Join our Waitlist

Privacy Policy

Privacy Policy

Table of contents

General Information

I’m informing you in accordance with Articles 13 and 14 of the GDPR about how I collect, store, and process your personal data when you use my website. I reserve the right to update this notice as needed to stay aligned with current legal requirements.

 

Controller Contact Details

The person responsible for this website is:

 

Stanley Okoro 

Petersburger Str. 39

10249 Berlin

Germany

Email: info@stanley-rubyn.com

Mobile: +49 (0) 172 755 44 56

 

Data Processing on My Website

Contact via WhatsApp Business and Superchat

I offer the option to contact me through WhatsApp. Since I use the WhatsApp Business Platform (Cloud API) for business communication, data processing is handled through the platform Superchat (SuperX GmbH, Prenzlauer Allee 242–247, 10405 Berlin). You can find more details in SuperX GmbH’s privacy policy. When you reach out to me via WhatsApp, your message is transmitted end-to-end encrypted to the WhatsApp Cloud. It’s only stored there temporarily until it’s successfully forwarded to Superchat.

 

Superchat uses a feature called „Local Storage Solution“ for my account. This means that after the Cloud API decrypts your message, its content is permanently stored on servers in Germany. Since the communication runs through Meta’s WhatsApp Cloud API, the message briefly passes through servers in the US (or other countries) during transit before arriving at Superchat in Germany. These transit copies aren’t stored permanently and are automatically deleted once forwarding is complete (within approximately 60 minutes). Please note that Meta (WhatsApp), as the infrastructure provider, independently collects and may process metadata (such as timing, frequency, and device information) as a controller in its own right — even though the message content stays in Germany.

 

Roles of the parties involved:

  • You (customer): The sender of the message.
  • Me (business owner): The controller for the communication, using Superchat as my processor.
  • Superchat (SuperX GmbH): My data processor, handling data strictly according to my instructions.
  • Meta (WhatsApp): A sub-processor providing the infrastructure (Cloud API).

 

Here’s a quick summary of the data processing details:

 

Why do I process data?

  • To respond to your inquiries and messages
  • To handle booking requests and conclude contracts
  • To ensure technically secure, encrypted communication
  • To prevent abuse and spam

 

What data do I collect?

  • Phone number
  • Name (if provided)
  • Message content
  • Metadata (message timestamp, device information)

 

What technical data is captured automatically?

  • IP address (used by Meta/WhatsApp for delivery; not permanently stored by me)
  • Message timestamp
  • Browser and operating system information (only as needed for transmission)

 

Processing is based on your consent (Art. 6(1)(a) GDPR) when you actively contact me via WhatsApp, or on contract performance (Art. 6(1)(b) GDPR) when the communication relates to an existing contractual relationship. Messages are end-to-end encrypted. During transmission and at rest on Superchat’s servers (in Germany), the data is additionally encrypted. Unlike the regular WhatsApp app on your phone, using the Cloud API does not sync your entire contact list to Meta — only the phone number necessary for communication is transmitted. Superchat processes data exclusively on my behalf. I retain full control over the data and can order its deletion at any time.

 

Message content is stored in Germany. Transfer to the US occurs only during transient transport (cache/queues), where data is automatically deleted after 60 minutes. This transfer is safeguarded by the EU-US Data Privacy Framework and Standard Contractual Clauses.

Messages are retained for as long as needed to respond to your inquiry or fulfill a contract. After that, they are deleted unless legal retention obligations (such as those for business correspondence) require otherwise.

 

Meta Platforms Ireland Limited acts as a sub-processor responsible for providing the infrastructure. Meta collects its own metadata (e.g., timing, frequency of use) as an independent controller for operating the service. Further information is available in WhatsApp’s privacy policy.

A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR exists between me and SuperX GmbH. This ensures that Superchat processes data only according to my instructions and implements appropriate technical and organizational measures (such as encryption and access controls).

 

Contact Form (Fluent Forms)

I use the plugin „Fluent Forms“ to create contact and other forms. Your entries are saved directly to my database. Since I use my German web host’s server, no content is forwarded to external cloud services.

 

Why do I process data?

  • To respond to your inquiries and messages
  • To handle booking requests and conclude contracts
  • To ensure reliable email delivery
  • To prevent abuse and spam

 

What data do I collect?

  • Name
  • Email address and phone number (if provided)
  • Message content
  • Any additional information you provide

 

What technical data is captured automatically?

  • IP address
  • Timestamp
  • Browser and operating system information, plus the referring URL

 

This data is protected during transmission through SSL/TLS encryption. The collection of technical data serves solely to ensure reliable email delivery, filter spam, and manage messages. No profiling or marketing-related evaluation takes place. Processing is carried out for the purpose of pre-contractual measures or contract performance (Art. 6(1)(b) GDPR), particularly for booking requests. For general informational inquiries, processing is based on my legitimate interest in responding to your inquiries effectively and preventing abuse (Art. 6(1)(f) GDPR). If you have given explicit consent (e.g., for the newsletter), that serves as an additional legal basis (Art. 6(1)(a) GDPR).

 

Appointment Booking (FluentBooking)

For appointment bookings, I use the plugin „FluentBooking,“ a locally hosted service that writes booking entries directly to my database — meaning no data is forwarded to external cloud services or the plugin provider’s servers.

 

Why do I process data?

  • To arrange initial phone consultations
  • To book sessions at my home studio (e.g., audio recordings)
  • To communicate confirmations and changes to appointments
  • To manage and bill booked services

 

What data do I collect?

  • Name, email address, and phone number
  • Desired appointment date and duration
  • Type of service (phone call or studio session)
  • Any additional notes or special requests

 

What technical data is captured automatically?

  • IP address, timestamp, browser and operating system information
  • Email header data for reliable delivery
  • Cookie data for session management

 

This data is protected during transmission through SSL/TLS encryption. The collection of technical data serves solely to ensure reliable email delivery, filter spam, and manage messages. No profiling or marketing-related evaluation takes place. Processing is carried out for pre-contractual measures or contract performance (Art. 6(1)(b) GDPR), particularly for appointment bookings. The collection of technical data is based on my legitimate interest in ensuring the security and functionality of the booking system and preventing abuse (Art. 6(1)(f) GDPR). If you have given explicit consent, that serves as an additional legal basis (Art. 6(1)(a) GDPR).

 

Email Delivery (FluentSMTP)

For secure and reliable email delivery, I use the plugin „FluentSMTP.“ It ensures that your inquiry or message reaches my inbox directly. Since I use my German web host’s SMTP server, no content is forwarded to external cloud services.

 

Why do I process data?

  • Secure and reliable delivery of your emails, contact form messages, and notifications
  • Improving deliverability (avoiding spam filters)
  • Ensuring technical reliability of delivery and diagnosing issues
  • Preventing abuse and spam by logging delivery attempts

 

What data do I collect?

  • Sender’s email address (and recipients, if applicable)
  • Name, message content, and subject line

 

What technical data is captured automatically?

  • Sender’s IP address (for identification and spam prevention)
  • Delivery timestamp and status (successful, failed)
  • Browser and operating system information, plus server headers

 

The sender’s IP address is retained only as long as necessary for technical delivery assurance and spam prevention (typically a maximum of 7 days), after which it is deleted unless legal reasons require longer retention. This data is protected during transmission through SSL/TLS encryption. The collection of technical data serves exclusively to secure delivery technically, filter spam, and manage messages. No profiling or marketing-related evaluation takes place.

 

Processing is carried out for pre-contractual measures or contract performance (Art. 6(1)(b) GDPR), particularly for inquiries submitted via contact forms. For purely technical email delivery processes (e.g., system messages), processing is based on my legitimate interest in maintaining the functionality of website communication and preventing abuse (Art. 6(1)(f) GDPR).

 

Newsletter (FluentCRM)

I use the plugin „FluentCRM“ to create newsletters and manage subscribers. It’s a locally hosted service that stores data directly in my database — no data is forwarded to external cloud services or the plugin provider’s servers.

 

Why do I process data?

  • To keep you regularly informed about news, offers, and relevant content
  • For direct communication with my subscribers
  • To provide exclusive content or special offers

 

What data do I collect?

  • Email address
  • Name
  • Date and time of subscription
  • IP address at the time of subscription
  • Confirmation status
  • Unsubscribe date and time
  • Any other information you provide

 

What technical data is captured automatically?

  • IP address on each open or click
  • Timestamp of email opens and link clicks (open and click tracking)
  • Browser and operating system information
  • Referring URL
  • Delivery status and technical error messages

 

This data is used to analyze whether and when you open my emails and which links you click. This helps me optimize content and ensure reliable delivery. This tracking constitutes a form of profiling under Art. 4(4) GDPR, as conclusions about your interests can be drawn from your interactions. However, I do not create comprehensive personality profiles for purposes beyond this newsletter (e.g., no sharing with third parties or combining with other data sources). The processing of tracking data is based on the same consent (Art. 6(1)(a) GDPR) that you gave for receiving the newsletter. You can object to this tracking at any time by unsubscribing.

 

Processing of your email address and newsletter data is based exclusively on your explicit consent under Art. 6(1)(a) GDPR. Since the newsletter is not a contractual service, Art. 6(1)(b) GDPR does not apply here. For general informational inquiries (e.g., via the contact form) unrelated to the newsletter, processing is based on my legitimate interest in responding effectively and preventing abuse (Art. 6(1)(f) GDPR).

 

You can withdraw your consent at any time by unsubscribing from the newsletter or sending a message to info@stanley-rubyn.com. Upon withdrawal, the legal basis for further processing of your data for the newsletter ceases to apply.

 

Cookies and Other Embedded Services (Plugins)

Consent Tool (Real Cookie Banner)

I use the plugin „Real Cookie Banner“ on my website to obtain your consent for cookies before they’re set. By default, the plugin blocks external content like embedded YouTube videos until you give your permission. The plugin runs on my own server. All data is stored directly in my database or placed as small files (cookies) on your device. No data is sent to external companies or the plugin manufacturer’s servers, since my website is hosted on a German server.

 

Why do I process data?

  • To obtain consent for cookies
  • To record which cookies you’ve accepted or declined
  • To retain proof of your consent
  • To keep my website legally compliant

 

What data do I collect?

  • Consent status (accepted/declined for various cookie categories)
  • Date and time of consent
  • Version number of the cookie settings (for update records)
  • Session ID to associate the consent with your visit

 

What technical data is captured automatically?

  • IP address (only briefly, for the decision)
  • Browser and device information
  • When you opened the settings (timestamp)
  • Which cookie names were set
  • Which page you came from (referrer URL)

 

All data is encrypted during transmission (SSL/TLS). The technical data is used solely to securely store your consent and keep the system functioning. No profiling or marketing-related evaluation takes place. Processing is based on your explicit consent under Art. 6(1)(a) GDPR. The plugin stores this consent so that it can be proven you agreed to the data processing. This also serves my legitimate interest in ensuring my website’s legal compliance (Art. 6(1)(f) GDPR). You can withdraw your consent at any time through the cookie banner interface. You can also change your settings retroactively.

 

I retain your decision for as long as you’ve consented, or as long as the law requires (typically up to 2 years as proof). Once you withdraw consent or the period expires, I delete the data. A detailed overview of all cookies used, their lifespans, and purposes can be found in my separate cookie policy.

 

Online Shop (WooCommerce and WooCommerce Germanized)

To operate my online shop, I use the plugins „WooCommerce“ and „WooCommerce Germanized.“ WooCommerce handles product display, the shopping cart, and the checkout process. WooCommerce Germanized adds legally required features under German law, including cancellation notices, terms and conditions integration, mandatory price and delivery time information, and a double opt-in process for order confirmation. Both plugins run on my German web host’s server. Personal data is stored directly in my database and is not forwarded to external cloud services or the plugin providers‘ servers.

 

Why do I process data?

  • Processing orders and fulfilling contracts
  • Providing the shopping cart and checkout functionality
  • Sending order confirmations and status updates (via double opt-in)
  • Obtaining legally required consents (e.g., terms and conditions, right of withdrawal)
  • Processing payments and handling shipping
  • Providing a customer account (if you choose to create one)
  • Complying with legal obligations (e.g., invoicing, retention requirements)

 

What data do I collect?

  • First and last name
  • Billing address and, if applicable, shipping address
  • Email address and phone number (if provided)
  • Order details (products, quantities, prices, shipping method, payment method)
  • Payment data (depending on the chosen method — note: credit card details are not stored by me but processed directly by the payment provider)
  • Customer account data (username, password — stored encrypted) if you create an account
  • Consents (terms and conditions, right of withdrawal, newsletter if applicable) with timestamps

 

What technical data is captured automatically?

  • IP address
  • Timestamp of the order and individual order steps
  • Browser and operating system information, plus the referring URL
  • Cookie data to maintain the session and shopping cart (session cookie and, if applicable, a persistent cart cookie when you’re logged in)

 

This data is protected during transmission through SSL/TLS encryption. Cookies serve exclusively to ensure the shop’s technical functionality (cart, login, checkout) and are not used for profiling or marketing. A detailed overview of the cookies used can be found in my cookie policy.

 

Your order and customer data is processed for contract performance or pre-contractual measures (Art. 6(1)(b) GDPR). The storage of consents (terms and conditions, right of withdrawal) is based on my legal obligation to document them (Art. 6(1)(c) GDPR) as well as my legitimate interest in being able to prove legal claims (Art. 6(1)(f) GDPR). If you create a customer account, processing is based on contract performance (Art. 6(1)(b) GDPR). No profiling or marketing-related evaluation takes place beyond this.

 

As part of WooCommerce Germanized, your email address is confirmed during the ordering process via a double opt-in procedure. This means: after placing your order, you’ll receive an email with a confirmation link. Only by clicking this link will your order be finally processed and you’ll receive the order confirmation. This ensures that the order actually came from you and helps prevent abuse. The data collected here (email address, IP address, and confirmation timestamp) is processed on the same legal basis as the order data.

 

Order data is retained for the duration of the statutory retention periods (10 years for invoices under § 147 AO and § 257 HGB). Customer account data (e.g., username, password, profile information) is deleted once you delete your account or upon a corresponding request. Regardless of deleting your customer account, I am legally required to retain invoice data (name, address, order date, amount, items) for 10 years (§ 147 AO, § 257 HGB). After your account is deleted, this data is stored in a separate, accounting-only database and is no longer linked to your active customer account. Once the statutory period expires, this data is also deleted. Session cookies are deleted when you close your browser; the cart cookie expires after 48 hours or upon logout.

 

Payment Processing (Mollie)

For the secure processing of payments in the shop, I use the services of Mollie. I do not store sensitive payment data (such as full credit card numbers or bank account details) on my own servers. Instead, this data is transmitted directly and encrypted to Mollie, which acts as an independent controller:

 

Mollie B.V.

Keizersgracht 126


1015 CW Amsterdam


The Netherlands

 

If you choose a payment method via Mollie (e.g., credit card, PayPal, Sofortüberweisung, Giropay, Apple Pay, or other available methods), your order data as well as the details required for the payment will be transmitted to Mollie. Mollie forwards the payment to the respective payment provider and executes the transaction.

 

For a quick overview, here is a summary of the data processing details:

 

Why do I process data?

  • Execution of online payments
  • Authorization and processing of the chosen payment method
  • Fraud prevention and ensuring payment security
  • Fulfillment of legal obligations
  • Documentation and proof of transactions
  • Customer service regarding payment inquiries

 

What data do I collect?

  • First and last name
  • Billing address
  • Email address and, if applicable, phone number
  • Order data (digital products, quantities, prices, payment method)
  • Payment data (depending on the chosen payment method)
  • Information about the purchased digital product

 

What technical data is automatically recorded?

  • IP address (for fraud prevention and transaction security)
  • Internet browser and device type (User-Agent)
  • Transaction timestamp
  • Location data (if transmitted by the browser)

 

Your data is processed on several legal bases: On the one hand, it is necessary for contract fulfillment (Article 6(1)(b) GDPR), as you are purchasing something from me and the payment must be processed. On the other hand, it is based on my legitimate interest in secure payment processing and fraud prevention (Article 6(1)(f) GDPR). Finally, there are legal obligations that Mollie, as a financial institution, must comply with, such as anti-money laundering regulations (Article 6(1)(c) GDPR).

 

This data is protected during transmission via SSL/TLS encryption. The collection of technical data by Mollie serves exclusively for payment processing, fraud prevention, and ensuring system integrity. No evaluation for profiling purposes or for marketing by me takes place. However, Mollie may employ automated procedures to detect and prevent financial crime.

 

  • Mollie is a European company based in the Netherlands and primarily processes data within the EU. In some cases, data may be processed outside the European Economic Area (EEA), for example, if an international payment provider is involved for the chosen payment method. In such cases, Mollie ensures an adequate level of data protection through legal guarantees (EU Standard Contractual Clauses).

 

  • Mollie may share data with commissioned service providers and audit partners, e.g., for identity verification and fraud prevention. Additionally, Mollie may be legally obligated to forward data to state authorities (e.g., law enforcement or tax authorities).

 

  • You cannot object to data processing by Mollie, as it is strictly necessary for the purchase. Without this processing, the payment cannot be executed.

 

Further Information: Mollie Privacy Policy

 

Should a payment not be successful, I reserve the right to store the necessary data (name, address, email, transaction ID) for processing or legal enforcement of claims. The retention period is determined by statutory retention obligations (typically 10 years for tax-relevant documents according to § 147 AO and § 257 HGB) or Mollie’s guidelines. As a financial institution, Mollie is legally obligated to retain transaction data for a specific period.

Embedded YouTube Videos

My website includes embedded YouTube videos. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To protect your data, embedded YouTube videos are not loaded automatically. Instead, the video is blocked by my cookie banner (Real Cookie Banner) until you give your explicit consent. Only after your consent is a connection to YouTube’s servers established and the video loaded.

 

Why do I process data?

  • Display and playback of the YouTube video
  • Connection between your browser and YouTube’s servers
  • Analysis to improve YouTube’s functionality
  • Tracking interactions (playback time, pausing) for statistics
  • Display of personalized advertising by Google
  • Association with your Google account if you’re logged in (settings, history)

 

What data do I collect?

  • No direct data collection by me — all data is transmitted to YouTube and processed by Google

 

What technical data is captured automatically?

  • IP address
  • Browser and operating system information
  • Referrer URL
  • Language settings
  • Timestamp
  • Device information (resolution, hardware capabilities)

 

 This data is only transmitted to YouTube after you actively consent via the cookie banner. Without consent, no transmission occurs. If you’re logged into Google, the data may be associated with your account.

 

Data processing is based on your consent (Art. 6(1)(a) GDPR). You can decline consent by not agreeing in the cookie banner. You can withdraw any previously given consent at any time through the cookie banner interface. The retention period for data transmitted to YouTube follows Google’s privacy policy. Please note that I have no influence over how long Google retains this data.

 

Further information: Google Privacy Policy

 

Embedded Bandcamp Audio Player

My website includes embedded audio tracks from Bandcamp. The operator is Bandcamp, Inc., 1948 Harrison Street, Oakland, CA, USA. To protect your data, the embedded audio player is not loaded automatically. Instead, the player is blocked by my cookie banner (Real Cookie Banner) until you give your explicit consent. Only after your consent is a connection to Bandcamp’s servers established and the player loaded.

 

Why do I process data?

  • Playback of audio tracks directly on the website
  • Connection between your browser and Bandcamp’s servers
  • Analysis to improve Bandcamp’s functionality
  • Tracking interactions (playback time, pausing) for statistics
  • Personalization and advertising by Bandcamp

 

What data do I collect?

  • No direct data collection by me — all data is transmitted to Bandcamp and processed by Bandcamp

 

What technical data is captured automatically?

  • IP address
  • Browser and operating system information
  • Referrer URL
  • Language settings
  • Timestamp
  • Device information (resolution, hardware capabilities)

 

This data is only transmitted to Bandcamp after you actively consent via the cookie banner. Without consent, no transmission occurs. Data processing is based on your consent (Art. 6(1)(a) GDPR). You can decline consent by not agreeing in the cookie banner. You can withdraw any previously given consent at any time through the cookie banner interface. The retention period for data transmitted to Bandcamp follows Bandcamp’s privacy policy. Please note that I have no influence over how long Bandcamp retains this data.

 

Bandcamp is based in the United States. Data transfers are made on the basis of the EU-US Data Privacy Framework. However, please be aware that this can be legally contested and the level of data protection may not always match EU standards. If you do not want your data transferred to servers in the US, simply do not consent to the embedded player in the cookie banner.

 

Further information: Bandcamp Privacy Policy

 

Website Builder (Elementor Pro)

For the design and technical functionality of my website, I use the plugin „Elementor Pro.“ It runs entirely on my server in Germany. To ensure the page works properly (for example, for previews), the plugin only stores temporary data directly in your browser. Elementor Pro transmits technical data (e.g., domain, license key) to Elementor’s servers for license validation and access to template libraries. No personal data is transmitted beyond this. Elementor processes this data in accordance with its privacy policy: https://elementor.com/privacy-policy/

 

I process this data solely to ensure my website runs smoothly and looks good on all devices. I don’t collect any personal data from you — only the necessary technical information about your browser. The connection is encrypted, and no profile is created about you or used for advertising.

The legal basis is my legitimate interest in having a functional website. The temporary data in your browser is automatically deleted when you close your browser. You can also remove this data at any time by clearing your browser cache.

 

Anti-Spam Protection (WP Armour)

To protect my website from automated spam attacks, malicious comments, and abusive registrations, I use the plugin „WP Armour – Header Anti-Spam.“ The plugin runs locally on my server and analyzes the headers of incoming connections to distinguish human users from automated bots.

 

Why do I process data?

  • Preventing spam comments and spam registrations
  • Protecting the website from automated attacks and abuse
  • Ensuring the functionality of contact forms and comment systems
  • Reducing server load from bot traffic

 

What data do I collect?

  • No personal content from your messages (texts are not stored)
  • Only the technical data necessary for bot detection

 

What technical data is captured automatically?

  • IP address (to identify and block sources)
  • User agent (browser and operating system information)
  • Referrer URL (the page the request comes from)
  • Request timestamp
  • Cookie data, if already set (for session verification)

 

This data is used exclusively for analysis to filter spam. Data is stored only while the request is being processed (typically a few seconds). If an attack is detected, the IP address may be temporarily stored in a local blacklist to prevent repeat offenses. No profiling or marketing-related evaluation takes place.

Processing is based on my legitimate interest in ensuring the security and functionality of my website and preventing abuse (Art. 6(1)(f) GDPR). Since this is a technically necessary measure to protect the website, consent via the cookie banner is not required.

 

WP Armour stores data locally on my server (ALL-INKL.com, Germany). No data is transmitted to the plugin provider’s external servers.

 

Data Usage on Instagram and Facebook

I maintain a presence on Instagram and Facebook. These services are operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland. On my website, I use locally embedded logos of these platforms as external hyperlinks. Simply visiting my website does not transmit any data to these services. Data is only transferred when you actively click the links, which redirects you in a new browser tab. At that point, your data (e.g., IP address, time of visit) is transmitted to the respective platform.

 

Why do I process data?

  • Providing direct access to my social media profiles
  • Enabling communication through third-party platforms
  • Expanding my reach and visibility
  • Ensuring the technical redirection to external pages works properly

 

What data do I collect?

  • No direct data collection by me from simply visiting the page
  • After clicking the link: name (if provided on the platform), email address (if provided on the platform), content of your interaction on the platform

 

What technical data is captured automatically?

  • IP address (only after clicking the link)
  • Click timestamp
  • Browser and operating system information
  • Referring URL (my website)
  • Cookie data from the platform (after redirection), if applicable

 

This data is only transmitted to the platforms after you actively click. Processing is based on my legitimate interest in providing you with direct access to relevant content on third-party platforms and expanding my own reach (Art. 6(1)(f) GDPR).

Since I have no influence over how Meta Platforms collects and processes your data after the click (e.g., for personalized advertising or profiling), I recommend reviewing these providers‘ privacy policies.

 

Further information: Meta (Facebook) Privacy Policy and Instagram Privacy Policy

 

Data Usage on TikTok

I maintain a presence on TikTok. The operator is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, Ireland. On my website, I use a locally embedded logo as an external hyperlink. Simply visiting my website does not transmit any data to TikTok. Data is only transferred when you actively click the link, which redirects you in a new browser tab.

 

Why do I process data?

  • Providing direct access to my TikTok profile
  • Expanding my reach and visibility
  • Ensuring the technical redirection works properly

 

What data do I collect?

  • No direct data collection by me from simply visiting the page
  • After clicking: content of your interaction on the platform

 

What technical data is captured automatically?

  • IP address (only after clicking the link)
  • Click timestamp
  • Browser and operating system information
  • Referring URL (my website)
  • Cookie data from the platform (after redirection), if applicable

 

This data is only transmitted to TikTok after you actively click. Processing is based on my legitimate interest in providing you with direct access to my content on third-party platforms and expanding my reach (Art. 6(1)(f) GDPR). Since I have no influence over how TikTok collects and processes your data, I recommend reviewing their privacy policy.

 

Further information: TikTok Privacy Policy

 

Data Usage on Google and YouTube

I maintain a presence on YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. On my website, I use locally embedded logos as external hyperlinks. Simply visiting my website does not transmit any data to Google/YouTube. Data is only transferred when you actively click the links, which redirects you in a new browser tab.

 

Why do I process data?

  • Providing direct access to my YouTube channel
  • Expanding my reach and visibility
  • Ensuring the technical redirection works properly

 

What data do I collect?

  • No direct data collection by me from simply visiting the page
  • After clicking: content of your interaction on the platform

 

What technical data is captured automatically?

  • IP address (only after clicking the link)
  • Click timestamp
  • Browser and operating system information
  • Referring URL (my website)
  • Cookie data from the platform (after redirection), if applicable

 

This data is only transmitted to Google/YouTube after you actively click. Processing is based on my legitimate interest in providing you with direct access to my content on third-party platforms and expanding my reach (Art. 6(1)(f) GDPR). Since I have no influence over how Google collects and processes your data, I recommend reviewing their privacy policy.

 

Further information: Google Privacy Policy

 

Data Usage on Spotify

I maintain a presence on Spotify. The operator is Spotify AB, Regeringsgatan 19, Stockholm, Sweden. On my website, I use a locally embedded logo as an external hyperlink. Simply visiting my website does not transmit any data to Spotify. Data is only transferred when you actively click the link, which redirects you in a new browser tab.

 

Why do I process data?

  • Providing direct access to my Spotify profile
  • Expanding my reach and visibility
  • Ensuring the technical redirection works properly

 

What data do I collect?

  • No direct data collection by me from simply visiting the page
  • After clicking: content of your interaction on the platform

 

What technical data is captured automatically?

  • IP address (only after clicking the link)
  • Click timestamp
  • Browser and operating system information
  • Referring URL (my website)
  • Cookie data from the platform (after redirection), if applicable

 

This data is only transmitted to Spotify after you actively click. Processing is based on my legitimate interest in providing you with direct access to my content on third-party platforms and expanding my reach (Art. 6(1)(f) GDPR). Since I have no influence over how Spotify collects and processes your data, I recommend reviewing their privacy policy.

 

Further information: Spotify Privacy Policy

 

Data Usage on Bandcamp

I maintain a presence on Bandcamp. The operator is Bandcamp, Inc., 1948 Harrison Street, Oakland, CA, USA. On my website, I use a locally embedded logo as an external hyperlink. Simply visiting my website does not transmit any data to Bandcamp. Data is only transferred when you actively click the link, which redirects you in a new browser tab.

 

Why do I process data?

  • Providing direct access to my Bandcamp profile
  • Expanding my reach and visibility
  • Ensuring the technical redirection works properly

 

What data do I collect?

  • No direct data collection by me from simply visiting the page
  • After clicking: content of your interaction on the platform

 

What technical data is captured automatically?

  • IP address (only after clicking the link)
  • Click timestamp
  • Browser and operating system information
  • Referring URL (my website)
  • Cookie data from the platform (after redirection), if applicable

 

This data is only transmitted to Bandcamp after you actively click. Processing is based on my legitimate interest in providing you with direct access to my content on third-party platforms and expanding my reach (Art. 6(1)(f) GDPR). Since I have no influence over how Bandcamp collects and processes your data, I recommend reviewing their privacy policy. Note: Bandcamp is based in the United States. Data transfers are made on the basis of the EU-US Data Privacy Framework. However, please be aware that the level of data protection may not always match EU standards.

 

Further information: Bandcamp Privacy Policy

 

Data Usage on SoundCloud

I maintain a presence on SoundCloud. The operator is SoundCloud Global Limited & Co. KG, Karl-Marx-Strasse 101, 12043 Berlin, Germany. On my website, I use a locally embedded logo as an external hyperlink. Simply visiting my website does not transmit any data to SoundCloud. Data is only transferred when you actively click the link, which redirects you in a new browser tab.

 

Why do I process data?

  • Providing direct access to my SoundCloud profile
  • Expanding my reach and visibility
  • Ensuring the technical redirection works properly

 

What data do I collect?

  • No direct data collection by me from simply visiting the page
  • After clicking: content of your interaction on the platform

 

What technical data is captured automatically?

  • IP address (only after clicking the link)
  • Click timestamp
  • Browser and operating system information
  • Referring URL (my website)
  • Cookie data from the platform (after redirection), if applicable

 

This data is only transmitted to SoundCloud after you actively click. Processing is based on my legitimate interest in providing you with direct access to my content on third-party platforms and expanding my reach (Art. 6(1)(f) GDPR). Since I have no influence over how SoundCloud collects and processes your data, I recommend reviewing their privacy policy.

 

Further information: SoundCloud Privacy Policy

 

Data Usage on Pinterest

I maintain a presence on Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, Dublin 2, Ireland. On my website, I use a locally embedded logo as an external hyperlink. Simply visiting my website does not transmit any data to Pinterest. Data is only transferred when you actively click the link, which redirects you in a new browser tab.

 

Why do I process data?

  • Providing direct access to my Pinterest profile
  • Expanding my reach and visibility
  • Ensuring the technical redirection works properly

 

What data do I collect?

  • No direct data collection by me from simply visiting the page
  • After clicking: content of your interaction on the platform

 

What technical data is captured automatically?

  • IP address (only after clicking the link)
  • Click timestamp
  • Browser and operating system information
  • Referring URL (my website)
  • Cookie data from the platform (after redirection), if applicable

 

This data is only transmitted to Pinterest after you actively click. Processing is based on my legitimate interest in providing you with direct access to my content on third-party platforms and expanding my reach (Art. 6(1)(f) GDPR). Since I have no influence over how Pinterest collects and processes your data, I recommend reviewing their privacy policy.

 

Further information: Pinterest Privacy Policy

 

External Links to Social Networks and Other Platforms

I use locally embedded social media logos as external hyperlinks. Simply visiting my website does not transmit any data to these services (such as Instagram, TikTok, etc.). Data is only transferred when you actively click the links, which redirects you in a new browser tab. At that point, your data (e.g., IP address, time of visit) is transmitted to the respective platform. Beyond that, behavioral data (interests, purchasing behavior) may also be captured to serve personalized advertising.

I do not store any data about your clicks on these external links myself. As soon as you click an external link (e.g., to Facebook, Instagram, YouTube), you are redirected directly to the respective provider’s website. At that moment, your browser automatically transmits data (such as your IP address, the visited page, timestamp, and browser information) to the provider. Since I have no influence over the data processing practices of these external providers, I want to make you aware that data transmission occurs immediately once you activate the link. Processing is based on my legitimate interest in providing you with access to this content, but the actual data collection then falls under the responsibility of the respective platform operator.

 

Since I have no influence over how the provider collects and processes your data, I recommend reviewing the privacy policies of these providers:

 

Meta Platforms

(Facebook, Instagram, WhatsApp) Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland Facebook Privacy Policy Instagram Privacy Policy

 

WhatsApp Ireland Limited, Merrion Road, Dublin 4, Ireland WhatsApp Privacy Policy WhatsApp Business App Privacy Policy

 

TikTok 

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, Ireland Privacy Policy

 

Google and YouTube 

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy Policy

 

Spotify 

Spotify AB, Regeringsgatan 19, Stockholm, Sweden Privacy Policy

 

Bandcamp (USA) 

Bandcamp, Inc., 1948 Harrison Street, Oakland, CA, USA Privacy Policy

 

SoundCloud 

SoundCloud Global Limited & Co. KG, Karl-Marx-Strasse 101, 12043 Berlin, Germany Privacy Policy

 

Pinterest 

Pinterest Europe Ltd., Palmerston House, Dublin 2, Ireland Privacy Policy

 

If you are logged into any of these social platforms, the respective provider may associate your visit with your user account. For providers based in the US (e.g., Bandcamp), data transfers are made on the basis of the EU-US Data Privacy Framework. However, please be aware that this can be legally contested and the level of data protection may not always match EU standards. If you do not want your data transferred to servers in third countries, simply do not click the external link. I mark external links with a symbol (e.g., ↗) so you can recognize when you are leaving my website.

 

Data Sharing with Processors and Third Parties

For my web hosting, I have concluded a data processing agreement pursuant to Art. 28 GDPR with:

 

ALL-INKL.com — Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany

 

as my commissioned service provider. This ensures that personal data (e.g., IP addresses, website accesses) is processed only according to my instructions and in compliance with the GDPR. The commissioned service provider reserves the right to engage additional sub-processors. Should this occur, I will update my privacy notice accordingly.

 

I only share personal data with third parties if it is necessary for contract performance, consent has been given, or I am legally obligated to do so. Any sharing takes place solely within the framework of the GDPR (Art. 6(1) GDPR). Processing in third countries outside the EU/EWR strictly complies with Art. 44 et seq. GDPR.

Personal data is stored only as long as necessary for fulfilling the web hosting contract or as long as I have a legitimate interest in retaining it. Upon termination of this contract, all data on the storage media is typically deleted immediately, unless ALL-INKL.COM is legally required to retain it (e.g., for tax purposes).

 

Your Rights as a Data Subject

Under Art. 15 GDPR, you have the right to obtain information about the purpose of processing, the categories of data being processed, the storage duration, the origin of the data, and the recipients or recipients in third countries to whom your data has been or will be transmitted.

You have the right to rectify inaccurate or complete incomplete personal data under Art. 16 GDPR. Furthermore, you have the right to erasure of your personal data („right to be forgotten,“ Art. 17 GDPR) as well as the right to restriction of processing under Art. 18 GDPR.

 

Under Art. 20 GDPR, you have the right to receive the personal data you have provided to me in a structured, commonly used, and machine-readable format. You also have the right to have this data transmitted directly to another controller, provided this is technically feasible, the processing is based on consent or a contract, and is carried out by automated means.

 

Additionally, you may object to the processing of your personal data at any time if it is based on legitimate interests or used for direct marketing (Art. 21 GDPR). I do not apply any automated decision-making processes, including profiling, that produce legal effects or similarly significantly affect you (Art. 22 GDPR). You also have the right to lodge a complaint with a competent supervisory authority regarding the processing of your data (Art. 77 GDPR). The competent supervisory authority for me is the Berlin Commissioner for Data Protection and Freedom of Information.

 

Retention Period

I store your data only as long as necessary for the intended purpose or as long as statutory retention obligations exist.

 

  • Contact form & general inquiries:Data is deleted 6 months after the conclusion of communication, provided no statutory retention obligations conflict.
  • Appointment bookings:Booking data is retained for 3 years after the last appointment (statute of limitations for contractual claims), then deleted.
  • Newsletter:Your data is deleted immediately upon withdrawal of your subscription. Technical data (open/click statistics) is stored in aggregated form for 30 days after dispatch and then anonymized or deleted.
  • Cookie consents:Log data of your consent is retained for 2 years to secure proof for the supervisory authority.
  • Web server logs (IP addresses):These are deleted by default after 7 days, unless they are needed to investigate a security incident.

 

Once the purpose ceases to apply or you withdraw consent, I delete the data, unless the law requires longer retention (e.g., 10 years for invoices under § 147 AO and § 257 HGB). After the deadlines expire, deletion takes place.

 

Last Update:  May 2026