Privacy Policy

Hi there!

I take your privacy seriously. This policy explains what data I collect, why I need it, and how I protect it. I’ve written this in plain language.

Quick summary: I only collect what’s necessary to provide my services, I don’t sell your data, and you’re always in control.

Responsible under Article 4(7) GDPR: Salome Keller, Gutenbergstr. 50a, 70176 Stuttgart, Germany. I process your personal data in compliance with GDPR, BDSG, DSA, and TTDSG.

Questions? dataprotection@facilicat.com

Controller & Data Protection Officer

Responsible for data processing (Controller): Salome Keller, Gutenbergstr. 50a, 70176 Stuttgart, Germany

Email: dataprotection@facilicat.com

Data Protection Officer: Salome Keller (same contact details).

1

Data Collection on this Website

1.1 Automatically Collected Data (Server Log Files)

When you visit this website, your browser automatically sends technical information to my hosting provider, ALL-INKL.COM. This data is stored temporarily in server log files. You can find their full privacy policy here.

What is collected:

Your IP address, the date and time of your visit, which browser and operating system you use, which page referred you here, which pages you viewed, and the amount of data transferred.

Why: This data is needed to deliver the website to you, keep it secure, and prevent misuse. I cannot personally identify you from this data alone. (Legal basis: Art. 6(1)(f) GDPR, legitimate interest.)

How long: This data is stored for a maximum of 90 days (ALL-INKL standard: 7 days), then it is anonymized or deleted.

1.2 Contact Forms & Appointment Booking

When you reach out via a contact form, email, or book an appointment, you voluntarily share information such as your name, email address, phone number, message content, appointment details, and company name.

All form submissions are processed on my own server (hosted by ALL-INKL.COM in Germany). No data is sent to third parties without your consent. The connection is encrypted via SSL/TLS.

Why: To respond to your inquiry, schedule appointments, and prepare for our work together. (Legal basis: Art. 6(1)(b) GDPR, contract fulfillment.)

How long: 3 years after our last contact. If we enter into a contract, retention may be longer (6 to 10 years, as required by §147 AO and §257 HGB, German tax and commercial law).

2

External Services & Data Processors

To run my business, I use a small number of external service providers. Each one is bound by a data processing agreement (DPA) in accordance with Art. 28 GDPR, meaning they are contractually obligated to handle your data responsibly.

2.1 ALL-INKL.COM (Website Hosting)

ALL-INKL.COM is based in Dresden, Germany and hosts this WordPress website. They process the server log data described in section 1.1.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) and Art. 28 GDPR (DPA in place). Their privacy policy

2.2 Microsoft 365 & Bookings

I use Microsoft 365 for email, appointments, contacts, and documents. Data is primarily stored in EU data centers (Germany), though some processing may occur in the USA.

I have a data processing agreement with Microsoft. For any US-based processing, additional safeguards are in place: EU Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, and the EU Data Boundary commitment.

Legal basis: Art. 6(1)(b) GDPR (contract fulfillment) and Art. 28 GDPR (DPA). Microsoft Trust Center

2.3 Lexoffice (Accounting)

For invoicing and accounting, I use Lexoffice by Haufe-Lexware, based in Freiburg, Germany. Billing-related data (name, address, invoice amounts) is stored on servers in Germany.

Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (legal obligation). Retention: 10 years as required by German tax law (§147 AO, §257 HGB). Their privacy policy

2.4 Zeeg (Appointment Booking)

For online scheduling, I use Zeeg, a German provider (Zeeg GmbH). When you book an appointment, your name, email address, and appointment details are processed.

All data is stored on servers in Germany (Deutsche Telekom Cloud). No data is transferred to countries outside the EU. A data processing agreement is automatically in place (Art. 28 GDPR). By booking, you acknowledge this notice.

Safeguards include encryption and regular audits. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment). More about Zeeg and GDPR

3

Cookies

This website uses only technically necessary cookies. These are small text files your browser stores to make the website function properly. No analytics, marketing, or tracking cookies are set.

What is set: WordPress session cookies (for security/CSRF protection) and preference cookies (to remember your settings).

Legal basis: These cookies are strictly necessary and do not require your consent (Art. 6(1)(f) GDPR; §25(2) TTDSG).

4

Data Transfers to Third Countries

In principle, I aim to keep all data within the EU. The only exception is Microsoft 365, where some processing may occur in the USA.

For this transfer, the following safeguards are in place: the EU-US Data Privacy Framework (adequacy decision, 2023), EU Standard Contractual Clauses, and encryption. I actively monitor legal developments and prefer EU-based alternatives wherever possible (for example, I use Zeeg instead of US-based scheduling tools).

5

Your Rights Under GDPR

You have the following rights regarding your personal data. To exercise any of them, simply email me at dataprotection@facilicat.com. I will respond within one month.

Right of access (Art. 15): You can request a copy of all personal data I hold about you, free of charge.

Right to rectification (Art. 16): If any of your data is incorrect or incomplete, you can ask me to correct it.

Right to erasure (Art. 17): You can ask me to delete your personal data, unless I am legally required to retain it (e.g. for tax purposes).

Right to restriction (Art. 18): You can ask me to temporarily stop processing your data while a dispute or request is being resolved.

Right to data portability (Art. 20): You can request your data in a structured, machine-readable format so you can transfer it to another provider.

Right to object (Art. 21): You can object to the processing of your data when it is based on legitimate interest. I will then review whether my reasons override yours.

Right to withdraw consent (Art. 7(3)): If you have given consent for any data processing, you can withdraw it at any time. This does not affect the lawfulness of processing before the withdrawal.

Supervisory authority: If you believe I am not handling your data correctly, you have the right to lodge a complaint with the relevant data protection authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart. www.baden-wuerttemberg.datenschutz.de

6

Automated Decision-Making

I do not use automated decision-making or profiling as defined in Art. 22 GDPR. All decisions that affect you are made by me personally.

7

Data Security

I take appropriate technical and organizational measures to protect your personal data, as required by Art. 32 GDPR. In practice, this means:

All connections to this website are encrypted via SSL/TLS (the lock icon in your browser).

WordPress, plugins, and server software are regularly updated to fix known vulnerabilities.

Firewall and access controls are in place to prevent unauthorized access to the server.

I only collect the minimum data necessary for each purpose (data minimization).

All external service providers are bound by data processing agreements (see section 2).

I regularly review these measures and adapt them as needed.

8

Changes to this Privacy Policy

Last updated: April 25, 2026. I may update this policy to reflect changes in my services or legal requirements. Updates will be published on this page. Significant changes will be communicated separately.

Questions about your data? dataprotection@facilicat.com