 6(1)(f) GDPR (legitimate interest in fast load times and optimal performance).

15. Applications & Careers

15.1 Applicant Data

For applications we process:

• Name, contact details
• CV and cover letter
• Certificates and qualifications
• Portfolio materials
• References (with consent)

15.2 Purpose

Conducting the application process and assessing suitability for open roles or collaborations.

15.3 Legal Basis

Art. 6(1)(b) GDPR in conjunction with § 26 BDSG (pre-contractual measures).

15.4 Storage Period

Application data is stored for up to 6 months after completion (for potential follow-up). With consent, data may be retained longer in a talent pool.

16. Processors & Third-Party Providers

16.1 Processors Overview

We work with the following processors:

16.2 Data Processing Agreements

We have agreements with all processors under Art. 28 GDPR ensuring adequate data protection.

17. Data Security

17.1 Technical & Organizational Measures

We implement extensive measures to protect your data:

• SSL/TLS encryption: All data transfers via HTTPS
• Firewalls: Protection against unauthorized access
• Regular backups: Data safeguarding
• Access restrictions: Only authorized personnel access personal data
• Up-to-date software: Regular updates
• Privacy training: Awareness for data protection

17.2 Data Breaches

In the event of a personal data breach, we will notify the supervisory authority without undue delay (within 72 hours) and, where required, the affected individuals.

18. Protection of Minors

Our services target individuals aged 18+. We do not knowingly process data of children under 16 without parental consent.

19. Links to Other Websites

Our website contains links to external third-party sites. We have no control over their content and privacy practices. Please review their privacy policies.

20. Changes to This Privacy Policy

We may amend this policy to reflect legal changes or changes in our services and processing. The current version is always available on our website.

Last update: January 2025

21. Creation of This Privacy Policy

22. Legal Notices & Abmahnungen

23. Contact for Privacy Questions