Privacy Policy
Last updated: 22 May 2026
1. Preamble
This Privacy Policy explains what types of personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. It applies to all personal data processing carried out by us, both in connection with the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”).
The terms used are not gender-specific.
2. Controller
Anna Lezhnina
Salinenstrasse 8
76646 Bruchsal
Germany
Email: anika.lezhnina@gmail.com
3. Overview of Processing Activities
The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.
Types of data processed:
Master data
Employee data
Payment data
Contact details
Content data
Contract data
Usage data
Meta, communication and procedural data
Categories of data subjects:
Service recipients and clients
Employees
Prospective customers
Users
Business and contractual partners
Third parties
Whistleblowers
Purposes of processing:
Provision of contractual services and fulfilment of contractual obligations
Communication
Reach measurement / web analytics
Office and organisational procedures
Organisational and administrative procedures
User profiles with usage-related information
Provision of our online services and user-friendliness
Whistleblower protection
Business processes and operational procedures
4. Legal Bases
Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence.
Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation.
Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.
In addition to the GDPR, German national data protection law applies, in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
5. Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.
These measures include ensuring the confidentiality, integrity and availability of data, as well as procedures for exercising data subject rights, deleting data and responding to threats.
To protect data transmitted via our online services, we use TLS/SSL encryption technology (HTTPS).
6. Transmission of Personal Data
In the course of processing personal data, we may disclose or transmit it to other bodies, companies, legally independent organisational units or individuals. Recipients may include IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and enter into appropriate contracts or agreements with recipients to protect your data.
7. International Data Transfers
Where we transfer data to a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), this is done in accordance with legal requirements.
For transfers to the USA, the text refers to the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses as safeguards.
More information is available from the European Commission and the Data Privacy Framework website.
8. Data Retention and Deletion
We delete personal data as soon as the purpose of processing no longer applies and no legal retention obligations prevent deletion.
If data must be retained for commercial or tax law reasons or for legal proceedings, it will be archived for the required period and processed only for those purposes.
9. Rights of Data Subjects
As a data subject under the GDPR, you have the following rights:
Right to object
Right to withdraw consent
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to lodge a complaint with a supervisory authority
10. Business Services
We process personal data of our contractual and business partners, such as clients, prospective customers, suppliers and other cooperation partners, for the purpose of initiating, performing and settling contractual relationships and comparable legal relationships.
This includes pre-contractual measures, communication, fulfilment of contractual obligations, invoicing, documentation, and compliance with legal obligations.
Project and development services: We process client data to enable the selection, commissioning, payment and delivery of the chosen services.
11. Use of Cookies
“Cookies” refers to functions that store and retrieve information on users’ devices. Cookies may be used for functionality, security, convenience and visitor traffic analysis.
Where required, we obtain prior consent from users. Where consent is not required, we rely on our legitimate interests, especially where storage or access is strictly necessary for providing requested content or ensuring the functionality and security of the online service.
Types of cookies:
Temporary (session) cookies: Deleted when the browser or application is closed.
Permanent cookies: Remain stored after the device is closed and may be kept for up to two years unless stated otherwise.
A consent management solution is used to obtain, record, manage and revoke user consent for cookies and similar technologies. The consent record may be stored for up to two years.
12. Web Analytics, Monitoring and Optimisation
Web analytics is used to evaluate visitor traffic to our online services and may include behavioural, interest-based or demographic information in pseudonymous form.
We may also use testing procedures, such as A/B testing, to optimise our online services.
As part of analytics, information may be stored in a browser or device and later read out. This can include visited pages, interactions, browser type, operating system, usage times and, where consent has been given, approximate location data.
IP addresses are processed with IP masking, i.e. pseudonymisation by truncation. As a rule, no directly identifying data such as names or email addresses are stored in the context of analytics.
13. Google Analytics
We use Google Analytics to measure and analyse the use of our online services on the basis of a pseudonymous user identification number.
This identifier does not contain directly identifying information such as names or email addresses. It is used to assign analysis information to a device and understand which content users viewed, what search terms they used, whether they returned, how long they stayed and what technical characteristics their browser and device have.
For EU users, Google Analytics does not log or store individual IP addresses. It derives approximate geographic information from IP metadata and then deletes that data immediately.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Legal basis: Consent under Art. 6(1)(a) GDPR.
Privacy Policy: Google Privacy Policy
Data Processing Terms: Google Ads Data Processing Terms
Opt-out: GA Opt-out Browser Add-on
14. Changes and Updates
We ask you to review the content of this Privacy Policy regularly. We update it whenever changes to our data processing activities make this necessary.
15. Definitions
The German text also contains a glossary of definitions, including: employee data, master data, content data, contact data, usage data, personal data, profiles with user-related information, reach measurement, controller, processing, contract data and payment data.
