Privacy Policy

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Walter Herbrandt – kölns-webdesign
Am Braunsacker 34
50765 Cologne
Email: arelaw@aol.com

2. General Information

This privacy policy informs you about which personal data we process, for what purposes, and on what legal basis. In particular, the information obligations pursuant to Art. 13 GDPR and § 25 TTDSG (storage/access of information on end devices, e.g., cookies/local storage) apply.

3. Access Data / Hosting (Server Log Files)

When visiting this website, information is automatically processed by the hosting provider in so-called server log files (e.g., IP address, date/time, accessed page/file, referrer URL, browser/OS, status codes).

Purpose: Secure operation of the website, error analysis, defense against attacks.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure operation).
Storage period: [ENTER HERE, e.g., “up to 7 days”].

Hosting provider: [HOST NAME + ADDRESS]
(If applicable: Data processing agreement with the host.)

4. Contact

If you contact us by email or via a contact form, we process the data you provide (e.g., name, email, message content) to respond to your request.

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual/contractual communication) and/or Art. 6 (1) lit. f GDPR.
Storage period: As long as necessary for processing; statutory retention obligations remain unaffected.

5. Orders / Checkout / Payment Processing (Ablefy)

For the sale of digital products, we use an external checkout/sales platform (Ablefy). If you make a purchase, the data required for contract processing (e.g., name, email, billing/payment data, product/license, transaction data) will be processed via the platform.

Legal basis: Art. 6 (1) lit. b GDPR (contract fulfillment).
Recipients: Ablefy and, if applicable, integrated payment service providers (depending on the selected payment method).
Further information: Ablefy Privacy Policy.

6. Newsletter / Marketing Emails

If you subscribe to our newsletter, we process your email address (and, if applicable, voluntary details such as first name) to send you information, updates, and offers about our products. Registration usually takes place via double opt-in.

Additional data required to prove consent may also be processed (e.g., time of registration/confirmation, IP address, technical log data).

Legal basis: Art. 6 (1) lit. a GDPR (consent). You can withdraw your consent at any time via the unsubscribe link in each email.

Mailing providers/tools: [Brevo and Mailchimp].

(If the provider is located in a third country, data may be transferred there; legal bases are generally Art. 46 GDPR (standard contractual clauses) and/or Art. 49 GDPR where applicable.)

7. Cookies / Local Storage / Consent Management

We use cookies or similar technologies (e.g., local storage) to provide essential website functions. Consent is not required for technically necessary technologies. Consent is generally required in advance for optional technologies (e.g., external embeds/marketing) under § 25 TTDSG, unless they are strictly technically necessary.

Consent tool (cookie banner): [NAME OF CONSENT TOOL OR “not in use”]
Note: If you embed YouTube content directly without a 2-click solution or use tracking/marketing, a consent tool is usually required.

8. Embedded Content (YouTube Videos)

We embed videos from YouTube. When loading the embed, data (e.g., IP address, device information, referrer) may be transmitted to YouTube/Google.

Where possible, we use privacy-enhanced embedding (e.g., youtube-nocookie.com) and/or a 2-click solution, where the video loads only after your consent.

Legal basis: Art. 6 (1) lit. a GDPR (consent), if the video loads only after approval.
Note: Data may be transferred to third countries (e.g., USA). Legal bases include Art. 46 GDPR (SCCs) and adequacy decisions where applicable.

9. Data Security (SSL/TLS)

We use technical and organizational measures to protect your data as comprehensively as possible. Data transmission is generally encrypted (SSL/TLS), recognizable by “https://” in the address bar.

10. Storage Period

We process personal data only as long as necessary for the respective purposes or as required by law. Data is then deleted or anonymized.

11. Your Rights

Within the legal framework, you have the right to access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and objection (Art. 21 GDPR).

If processing is based on consent, you may withdraw it at any time with future effect (Art. 7 (3) GDPR).

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), e.g., at your place of residence.

13. Changes to this Privacy Policy

We may update this privacy policy if legal requirements, the website, or integrated services change. The version published on this page applies.