This English version is provided for informational purposes only.
The legally binding version of our Privacy Policy is the original German version, available here:
Privacy Policy – German version
If you want to revoke your consent to use cookies on your visit please revoke here: Revoke Consent
1) Introduction and Contact Details of the Data Controller
1.1
We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when using our website. Personal data refers to any information that can be used to identify you personally.
1.2
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Petra Buhr, Takumi Trail, Antonstr. 8, 01097 Dresden, Germany
Phone: +49 1525 4642680
Email: itrechtkanzlei@takumi-trail.com
The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1
When you use our website purely for informational purposes — that is, if you do not register or otherwise provide us with information — we only collect the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/referrer from which you came to the site
- Browser used
- Operating system used
- IP address used (possibly in anonymized form)
Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or used in any other way. However, we reserve the right to subsequently review the server log files if there are specific indications of unlawful use.
2.2
For security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.2) Datenerfassung beim Besuch unserer Website
3) Hosting & Content Delivery Network
3.1
To host our website and deliver its content, we use a service provider that performs these services either directly or through selected subcontractors exclusively on servers located within the European Union.
All data collected on our website is processed on these servers.
We have concluded a data processing agreement (DPA) with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
3.2 IONOS
We use a content delivery network (CDN) provided by the following company:
1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
This service enables us to deliver large media files such as graphics, page content, or scripts more efficiently via a network of regionally distributed servers. Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
We have concluded a data processing agreement (DPA) with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
4) Cookies
To make your visit to our website more attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are deleted automatically when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow us to store your site preferences (so-called “persistent cookies”). You can find the storage duration in your browser’s cookie settings.
If personal data is also processed through individual cookies used by us, the processing is carried out either pursuant to Art. 6(1)(b) GDPR for the performance of a contract, pursuant to Art. 6(1)(a) GDPR if consent has been given, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interest in ensuring the best possible functionality of the website as well as a user-friendly and effective design of the site visit.
You can configure your browser to inform you about the use of cookies and decide individually whether to accept them, exclude the acceptance of cookies for certain cases, or generally disable them.
Please note that disabling cookies may limit the functionality of our website.
5) Contact
5.1 Brevo
For review reminders, we use the services of the following provider:
Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.
We transmit your email address and, where applicable, other customer data to this provider solely on the basis of your explicit consent in accordance with Art. 6(1)(a) GDPR, so that they may contact you via email with a reminder to leave a review.
You can revoke your consent at any time with effect for the future—either by contacting us or the provider directly.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
5.2
When you contact us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims to conclude a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.
Your data will be deleted once it can be inferred from the circumstances that the matter in question has been fully resolved and provided that there are no legal retention obligations.
6) Data Processing When Opening a Customer Account
In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed as required when you provide it to us during the creation of a customer account. The data required to open the account can be seen in the input fields of the relevant form on our website.
You may delete your customer account at any time by sending a message to the contact address mentioned above. After deletion of your customer account, your data will be erased—provided that all contracts concluded through it have been fully processed, no statutory retention obligations apply, and there is no legitimate interest on our part in continued storage.
7) Use of Customer Data for Direct Advertising
7.1 Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing any other data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure to ensure that you receive newsletters only after you have expressly confirmed your consent by clicking on a verification link sent to the provided email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We store the IP address assigned by your internet service provider (ISP) as well as the date and time of registration in order to trace any possible misuse of your email address at a later date. The data collected during newsletter registration will be used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in each newsletter or by contacting the controller mentioned above. Once you unsubscribe, your email address will be promptly deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this scope if permitted by law and as explained in this privacy policy.
7.2 Sending the Email Newsletter to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular email offers for similar goods or services from our range. According to § 7(3) of the German Act Against Unfair Competition (UWG), we do not need separate consent for this. Data processing is carried out solely on the basis of our legitimate interest in personalized direct marketing pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any marketing emails.
You have the right to object to the use of your email address for the above-mentioned advertising purposes at any time with future effect by notifying the controller named above. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will cease immediately.
7.3 Brevo
Our email newsletters are sent via the following service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided during newsletter registration to this provider in accordance with Art. 6(1)(f) GDPR so they can handle newsletter distribution on our behalf.
Subject to your explicit consent pursuant to Art. 6(1)(a) GDPR, the provider also conducts statistical analyses of newsletter campaigns using web beacons or tracking pixels embedded in the emails to measure open rates and specific interactions with newsletter content. This involves collecting and analyzing device information (e.g., time of access, IP address, browser type, and operating system), which is not combined with other data sources.
You may revoke your consent to newsletter tracking at any time with future effect.
We have concluded a data processing agreement with the provider to safeguard the personal data of our website visitors and prohibit unauthorized disclosure to third parties.
8) Data Processing for Contract Fulfillment
8.1 In order to fulfill the contract, we cooperate with the following service provider(s) who support us, in whole or in part, in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
8.2 Use of Payment Service Providers – Lemon Squeezy
For payments, one or more online payment methods are provided by the following provider:
Lemon Squeezy LLC, 222 South Main Street Suite 500, Salt Lake City, UT 84101, USA
If you select a payment method offered by this provider that requires advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and card details, currency, and transaction number) as well as information about your order will be shared with the provider pursuant to Art. 6(1)(b) GDPR. This data transfer is made solely for the purpose of processing the payment and only to the extent necessary for that purpose.
For data transfers to the USA, the provider relies on Standard Contractual Clauses (SCCs) approved by the European Commission, which are intended to ensure compliance with European data protection standards.
9) Web Analytics Services
Matomo
This website uses a web analytics service provided by the following provider:
InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”).
To protect website visitors, Matomo uses a so-called “config_id” to enable various usage analyses of the website within a short time frame of up to 24 hours. The “config_id” is a randomly generated, time-limited hash based on a limited set of visitor settings and attributes. This config_id or config hash is a string calculated from the visitor’s operating system, browser, browser plugins, IP address, and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the visitor to generate the “config_id”.
If the information processed in this way includes personal user data, the processing is carried out on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes pursuant to Art. 6(1)(f) GDPR. To object to the future processing of your visitor data, we provide a dedicated opt-out option on our website.
Data will only be transferred to the provider if the service is not hosted on our own servers. In the case of self-hosting, no data collected by the service will be transmitted to the provider.
If the service is not hosted on our own servers, we have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
For data transfers to New Zealand, an adequacy decision by the European Commission confirms that the country ensures an adequate level of data protection comparable to EU standards.
10) Site Functionality
Tally.so
To provide online forms, we use the services of the following provider:
Tally B.V., August Van Lokerenstraat 71, 9050 Gentbrugge, Belgium
The provider enables us to create and evaluate online forms. In addition to the personal data you enter into the forms, information about your operating system, browser, date and time of your visit, referrer URL, and your IP address is also collected, transmitted to the provider, and stored on the provider’s servers.
The information you enter into the forms is stored in a password-protected manner to ensure that third-party access is excluded and that only we can evaluate the data for the purpose stated in the respective form.
If the processing of personal data is necessary for the performance of a contract with you (this also applies to processing operations required for pre-contractual measures), the legal basis is Art. 6(1)(b) GDPR. If you have given us consent to process your data, processing is based on Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect.
We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
11) Tools and Other Services
Cookie Consent Tool
This website uses a so-called “cookie consent tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The cookie consent tool is displayed to users upon accessing the site as an interactive user interface, allowing them to give consent for certain cookies and/or cookie-based applications by ticking checkboxes. The tool ensures that such cookies and services requiring consent are only loaded if the user has explicitly given permission by ticking the corresponding box.
The tool sets technically necessary cookies to store your cookie preferences. In general, no personal user data is processed in this context.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6(1)(f) GDPR, based on our legitimate interest in providing a legally compliant, user-specific, and user-friendly cookie consent management solution and thus ensuring the legally compliant design of our online presence.
Another legal basis for the processing is Art. 6(1)(c) GDPR. As the responsible party, we are legally obligated to make the use of non-essential cookies dependent on the respective user’s consent.
Where necessary, we have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.
Further information about the provider and configuration options of the cookie consent tool can be found directly within the corresponding user interface on our website.
12) Your Rights
12.1
Applicable data protection law grants you the following rights with regard to the processing of your personal data by the controller. For the specific conditions under which these rights may be exercised, please refer to the legal bases mentioned:
- Right of access pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to notification pursuant to Art. 19 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to withdraw consent given pursuant to Art. 7(3) GDPR
- Right to lodge a complaint pursuant to Art. 77 GDPR
12.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS BEING PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
13) Duration of the Storage of Personal Data
The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing, and—if applicable—according to the relevant statutory retention periods (e.g., commercial and tax law retention periods).
If the processing of personal data is based on an explicit consent pursuant to Art. 6(1)(a) GDPR, the data will be stored until you withdraw your consent.
If statutory retention periods apply to data that is processed in connection with contractual or quasi-contractual obligations on the basis of Art. 6(1)(b) GDPR, such data will be routinely deleted after the retention period has expired, provided it is no longer required for the fulfillment of the contract or the initiation of a contract and/or there is no legitimate interest on our part in continuing to store it.
If the processing of personal data is based on Art. 6(1)(f) GDPR, such data will be stored until you exercise your right to object in accordance with Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
If personal data is processed for the purpose of direct advertising based on Art. 6(1)(f) GDPR, it will be stored until you exercise your right to object under Art. 21(2) GDPR.
Unless otherwise stated in the specific processing situations described in this privacy policy, personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.