Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means any information that can be used to personally identify you. Detailed information on the subject of data protection can be found in this Privacy Policy.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The relevant contact details can be found in the section “Information on the Responsible Party” in this Privacy Policy.

How do we collect your data?

Some data is collected when you provide it to us. This may include, for example, data that you enter into a contact form, send to us by email or provide to us by phone.

Other data is collected automatically, or after your consent, by our IT systems when you visit the website. This mainly includes technical data, such as your internet browser, operating system, time of page access or IP address. This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some data is collected to ensure the error-free and secure provision of the website. Other data may be used to analyze user behavior, improve our services, process inquiries, initiate contracts or carry out existing contractual relationships.

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipients and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you may withdraw this consent at any time with effect for the future.

You also have the right, under certain circumstances, to request the restriction of the processing of your personal data, to object to the processing and to data portability. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this or any other questions about data protection.

2. Hosting

External Hosting

This website is hosted by an external service provider. The personal data collected on this website is stored on the servers of our hosting provider. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access data and other data generated via a website.

External hosting is used for the purpose of fulfilling contracts with our potential and existing customers pursuant to Art. 6 (1) lit. b GDPR and in the interest of providing our online offering securely, quickly and efficiently through a professional provider pursuant to Art. 6 (1) lit. f GDPR.

Where corresponding consent has been requested, processing is additionally carried out on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of information on the user’s device or access to information on the user’s device. Consent can be withdrawn at any time.

Our hosting provider processes your data only to the extent necessary to fulfill its service obligations and follows our instructions regarding this data.

We use the following hosting provider:

netcup GmbH
Emmy-Noether-Straße 10
76131 Karlsruhe
Germany
Email: datenschutz@netcup.de
Phone: +49 721 75407550
Fax: +49 721 75407559

Data Processing Agreement

We have concluded a data processing agreement with the provider named above. This agreement ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data is processed. This Privacy Policy explains which data we collect, what we use it for, on which legal basis this is done and which rights you have.

Please note that data transmission on the internet, for example when communicating by email, may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the Responsible Party

The responsible party for data processing on this website is:

Jennifer Wöstmann
Riedblickweg 14
88410 Bad Wurzach
Germany

Phone: +49 (0)7564 738 99 34
Email: Admin(a)MBDF.de

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

Storage Period

Unless a more specific storage period is stated in this Privacy Policy, personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless there are other legally permissible reasons for storing your personal data.

Such reasons may include, in particular, tax or commercial retention periods, documentation obligations or the establishment, exercise or defense of legal claims.

General Information on the Legal Bases for Data Processing

If you have given your consent to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR. If you have consented to the storage of information on your device or access to information on your device, the processing is additionally based on Section 25 (1) TDDDG.

If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR.

If processing is necessary to comply with a legal obligation, it is carried out on the basis of Art. 6 (1) lit. c GDPR.

Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The relevant legal basis for each individual case is explained in the respective sections of this Privacy Policy.

Information on Data Transfers to Third Countries

We use services provided by companies based outside the European Union or the European Economic Area, or services where the processing of personal data in third countries cannot be ruled out.

Data is transferred to third countries only where there is a legal basis for doing so, in particular an adequacy decision by the European Commission, appropriate safeguards such as EU Standard Contractual Clauses, certification under the EU-US Data Privacy Framework or explicit consent.

Information on specific third-country transfers can be found in the respective service sections of this Privacy Policy.

Recipients of Personal Data

As part of our business activities, we work with various external parties. In some cases, it may be necessary to transfer personal data to these external parties.

We only transfer personal data if this is necessary for the performance of a contract, if we are legally obliged to do so, if we have a legitimate interest in the transfer, if consent has been given or if another legal basis permits the transfer.

Recipients of personal data may include, in particular:

hosting providers, technical service providers, email and communication service providers, providers of analytics and marketing services, providers of consent management solutions, IT and maintenance service providers, tax advisors, accounting service providers, authorities and other parties where legally required or permitted.

When using processors, we transfer personal data only on the basis of a valid data processing agreement. In the case of joint processing, an agreement on joint controllership is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your consent. You may withdraw consent that has already been given at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Advertising

If data processing is carried out on the basis of Art. 6 (1) lit. e or lit. f GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If personal data is processed for direct advertising purposes, you have the right to object at any time to the processing of your personal data for such advertising. If you object, your personal data will no longer be used for direct advertising purposes.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, affected persons have the right to lodge a complaint with a data protection supervisory authority. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format, or to have it transferred to a third party. If you request the direct transfer of the data to another controller, this will only be done where technically feasible.

Information, Correction and Deletion

Within the scope of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, recipients and the purpose of data processing. You may also have the right to have this data corrected or deleted.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data.

The right to restriction of processing exists in particular if you dispute the accuracy of your data, if the processing is unlawful, if we no longer need the data but you need it for the exercise, defense or establishment of legal claims, or if you have objected to the processing and it has not yet been determined whose interests prevail.

SSL or TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of your browser begins with “https://”.

When SSL or TLS encryption is activated, data that you transmit to us cannot easily be read by third parties.

4. Data Collection on This Website

Cookies and Similar Technologies

Our website uses cookies and similar technologies. Cookies are small data packets that are stored on your device. They may be stored temporarily for the duration of a session or permanently on your device.

Cookies may originate from us or from third-party companies. They may be technically necessary to provide certain website functions or may be used for analytics, statistics or marketing purposes.

Technically necessary cookies are processed on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. Our legitimate interest lies in the technically error-free, secure and user-friendly provision of our website.

Where consent has been requested for the storage of cookies or similar technologies, processing is carried out on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time.

You can configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies or to automatically delete cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

Consent Management with Complianz

This website uses the consent management tool Complianz to obtain, manage and document consent for cookies and comparable technologies.

Complianz helps us to load services requiring consent only after corresponding consent has been given and to store the cookie and privacy settings selected by website visitors.

In particular, the following data may be processed:

consent status, date and time of consent, selected cookie categories, technical browser and device information and, where applicable, an anonymous or pseudonymous user identifier.

The processing is carried out in order to obtain and document consent in a legally compliant manner. The legal basis is Art. 6 (1) lit. c GDPR, insofar as there is a legal obligation to provide proof, and Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the privacy-compliant management of consent.

Where technically necessary cookies or comparable technologies are stored by Complianz, this is done on the basis of Section 25 (2) TDDDG.

Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes, in particular:

browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request and IP address.

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in the technically error-free presentation, security and optimization of our website.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.

Depending on the form, the following data may be processed in particular:

name, email address, phone number, information about the planned date, information about the wedding, engagement, location or planned occasion, interest in photography, film or photography & film, free-text messages and other information voluntarily provided.

This data is processed on the basis of Art. 6 (1) lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing inquiries addressed to us pursuant to Art. 6 (1) lit. f GDPR or on your consent pursuant to Art. 6 (1) lit. a GDPR, where such consent has been requested.

The data entered in the contact form will remain with us until you request deletion, withdraw your consent or the purpose for data storage no longer applies. Mandatory statutory provisions, in particular retention periods, remain unaffected.

Voluntary Provision of a Mobile Phone Number and SMS Notification

If you provide us with a mobile phone number via the contact form, we will use it exclusively for the stated purpose, in particular to send you a short SMS once we have replied to your inquiry by email.

The mobile phone number will not be used for advertising calls, unsolicited phone calls or other marketing purposes.

The legal basis is Art. 6 (1) lit. a GDPR if corresponding consent has been given. Where the processing is necessary to process your inquiry or for pre-contractual measures, it is additionally based on Art. 6 (1) lit. b GDPR.

Consent that has been given can be withdrawn at any time with effect for the future.

Inquiry by Email, Phone, SMS or Fax

If you contact us by email, phone, SMS or fax, your inquiry, including all personal data arising from it, will be stored and processed by us for the purpose of handling your request.

The data you transmit to us will remain with us until you request deletion, withdraw your consent or the purpose for data storage no longer applies. Statutory retention periods remain unaffected.

Email Delivery and SMTP Logging

A technical SMTP system may be used on this website for the delivery and logging of emails.

In this context, technical information about email delivery may be stored, in particular recipient address, subject, time of sending, delivery status, error messages and, depending on the technical configuration, content or technical metadata of the email.

Logging is used to monitor the delivery of contact form emails, identify delivery issues and, where necessary, resend messages.

The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the reliable processing of inquiries and the technical traceability of email delivery.

SMTP logs are stored only for as long as necessary for error analysis and processing and are then deleted, unless statutory retention obligations apply.

Communication via WhatsApp

We may use the messenger service WhatsApp to communicate with interested parties, customers or business partners. The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If you contact us via WhatsApp or expressly request communication via WhatsApp, we process the data you transmit to us in order to handle your inquiry and communicate with you.

In particular, the following data may be processed:

phone number, profile name, message content, transmitted images, files or other attachments, time of communication and technical metadata of the communication.

WhatsApp is only used if you choose this communication channel yourself or expressly request it. The legal basis is Art. 6 (1) lit. a GDPR if consent has been given. If the communication serves pre-contractual measures or contract processing, the legal basis is additionally Art. 6 (1) lit. b GDPR. In other cases, processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in fast and user-friendly communication.

Please note that WhatsApp may have access to communication metadata and that data may also be transferred to third countries.

Further information on data processing by WhatsApp can be found at:
https://www.whatsapp.com/legal/privacy-policy-eea

If you do not wish to communicate via WhatsApp, you can contact us by email at any time.

5. Analytics and Marketing Services

Google Tag Manager

This website uses Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool used to manage and integrate website tags. Tags are small code elements that can be used to integrate services such as analytics or marketing tools on the website.

According to Google, Google Tag Manager itself does not create user profiles and does not store cookies for analytics or marketing purposes. It is used to manage and trigger other services. However, if a service is integrated via Google Tag Manager, that service may process personal data.

Google Tag Manager is used on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the efficient and technically clean management of our website services.

If services that require consent are loaded via Google Tag Manager, these services are activated only after corresponding consent has been given. The legal basis is then Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG.

Further information on data processing by Google can be found at:
https://policies.google.com/privacy

Google Analytics

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to statistically evaluate the use of our website and improve our services. In particular, the following data may be processed:

pages accessed, time spent on the website, click behavior, interactions on the website, browser used, operating system used, device type, approximate location data, referrer URL and technical information about the website visit.

Google Analytics uses cookies and similar technologies that enable an analysis of the use of our website.

Google Analytics is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR. The storage of information on your device or access to information on your device is based on Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

The recipient of the data is Google Ireland Limited. Processing by Google LLC in the USA cannot be ruled out. Google is certified under the EU-US Data Privacy Framework. Where necessary, Google additionally relies on Standard Contractual Clauses for data transfers.

The storage period for user-related and event-related data stored in Google Analytics depends on the settings we have selected in Google Analytics.

The data retention period is: [please enter: 2 months or 14 months]

Further information on data processing by Google can be found at:
https://policies.google.com/privacy

Google Ads

This website may use Google Ads. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to place ads in Google Search and the Google advertising network and to evaluate their success.

If you access our website via a Google ad, cookies or comparable technologies may be used to determine whether a user performs a specific action after clicking on an ad, for example submitting an inquiry via the contact form.

In this context, IP address, browser and device information, pages visited, time of access, referrer URL as well as click and conversion data may be processed.

Google Ads is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR. The storage of information on your device or access to information on your device is based on Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

Further information on data processing by Google can be found at:
https://policies.google.com/privacy

Google Ads Remarketing

This website may use Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing allows visitors to our website to be addressed again later with interest-based advertising on other websites or in Google Search. This allows users who have already shown interest in our content or services to be made aware of our offering again.

For this purpose, cookies or comparable technologies may be used. In particular, visited pages, interactions, device information, browser information and pseudonymous user identifiers may be processed.

Google Ads Remarketing is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

Google Conversion Tracking

This website may use Google Conversion Tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking allows us to determine whether users perform a specific action on our website after clicking on a Google ad, for example sending an inquiry or visiting a specific page.

Cookies or similar technologies may be used for this purpose. Google can thereby recognize that a user clicked on an ad and was subsequently redirected to our website. We do not receive any information from Google that directly identifies users personally.

Google Conversion Tracking is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

Microsoft Clarity

This website may use Microsoft Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Microsoft Clarity enables us to better understand user behavior on our website. For example, heatmaps, click behavior, scroll behavior and session recordings may be created. This helps us understand how visitors use our website and where technical or design improvements may be useful.

In particular, the following data may be processed:

IP address in shortened or pseudonymized form, browser and device information, clicks, scroll movements, mouse movements, visited pages, time spent on the website and interactions with website elements.

Microsoft Clarity is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

Microsoft may also transfer data to the USA. Microsoft is certified under the EU-US Data Privacy Framework. Where necessary, Microsoft additionally relies on Standard Contractual Clauses for data transfers.

Further information on data processing by Microsoft can be found at:
https://privacy.microsoft.com/

Meta Pixel

This website may use the Meta Pixel. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

With the help of the Meta Pixel, we can track the behavior of website visitors after they have been redirected to our website by clicking on a Facebook or Instagram ad. This allows us to measure the effectiveness of our advertisements and optimize them.

In particular, the following data may be processed:

IP address, browser and device information, pages visited, click behavior, time of visit, referrer URL, interactions with forms or buttons and pseudonymous user identifiers.

The Meta Pixel is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

Where personal data is collected on our website using the Meta Pixel and transmitted to Meta, we and Meta Platforms Ireland Limited are jointly responsible for this data processing. Joint responsibility is limited to the collection of the data and its transmission to Meta. Subsequent processing by Meta is Meta’s responsibility.

Meta may also transfer data to the USA and other third countries. Meta is certified under the EU-US Data Privacy Framework. Where necessary, Meta additionally relies on Standard Contractual Clauses for data transfers.

Further information on data processing by Meta can be found at:
https://www.facebook.com/privacy/policy/

Meta Conversion API

This website may use the Meta Conversion API. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

The Meta Conversion API is used to transmit certain events on our website to Meta server-side. This enables us to better measure the effectiveness of our advertising measures and optimize our advertisements.

In particular, the following data may be processed:

IP address, browser and device information, time of visit, pages visited, conversion events and contact or form data in hashed form, where such transmission has been technically configured.

The Meta Conversion API is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, insofar as the processing is carried out for marketing or analytics purposes. Where information is stored on or read from your device, this is done on the basis of Section 25 (1) TDDDG.

Consent can be withdrawn at any time via our consent tool.

Meta Custom Audiences

This website may use Meta Custom Audiences. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Meta Custom Audiences allows us to create target groups for ads on Facebook and Instagram or improve existing target groups. This allows people who have visited our website or interacted with our content to be addressed with relevant ads on Facebook or Instagram.

Data collected via the Meta Pixel or Meta Conversion API may be used to create target groups. We do not receive the real names of individual persons from Meta.

Meta Custom Audiences is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

TikTok Pixel

This website may use the TikTok Pixel. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

The TikTok Pixel allows us to determine whether users perform a specific action on our website after clicking on a TikTok ad. This enables us to measure the effectiveness of our advertisements and optimize them.

In particular, the following data may be processed:

IP address, browser and device information, pages visited, time of visit, click behavior, conversion events and pseudonymous user identifiers.

The TikTok Pixel is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

TikTok may also transfer data to third countries. Where necessary, data transfers are based on appropriate safeguards, in particular Standard Contractual Clauses.

Further information on data processing by TikTok can be found at:
https://www.tiktok.com/legal/privacy-policy-eea

Pinterest Tag

This website may use the Pinterest Tag. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest Tag allows us to determine whether users perform a specific action on our website after clicking on a Pinterest ad. This enables us to measure the effectiveness of our Pinterest advertising and optimize our ads.

In particular, the following data may be processed:

IP address, browser and device information, pages visited, time of visit, click behavior, conversion events and pseudonymous user identifiers.

The Pinterest Tag is used exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time via our consent tool.

Pinterest may also transfer data to the USA and other third countries. Pinterest is certified under the EU-US Data Privacy Framework. Where necessary, Pinterest additionally relies on Standard Contractual Clauses for data transfers.

Further information on data processing by Pinterest can be found at:
https://policy.pinterest.com/privacy-policy

6. Social Media

Facebook

Elements of the social network Facebook may be integrated on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you are logged into your Facebook account, Facebook may associate your visit to this website with your user account.

This service is used on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time.

Where personal data is collected on our website using the tool described here and transmitted to Facebook, we and Meta Platforms Ireland Limited are jointly responsible for this data processing. Joint responsibility is limited to the collection of the data and its transmission to Facebook.

Further information can be found in Facebook’s Privacy Policy:
https://www.facebook.com/privacy/policy/

Instagram

Functions of the Instagram service may be integrated on this website. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website. If you are logged into your Instagram account, Instagram may associate your visit to this website with your user account.

This service is used on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time.

Further information can be found in Instagram’s Privacy Policy:
https://privacycenter.instagram.com/policy/

Elements of the social network Pinterest may be used on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If you access a page that contains a Pinterest element, your browser establishes a direct connection to Pinterest’s servers. Log data may be transmitted to Pinterest, in particular IP address, address of the visited website, browser information, date and time of the request and information about the use of Pinterest.

This service is used on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be withdrawn at any time.

Further information can be found in Pinterest’s Privacy Policy:
https://policy.pinterest.com/privacy-policy

7. Forms and External Services

Google Forms

This website may embed forms from Google Forms or link to Google Forms. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you use a Google Form, the data you enter is transmitted to Google and processed there. Depending on the form, in particular name, email address, phone number, information about your inquiry, free-text information and technical data such as IP address, browser and device information may be processed.

The processing is carried out to receive and process your inquiry or to carry out the purposes stated in the respective form.

The legal basis is Art. 6 (1) lit. b GDPR if the form is used for pre-contractual measures or contract processing. In all other cases, processing is carried out on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in efficient collection and processing of inquiries.

Google may also transfer data to the USA. Google is certified under the EU-US Data Privacy Framework. Where necessary, Google additionally relies on Standard Contractual Clauses for data transfers.

Further information on data processing by Google can be found at:
https://policies.google.com/privacy

8. Plugins, Tools and Security Services

YouTube with Enhanced Privacy Mode

This website may embed videos from YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you visit a page on which YouTube is embedded, a connection to YouTube’s servers may be established. YouTube may be informed which of our pages you have visited. If you are logged into your YouTube account, YouTube may associate your browsing behavior with your personal profile.

Where possible, we use YouTube in enhanced privacy mode. Nevertheless, after activating a YouTube video, further data processing operations may be triggered over which we have no influence.

YouTube is used on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG, where consent is requested. Consent can be withdrawn at any time.

Further information on data protection at YouTube can be found at:
https://policies.google.com/privacy

Directly Embedded Videos and Media Files

Videos and other media files may be provided directly via our own website.

When such a video or media file is accessed, technically necessary access data is processed. This may include, in particular, IP address, browser information, date and time of access and the file accessed.

Processing is carried out for the technical provision of media files and for the appealing presentation of our work.

The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the technically reliable and visually high-quality presentation of our portfolio.

Google Fonts, Local Hosting

This website uses so-called Google Fonts for the uniform display of fonts. The Google Fonts are installed locally. No connection to Google servers is established.

Further information on Google Fonts can be found at:
https://developers.google.com/fonts/faq

Cloudflare Turnstile

We use Cloudflare Turnstile on this website. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Turnstile is used to check whether data entered on this website, for example in a contact form, is entered by a human or by an automated program. For this purpose, Turnstile analyzes the behavior of website visitors based on various characteristics.

In particular, IP address, technical browser and device information, time spent on the website, interactions and other technical data may be processed. The data collected during the analysis may be transmitted to Cloudflare.

Processing is carried out on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in protecting our website against spam, misuse and automated attacks. Where corresponding consent has been requested, processing is carried out on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG.

Cloudflare may transfer data to the USA. Cloudflare is certified under the EU-US Data Privacy Framework. Where necessary, Cloudflare additionally relies on Standard Contractual Clauses for data transfers.

Further information can be found at:
https://www.cloudflare.com/cloudflare-customer-dpa/

Wordfence

We use Wordfence on this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.

Wordfence is used to protect our website against unwanted access, malware, brute-force attacks and other cyberattacks. For this purpose, our website may establish a connection to Wordfence servers so that Wordfence can compare access attempts with security databases and block them where necessary.

In particular, IP addresses, technical access data, browser information, time of access and security-related events may be processed.

Wordfence is used on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in protecting our website as effectively as possible against cyberattacks and abusive access.

Where corresponding consent has been requested, processing is additionally carried out on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG.

Data transfers to the USA may be based on Standard Contractual Clauses.

Further information can be found at:
https://www.wordfence.com/help/general-data-protection-regulation/

9. Image Material, Wedding Stories and Portfolio

On this website, we present photographic and film work from weddings, after-weddings, engagement shoots, editorials, styled shoots and comparable productions.

Where persons are recognizable in images or films, publication takes place only where there is a legal basis for doing so. This may include, in particular, the consent of the persons depicted, a contractual agreement, a legitimate interest or another legal permission.

The publication serves to present our work, our photographic and cinematic style and our services.

Depending on the individual case, the legal basis may be Art. 6 (1) lit. a GDPR, Art. 6 (1) lit. b GDPR or Art. 6 (1) lit. f GDPR.

Consent that has been given may be withdrawn at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

10. Status and Changes to This Privacy Policy

We reserve the right to adapt this Privacy Policy if legal requirements, technical developments or changes to our website make this necessary.

Status: April 2026