Privacy Policy

Preamble

This privacy policy is designed to inform you about the types of personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This privacy policy applies to all personal data processing we conduct, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles.

As of: April 1, 2026

Controller

Weidtke Digital GmbH
Neue Schönhauser Str. 6
10178 Berlin
Email: info@weidtke.com

Overview of Processing

The following overview summarizes the types of data we process and the purposes of their processing and refers to the affected individuals.

Types of Data Processed

Master data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta, communication and procedural data (e.g., IP addresses, time information, identification numbers).

Categories of Affected Persons

Communication partners, users.

Purposes of Processing

Contact inquiries and communication, security measures, administration and handling of inquiries, reach measurement and web analytics, provision of our online offering and user-friendliness.

Relevant Legal Bases

Below you will find an overview of the legal bases under GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection requirements may apply in your or our place of residence or business.

Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – The data subject has given consent to the processing of personal data concerning them for a specific purpose or multiple specific purposes.

Contract Performance and Pre-contractual Inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures.

Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party.

Security Measures

We implement, in accordance with statutory requirements and taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities and extent of threats to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, disclosure, availability assurance and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and responses to data threats.

Data Processing Agreements

We conclude data processing agreements pursuant to Art. 28 GDPR with our processors, ensuring that they process personal data only according to our instructions and in compliance with the GDPR.

Data Transfers to Third Countries

Where we process data in a third country (i.e., outside the European Union or the European Economic Area) or where this occurs in the context of using third-party services, this is done only in accordance with statutory requirements.

For data transfers to the USA, we rely on the EU-U.S. Data Privacy Framework (DPF), where the respective recipient is certified. Where no DPF certification exists, transfers are based on Standard Contractual Clauses (Art. 46 Para. 2 lit. c) GDPR).

Provision of Online Services and Web Hosting

We process the data of users in order to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

Firebase Hosting (Google Cloud) – Our website is operated via Firebase Hosting by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When accessing our website, connection data (e.g., IP address) is transmitted to Google servers. The legal basis is Art. 6 Para. 1 lit. f) GDPR (legitimate interest in stable and secure provision of our website). Google is certified under the EU-U.S. Data Privacy Framework. More information: firebase.google.com/support/privacy.

Retention period: Server log data is stored for a maximum of 30 days.

Cookies and Consent Management

We use cookies and similar technologies to keep our website functional and to analyze the use of our offering. Cookies are small text files that are stored on your device.

Cookie Script – To manage your cookie consent, we use the service Cookie Script (cookie-script.com). This service stores your consent decision in a cookie on your device. The legal basis is Art. 6 Para. 1 lit. c) GDPR (legal obligation to document consent).

Technically necessary cookies are set without consent and serve the operation of the website (e.g., session cookies, consent cookie). The legal basis is Art. 6 Para. 1 lit. f) GDPR.

Analytics cookies are only set after your explicit consent (see Web Analytics section). The legal basis is Art. 6 Para. 1 lit. a) GDPR.

You can revoke your consent at any time via the cookie banner or adjust your browser settings to delete or block cookies.

Web Analytics – Google Analytics

We use Google Analytics 4 (Property ID: G-Z9WC0KE4LH), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is only activated after your explicit consent via our cookie banner (Google Consent Mode v2). Without consent, no data is collected by Google Analytics.

Data collected: IP address (automatically anonymized in GA4), browser type, operating system, referrer URL, pages visited, time spent, interactions.

Purpose: Analysis of website usage to improve our offering.

Legal basis: Art. 6 Para. 1 lit. a) GDPR (consent).

Retention period: Data is automatically deleted after 14 months.

Third country transfer: Google is certified under the EU-U.S. Data Privacy Framework.

You can revoke your consent at any time by adjusting your cookie settings via our cookie banner. More information: policies.google.com/privacy.

Google Fonts

We embed fonts ("Google Fonts") from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When accessing our website, a connection to Google servers is established to load the "Inter" font. Your IP address is transmitted to Google in the process.

Legal basis: Art. 6 Para. 1 lit. f) GDPR (legitimate interest in a uniform presentation of our website).

Third country transfer: Google is certified under the EU-U.S. Data Privacy Framework.

More information: developers.google.com/fonts/faq/privacy.

Contact

When contacting us (e.g., via contact form, email or phone) and in the context of existing user and business relationships, the information of the persons making inquiries is processed to the extent necessary to answer the contact inquiries and any requested measures.

Data processed: Name, email address, message content, and optionally phone number and company, if provided by you.

Legal basis: Art. 6 Para. 1 lit. b) GDPR (pre-contractual measures) or Art. 6 Para. 1 lit. f) GDPR (legitimate interest in answering inquiries).

Retention period: Contact inquiries are deleted after complete processing, unless a contractual relationship arises. For contractual relationships, statutory retention periods apply (up to 10 years pursuant to HGB/AO).

Appointment Booking

We offer the option to book appointments via Google Calendar Appointment Scheduling. The data you provide (e.g., name, email address, desired appointment) is transmitted to Google Ireland Limited.

Legal basis: Art. 6 Para. 1 lit. b) GDPR (pre-contractual measures).

Retention Period – General Rule

We store personal data only for as long as necessary for the respective processing purpose or as required by statutory retention obligations. After fulfillment of purpose or expiry of retention periods, data is routinely deleted. The specific retention periods stated in the respective sections apply.

Your Rights

As a data subject, you have the following rights:

Right of access (Art. 15 GDPR): You have the right to request information about your personal data processed by us.

Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate data or the completion of your data stored by us.

Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data stored by us, provided no statutory retention obligations apply.

Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.

Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used and machine-readable format or to request transmission to another controller.

Right to object (Art. 21 GDPR): You have the right to object to the processing of your data based on Art. 6 Para. 1 lit. f) GDPR.

Right to withdraw consent (Art. 7 Para. 3 GDPR): You have the right to withdraw consent at any time. The lawfulness of processing carried out prior to withdrawal is not affected.

Right to lodge a complaint: If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

Contact for all inquiries: info@weidtke.com

Currency and Changes to This Privacy Policy

This privacy policy is current and valid as of: April 1, 2026. Due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy.