PRIVACY POLICY

1. Controller 

The controller responsible for the processing of personal data on this website is: 

IKAI ZERO GmbH i.G. 
Eifflerstraße 43 
22769 Hamburg 
Germany 

Represented by the managing directors: 
Jonas Selzer and Harshitth Manickaratnam 

E-mail: hello@ikaizero.com 
Alternative e-mail: jonas.selzer@ikaizero.com 

2. Data Protection Contact 

For questions regarding data protection, you may contact the following person: 

Jonas Selzer 
E-mail: jonas@ikaizero.com 

A data protection officer has not currently been appointed, as, based on the information available, there is no statutory obligation to appoint one pursuant to Section 38 of the German Federal Data Protection Act (BDSG). 

3. General Information on Data Processing 

We process personal data only to the extent necessary to provide a functional website, process inquiries, schedule appointments, communicate with interested parties, customers and business partners, and comply with statutory obligations. 

Personal data means any information relating to an identified or identifiable natural person. This includes, in particular, name, contact details, e-mail address, telephone number, IP address, usage data and any content you provide to us via a contact form, by e-mail or as part of an appointment booking. 

Processing is carried out in particular on the basis of the following legal grounds: 


  • Art. 6(1)(b) GDPR, where processing is necessary for the performance of pre-contractual measures or for the performance of a contract;  


  • Art. 6(1)(c) GDPR, where we are legally obliged to process the data;  


  • Art. 6(1)(f) GDPR, where processing is necessary for the purposes of legitimate interests;  


  • Art. 6(1)(a) GDPR, where you have given us your consent.  

4. Provision of the Website and Hosting 

Our website is operated using the Framer service. Based on the information available, the provider is Framer. Domain management and DNS services are provided by IONOS. 

When you access our website, technically necessary data is processed so that the website can be delivered to your device. This includes, in particular: 


  • IP address  


  • date and time of access  


  • URL accessed  


  • amount of data transferred  


  • browser type and browser version  


  • operating system used  


  • referrer URL  


  • user agent  


  • technical connection data  

This data is processed in order to technically provide the website, ensure the stability and security of the systems, detect misuse and properly deliver the website. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and efficient provision of our website. 

Where Framer processes personal data on our behalf, this is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR or on the basis of the data protection terms provided by Framer. According to publicly available information, Framer provides a Data Processing Addendum which includes, among other things, provisions on processing on behalf of a controller, subprocessors, security measures and standard contractual clauses. (Framer) 

5. Server Log Files 

When you visit our website, server log files may be processed automatically by the hosting provider. Based on the information available, the following data may be affected in particular: 


  • IP address  


  • timestamp  


  • user agent  


  • URL accessed  


  • technical access data  

This data is processed for the technical provision of the website, system security, error analysis and protection against misuse. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and uninterrupted provision of our online offering. 

The specific retention period for server log files depends on the settings and requirements of the hosting provider. Where specific information is available to us, this data is stored only for as long as necessary for the purposes stated. Longer storage only takes place where this is necessary to investigate security incidents or to comply with statutory obligations. 

6. Use of CDN and Security Services 

CDN and security services may be used via Framer for the fast, secure and stable delivery of the website. Based on the information available, Framer uses a global CDN. It is possible that service providers such as Cloudflare or comparable infrastructure or CDN providers are involved as subprocessors. 

When a CDN is used, website content is delivered via globally distributed servers. In this context, IP addresses, technical access data, browser information and timestamps may be processed in particular. The purpose is the efficient delivery of the website, improvement of loading times, protection against attacks and technical stability of the online offering. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in providing a secure, high-performance and reliably accessible website. 

Where third-party providers are used as subprocessors, this is done within the framework of the respective contractual and data protection terms of the hosting provider. In its DPA, Framer states that subprocessors may be used and provides for contractual data protection obligations for subprocessors. (Framer) 

7. SSL/TLS Encryption 

For security reasons, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar begins with “https://” and a lock symbol is displayed. 

Encryption is intended to protect data that you transmit to us against unauthorized access by third parties. 

8. Contact by E-mail or Contact Form 

If you contact us by e-mail or via a contact form, we process the personal data you provide. This may include, in particular: 


  • name  


  • e-mail address  


  • telephone number  


  • company  


  • content of the inquiry  


  • time of contact  


  • other information voluntarily provided  

Processing is carried out in order to handle your inquiry, communicate with you and, where applicable, carry out pre-contractual measures or existing contractual relationships. 

Depending on the content of the inquiry, the legal basis is: 


  • Art. 6(1)(b) GDPR, where your inquiry is connected with a contract or pre-contractual measures;  


  • Art. 6(1)(f) GDPR, where processing is based on our legitimate interest in handling business and other inquiries;  


  • Art. 6(1)(c) GDPR, where statutory retention obligations apply.  

Based on the information available, contact form data is processed via Framer and forwarded to hello@ikaizero.com. Where Framer processes personal data on our behalf in this context, this is carried out on the basis of a data processing agreement or the Framer DPA. 

We generally store inquiries and the related correspondence for as long as necessary to process the inquiry. Business correspondence may also be retained in accordance with commercial and tax law requirements. In this respect, the regular retention period may be up to six or ten years where statutory retention obligations apply. 

9. Appointment Booking via Microsoft Bookings 

Appointment booking via Microsoft Bookings may be offered on our website. The provider is Microsoft. 

If you book an appointment via Microsoft Bookings, the following personal data may be processed in particular: 


  • name  


  • e-mail address  


  • telephone number  


  • desired appointment  


  • information about the matter  


  • communication and booking data  


  • technical access data  

Processing is carried out for the purpose of scheduling, coordinating and conducting meetings, consultations or other business contacts. 

The legal basis is Art. 6(1)(b) GDPR where the appointment booking is carried out for the performance of pre-contractual measures or a contractual relationship. In all other cases, processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in efficient and user-friendly appointment management. 

When Microsoft Bookings is used, personal data may be transmitted to Microsoft and processed on Microsoft servers. Microsoft may also use affiliated companies and service providers outside the European Union or the European Economic Area. Microsoft is listed under the EU-U.S. Data Privacy Framework. (dataprivacyframework.gov) 

Where Microsoft processes personal data on our behalf, this is carried out on the basis of Microsoft’s corresponding data protection and data processing terms. 

10. Cookies and Similar Technologies 

Based on the information currently available, no separate cookie consent tool is used on this website. It is currently not intended to actively use tracking or marketing cookies. 

However, the website may use technically necessary cookies or similar technologies that are required for the operation, security or display of the website. Such technically necessary processing is carried out on the basis of Art. 6(1)(f) GDPR and, where applicable, Section 25(2) of the German Telecommunications Digital Services Data Protection Act (TDDDG). 

If statistics, analytics, marketing or other non-essential cookies or comparable technologies are used in the future, this will only take place on the basis of prior consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. 

Based on the information available, it still needs to be verified whether Framer, Framer Analytics or embedded services set cookies, local storage, session storage or other tracking technologies. If this is the case, this Privacy Policy will be amended accordingly and, where required, consent management will be implemented. 

11. Analytics and Tracking Tools 

Based on the information currently available, no conventional analytics or marketing tracking tools such as Google Analytics, Google Tag Manager, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel or comparable services are used. 

It still needs to be verified whether Framer Analytics is activated or whether Framer otherwise provides usage or statistical data. If Framer Analytics or a comparable analytics tool is used, this Privacy Policy will be amended accordingly. Where consent is required for this purpose, such use will only take place after prior consent has been obtained. 

12. External Links and Embedded Content 

Our website may contain links to external websites and services. These may include, in particular, links to social media profiles, podcast platforms or external media offerings. 

When you click on an external link, you leave our website. The respective provider is responsible for the processing of personal data on the linked external websites. We have no influence over the nature, scope and purposes of data processing by these providers. 

Please refer to the privacy notices of the respective providers. 

13. Social Media Presences 

We maintain or link to presences on the following platforms: 


  • Instagram  


  • LinkedIn  


  • YouTube  


  • TikTok  


  • where applicable, Spotify, Apple Podcasts and other podcast platforms  

If you visit or interact with our profiles on these platforms, personal data may be processed by the respective platform operators. This includes, in particular, profile data, interaction data, communication data, usage data and technical access data. 

Processing by us, insofar as we ourselves receive access to personal data, is carried out for the purposes of public presentation, communication, information about our services and interaction with users. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in communication with interested parties, customers, business partners and the public. 

The platform operators may also process personal data for their own purposes, in particular for analyzing user behavior, creating profiles, advertising and measuring reach. We generally have only limited influence over this processing. 

The privacy notices of the respective providers apply to processing by the respective platforms. 

14. Podcast Platforms 

Where we provide content via podcast platforms such as Spotify, Apple Podcasts or comparable providers, or link to such offerings, users access these platforms at their own responsibility. 

When podcast content is accessed or played via external platforms, personal data may be processed by the respective providers. This includes, in particular, technical access data, usage data, device information, IP addresses and, where applicable, profile data if you are logged into the respective service. 

The respective platform provider is generally responsible for this data processing. 

15. Applications 

We currently do not operate a careers page and do not offer an online application function via the website. 

If you nevertheless send us application documents by e-mail, we process the personal data contained therein exclusively for the purpose of conducting the application process. 

The legal basis is Section 26 BDSG and Art. 6(1)(b) GDPR. If you provide us with special categories of personal data, Art. 9(2)(b) GDPR may additionally apply. 

Application data will be deleted as soon as it is no longer required for the application process, unless statutory retention obligations apply or you have consented to longer storage. 

16. No Payment Processing and No Online Shop 

Based on the information currently available, we do not operate an online shop on this website and do not use payment providers such as PayPal, Stripe, Klarna or comparable services. 

Personal data is therefore not processed for payment, shipping or e-commerce purposes via this website. 

17. No AI Systems and No Automated Decision-Making 

Based on the information currently available, no AI systems, chatbots or systems for automated decision-making are used on this website. 

No solely automated decision-making within the meaning of Art. 22 GDPR takes place. 

18. Data Transfers to Service Providers 

As part of operating the website and providing individual functions, personal data may be transmitted to service providers. Based on the information available, these include in particular: 


  • Framer as website and hosting provider  


  • IONOS as domain and DNS service provider  


  • Microsoft in connection with Microsoft Bookings  


  • where applicable, CDN and infrastructure service providers engaged by Framer  

Where these service providers process personal data on our behalf, this is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

Personal data is otherwise transferred to third parties only where there is a statutory basis for doing so, where you have given your consent or where the transfer is necessary for the purposes of legitimate interests. 

19. Third-Country Transfers 


When individual services are used, personal data may be transferred to countries outside the European Union or the European Economic Area, in particular to the United States. 

Based on the information available, this concerns in particular Framer, Microsoft and, where applicable, subprocessors engaged by them. 

For data transfers to the United States, the following safeguards may be relevant in particular: 


  • an adequacy decision by the European Commission, in particular under the EU-U.S. Data Privacy Framework, where the respective provider is certified;  


  • standard contractual clauses of the European Commission pursuant to Art. 46 GDPR;  


  • additional technical and organizational safeguards.  

The EU-U.S. Data Privacy Framework is administered by the U.S. Department of Commerce and serves as a mechanism for transfers of personal data from the EU to the United States. (dataprivacyframework.gov) 

According to publicly available information, Microsoft is listed under the DPF. For Framer, the specific legal basis for third-country transfers should still be finally verified. In any event, Framer provides for standard contractual clauses as a transfer mechanism in its DPA. (Framer) 

20. Retention Period 

We store personal data only for as long as necessary for the respective processing purposes or where statutory retention obligations apply. 

In particular, the following principles apply: 


  • Contact inquiries are stored for as long as necessary for processing and follow-up communication.  


  • Business correspondence may be retained for up to six or ten years in accordance with commercial and tax law requirements.  


  • Technical log data is generally stored only for as long as necessary for operation, security and error analysis.  


  • Data from appointment bookings is stored for as long as necessary for organizing, conducting and following up on the appointment.  


  • Data that must be retained due to statutory obligations is deleted only after expiry of the relevant statutory periods.  

Where no statutory retention obligations apply, personal data is deleted as soon as the purpose of processing no longer applies. 

21. Technical and Organizational Measures 

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration or destruction. 

These include in particular: 


  • SSL/TLS encryption of the website  


  • access restrictions for the systems used  


  • use of multi-factor authentication for Framer access, based on the information available  


  • role- and authorization-based access concepts  


  • careful selection of service providers  


  • contractual data protection arrangements with service providers, where required  


Please note that, despite appropriate safeguards, data transmission over the internet may have security vulnerabilities. Complete protection against access by third parties cannot be absolutely guaranteed from a technical perspective. 

22. Your Rights 

Under the GDPR, you have the following rights: 

Right of Access 

Pursuant to Art. 15 GDPR, you may request information as to whether and which personal data concerning you we process. 

Right to Rectification 

Pursuant to Art. 16 GDPR, you may request the rectification of inaccurate personal data or the completion of incomplete personal data. 

Right to Erasure 

Pursuant to Art. 17 GDPR, you may request the erasure of your personal data, unless statutory retention obligations or other legal reasons prevent this. 

Right to Restriction of Processing 

Pursuant to Art. 18 GDPR, you may request the restriction of processing. 

Right to Data Portability 

Pursuant to Art. 20 GDPR, you may request to receive personal data that you have provided to us in a structured, commonly used and machine-readable format or to have it transmitted to another controller. 

Right to Object 

Pursuant to Art. 21 GDPR, you may object to the processing of personal data where processing is carried out on the basis of Art. 6(1)(e) or Art. 6(1)(f) GDPR. 

Withdrawal of Consent 

Where processing is based on your consent, you may withdraw this consent at any time with effect for the future pursuant to Art. 7(3) GDPR. The lawfulness of processing carried out before withdrawal remains unaffected. 


23. Right to Lodge a Complaint with a Supervisory Authority 

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. 

The competent authority for Hamburg is in particular: 

The Hamburg Commissioner for Data Protection and Freedom of Information 
Ludwig-Erhard-Straße 22 
20459 Hamburg 
Germany 

24. Objection to Direct Marketing 

If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes. 

After receipt of your objection, your personal data will no longer be processed for direct marketing purposes. 

25. Amendments to this Privacy Policy 

We reserve the right to amend this Privacy Policy if the website, the services used, the legal requirements or our data processing activities change. 

The version currently published on this website shall apply. 

Last updated: May 2026 

1. Controller 

The controller responsible for the processing of personal data on this website is: 

IKAI ZERO GmbH i.G. 
Eifflerstraße 43 
22769 Hamburg 
Germany 

Represented by the managing directors: 
Jonas Selzer and Harshitth Manickaratnam 

E-mail: hello@ikaizero.com 
Alternative e-mail: jonas.selzer@ikaizero.com 

2. Data Protection Contact 

For questions regarding data protection, you may contact the following person: 

Jonas Selzer 
E-mail: jonas@ikaizero.com 

A data protection officer has not currently been appointed, as, based on the information available, there is no statutory obligation to appoint one pursuant to Section 38 of the German Federal Data Protection Act (BDSG). 

3. General Information on Data Processing 

We process personal data only to the extent necessary to provide a functional website, process inquiries, schedule appointments, communicate with interested parties, customers and business partners, and comply with statutory obligations. 

Personal data means any information relating to an identified or identifiable natural person. This includes, in particular, name, contact details, e-mail address, telephone number, IP address, usage data and any content you provide to us via a contact form, by e-mail or as part of an appointment booking. 

Processing is carried out in particular on the basis of the following legal grounds: 


  • Art. 6(1)(b) GDPR, where processing is necessary for the performance of pre-contractual measures or for the performance of a contract;  


  • Art. 6(1)(c) GDPR, where we are legally obliged to process the data;  


  • Art. 6(1)(f) GDPR, where processing is necessary for the purposes of legitimate interests;  


  • Art. 6(1)(a) GDPR, where you have given us your consent.  

4. Provision of the Website and Hosting 

Our website is operated using the Framer service. Based on the information available, the provider is Framer. Domain management and DNS services are provided by IONOS. 

When you access our website, technically necessary data is processed so that the website can be delivered to your device. This includes, in particular: 


  • IP address  


  • date and time of access  


  • URL accessed  


  • amount of data transferred  


  • browser type and browser version  


  • operating system used  


  • referrer URL  


  • user agent  


  • technical connection data  

This data is processed in order to technically provide the website, ensure the stability and security of the systems, detect misuse and properly deliver the website. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and efficient provision of our website. 

Where Framer processes personal data on our behalf, this is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR or on the basis of the data protection terms provided by Framer. According to publicly available information, Framer provides a Data Processing Addendum which includes, among other things, provisions on processing on behalf of a controller, subprocessors, security measures and standard contractual clauses. (Framer) 

5. Server Log Files 

When you visit our website, server log files may be processed automatically by the hosting provider. Based on the information available, the following data may be affected in particular: 


  • IP address  


  • timestamp  


  • user agent  


  • URL accessed  


  • technical access data  

This data is processed for the technical provision of the website, system security, error analysis and protection against misuse. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and uninterrupted provision of our online offering. 

The specific retention period for server log files depends on the settings and requirements of the hosting provider. Where specific information is available to us, this data is stored only for as long as necessary for the purposes stated. Longer storage only takes place where this is necessary to investigate security incidents or to comply with statutory obligations. 

6. Use of CDN and Security Services 

CDN and security services may be used via Framer for the fast, secure and stable delivery of the website. Based on the information available, Framer uses a global CDN. It is possible that service providers such as Cloudflare or comparable infrastructure or CDN providers are involved as subprocessors. 

When a CDN is used, website content is delivered via globally distributed servers. In this context, IP addresses, technical access data, browser information and timestamps may be processed in particular. The purpose is the efficient delivery of the website, improvement of loading times, protection against attacks and technical stability of the online offering. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in providing a secure, high-performance and reliably accessible website. 

Where third-party providers are used as subprocessors, this is done within the framework of the respective contractual and data protection terms of the hosting provider. In its DPA, Framer states that subprocessors may be used and provides for contractual data protection obligations for subprocessors. (Framer) 

7. SSL/TLS Encryption 

For security reasons, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar begins with “https://” and a lock symbol is displayed. 

Encryption is intended to protect data that you transmit to us against unauthorized access by third parties. 

8. Contact by E-mail or Contact Form 

If you contact us by e-mail or via a contact form, we process the personal data you provide. This may include, in particular: 


  • name  


  • e-mail address  


  • telephone number  


  • company  


  • content of the inquiry  


  • time of contact  


  • other information voluntarily provided  

Processing is carried out in order to handle your inquiry, communicate with you and, where applicable, carry out pre-contractual measures or existing contractual relationships. 

Depending on the content of the inquiry, the legal basis is: 


  • Art. 6(1)(b) GDPR, where your inquiry is connected with a contract or pre-contractual measures;  


  • Art. 6(1)(f) GDPR, where processing is based on our legitimate interest in handling business and other inquiries;  


  • Art. 6(1)(c) GDPR, where statutory retention obligations apply.  

Based on the information available, contact form data is processed via Framer and forwarded to hello@ikaizero.com. Where Framer processes personal data on our behalf in this context, this is carried out on the basis of a data processing agreement or the Framer DPA. 

We generally store inquiries and the related correspondence for as long as necessary to process the inquiry. Business correspondence may also be retained in accordance with commercial and tax law requirements. In this respect, the regular retention period may be up to six or ten years where statutory retention obligations apply. 

9. Appointment Booking via Microsoft Bookings 

Appointment booking via Microsoft Bookings may be offered on our website. The provider is Microsoft. 

If you book an appointment via Microsoft Bookings, the following personal data may be processed in particular: 


  • name  


  • e-mail address  


  • telephone number  


  • desired appointment  


  • information about the matter  


  • communication and booking data  


  • technical access data  

Processing is carried out for the purpose of scheduling, coordinating and conducting meetings, consultations or other business contacts. 

The legal basis is Art. 6(1)(b) GDPR where the appointment booking is carried out for the performance of pre-contractual measures or a contractual relationship. In all other cases, processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in efficient and user-friendly appointment management. 

When Microsoft Bookings is used, personal data may be transmitted to Microsoft and processed on Microsoft servers. Microsoft may also use affiliated companies and service providers outside the European Union or the European Economic Area. Microsoft is listed under the EU-U.S. Data Privacy Framework. (dataprivacyframework.gov) 

Where Microsoft processes personal data on our behalf, this is carried out on the basis of Microsoft’s corresponding data protection and data processing terms. 

10. Cookies and Similar Technologies 

Based on the information currently available, no separate cookie consent tool is used on this website. It is currently not intended to actively use tracking or marketing cookies. 

However, the website may use technically necessary cookies or similar technologies that are required for the operation, security or display of the website. Such technically necessary processing is carried out on the basis of Art. 6(1)(f) GDPR and, where applicable, Section 25(2) of the German Telecommunications Digital Services Data Protection Act (TDDDG). 

If statistics, analytics, marketing or other non-essential cookies or comparable technologies are used in the future, this will only take place on the basis of prior consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. 

Based on the information available, it still needs to be verified whether Framer, Framer Analytics or embedded services set cookies, local storage, session storage or other tracking technologies. If this is the case, this Privacy Policy will be amended accordingly and, where required, consent management will be implemented. 

11. Analytics and Tracking Tools 

Based on the information currently available, no conventional analytics or marketing tracking tools such as Google Analytics, Google Tag Manager, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel or comparable services are used. 

It still needs to be verified whether Framer Analytics is activated or whether Framer otherwise provides usage or statistical data. If Framer Analytics or a comparable analytics tool is used, this Privacy Policy will be amended accordingly. Where consent is required for this purpose, such use will only take place after prior consent has been obtained. 

12. External Links and Embedded Content 

Our website may contain links to external websites and services. These may include, in particular, links to social media profiles, podcast platforms or external media offerings. 

When you click on an external link, you leave our website. The respective provider is responsible for the processing of personal data on the linked external websites. We have no influence over the nature, scope and purposes of data processing by these providers. 

Please refer to the privacy notices of the respective providers. 

13. Social Media Presences 

We maintain or link to presences on the following platforms: 


  • Instagram  


  • LinkedIn  


  • YouTube  


  • TikTok  


  • where applicable, Spotify, Apple Podcasts and other podcast platforms  

If you visit or interact with our profiles on these platforms, personal data may be processed by the respective platform operators. This includes, in particular, profile data, interaction data, communication data, usage data and technical access data. 

Processing by us, insofar as we ourselves receive access to personal data, is carried out for the purposes of public presentation, communication, information about our services and interaction with users. 

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in communication with interested parties, customers, business partners and the public. 

The platform operators may also process personal data for their own purposes, in particular for analyzing user behavior, creating profiles, advertising and measuring reach. We generally have only limited influence over this processing. 

The privacy notices of the respective providers apply to processing by the respective platforms. 

14. Podcast Platforms 

Where we provide content via podcast platforms such as Spotify, Apple Podcasts or comparable providers, or link to such offerings, users access these platforms at their own responsibility. 

When podcast content is accessed or played via external platforms, personal data may be processed by the respective providers. This includes, in particular, technical access data, usage data, device information, IP addresses and, where applicable, profile data if you are logged into the respective service. 

The respective platform provider is generally responsible for this data processing. 

15. Applications 

We currently do not operate a careers page and do not offer an online application function via the website. 

If you nevertheless send us application documents by e-mail, we process the personal data contained therein exclusively for the purpose of conducting the application process. 

The legal basis is Section 26 BDSG and Art. 6(1)(b) GDPR. If you provide us with special categories of personal data, Art. 9(2)(b) GDPR may additionally apply. 

Application data will be deleted as soon as it is no longer required for the application process, unless statutory retention obligations apply or you have consented to longer storage. 

16. No Payment Processing and No Online Shop 

Based on the information currently available, we do not operate an online shop on this website and do not use payment providers such as PayPal, Stripe, Klarna or comparable services. 

Personal data is therefore not processed for payment, shipping or e-commerce purposes via this website. 

17. No AI Systems and No Automated Decision-Making 

Based on the information currently available, no AI systems, chatbots or systems for automated decision-making are used on this website. 

No solely automated decision-making within the meaning of Art. 22 GDPR takes place. 

18. Data Transfers to Service Providers 

As part of operating the website and providing individual functions, personal data may be transmitted to service providers. Based on the information available, these include in particular: 


  • Framer as website and hosting provider  


  • IONOS as domain and DNS service provider  


  • Microsoft in connection with Microsoft Bookings  


  • where applicable, CDN and infrastructure service providers engaged by Framer  

Where these service providers process personal data on our behalf, this is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

Personal data is otherwise transferred to third parties only where there is a statutory basis for doing so, where you have given your consent or where the transfer is necessary for the purposes of legitimate interests. 

19. Third-Country Transfers 


When individual services are used, personal data may be transferred to countries outside the European Union or the European Economic Area, in particular to the United States. 

Based on the information available, this concerns in particular Framer, Microsoft and, where applicable, subprocessors engaged by them. 

For data transfers to the United States, the following safeguards may be relevant in particular: 


  • an adequacy decision by the European Commission, in particular under the EU-U.S. Data Privacy Framework, where the respective provider is certified;  


  • standard contractual clauses of the European Commission pursuant to Art. 46 GDPR;  


  • additional technical and organizational safeguards.  

The EU-U.S. Data Privacy Framework is administered by the U.S. Department of Commerce and serves as a mechanism for transfers of personal data from the EU to the United States. (dataprivacyframework.gov) 

According to publicly available information, Microsoft is listed under the DPF. For Framer, the specific legal basis for third-country transfers should still be finally verified. In any event, Framer provides for standard contractual clauses as a transfer mechanism in its DPA. (Framer) 

20. Retention Period 

We store personal data only for as long as necessary for the respective processing purposes or where statutory retention obligations apply. 

In particular, the following principles apply: 


  • Contact inquiries are stored for as long as necessary for processing and follow-up communication.  


  • Business correspondence may be retained for up to six or ten years in accordance with commercial and tax law requirements.  


  • Technical log data is generally stored only for as long as necessary for operation, security and error analysis.  


  • Data from appointment bookings is stored for as long as necessary for organizing, conducting and following up on the appointment.  


  • Data that must be retained due to statutory obligations is deleted only after expiry of the relevant statutory periods.  

Where no statutory retention obligations apply, personal data is deleted as soon as the purpose of processing no longer applies. 

21. Technical and Organizational Measures 

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration or destruction. 

These include in particular: 


  • SSL/TLS encryption of the website  


  • access restrictions for the systems used  


  • use of multi-factor authentication for Framer access, based on the information available  


  • role- and authorization-based access concepts  


  • careful selection of service providers  


  • contractual data protection arrangements with service providers, where required  


Please note that, despite appropriate safeguards, data transmission over the internet may have security vulnerabilities. Complete protection against access by third parties cannot be absolutely guaranteed from a technical perspective. 

22. Your Rights 

Under the GDPR, you have the following rights: 

Right of Access 

Pursuant to Art. 15 GDPR, you may request information as to whether and which personal data concerning you we process. 

Right to Rectification 

Pursuant to Art. 16 GDPR, you may request the rectification of inaccurate personal data or the completion of incomplete personal data. 

Right to Erasure 

Pursuant to Art. 17 GDPR, you may request the erasure of your personal data, unless statutory retention obligations or other legal reasons prevent this. 

Right to Restriction of Processing 

Pursuant to Art. 18 GDPR, you may request the restriction of processing. 

Right to Data Portability 

Pursuant to Art. 20 GDPR, you may request to receive personal data that you have provided to us in a structured, commonly used and machine-readable format or to have it transmitted to another controller. 

Right to Object 

Pursuant to Art. 21 GDPR, you may object to the processing of personal data where processing is carried out on the basis of Art. 6(1)(e) or Art. 6(1)(f) GDPR. 

Withdrawal of Consent 

Where processing is based on your consent, you may withdraw this consent at any time with effect for the future pursuant to Art. 7(3) GDPR. The lawfulness of processing carried out before withdrawal remains unaffected. 


23. Right to Lodge a Complaint with a Supervisory Authority 

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. 

The competent authority for Hamburg is in particular: 

The Hamburg Commissioner for Data Protection and Freedom of Information 
Ludwig-Erhard-Straße 22 
20459 Hamburg 
Germany 

24. Objection to Direct Marketing 

If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes. 

After receipt of your objection, your personal data will no longer be processed for direct marketing purposes. 

25. Amendments to this Privacy Policy 

We reserve the right to amend this Privacy Policy if the website, the services used, the legal requirements or our data processing activities change. 

The version currently published on this website shall apply. 

Last updated: May 2026