1. General Information

‍The protection of your personal data is a matter of great importance to us. We treat your data confidentially and in accordance with statutory data protection regulations (the GDPR, the BDSG, and the TDDDG). This Privacy Policy provides a simple overview of what happens to your personal data when you visit our website. Personal data refers to any data that can be used to personally identify you. Data processing on this website is carried out by the website operator, whose contact details can be found in the following section.

2. Controller

‍EKSTATISCH MEDIA UG (haftungsbeschränkt)

‍Theodor-Heuss-Anlage 12, 68165 Mannheim

‍Represented by Managing Director:

Débora Filipa de Oliveira Manco

Contact

‍Email: info@ekstatischmedia.de

3. Purposes of Processing

‍We use the collected data for the following purposes:

‍Provision of the Website: To display our online content securely, stably, and in a technically flawless manner (Legal basis: Art. 6(1)(f) GDPR).

Contact: To process inquiries via email or contact forms (Legal basis: Art. 6(1)(b) or (f) GDPR).

Analysis & Marketing: To understand user behaviour, optimize our website, and serve targeted advertising (Legal basis: Art. 6(1)(a) GDPR & § 25(1) TDDDG).

Business Processes: For appointment booking, workflow automation, and sending our newsletter (Legal basis: Art. 6(1)(a), (b), or (f) GDPR).

4. Security, Hosting, and Content Delivery Networks (CDN)

‍SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content—such as inquiries you send to us as the site operator—this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser's address line from "http://" to "https://" and by the lock symbol in your browser bar.

Squarespace

‍We use the services of Squarespace (Squarespace Ireland Ltd., Le Bowery, 211 Elizabeth Street, New York, NY 10012, USA) for hosting and displaying our website. This serves the secure and efficient provision of our online offer based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Since Squarespace is a globally active provider, data may be transferred to Squarespace, Inc. servers in the USA as part of the technical provision. To ensure a high level of data protection, Squarespace relies on Standard Contractual Clauses approved by the EU Commission. Thus, Squarespace offers an adequate guarantee for the protection of your data pursuant to Art. 46 GDPR and ensures that your data remains protected according to European security standards even when processed outside the EU.

‍Further information on data usage can be found in Squarespace’s privacy policy: https://www.squarespace.com/privacy

5. Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version

Operating system used

Referrer URL

Hostname of the accessing computer

‍Time of the server request

IP address

A consolidation of this data with other data sources is not performed. The basis for data processing is Art. 6(1)(f) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, as well as the safeguarding of legitimate interests (security and stability of the website).

6. Local Fonts

This website uses locally integrated fonts (e.g., Inter) stored on our server. No connection to external servers (e.g., Google Fonts) is established. No personal data is transmitted to third parties.

7. Cookie Consent with Cookiebot

Our website uses the Cookiebot consent management platform to obtain your consent for the storage of certain cookies on your device or the use of specific technologies, and to document this in a data protection-compliant manner. The provider is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").

• Purpose: Management of cookie consents and traceability of consent status pursuant to Art. 6(1)(c) GDPR (legal obligation).

• How it works: When you enter our website, a connection to Cookiebot's servers is established. A cookie is stored in your browser to assign the consents you have given or their withdrawal.

• Data Processing: Data such as your IP address (anonymised), date and time of consent, and the URL of the website are transmitted.

• Storage Period: Data is stored until you request us to delete it, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies.

• Details: Further information can be found in Cookiebot's privacy policy: https://www.cookiebot.com/en/privacy-policy/

8. Google Analytics

This website uses Google Analytics (Google Ireland Ltd.). Google Analytics uses cookies to analyse website usage. We use these services only with your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Google is certified under the EU-US Data Privacy Framework. IP anonymisation is activated.

Supplement to Google Analytics: Google Signals

‍We use the "Google Signals" function in Google Analytics 4. This creates aggregated reports on cross-device user numbers in Google Analytics (cross-device tracking), provided you have activated "personalized ads" in your Google account. Google Signals uses data from logged-in Google users to provide aggregated and anonymized insights into user behaviour across different devices. You can deactivate this function at any time in your Google account settings or withdraw your consent via our cookie banner.

Further information: https://policies.google.com/privacy

9. Google Tag Manager

‍We use the Google Tag Manager (Google Ireland Limited). The Google Tag Manager itself does not process personal data but serves to manage and trigger tags. However, other services may be integrated via the Google Tag Manager which, for their part, process personal data.

Further information: https://policies.google.com/privacy

10. Social Media Presence

‍We maintain corporate profiles on social networks to present our services, communicate with users, and pursue marketing and analysis purposes. To the extent that we are jointly responsible for data processing with the providers of the social networks, this is done based on an agreement on joint responsibility pursuant to Art. 26 GDPR. Personal data may be processed by the respective platform operators. This concerns, in particular, usage data, interactions (e.g., likes, comments), and publicly accessible profile data. We receive partially aggregated statistics (e.g., insights) from the platforms, which help us analyze and improve the use of our content. Data processing is based on our legitimate interests pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG, as well as based on your consent given to the respective platform provider.

Further information can be found in the privacy policies of the respective providers:

Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. https://policies.google.com/privacy

Facebook/Instagram: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. https://www.facebook.com/privacy/policy/

TikTok: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, Ireland. https://www.tiktok.com/legal/privacy-policy-eea

‍LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. https://www.linkedin.com/legal/privacy-policy

Bluesky: Bluesky PBLLC, USA.

https://bsky.social/about/support/privacy-policy

X (Twitter): X Corp., USA. https://twitter.com/privacy

Reddit: Reddit Inc., USA. https://www.redditinc.com/policies/privacy-policy

Pinterest: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. https://policy.pinterest.com/de/privacy-policy

Medium: Medium Corporation, USA. https://policy.medium.com/medium-privacy-policy

11. Online Advertising and Tracking Technologies

We use various online advertising and tracking technologies to analyse the effectiveness of our marketing measures and to serve targeted advertising. Cookies and similar technologies may be used to analyse user behaviour, measure conversions, and provide personalized advertising. The storage of information in your terminal device or access to information already stored is based on your consent pursuant to § 25(1) TDDDG. Subsequent data processing is based exclusively on your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future via the cookie consent tool.

Further information can be found in the privacy policies of the providers:

Meta Ads: Meta Platforms Ireland Ltd. https://www.facebook.com/privacy/policy/

TikTok Ads: TikTok Technology Limited. https://www.tiktok.com/legal/privacy-policy-eea

YouTube / Google Ads / Google Analytics 4: Google Ireland Ltd. https://policies.google.com/privacy

LinkedIn Ads: LinkedIn Ireland Unlimited Company. https://www.linkedin.com/legal/privacy-policy

Pinterest Ads: Pinterest Europe Ltd. https://policy.pinterest.com/de/privacy-policy

‍X (Twitter) Ads: X Corp. https://twitter.com/privacy

Reddit Ads: Reddit Inc. https://www.redditinc.com/policies/privacy-policy

12. Newsletter (Mailchimp)

Personal data may also be processed in the USA or other countries where Mailchimp, its affiliates, or sub-processors operate. Mailchimp refers to appropriate data protection guarantees in the EU-U.S. Data Privacy Framework and contractual data protection regulations.

Further information: https://mailchimp.com/legal/privacy/

13. Automation (Make)

‍We use the Make platform (Make.com, s.r.o., V01, Na Florenci 2116/15, 110 00 Prague 1, Czech Republic) to automate our business processes. Personal data (e.g., form content, contact details) is automatically transferred and processed between different systems we use. This serves the efficient fulfilment of our contractual obligations pursuant to Art. 6(1)(b) GDPR as well as the safeguarding of our legitimate interests in optimizing our operational processes pursuant to Art. 6(1)(f) GDPR. We have concluded a Data Processing Addendum (DPA) with Make to ensure that your data is processed strictly according to our instructions and in accordance with GDPR requirements.

Further information: https://www.make.com/en/privacy-notice

14. Appointment Booking (Calendly)

For appointment bookings, we use Calendly LLC (USA). Personal data (e.g., name, email) is processed.

Further information: https://calendly.com/privacy

15. Use of AI Technologies (Internal Use)

‍We use AI-supported technologies within our business processes to optimize our services and internal workflows (e.g., support in content creation or general data analysis). We ensure that no personal data of our customers is fed into the training models of the AI providers or processed there without protection, unless this is expressly required for contract performance or separate consent has been obtained. The use of these technologies is based on our legitimate interests in an efficient and contemporary design of our business processes pursuant to Art. 6(1)(f) GDPR.

16. Handling of Applicant Data

If you send us an application (e.g., by email or via a contact form), we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and, if you have given your consent, Art. 6(1)(a) GDPR. Your personal data will be stored for a maximum of 6 months after the conclusion of the application process (for the duty of proof under the General Act on Equal Treatment - AGG), unless an employment relationship is established or you have given us consent for longer storage (applicant pool).

‍17. Contact (Email and Contact Form)

If you contact us by email or via a contact form on our website, your details (name, email address, and the content of your message) will be stored by us for processing your inquiry and in case of follow-up questions. The processing of this data is based on:

Art. 6(1)(b) GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures.

Art. 6(1)(f) GDPR, based on our legitimate interest in the effective processing of inquiries addressed to us.

The data you send to us will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions, in particular statutory retention periods (e.g., according to the HGB or AO), remain unaffected.

18. Conduct of Surveys and Feedback Analysis

We conduct surveys on our website and within the scope of our services to continuously improve our software and marketing services and to adapt them to the needs of our users.

• Purpose of Processing: Statistical evaluation, improvement of user experience (UX), quality management, and product development.

• Legal Basis: Processing is carried out based on your consent pursuant to Art. 6(1)(a) GDPR (where requested) or based on our legitimate interests in optimizing our offering pursuant to Art. 6(1)(f) GDPR.

• Categories of Data: Depending on the survey, responses, metadata (timestamps, browser type), and, if applicable, contact details are processed.

• Retention Period: Data will be deleted as soon as it is no longer required for the purpose of its collection or if you withdraw your consent.

19. Disclosure of Data

Your personal data will only be disclosed to third parties in the following legally permissible cases:

For contract fulfillment (Art. 6(1)(b) GDPR): If this is necessary for the processing of a contract concluded with you (e.g., to payment service providers or shipping companies).

To processors (Art. 28 GDPR): If we use service providers (e.g., hosting providers like Squarespace, automation tools like Make, or newsletter services like Mailchimp) who process data strictly according to our instructions.

• ‍Due to legal obligations (Art. 6(1)(c) GDPR): If we are legally obliged to transmit data to authorities or courts.

• Based on your consent (Art. 6(1)(a) GDPR): If you have given us express permission to do so.

• Any further transfer of your data to third parties for advertising purposes will not take place without your express consent.

20. Retention Period

‍Unless a more specific storage period has been mentioned within this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or withdraw consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods). In the case of statutory retention obligations, deletion takes place only after these periods have expired. These are generally:

• 10 years for accounting records, invoices, and tax-relevant documents pursuant to § 147 AO.

• ‍6 years for business documents and commercial letters pursuant to § 257 HGB.

‍21. Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Privacy Policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is related to such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21(2) GDPR).

22. Your Rights as a Data Subject

As a data subject, you have the following rights under the applicable legal provisions (GDPR):

Access (Art. 15 GDPR): You have the right to receive information about your stored personal data at any time free of charge.

Rectification (Art. 16 GDPR): You can request the correction of incorrect data.

Erasure (Art. 17 GDPR): Under certain conditions, you have the right to the deletion of your data ("Right to be forgotten").

Restriction of Processing (Art. 18 GDPR): You can request that the processing of your data be restricted.

‍Data Portability (Art. 20 GDPR): You have the right to have data that we process automatically based on your consent or in fulfilment of a contract handed over to you or to a third party in a common format.

Objection (Art. 21 GDPR): You can object to the future processing of your data at any time.

Right of appeal to the supervisory authority: Pursuant to Art. 77 GDPR, you also have the right to complain to a data protection supervisory authority if you believe that the processing of your data violates data protection law. For us in Mannheim, this is usually the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg).

23. Objection to Promotional Emails

Within the framework of the statutory legal notice obligation, we are obliged to publish our contact details. We hereby expressly prohibit the use of this data by third parties for the sending of advertising, information materials, or spam emails that have not been explicitly requested by us. As the operator of this website, we expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information (e.g., through advertising calls or spam emails).

24. Withdrawal of Your Consent to Data Processing ‍

Many data processing operations are only possible with your express consent. You can withdraw consent already given at any time. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal. For the withdrawal, an informal notification by email to us is sufficient. In the case of the newsletter, the withdrawal can also be made via the unsubscribe link contained in the newsletter.

25. Right of Appeal to the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have a right of appeal to a supervisory authority, in the Member State of their habitual residence, their place of work, or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies.

The primary supervisory authority responsible for us (based in Mannheim) is:

‍Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Website: https://www.baden-wuerttemberg.datenschutz.de/beschwerde/

‍Note: The supervisory authority's website is primarily available in German. For international inquiries, you may contact them via email at poststelle@lfdi.bwl.de.

26. Validity and Amendment of this Privacy Policy

This Privacy Policy is currently valid and is dated March 2026. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this Privacy Policy. The current Privacy Policy can be accessed and printed out by you at any time on the website.