PRIVACY POLICY

1. General Information

This privacy policy provides information on the nature, scope, and purpose of the processing of personal data within our online offering. We place great value on data minimization and use a modern headless infrastructure to protect your privacy in the best possible way.

⸻

2. Hosting and Technical Infrastructure (Headless Setup)

Due to the technical architecture of our website, we use specialized service providers. We have concluded Data Processing Agreements (DPA) according to Art. 28 GDPR with all providers.

• Vercel (Frontend Hosting): Our website is deployed via Vercel Inc., USA. Vercel processes IP addresses to ensure secure delivery. Data transfer to the US is secured by the EU-US Data Privacy Framework (DPF).
• Railway (Backend & Strapi CMS): Our content management system is hosted on Railway Corp., USA. This is where content data and, if applicable, user inquiries are processed. Railway is DPF-certified.
• Cloudinary (Image Infrastructure): Images are optimized and delivered via Cloudinary Ltd. (USA/Israel). When loading these media files, your IP address is transmitted to Cloudinary. Cloudinary is DPF-certified.
• Linode / Akamai (Media Storage): Individual video files are hosted on storage provided by Linode (Akamai Technologies Inc., USA). Akamai is DPF-certified.

⸻

3. Types of Processed Data

• Inventory data (e.g., names, addresses)
• Contact data (e.g., email, phone numbers)
• Content data (e.g., text entries in forms)
• Usage data (e.g., visited websites, access times)
• Meta/communication data (e.g., device information, IP addresses)

⸻

4. Matomo Analytics (Privacy by Design)

We use the open-source tool Matomo for reach measurement. We have configured Matomo to operate without cookies. Your IP address is anonymized immediately before storage. The data remains on our own infrastructure and is not passed on to third parties. No consent banner is required for this type of anonymous statistical recording.

⸻

5. Newsmail (Newsletter)

If you subscribe to our Newsmail, we process your data based on your consent (Art. 6 Para. 1 lit. a GDPR). We use the double opt-in procedure. You can revoke your consent at any time via the link at the end of every email.

⸻

6. Integration of Videos (Vimeo & Linode)

We integrate videos via Vimeo (USA). We use the "Do-Not-Track" mode to prevent tracking cookies. Data transfer to the US is secured via the DPF. Individual video content is also loaded directly via our Linode infrastructure.

⸻

7. Social Networks

We link to profiles on LinkedIn, Xing, Facebook, and Instagram. Data transfer only occurs if you actively click on the respective link. For Facebook & Instagram, there is a joint responsibility with Meta Platforms Ireland Ltd. (Art. 26 GDPR).

⸻

8. Rights of the Data Subject

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), as well as the right to object (Art. 21) and the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

⸻

9. Security Measures

We use SSL/TLS encryption (HTTPS) to protect your data during transmission.

Status: April 2026

Created for Dancing Bear Productions.