Template — please replace placeholders in [square brackets], verify the third-party services currently in use (host, newsletter ESP, Cal.com), and have the final wording reviewed by a lawyer before going live. The binding version under German law is the German Datenschutzerklärung.
Privacy Policy
1. Data controller
The party responsible for data processing on this website is:
Steven Strehl
[Street and house number]
[Postcode] [City]
Germany
Email: hello@ngo.consulting
2. General note
Personal data is collected on this website only to the extent technically necessary. Processing takes place on the basis of the applicable data protection regulations (GDPR, German Federal Data Protection Act / BDSG, TTDSG).
3. Hosting
This website is hosted by bunny.net (BunnyWay d.o.o., Slovenia — terms from the data processing agreement to be verified). When the site is accessed, technically necessary data (e.g. IP address, time of request, user agent) is processed in order to deliver the page and defend against attacks. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a stable, secure site).
4. Server log files
The hosting provider automatically processes information that the browser transmits, in log files:
- browser type and version
- operating system used
- referrer URL
- host name of the accessing computer
- time of the server request
- IP address
This data is not merged with other data sources. Legal basis: Art. 6 (1) (f) GDPR.
5. Contact by email
When you get in touch via email, the data you provide (name, email address, message) is stored in order to process your request. Legal basis: Art. 6 (1) (b) and (f) GDPR. The data is deleted as soon as it is no longer required for that purpose and provided no statutory retention periods apply.
6. Newsletter
[ESP – Mailchimp / Brevo / CleverReach / MailerLite] is used to send the newsletter. Sign-up uses a double opt-in procedure: after you submit your email address, you receive an email with a confirmation link. Sign-up is only activated after you click that link. Legal basis: Art. 6 (1) (a) GDPR (consent).
The email address, the time of sign-up and confirmation, and the IP address are stored. You can unsubscribe from the newsletter at any time via the unsubscribe link in every email or by sending a message to hello@ngo.consulting.
Details on data processing by the ESP can be found in its own privacy policy: [Link to the ESP’s privacy policy].
7. Appointment booking via Cal.com
Cal.com (Cal.com, Inc., 2261 Market Street #4382, San Francisco, CA 94114, USA) is embedded for scheduling video calls. When you click “Schedule a video call” and during booking, your name, email address and any additional data you provide are transmitted to Cal.com in order to schedule the appointment and send reminders. Legal basis: Art. 6 (1) (b) GDPR (taking steps prior to entering into a contract) or (a) (consent).
Further information: https://cal.com/privacy.
8. Google Fonts
The fonts Inter and Fraunces are loaded via Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In the process, your device’s IP address is transmitted to Google servers. Legal basis: Art. 6 (1) (f) GDPR.
Note: if you want to avoid loading external fonts, the fonts can also be served locally — this third-party processing then drops out.
9. Web analytics with Pirsch
For reach measurement I use the privacy-friendly web analytics service Pirsch (Emvi Software GmbH, [address per pirsch.io imprint], Germany). Pirsch collects anonymous usage data (e.g. pages viewed, referrer, browser type, device type, coarse geographic region), deliberately avoids cookies and long-term identifiers. To distinguish sessions, a short-lived hash is generated from IP address, user agent and a daily-rotating salt; IP addresses are not stored.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in privacy-friendly, cookie-free reach measurement to improve the offering). Processing takes place on servers in Germany/EU. Further information: https://pirsch.io/privacy.
10. Cookies
The homepage of this website does not set any cookies itself. Embedded third-party services (Cal.com when opening the booking popup) may set technically necessary cookies. You can prevent cookies from being set in your browser.
11. Your rights
You have the right, at any time, to:
- receive information about the data we have stored about you (Art. 15 GDPR),
- request the correction of inaccurate data (Art. 16 GDPR),
- request the erasure of your data (Art. 17 GDPR),
- request restriction of processing (Art. 18 GDPR),
- object to processing (Art. 21 GDPR),
- request data portability (Art. 20 GDPR),
- withdraw consent that you have given, with effect for the future (Art. 7 (3) GDPR).
A short email to hello@ngo.consulting is enough to exercise these rights.
12. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is that of the German federal state in which the controller is based.
13. Changes to this policy
I update this privacy policy when legal or technical conditions change. The current version is always available on this page.