Privacy Policy

1. Introduction
This website is operated by: studio victor hahner.
We place great importance on handling the data of our website visitors with trust and protecting it as best as possible. For this reason, we make every effort to comply with the requirements of the GDPR.
Below, we explain how we process your data on our website. We use clear and transparent language so that you can truly understand what happens to your data.

2. General Information

2.1 Processing of Personal Data and Other Terms
Data protection applies to the processing of personal data.
"Personal data" refers to any information that can be used to personally identify you. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using.
Data is considered processed when "something happens to it." For instance, your IP address is transmitted by your browser to our provider and automatically stored there. This is considered processing (according to Art. 4 No. 2 GDPR) of personal data (as per Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Article 4 of the GDPR.

2.2 Applicable Regulations / Laws – GDPR, BDSG, and TDDDG
The scope of data protection is governed by legal regulations. These include the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as national legislation.
Additionally, the TDDDG complements the GDPR provisions, particularly regarding the use of cookies.

2.3 The Controller
The party responsible for data processing on this website is the controller as defined by the GDPR. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
You can contact the controller at:
studio victor hahner
Fritz-Hoffmann-Straße 64, 06116 Halle
info@victorhahner.com

2.4 How Data is Generally Processed on This Website
As previously mentioned, some data (e.g., IP address) is automatically collected. This data is primarily required for the technical operation of the website.
Whenever we use personal data beyond that or collect other types of data, we will inform you or request your consent.
Other personal data is provided to us by you knowingly.
Detailed information can be found below.

2.5 Your Rights
The GDPR grants you extensive rights. These include the right to free access to the origin, recipients, and purpose of your stored personal data. You may also request the correction, blocking, or deletion of this data or lodge a complaint with the relevant data protection authority.
You can revoke your consent at any time.
Details on your rights and how to exercise them can be found in the final section of this privacy policy.

2.6 Our Perspective on Data Protection
For us, data protection is more than just an annoying obligation! Personal data is highly valuable, and a respectful approach to this data should be a given in our digital world.
As a website visitor, you should be able to decide for yourself what happens to your data, when, and by whom.
Therefore, we commit to complying with all legal requirements, collecting only the data we truly need, and treating it with strict confidentiality.

2.7 Data Disclosure and Deletion
Data disclosure and deletion are also important and sensitive issues.
Thus, we would like to inform you in advance about our general approach to these topics.
Data is only disclosed based on a legal basis and only when absolutely necessary. This can particularly apply when dealing with a so-called data processor and a data processing agreement under Art. 28 GDPR has been concluded.
We delete your data when the purpose and legal basis for processing no longer apply and no other legal obligations prevent the deletion.
A good overview of this is provided by Art. 17 GDPR.
Please refer to this privacy policy for further details and contact the controller with any specific questions.

2.8 Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider. This includes both automatically collected and stored log files (see below for details) as well as any other data provided by visitors to the website.
External hosting is used to ensure a secure, fast, and reliable provision of our website and serves to fulfill our contractual obligations to potential and existing customers.
The legal basis for this processing is Art. 6(1)(a), (b), and (f) GDPR, as well as § 25(1) TDDDG, provided that consent includes the storage of cookies or access to information on the end device of the website visitor/user as defined by the TDDDG.
Our hosting provider only processes data that is necessary for the fulfillment of their service obligations and acts as our data processor, which means they are bound by our instructions.
We have entered into a data processing agreement with our hosting provider.
Our hosting provider is:
United Domains
united-domains AG, Gauting Straße 10, 82319 Starnberg, Germany
https://www.united-domains.de/unternehmen/datenschutz/

2.9 Legal Bases
The processing of personal data always requires a legal basis.
The GDPR provides the following options in Art. 6(1)(1):
a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
b) The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;
c) The processing is necessary for compliance with a legal obligation to which the controller is subject;
d) The processing is necessary to protect the vital interests of the data subject or another natural person;
e) The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly where the data subject is a child.
In the following sections, we will specify the concrete legal basis for each type of data processing.

3 This happens on our website
By visiting our website, we process personal data from you.
To protect this data as best as possible from unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the presence of “https://” or a lock symbol in your browser's address bar.
Below, you will learn which data is collected when you visit our website, the purpose for which it is processed, and the legal basis for this.

3.1 Data Collection When Accessing the Website
When accessing the website, information is automatically stored in so-called server log files. This includes the following data:

  • Browser type and version

  • Operating system used

  • Referrer URL

  • Hostname of the accessing computer

  • Time of the server request

  • IP address

    This data is temporarily required to ensure the continuous and trouble-free display of our website. Specifically, this data serves the following purposes:

  • System security of the website

  • System stability of the website

  • Error resolution on the website

  • Establishing a connection to the website

  • Displaying the website

    The processing of this data is based on Art. 6 (1) lit. f GDPR and is carried out in our legitimate interest in the functionality and security of the website.
    Wherever possible, this data is stored in a pseudonymized form and deleted after the respective purpose is fulfilled.
    If the server log files allow for identification of the data subject, they will be stored for a maximum of 14 days. An exception applies in case of a security-relevant incident. In such cases, the server log files will be stored until the incident is resolved and fully investigated.
    There is no merging of this data with other data.

    3.2 Cookies

    3.2.1 General Information
    This website uses so-called cookies. These are data records—information stored in your browser—that are related to our website.
    By setting cookies, navigating the website becomes easier for the visitor.
    In our cookie consent tool, you can find all the cookies we use on our website (if applicable, only with your consent).

    3.2.2 Rejecting Cookies
    All cookies that are not technically necessary can be managed directly via our cookie consent tool.
    You can prevent the setting of cookies by adjusting your browser settings.

    Here are relevant links for commonly used browsers:

  • Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen

  • Google Chrome: https://support.google.com/chrome/answer/95647?hl=de

  • Microsoft Edge: https://support.microsoft.com/de-de/windows/cookies-loschen-und-verwalten

  • Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac and https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web
    If you use another browser, we recommend entering the browser name along with “delete and manage cookies” in a search engine and following the official link.
    Alternatively, you can also manage your cookie preferences at www.aboutads.info/choices/ or www.youronlinechoices.com.
    Please note that comprehensive blocking/deletion of cookies may impair the functionality of the website.

    3.2.3 Technically Necessary Cookies
    We use technically necessary cookies on this website to ensure it functions correctly and in compliance with legal requirements.
    These cookies help make the website user-friendly. Some website features cannot be displayed without cookies.
    The legal basis is Art. 6 (1) lit. b, c and/or f GDPR, depending on the individual case.

    3.2.4 Technically Non-Essential Cookies
    We also use cookies that are not technically necessary. These serve purposes such as analyzing visitor browsing behavior or enabling certain features of the website that are not strictly required.
    The legal basis for this is your consent pursuant to Art. 6 (1) lit. a GDPR.
    These cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

    3.3 Data Processing Through User Input

    3.3.1 Contacting Us

    a) Email
    If you contact us via email, we process your email address and any other data contained in the message. These are stored on the mail server and, in part, on the respective devices.
    Depending on your request, the legal basis is usually Art. 6 (1) lit. f GDPR or Art. 6 (1) lit. b GDPR.
    Data is deleted once the purpose has been fulfilled and deletion is legally permissible.

    b) Appointment Scheduling Tool
    (No specific details given in original, likely follows similar logic.)

    3.4 Cookie Consent Tool

    3.4.1 Squarespace
    To ensure that cookies are only set on our website where a legal basis exists, we use the consent management tool from Squarespace, provided by Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland.
    This service is used to obtain and document website visitor consent for storing certain cookies or using specific technologies in a GDPR-compliant manner.
    When the website is accessed, the user's consent or revocation is stored as a Squarespace cookie in the browser. A connection to Squarespace’s servers is established for this.
    Legal basis: Art. 6 (1) lit. c GDPR. Squarespace is used to obtain the legally required cookie consent.
    Data is stored until the visitor requests deletion, Squarespace deletes it, or the purpose for storage no longer applies. Mandatory legal retention periods remain unaffected.

    3.5 Analytics and Tracking Tools

    3.5.1 Squarespace Analytics
    We use Squarespace Analytics on this website, a web analytics service provided by Squarespace Ireland Ltd., Le Pole House, Shipstreet Great, Dublin 8.
    It allows us to analyze visitor behavior. This includes access time, geographic location, click/scroll behavior, and search queries.
    Browser, network, and device info as well as the IP address are collected.
    Squarespace Analytics uses cookies to create pseudonymized user profiles, enabling cross-site recognition for analytics.
    Legal basis: Art. 6 (1) lit. a GDPR and §25 (1) TDDDG (if involving device data or cookie storage).
    Otherwise, processing is based on Art. 6 (1) lit. f GDPR—our legitimate interest in optimizing our web presence and advertising.
    Personal data may be transferred to the parent company, Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA.
    Data transfer is based on EU Standard Contractual Clauses (SCC).
    More info:
    https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace
    https://www.squarespace.com/privacy

    3.6 Social Media Profiles
    We maintain social media profiles in addition to our website. These serve to present our company and provide contact options.
    We also use these platforms to post ads and job offers.
    Below you’ll find information about the data we and the respective platform process when you interact with our profile.

    3.6.1 Instagram
    We operate an Instagram profile provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

    a) Interaction with Our Business Profile
    When you visit or interact with our Instagram profile, we process personal data:
    Publicly visible profile data as well as data contained in posts, comments, or direct messages.
    If you like or share content, we may see your profile and its public information.
    Legal basis: Art. 6 (1) lit. f GDPR—our legitimate interest in providing relevant content and enabling interaction.
    If the interaction involves contract performance or pre-contractual measures, the legal basis is Art. 6 (1) lit. b GDPR.

    b) Insights
    As described in the Meta privacy policy (https://privacycenter.instagram.com/policy), Meta collects and uses data to provide analytics services (Insights) to page operators.
    Insights are aggregated stats based on user interactions and are logged by Meta’s servers. This includes:

  • Number of people viewing or interacting with our content (e.g., posts, videos, ads, shop items)

  • Interactions with our website, apps, and services

  • Demographics of the interacting audience

    Meta provides us with aggregated reports—no personal data is shared with us.
    We can apply filters (e.g., time period, demographics) to analyze reach and optimize content and ads accordingly.
    Legal basis: Art. 6 (1) lit. f GDPR—our legitimate interest in reach analysis and content optimization.
    This processing occurs under joint responsibility with Meta under Art. 26 (1) GDPR.
    The agreement can be reviewed here: https://www.facebook.com/legal/terms/page_controller_addendum
    Meta contact details:

  • Online: https://www.facebook.com/help/contact/1650115808681298

  • Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland

  • Instagram DPO contact: https://www.facebook.com/help/contact/540977946302970
    Further info on Insights: https://de-de.facebook.com/help/pages/insights
    Instagram privacy policy: https://privacycenter.instagram.com/policy

    Personal Data and Cookies by Meta
    When you access an Instagram page, your device’s IP address is transmitted to Meta. Meta states that German IP addresses are anonymized.
    Meta also stores device information (e.g., login notifications), which could allow matching IP addresses to individual users.
    If you're logged in to Instagram, a cookie with your ID is stored on your device. This allows Meta to track your visit and activity on the site and other websites that use Meta services.
    This data can be used to tailor content or ads to you.
    More information: https://privacycenter.instagram.com/policy

    4. This Is Also Important
    To conclude, we would like to inform you in detail about your rights and let you know how you will be informed about changes to data protection regulations.

    4.1 Your Rights in Detail

    4.1.1 Right of Access under Art. 15 GDPR
    You can request information about whether your personal data is being processed. If this is the case, you can request further information about the nature and manner of the processing. A detailed list can be found in Art. 15(1)(a) to (h) GDPR.

    4.1.2 Right to Rectification under Art. 16 GDPR
    This right includes the correction of inaccurate data and the completion of incomplete personal data.

    4.1.3 Right to Erasure under Art. 17 GDPR
    This so-called “right to be forgotten” gives you the right to request the erasure of personal data by the controller under certain conditions. This generally applies if the purpose of the data processing no longer exists, if consent has been withdrawn, or if the original processing lacked a legal basis. A detailed list of reasons can be found in Art. 17(1)(a) to (f) GDPR.
    This “right to be forgotten” also corresponds to the controller’s obligation under Art. 17(2) GDPR to take reasonable steps to ensure general erasure of the data.

    4.1.4 Right to Restriction of Processing under Art. 18 GDPR
    This right is subject to the conditions outlined in Art. 18(1)(a) to (d) GDPR.

    4.1.5 Right to Data Portability under Art. 20 GDPR
    This article establishes the basic right to receive your own data in a commonly used format and to have it transferred to another controller. However, this only applies to data processed on the basis of consent or contract pursuant to Art. 20(1)(a) and (b), and only where technically feasible.

    4.1.6 Right to Object under Art. 21 GDPR
    You may generally object to the processing of your personal data. This is particularly the case if your interest in objecting outweighs the controller’s legitimate interest in the processing, or if the processing relates to direct marketing and/or profiling.

    4.1.7 Right to Individual Decision-Making under Art. 22 GDPR
    You generally have the right not to be subject to a decision based solely on automated processing (including profiling) that has legal effects on you or significantly affects you in a similar way. However, this right is subject to limitations and exceptions outlined in Art. 22(2) and (4) GDPR.

    4.1.8 Other Rights
    The GDPR also includes extensive rights to inform third parties whether and how you have exercised your rights under Art. 16, 17, and 18 GDPR. This applies only insofar as it is possible and reasonable to do so.
    We would also like to remind you of your right to withdraw consent under Art. 7(3) GDPR. The lawfulness of any processing carried out up to the point of withdrawal remains unaffected.
    Additionally, we draw your attention to your rights under §§ 32 et seq. of the German Federal Data Protection Act (BDSG), which largely align with the rights described above.

    4.1.9 Right to Lodge a Complaint under Art. 77 GDPR
    You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates this regulation.

    5. What If the GDPR Is Repealed or Other Changes Occur?
    The current version of this privacy policy is dated June 18, 2025. From time to time, it may be necessary to amend the content of this privacy policy to reflect actual or legal changes. We therefore reserve the right to change this privacy policy at any time.
    We will publish the updated version in the same place and recommend that you review the privacy policy regularly.