Privacy Policy

Last updated: 20 May 2026  ·  Effective from: 20 May 2026

This Privacy Policy explains how N&K Webdesign collects, uses, and protects your personal data when you visit our website or contact us. We are committed to full compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Bavarian Data Protection Act (BayDSG).

1. Data Controller

The controller responsible for the processing of personal data on this website is:

N&K Webdesign


Email: neyer140305@icloud.com

If you have any questions or concerns about how we handle your personal data, please contact us at the address above.

2. Data We Collect and How

2.1 Server Log Files

When you visit our website, our hosting provider (Cloudflare, Inc.) automatically collects standard server log information, including:

  • IP address (anonymised after 24 hours by Cloudflare)
  • Date and time of access
  • Page requested and referring URL
  • Browser type and version
  • Operating system
  • HTTP status code and bytes transferred

This data is processed on the basis of our legitimate interest in ensuring the security, availability, and performance of this website (Art. 6(1)(f) GDPR). It is not combined with other data sources and is deleted as soon as it is no longer needed for the purpose for which it was collected, and at the latest after 30 days.

2.2 Contact Form

When you submit our contact form, we collect:

  • Name (required)
  • Email address (required)
  • Company name (optional)
  • Service of interest (optional)
  • Message content (required)

The legal basis for this processing is the performance of pre-contractual measures taken at your request (Art. 6(1)(b) GDPR), and our legitimate interest in responding to enquiries (Art. 6(1)(f) GDPR). Contact form data is retained for up to 24 months and then securely deleted, unless a contractual relationship develops, in which case statutory retention periods apply.

2.3 Analytics Cookies (Google Analytics 4)

If you grant your consent, we use Google Analytics 4 (GA4), a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA4 uses cookies to analyse how visitors use this website. The data generated (including an anonymised version of your IP address) is transmitted to and stored on Google's servers in the United States.

IP anonymisation is enabled (anonymize_ip: true), which means your IP address is truncated by Google within the EU before transmission to the United States. In exceptional circumstances, the full IP address may be transmitted to a Google server in the USA and truncated there.

Google may also transfer this information to third parties where required by law or where such third parties process the information on Google's behalf. The legal basis for this processing is your freely given consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via our Cookie Settings.

We have concluded a Data Processing Agreement with Google LLC under Art. 28 GDPR. International transfers to the USA are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission.

For more information on how Google handles data, see Google's Privacy Policy at policies.google.com/privacy. GA4 analytics data is retained for 14 months before automatic deletion.

2.4 No Analytics Without Consent

Google Analytics 4 is not loaded on your first visit. It is only activated after you explicitly accept analytics cookies via our cookie consent banner. Until consent is given, no analytical data about your visit is collected or transmitted.

3. Third-Party Service Providers

3.1 Cloudflare (Hosting)

This website is hosted on Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare processes server log data as described in Section 2.1. We have concluded a Data Processing Addendum with Cloudflare. International transfers are governed by SCCs. For details, see Cloudflare's Privacy Policy.

3.2 Web3Forms (Contact Form)

Our contact form is processed via Web3Forms (Pineyard Technologies Ltd). When you submit the form, the data you enter (name, email, company, service, message) is transmitted to Web3Forms servers and then forwarded to our email address. Web3Forms does not store your data longer than necessary to deliver the form submission. We have reviewed Web3Forms' data processing practices and they act as a data processor on our behalf under Art. 28 GDPR. For details, see Web3Forms' Privacy Policy.

3.3 Google Fonts

We use Google Fonts, served from fonts.googleapis.com and fonts.gstatic.com (Google LLC). When your browser loads this page, it establishes a connection to Google's servers, which may transfer your IP address to Google in the USA. Google Fonts are loaded for every visitor regardless of cookie consent, as this is necessary for the functionality and visual integrity of the website. The legal basis is our legitimate interest in presenting a professionally designed website (Art. 6(1)(f) GDPR). We have assessed this interest against your rights and determined it is proportionate. If you prefer, you may configure your browser to block Google Fonts requests.

4. Legal Bases for Processing

Processing Activity Legal Basis (GDPR)
Server log files / website security Art. 6(1)(f) — Legitimate interests
Contact form enquiries Art. 6(1)(b) — Pre-contractual measures; Art. 6(1)(f) — Legitimate interests
Google Analytics 4 Art. 6(1)(a) — Consent (freely given, specific, informed, revocable)
Google Fonts Art. 6(1)(f) — Legitimate interests
Cookie consent storage (localStorage) Art. 6(1)(c) — Legal obligation (Telemedia Act / TTDSG § 25); Art. 6(1)(f) — Legitimate interests

5. Data Retention

  • Server logs: Maximum 30 days, then anonymised or deleted by Cloudflare.
  • Contact form data: Up to 24 months from last contact, unless a contract is formed, in which case German commercial and tax law retention periods apply (6–10 years).
  • Google Analytics data: 14 months from collection, then automatically deleted by Google. Consent preference: stored indefinitely in your browser's localStorage until you clear it or withdraw consent.
  • Cookie consent records: Stored in your browser's localStorage; you can delete them at any time by clearing your browser data.

6. International Data Transfers

Some service providers listed above are based in the United States, a country that does not have an EU adequacy decision for all processing activities. Transfers to the USA are safeguarded by the following mechanisms:

  • Google LLC: EU Standard Contractual Clauses (SCCs) and Google's participation in the EU-US Data Privacy Framework.
  • Cloudflare, Inc.: EU Standard Contractual Clauses (SCCs).
  • Web3Forms: Data Processing Agreement with appropriate transfer safeguards.

You can obtain copies of applicable SCCs by contacting us.

7. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR and BDSG:

  • Right of access (Art. 15 GDPR): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your personal data under certain conditions.
  • Right to restriction of processing (Art. 18 GDPR): You may request that we limit the processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may request your data in a machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. Use our Cookie Settings to withdraw analytics consent.

To exercise any of these rights, please contact us at neyer140305@icloud.com. We will respond within one month of receiving your request.

8. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for N&K Webdesign, which is based in Bavaria (München), is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Phone: +49 981 180093-0
Email: poststelle@lda.bayern.de
Website: www.lda.bayern.de

You may also lodge a complaint with the supervisory authority of your habitual residence or place of work within the EU.

9. Cookies

Our website uses cookies and similar technologies. For a full overview of the cookies we use, their purpose, duration, and how to manage them, please see our Cookie Policy.

10. External Links

Our website may contain links to third-party websites. We have no control over the content or privacy practices of those websites and are not responsible for their privacy policies. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Data

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are aware that a child has provided us with personal data without parental consent, please contact us and we will delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will be revised accordingly. We encourage you to review this page periodically.