Privacy Policy

1. Controller

The controller responsible for data processing on this website is: Enzo Ametrano (sole trader) Siegener Str. 48 57334 Bad Laasphe, Germany Email: [email protected] Phone: +49 27542209608 A data protection officer has not been appointed, as the statutory conditions for this requirement are not met.

2. General information on data processing

We process personal data only to the extent necessary to provide a functional website and our content and services, or where you have given your consent. This website deliberately uses no cookies and no tracking identifiers stored on your device.

3. Hosting (Netlify)

This website is hosted by Netlify (Netlify, Inc., USA). When you access the site, technically necessary access data (server logs) are processed. Where data is transferred to third countries (e.g. the USA), this is done on the basis of EU standard contractual clauses. The legal basis is our legitimate interest in secure and efficient operation (Art. 6(1)(f) GDPR). A data processing agreement in accordance with Art. 28 GDPR has been concluded with Netlify (forming part of the Netlify Terms of Service, "Data Processing Addendum").

4. Server log files

Each time the site is accessed, information is automatically collected (IP address, date and time, page accessed, data volume transferred, referrer URL, user agent) and processed to ensure smooth and secure operation. Legal basis: Art. 6(1)(f) GDPR. Log data is deleted after a maximum of 30 days, unless security-relevant incidents require longer retention.

5. Anonymised reach measurement

We collect usage events (page views, scroll depth, time on site, clicks, UTM parameters, approximate region, browser and device type) exclusively server-side and in fully anonymised form. NO cookies, no localStorage and no other identifiers are stored on your device — consent under § 25 TDDDG is therefore not required. For statistical aggregation, a short-lived, non-traceable identifier is formed once per day: SHA-256 derived from a daily-rotating secret salt, your IP and a normalised user agent. The IP is discarded immediately after hashing; the daily key rotates at 00:00 UTC — no re-identification is possible from the following day. Aggregated events are transmitted to Grafana Cloud (EU hosting) for analysis. Legal basis: legitimate interest in privacy-respecting reach measurement (Art. 6(1)(f) GDPR). Do-Not-Track (DNT) and Global Privacy Control (GPC) are honoured — if your browser sends either of these signals, no collection takes place.

6. Appointment booking (Microsoft Bookings)

For booking discovery calls we use Microsoft 365 / Microsoft Bookings (Microsoft Ireland Operations Ltd.). The data you enter there (e.g. name, email, preferred appointment) is processed for the purpose of preparing and conducting the appointment. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR. A data processing agreement in accordance with Art. 28 GDPR has been concluded with Microsoft (Microsoft Data Protection Addendum / Microsoft Product Terms).

7. Contact

When you contact us by email ([email protected]) or through the contact details provided, we process your information to handle your enquiry. Legal basis: Art. 6(1)(b) or (f) GDPR. Data is deleted once it is no longer needed for the purpose for which it was collected and there are no statutory retention obligations.

8. Your rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and the right to object to processing (Art. 21 GDPR). Any consent you have given may be withdrawn at any time with effect for the future.

9. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence or place of work, or of the alleged infringement. The supervisory authority with jurisdiction over the controller is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany.

10. Currency

This privacy policy is current as of June 2026. Updates may be required as the website develops or legal requirements change.