Privacy Policy
Introduction
With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific.
Last updated: September 15, 2022
Controller
Robert Taglauer
Werkstrasse 10
85614 Kirchseeon
Germany
Robin Künnecke
Am Bockshorn 37
38173 Sickte
Germany
Authorized representatives: Robin Künnecke and Robert Taglauer
Legal Notice: https://www.r2studio.de/imprint
Email address: hallo [at] r2studio [dot] com
Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of Data Processed
- Inventory data (e.g., names, addresses)
- Content data (e.g., entries in online forms)
- Contact data (e.g., email, telephone numbers)
- Meta/communication data (e.g., device information, IP addresses)
- Usage data (e.g., websites visited, interest in content, access times)
- Contract data (e.g., contract subject, duration, customer category)
Categories of Data Subjects
- Employees (e.g., staff, applicants, former employees)
- Interested parties
- Communication partners
- Customers
- Users (e.g., website visitors, users of online services)
Purposes of Processing
- Provision of our online offer and user-friendliness
- Conversion measurement (measuring the effectiveness of marketing measures)
- Office and organizational procedures
- Content Delivery Network (CDN)
- Direct marketing (e.g., via email or post)
- Feedback (e.g., collecting feedback via online form)
- Marketing
- Contact requests and communication
- Profiles with user-related information (creating user profiles)
- Reach measurement (e.g., access statistics, recognition of returning visitors)
- Provision of contractual services and customer service
Relevant Legal Basis
Below you will find an overview of the legal basis of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or our country of establishment. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.
- Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given their consent to the processing of personal data concerning them for one or more specific purposes.
- Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National Data Protection Regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
Security Measures
In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
Measures include in particular securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, ensuring availability, and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
IP Address Shortening: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is shortened (also referred to as "IP masking"). The last two digits or the last part of the IP address after a period is removed or replaced by placeholders. The shortening of the IP address is intended to prevent or significantly hinder the identification of a person by their IP address.
SSL Encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
Transmission of Personal Data
In the context of our processing of personal data, the data may be transmitted to other bodies, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or disclosure or transmission of data to other persons, bodies, or companies, this only takes place in accordance with legal requirements.
Subject to express consent or contractually or legally required transmission, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
Deletion of Data
The data processed by us will be deleted in accordance with legal requirements as soon as their consent to processing is revoked or other permissions expire (e.g., if the purpose of processing this data has ceased to apply or it is not required for the purpose).
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.
As part of our privacy information, we may provide users with additional information about the deletion and retention of data that applies specifically to the respective processing processes.
Use of Cookies
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie primarily serves to store information about a user during or after their visit within an online offer. Stored information may include, for example, language settings on a website, login status, a shopping cart, or the location where a video was watched. The term cookies also includes other technologies that fulfill the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").
The following cookie types and functions are distinguished:
- Temporary cookies (session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, login status can be saved or preferred content can be displayed directly when the user visits a website again.
- First-party cookies: First-party cookies are set by us.
- Third-party cookies: Third-party cookies are mainly used by advertisers to process user information.
- Necessary cookies: Cookies may be absolutely necessary for the operation of a website (e.g., to store logins or other user inputs or for security reasons).
- Statistics, marketing, and personalization cookies: Furthermore, cookies are usually also used in the context of reach measurement and when the interests of a user or their behavior on individual websites are stored in a user profile.
Notes on legal basis: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this applies and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests or, if the use of cookies is necessary to fulfill our contractual obligations.
Storage duration: If we do not provide you with explicit information about the storage duration of permanent cookies, please assume that the storage duration can be up to two years.
General information on revocation and objection (opt-out): Depending on whether processing is based on consent or legal permission, you have the option at any time to revoke consent granted or to object to the processing of your data by cookie technologies. You can declare your objection through your browser settings or via the following services: https://optout.aboutads.info and https://www.youronlinechoices.com/
Processing of cookie data based on consent: We use a cookie consent management procedure in which users' consent to the use of cookies can be obtained, managed, and revoked by users.
- Types of data processed: Usage data, meta/communication data
- Data subjects: Users
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Provision of the Online Offer and Web Hosting
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.
Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, browser type and version, the user's operating system, referrer URL, and IP addresses.
Content Delivery Network: We use a Content Delivery Network (CDN) to deliver content from our online offer faster and more securely.
- Types of data processed: Content data, usage data, meta/communication data
- Data subjects: Users
- Purposes of processing: Provision of the online offer, CDN
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Service used – Webflow: We host our website with Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit our website, Webflow collects various log files including your IP addresses. For details, see Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy. The data transfer to the USA is based on the EU Commission's standard contractual clauses. We have concluded a data processing agreement (DPA) with Webflow.
Contact and Inquiry Management
When contacting us (e.g., via contact form, email, telephone, or via social media), the information provided by the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.
- Types of data processed: Inventory data, contact data, content data
- Data subjects: Communication partners
- Purposes of processing: Contact inquiries and communication
- Legal basis: Contract fulfillment (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Cloud Services
We use cloud services for the following purposes: document storage and management, calendar management, email sending, spreadsheets and presentations, exchange of documents, and chats and participation in audio and video conferences.
- Types of data processed: Inventory data, contact data, content data, usage data, meta/communication data
- Data subjects: Customers, employees, interested parties, communication partners
- Purposes of processing: Office and organizational procedures
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Contract fulfillment (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Service used – Dropbox: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA. Privacy policy: https://www.dropbox.com/privacy
Newsletter and Electronic Notifications
We only send newsletters, emails, and other electronic notifications with the consent of the recipients or legal permission.
Double opt-in procedure: Registration for our newsletter is done through a double opt-in procedure. After registration, you will receive an email asking you to confirm your registration.
Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove previously given consent. An individual deletion request is possible at any time.
Content: Information about us, our services, promotions, and offers.
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as "reach measurement") serves to evaluate the visitor flows to our online offer. With the help of reach analysis, we can recognize at what time our online offer or its functions or content are most frequently used. We use IP masking (pseudonymization by shortening the IP address) to protect users.
Service used – Google Analytics: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy
Online Marketing
We process personal data for online marketing purposes, which may include the marketing of advertising space or the display of advertising content based on the potential interests of users and the measurement of their effectiveness.
- Types of data processed: Usage data, meta/communication data
- Data subjects: Users
- Purposes of processing: Marketing, user profiles, conversion measurement
- Security measures: IP masking
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Opt-out options:
- Europe: https://www.youronlinechoices.eu
- Canada: https://www.youradchoices.ca/choices
- USA: https://www.aboutads.info/choices
- Cross-territory: https://optout.aboutads.info
Services used:
- Google Analytics: Privacy policy: https://policies.google.com/privacy – Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en
- Google Ads and conversion measurement: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy
- Leadfeeder: Lidio Oy / Leadfeeder, Mikonkatu 17 C, 00100 Helsinki, Finland. Privacy policy: https://www.leadfeeder.com/privacy/
Presence on Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.
- Types of data processed: Contact data, content data, usage data, meta/communication data
- Data subjects: Users
- Purposes of processing: Contact inquiries and communication, feedback, marketing
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Services used:
- Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Privacy policy: https://instagram.com/about/legal/privacy
- LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy: https://www.linkedin.com/legal/privacy-policy – Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Dribbble: Dribbble Holdings Ltd., 524 Yates St, Victoria, British Columbia, V8W 1K8, Canada. Privacy policy: https://dribbble.com/privacy
Management, Organization, and Support Tools
We use services, platforms, and software from other providers (hereinafter "third-party providers") for the purposes of organization, administration, planning, and provision of our services. When selecting third-party providers and their services, we observe legal requirements.
- Types of data processed: Inventory data, contact data, content data, usage data, meta/communication data
- Data subjects: Communication partners, users
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Contract fulfillment (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
Refer and earn
Know someone who could use our work? Refer them to us and receive 10% of the project value as a thank you. Our typical projects range from €10k–35k.


