Privacy Policy

Privacy Policy

Last updated: June 2026

1. Data protection at a glance

General information

The following information explains what happens to your personal data when you visit our website, contact us, submit an enquiry, commission agency services, use a customer account, place an order, or use other functions of our online offering.

Personal data means any information that can be used to identify a natural person directly or indirectly. This includes, in particular, names, addresses, telephone numbers, email addresses, IP addresses, payment information, project information, company information relating to an identifiable person, and information about the use of our website.

Data collection on this website

Data processing on this website is carried out by the website operator. The contact details of the controller are provided in the following section.

Some data is collected automatically by our technical systems or by service providers engaged by us when you visit the website. This includes, in particular, your IP address, browser, operating system, access time, device information, and the pages you visit.

Other data is processed when you provide it to us, for example through a contact form, business diagnostic form, project enquiry, order, customer account, cooperation application, email, telephone, WhatsApp, Telegram, SMS, or social networks.

2. Controller

The controller responsible for processing personal data on this website is:

SaleStudia
Proprietor: Alona Yanchenko
Talstraße 4
65510 Idstein
Germany

Telephone: +49 157 52911412
Email: info.salestudia@gmail.com

The controller determines, alone or jointly with others, the purposes and means of processing personal data.

3. General legal bases

We process personal data only where there is a lawful basis for doing so. Depending on the specific processing activity, the following legal bases may apply:

  • Article 6(1)(a) GDPR, where you have given us your consent;
  • Article 6(1)(b) GDPR, where processing is necessary to take steps prior to entering into a contract or to perform a contract;
  • Article 6(1)(c) GDPR, where processing is necessary to comply with a legal obligation;
  • Article 6(1)(f) GDPR, where processing is necessary for our legitimate interests or the legitimate interests of a third party and those interests are not overridden by the interests, rights, or freedoms of the data subject;
  • Article 9(2)(a) GDPR, where you have expressly consented to the processing of special categories of personal data.

Where consent is required to store information on your device or access information already stored on it, the processing is additionally based on Section 25(1) TDDDG.

Storage and access operations that are strictly necessary for technical purposes are carried out on the basis of Section 25(2) TDDDG.

4. Withdrawal of consent

You may withdraw consent that you have previously given at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

You may change your cookie settings at any time through the “Cookie Settings” link available on our website.

5. Right to object under Article 21 GDPR

Where processing is based on Article 6(1)(e) or Article 6(1)(f) GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation.

Where personal data is processed for direct marketing purposes, you may object to such processing at any time without giving specific reasons.

6. Storage period

Unless a specific storage period is stated, we retain personal data only for as long as it is necessary for the relevant processing purpose.

Once the purpose of processing no longer applies, the data will be deleted unless continued storage is required due to statutory retention obligations, ongoing contractual relationships, legitimate interests, or legal claims.

Contractual, billing, accounting, and tax-related data is retained for the applicable statutory retention periods.

7. Recipients of personal data

In the course of our business activities, we work with external service providers and partners. Personal data is disclosed only where this is necessary to perform a contract, comply with a legal obligation, pursue a legitimate interest, or where you have given your consent.

Possible recipients include, in particular:

  • hosting and website service providers;
  • Shopify and Shopify-affiliated companies;
  • payment providers and banks;
  • tax advisers and accounting service providers;
  • IT, cloud, hosting, and technical service providers;
  • CRM systems, project management systems, and communication services;
  • analytics, marketing, and advertising providers after you have given consent;
  • freelancers, agency partners, and specialised subcontractors;
  • hosting, domain, design, development, and content partners;
  • delivery and fulfilment providers where goods are ordered;
  • public authorities where disclosure is required by law.

8. Processing on our behalf

Where external service providers process personal data exclusively in accordance with our instructions, we enter into data processing agreements with them under Article 28 GDPR where required by law.

9. Joint controllership

When certain platform or social-media functions are used, we may be jointly responsible with the platform operator for specific processing activities. This may apply, in particular, to Page Insights statistics.

In such cases, the relevant platform operators provide information about the allocation of responsibilities in their privacy policies.

10. Transfers to third countries

Some service providers used by us are located outside the European Union or the European Economic Area or use servers located in third countries.

Personal data is transferred only where the requirements of Articles 44 et seq. GDPR are met. Depending on the provider, the transfer may be based on an adequacy decision, certification under the EU-US Data Privacy Framework, European Commission Standard Contractual Clauses, or other appropriate safeguards.

Despite such safeguards, it cannot always be completely excluded that foreign public authorities may access the data or that European data subject rights may be enforceable only to a limited extent.

11. SSL and TLS encryption

For security reasons and to protect confidential information, this website uses SSL or TLS encryption.

You can recognise an encrypted connection by the “https://” prefix and the padlock symbol in your browser’s address bar.

12. Server log files

The following technical data may be collected automatically when you visit the website:

  • IP address;
  • date and time of access;
  • the page or file accessed;
  • amount of data transferred;
  • referrer URL;
  • browser type and browser version;
  • operating system;
  • hostname of the accessing device;
  • HTTP status code.

Processing is carried out to provide the website securely, reliably, and without technical errors and to detect and prevent attacks and misuse.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure operation of our online offering.

13. Hosting and website operation through Shopify

Our website, online shop, digital sales functions, and booking functions are operated through Shopify.

The service provider for merchants in the European Economic Area is, in particular:

Shopify International Limited
Victoria Buildings
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Shopify provides the technical platform through which we manage the website, content, services, digital products, goods, customer accounts, orders, enquiries, and payments.

Shopify may process, in particular:

  • IP address and device information;
  • browser and website usage information;
  • cookie and session identifiers;
  • name and contact details;
  • billing and delivery addresses;
  • order, booking, and contract information;
  • payment status and transaction information;
  • customer account and communication data;
  • information used to prevent fraud and misuse.

Depending on the activity, processing is based on Article 6(1)(b), (c), or (f) GDPR. Analytics and marketing activities requiring consent are based on Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Further information: Shopify Privacy Policy

14. Shopify Network Intelligence and enhanced Shopify services

Where Shopify Network Intelligence, enhanced analytics, or network-based Shopify services are enabled, Shopify may combine data about interactions with our store with information from other Shopify services or other Shopify stores.

This may be used to improve Shopify services, prevent fraud, personalise functions, provide analytics, and measure advertising.

Where consent is required for such processing, the relevant functions are activated only after you make your choice in the cookie banner.

15. Customer account

Our website may offer the option of creating a customer account. In this case, we process your name, email address, contact details, login information, and order and booking history.

Processing is carried out to provide the customer account and simplify future orders and bookings.

The legal basis is Article 6(1)(b) GDPR.

16. Contact form

If you contact us through a contact form, we process the information you enter in order to handle your enquiry.

This may include:

  • name;
  • email address;
  • telephone number;
  • company or project name;
  • type of project;
  • website or social-media addresses;
  • budget and timing information;
  • message content;
  • technical transmission data.

Where the enquiry is aimed at entering into a contract, the legal basis is Article 6(1)(b) GDPR. General enquiries are processed on the basis of Article 6(1)(f) GDPR.

17. Business diagnostics and interactive questionnaires

Our website may provide interactive diagnostic, analysis, or recommendation forms.

In this context, information about your company, current situation, existing marketing channels, objectives, challenges, website, social-media profiles, contact details, and services of interest may be processed.

Processing is carried out to prepare an initial assessment, consultation, and subsequent contact with you.

The legal basis is Article 6(1)(b) GDPR. Where the data is used solely for general analysis, Article 6(1)(f) GDPR may apply.

18. Contact by email and telephone

If you contact us by email or telephone, we process your contact details and the content of your enquiry.

The data is used to respond to your enquiry, prepare an offer, arrange a meeting, provide advice, and perform a contract.

The legal basis is Article 6(1)(b) GDPR or, for general enquiries, Article 6(1)(f) GDPR.

19. Agency services, consulting, and projects

If you engage us for marketing, advertising, SEO, social-media management, content production, branding, website development, online-shop creation, analytics, strategy, or other agency services, we process the data required to carry out the project.

This may include:

  • names and contact details of contact persons;
  • company, project, and contract information;
  • payment and billing information;
  • project objectives, budgets, target audiences, and timelines;
  • website, shop, domain, and hosting information;
  • advertising accounts and campaign information;
  • analytics, tracking, and conversion data;
  • social-media and content data;
  • files, images, texts, and materials provided by the client;
  • communications and project documentation.

The legal basis is Article 6(1)(b) GDPR.

20. Access to client accounts and platforms

Certain agency services may require clients to grant us access to platforms or accounts such as Google Ads, Google Analytics, Google Search Console, Meta Business Manager, TikTok Ads, Pinterest, Shopify, content management systems, hosting providers, domains, or social-media accounts.

We process such access information and account data only to the extent necessary and in accordance with the relevant assignment.

Where possible, clients should use role-based access, partner access, or invitation functions and should not disclose personal master passwords.

The legal basis is Article 6(1)(b) GDPR.

21. Client data in marketing and advertising projects

In connection with marketing, CRM, advertising, newsletter, or analytics projects, we may process data on behalf of a client for which the client is responsible under data protection law.

In such cases, we generally act as a processor within the meaning of Article 28 GDPR. Details are governed by a separate data processing agreement.

The client remains responsible for ensuring that data disclosed to us was collected lawfully and that all applicable transparency duties and consent requirements have been fulfilled.

22. Project management, cloud storage, and collaboration

To plan and carry out projects, we may use digital project management systems, cloud storage, file-transfer services, video-conferencing services, and collaboration tools.

Names, email addresses, project information, files, messages, tasks, comments, and technical usage data may be processed.

The legal basis is Article 6(1)(b) GDPR. Where processing is necessary for the efficient organisation of our business activities, it may also be based on Article 6(1)(f) GDPR.

23. Orders and contract performance

If you order a service, digital product, or physical product through our website, we process the data necessary to handle the order and perform the contract.

This may include:

  • name and contact details;
  • billing and delivery address;
  • order and contract information;
  • payment information;
  • communications relating to the order;
  • information about delivery, returns, or refunds.

The legal basis is Article 6(1)(b) GDPR. Processing required by law is carried out on the basis of Article 6(1)(c) GDPR.

24. Marketplace and partner offers

Where goods or services from partners, suppliers, or contractors are offered or jointly provided through our website, necessary contact, order, and project data may be disclosed to the relevant partner.

Disclosure takes place only to the extent necessary to process an enquiry, order, delivery, or service.

The legal basis is Article 6(1)(b) GDPR. Where disclosure is not directly required for a contract, it takes place only with your consent.

25. Payment processing

We process payment and transaction information in order to handle payments. Depending on the selected payment method, the required information is disclosed to banks, Shopify, or other payment providers.

The legal basis is Article 6(1)(b) GDPR. Processing required for tax purposes is carried out on the basis of Article 6(1)(c) GDPR.

PayPal

Where payment is made through PayPal, the information required to process the payment is transmitted to:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg

Further information: PayPal Privacy Statement

Shopify Payments and other payment methods

Depending on availability, Shopify Checkout may offer payment by bank card, American Express, Apple Pay, Bancontact, BLIK, EPS, Google Pay, iDEAL or Wero, Klarna, Maestro, Mastercard, MobilePay, PayPal, Shop Pay, UnionPay, and Visa.

The necessary payment information is processed by Shopify and the payment providers involved. As a rule, we receive only information about the payment status and transaction and not all complete payment details.

26. Delivery and fulfilment

Where a physical product is ordered, your name, delivery address, contact details, and order information may be disclosed to delivery, logistics, or fulfilment providers.

The legal basis is Article 6(1)(b) GDPR.

27. Applications and cooperation with freelancers

If you apply for employment, freelance work, a partnership, or inclusion in our expert network, we process the information you provide.

This may include:

  • name and contact details;
  • curriculum vitae;
  • portfolio and work samples;
  • LinkedIn and other professional profiles;
  • professional experience and qualifications;
  • preferred form of cooperation;
  • availability and remuneration expectations;
  • communication content.

Processing is carried out for the purpose of deciding whether to establish an employment, service, or cooperation relationship.

The legal basis is Section 26 BDSG in conjunction with Article 6(1)(b) GDPR. For freelancers and cooperation partners, Article 6(1)(b) GDPR is the relevant legal basis.

If no cooperation is established, the data will be deleted after completion of the selection process unless legal grounds or consent justify longer storage.

28. Cookies and similar technologies

Our website uses cookies and similar technologies, including Local Storage, pixels, tags, web beacons, and device identifiers.

We use the following categories:

  • Necessary cookies: for website operation, security, navigation, customer accounts, shopping baskets, and checkout;
  • Preference cookies: for storing language and settings;
  • Statistics cookies: for analysing and improving the website;
  • Marketing cookies: for measuring and personalising advertising;
  • External media: for displaying maps, videos, and social-media content.

Technically necessary cookies are used on the basis of Section 25(2) TDDDG and Article 6(1)(f) GDPR.

Non-essential cookies are activated only after your consent on the basis of Section 25(1) TDDDG and Article 6(1)(a) GDPR.

29. Consent management and cookie banner

We use a consent-management system to obtain, store, and demonstrate your choices regarding cookies and similar technologies.

The following data may be processed:

  • consent status;
  • time of selection;
  • region and language;
  • IP address;
  • browser and device information;
  • consent ID or similar identifiers.

The legal basis is Article 6(1)(c) GDPR in conjunction with Article 7(1) GDPR.

30. Shopify Analytics

Shopify provides statistical reports about visits, orders, sales, shopping baskets, devices, referral sources, and user interactions.

Where cookies or similar identifiers are used, processing takes place only after your consent.

The legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG.

31. Google Tag Manager

We may use Google Tag Manager to manage website tags. The provider is:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Tag Manager may be used to manage and trigger analytics, marketing, and external services.

Activation takes place after your consent on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG.

32. Google Analytics 4

We use Google Analytics 4 to analyse the use of our website.

The following data may be processed:

  • IP address;
  • approximate location;
  • browser and device information;
  • pages visited and length of visit;
  • clicks, scrolling, and interactions;
  • source of the visit;
  • order, enquiry, and conversion events;
  • cookie and device identifiers.

Google Analytics is activated only after you have given your consent.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Further information: Google Privacy Policy

Google Signals

Where Google Signals is enabled, data relating to Google users who are signed in and have allowed personalised advertising may be analysed across different devices.

This function is also used only after you have given your consent.

33. Google Consent Mode

We may use Google Consent Mode to communicate your selected cookie settings to Google services.

Depending on your selection, Google tags may be activated, run in a restricted mode, or remain blocked.

34. Google Ads and conversion tracking

We use Google Ads to advertise our services and measure the effectiveness of advertisements.

Cookies or other identifiers may be used to determine whether an enquiry, order, booking, or other conversion occurred after an advertisement was clicked.

Processing takes place only after your consent on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG.

35. Google Remarketing and audiences

As part of Google Ads, audiences may be created in order to show relevant advertising to previous visitors to our website in Google services or on other websites.

Such processing takes place only after your consent.

36. Google Shopping

Where we advertise goods or services through Google Shopping, product, offer, click, and conversion information may be processed between our website, Shopify, and Google.

Personal marketing and tracking data is processed only after your consent.

37. Google Search Console

We may use Google Search Console to technically analyse our website’s visibility in Google Search.

The reports available to us generally contain aggregated information about search queries, positions, clicks, technical issues, and indexing.

38. Google Maps

Google Maps content may be embedded on our website.

When a map is loaded, your IP address, device information, location information, and usage data may be transmitted to Google.

Google Maps is loaded only after you have given your consent or actively opened the content.

The legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG.

39. YouTube

Videos from the YouTube platform may be embedded on our website. YouTube is a Google service.

When a video is loaded or played, your IP address, device information, referrer URL, viewing information, and other data may be transmitted to Google.

YouTube content is loaded only after your consent or active selection.

40. Google Fonts

Our website may use Google Fonts.

Where fonts are provided locally or through Shopify infrastructure, no direct connection to Google is established.

Where fonts are loaded externally, your IP address may be transmitted to Google. Where consent is required, external loading takes place only after consent.

41. Google reCAPTCHA

We may use Google reCAPTCHA to protect forms against spam and automated attacks.

Your IP address, mouse movements, time spent on the page, device information, browser information, and other technical parameters may be processed.

Where consent is required, reCAPTCHA is activated only after your selection.

42. Meta Pixel

We use Meta Pixel to measure and optimise advertising on Facebook and Instagram.

The provider is:

Meta Platforms Ireland Limited
Merrion Road
Dublin 4, D04 X2K5
Ireland

The following data may be processed:

  • IP address;
  • browser and device information;
  • pages visited;
  • clicks and interactions;
  • referrer URL;
  • advertising and cookie identifiers;
  • enquiries, orders, and conversion events.

Meta Pixel is activated only after you have given your consent.

Further information: Meta Privacy Policy

43. Meta Conversions API

We may use the Meta Conversions API to transmit certain events and conversions to Meta on the server side.

Depending on the configuration, this may include page views, enquiries, orders, transactions, or hashed contact information.

Where consent is required, data is transmitted only where marketing consent has been given.

44. Facebook and Instagram

We operate business profiles on Facebook and Instagram.

When you visit our profiles, view posts, comment, share content, or send messages, Meta processes personal data under its own responsibility.

We may receive aggregated profile statistics. For certain Page Insights functions, we and Meta may be considered joint controllers.

45. TikTok Pixel and TikTok Ads

We use TikTok Pixel to analyse and optimise our advertising on TikTok.

The provider for users in the European Economic Area is, in particular:

TikTok Technology Limited
10 Earlsfort Terrace
Dublin, D02 T380
Ireland

Your IP address, device information, browser information, advertising identifiers, pages visited, clicks, and conversion events may be processed.

TikTok Pixel is activated only after your explicit consent.

Further information: TikTok Privacy Policy

46. Embedded TikTok content

Videos, posts, or other TikTok content may be embedded on our website.

When such content is loaded, your IP address, device information, referrer URL, and information about your use of the content may be transmitted to TikTok.

TikTok content is loaded only after your consent or active selection.

47. Pinterest Tag and Pinterest Ads

We may use Pinterest Tag to measure and optimise advertising on Pinterest.

The provider is:

Pinterest Europe Ltd.
Palmerston House, 2nd Floor
Fenian Street
Dublin 2
Ireland

Pinterest Tag may collect information about page views, clicks, interactions, devices, and conversion events.

Activation takes place only after you have given your consent.

48. X Ads and X Pixel

Where we use advertising or conversion functions provided by X, information about page views, clicks, devices, campaigns, and conversions may be transmitted to X through tags or pixels.

Processing takes place only after your consent.

49. Social-media profiles

We operate profiles on the following platforms:

When you visit our profiles, the platform operators may process profile information, your IP address, device information, interactions, communication content, and user behaviour.

Use of these platforms is voluntary.

50. External social-media links

When ordinary external links are used, a connection to the relevant platform is generally established only after you click the link.

After clicking the link, you leave our website. The operator of the relevant platform is responsible for the subsequent processing of your data.

51. Communication through WhatsApp

We may offer the option of contacting us through WhatsApp.

The provider for users in the European Economic Area is:

WhatsApp Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

When WhatsApp is used, your telephone number, profile information, messages, media files, communication times, device information, and connection information may be processed.

Use of WhatsApp is voluntary. You may contact us by email or telephone instead.

52. Communication through Telegram

We may offer voluntary communication through Telegram.

Your telephone number, username, profile picture, message content, files, communication times, and technical information may be processed.

Processing outside the EU or EEA cannot be excluded.

Further information: Telegram Privacy Policy

53. SMS and mobile communications

If you provide us with your mobile telephone number, we may use it for messages relating to a contract.

This includes:

  • appointment confirmations;
  • reminders;
  • project information;
  • follow-up questions;
  • payment or order information;
  • short-notice organisational messages.

The legal basis is Article 6(1)(b) GDPR.

Marketing SMS messages

Marketing SMS messages are sent only after you have given consent or where a statutory exception applies.

You may withdraw your consent at any time with effect for the future.

54. Shopify Inbox and chat

Shopify Inbox or a comparable chat function may be used on the website.

Message content, contact details, communication times, device information, and session information may be processed.

The legal basis is Article 6(1)(b) or Article 6(1)(f) GDPR.

55. Newsletter and email marketing

If you subscribe to our newsletter, we process your email address and, where applicable, your name.

Subscription may be confirmed through a double opt-in procedure. The subscription time, confirmation time, IP address, and wording of the consent may be stored.

The legal basis is Article 6(1)(a) GDPR.

You may withdraw your consent at any time through the unsubscribe link or by contacting us.

Shopify Email

Where Shopify Email is used, Shopify may process information about recipients, sending, email openings, and link clicks.

Personalised performance measurement takes place only after your consent.

56. Customer reviews and user-generated content

If you submit a review, comment, image, or other content, we process the information you provide.

Content intended for public publication may be accessible to an unlimited number of persons.

Full names, photographs, and other personal data are published only where an appropriate legal basis exists.

57. Publication of projects and references

We publish client projects, case studies, logos, screenshots, performance figures, reviews, and project descriptions only where this has been agreed contractually, is permitted by law, or has been approved by the client.

Personal data is published only to the extent agreed.

58. Photography, video, and content production

In connection with commissioned content, photography, or video services, images of people, employees, clients, events, business premises, or products may be created and processed.

Where processing forms part of a contract, it is based on Article 6(1)(b) GDPR.

Where required, consent is obtained for the advertising publication of identifiable persons.

59. Appointment scheduling and video conferences

Where we use online appointment-booking, calendar, or video-conferencing services, your name, email address, telephone number, appointment information, time zone, meeting information, and technical usage data may be processed.

The legal basis is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR.

60. Security and fraud prevention

We and our technical service providers may process data to detect and prevent fraud, misuse, spam, unauthorised access, payment defaults, and other security risks.

This may involve analysing IP addresses, device information, session data, order information, payment status, and unusual user activity.

The legal basis is Article 6(1)(f) GDPR.

61. Statutory retention periods

Invoices, contracts, business correspondence, accounting documents, and tax records are retained for the applicable statutory periods.

The legal basis is Article 6(1)(c) GDPR.

62. Establishment and enforcement of legal rights

We may retain and process personal data where this is necessary for the establishment, exercise, or defence of legal claims.

The legal basis is Article 6(1)(f) GDPR.

63. Automated decision-making and profiling

As a rule, we do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

Advertising and analytics providers may create profiles or audiences as part of their own services. Such functions are activated only after your consent where consent is required.

64. Requirement to provide data

When placing an order, making a booking, or commissioning agency services, you must provide the data required to prepare and perform the contract.

Without this information, we may not be able to provide the requested service.

65. Your rights

Subject to the applicable statutory requirements, you have the following rights:

  • the right of access under Article 15 GDPR;
  • the right to rectification under Article 16 GDPR;
  • the right to erasure under Article 17 GDPR;
  • the right to restriction of processing under Article 18 GDPR;
  • the right to data portability under Article 20 GDPR;
  • the right to object under Article 21 GDPR;
  • the right to withdraw consent under Article 7(3) GDPR;
  • the right to lodge a complaint with a supervisory authority under Article 77 GDPR.

To exercise your rights, please contact: info.salestudia@gmail.com

66. Right of access

You may request confirmation as to whether we process your personal data and obtain information about the purposes of processing, data categories, recipients, storage periods, and your rights.

67. Right to rectification and erasure

You may request the correction of inaccurate data and the completion of incomplete data.

You may also request deletion of your data unless statutory retention obligations, legitimate interests, or other lawful grounds prevent deletion.

68. Right to restriction of processing

Subject to the statutory requirements, you may request restriction of the processing of your personal data.

69. Right to data portability

Where the statutory requirements are met, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or request that it be transmitted to another controller.

70. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data infringes data protection law, you may lodge a complaint with a supervisory authority.

The following authority is, in particular, responsible for businesses established in the State of Hesse:

The Hessian Commissioner for Data Protection and Freedom of Information
Wilhelmstraße 7
65185 Wiesbaden
Germany

Postal address:
Postfach 3163
65021 Wiesbaden
Germany

Website: https://datenschutz.hessen.de

71. Data Protection Officer

Where there is no legal obligation to appoint a separate Data Protection Officer, you may direct all data protection enquiries to the controller identified above.

72. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy where legal requirements, technical systems, our range of services, or the service providers we use change.

The version currently published on this website applies.

73. Prevailing German version

This translation is provided for ease of understanding. In the event of discrepancies, differences in wording, or questions of interpretation, the German version of this Privacy Policy shall prevail.