Privacy Policy

Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data

II. The rights of users and data subjects

III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the „controller“) for purposes of data protection law is:

Stefanie Kruse
Richardstraße 62
22089 Hamburg

+49 40 3346 1473
stefanie@rethink-the-web.com

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Visiting our website

We use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”) to provide our online offering.

The hosting services on which this website is based are provided by Raidboxes GmbH (Hafenstrasse 32, 48153 Münster, Germany). Raidboxes GmbH automatically collects and stores server log files with information that your browser transmits to us. This information includes

  • Browser type
  • operating system
  • referrer URL (previously visited page)
  • host name (IP address).

Raidboxes GmbH cannot assign this data to a specific person. The data is not merged with other data sources. The data is deleted after a statistical evaluation after 7 days at the latest. Further information can be found in the Raidboxes GmbH’s privacy policy and list of sub-processors used by Raidboxes GmbH.

We have entered into a data processing agreement (DPA). This agreement regulates the scope, type and purpose of Raidboxes GmbH’s access to data. The access options are limited only to necessary accesses that are required to fulfill the hosting services.

The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR.

Cookies

Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c, and/or f GDPR.

Not technically necessary cookies

We also use cookies on our website that are not technically necessary. These cookies serve, among other things, to offer website functions that are not technically essential.

The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a) GDPR.

Embedded content from external providers

We embed content from external providers (e.g., YouTube). When the external content is displayed, technically unnecessary cookies are set. Therefore, we ask you beforehand whether you agree and link to the provider’s privacy policy with further information. You can enable individual providers for the entire site. Their embedded content will then be displayed directly on every page without asking you again.

If you have enabled a provider globally, you can disable it here at any time.

Sending and archiving e-mails

To send, receive and store e-mails, we process the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails. This data may also be processed to detect spam.

The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR.

The emails will be archived in order to meet the requirements of tax and commercial law obligations for a maximum period of 11 years.

The legal basis for this processing is Art. 6 para. 1 lit. c) GDPR.

The services for sending and archiving emails are provided by Google LLC (1600 Amphitheatre Pkwy, Mountain View, California 94043-1351). Information on data processing can be found in the Google Cloud Privacy Notice and in the list of the sub-processors used for Google Workspace.

We would like to point out that there is a possibility that user data may be processed outside the European Union, particularly in the USA.

We have entered into a data processing agreement (DPA). This contract regulates the scope, type and purpose of Google LLC’s access to data. It incorporates standard contract clauses (SCCs), as a means of meeting the security, contracting and data transfer requirements under EU, UK and Swiss data protection laws. In addition, Google LLC is certified under the Privacy Shield Agreement. You can view the Privacy Shield certificate for Google LLC.

We would further like to point out that e-mails are generally not sent encrypted on the Internet. We can therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server.

Booking a discovery call

If you book a video discovery call, the data you provide (in particular your name and email address, as well as any other data you choose to share) will be used for the purpose of processing your request.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR (in cases of inquiries about our services), otherwise Art. 6 Para. 1 lit. f) GDPR (legitimate interest).

The services for booking and conducting video calls are provided by Google LLC (1600 Amphitheatre Pkwy, Mountain View, California 94043-1351). Information on data processing can be found in the Google Cloud Privacy Notice and in the list of the sub-processors used for Google Workspace.

We would like to point out that there is a possibility that user data may be processed outside the European Union, particularly in the USA.

We have entered into a data processing agreement (DPA). This contract regulates the scope, type and purpose of Google LLC’s access to data. It incorporates standard contract clauses (SCCs), as a means of meeting the security, contracting and data transfer requirements under EU, UK and Swiss data protection laws. In addition, Google LLC is certified under the Privacy Shield Agreement. You can view the Privacy Shield certificate for Google LLC.

Contact Form

If you contact us via the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR (in cases of inquiries about our services), otherwise Art. 6 Para. 1 lit. f) GDPR (legitimate interest).

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

Email marketing and delivery of digital products

We use Mailerlite, a service for managing email addresses and sending messages. This service is provided by MailerLite Limited, 88 Harcourt Street, Dublin 2, D02 DK18, Ireland.

Newsletter

We send our newsletter using Mailerlite. To do this, we process your email address, without which it would not be possible to send the newsletter, as well as your name, if you choose to provide it. Mailerlite can be used to analyze interactions with the emails sent. In addition, conversion rates can be determined and users can be categorized in order to tailor the newsletter to different target groups.

The legal basis for processing is Art. 6 (1) lit. a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time by unsubscribing from the newsletter. The legality of processing that has already taken place remains unaffected by any revocation.

Right to object (opt-out)

You can object to receiving promotional emails at any time. You will find a link to unsubscribe from our email list at the end of each newsletter, or you can use one of the contact options listed above, preferably email.

In addition, after unsubscribing from the newsletter, the email address will be stored on a blacklist separately from other data for an indefinite period of time. The legal basis for this is Art. 6 (1) lit. f) GDPR. It is in the interest of the website visitor as well as our interest to use/operate a newsletter in accordance with legal requirements.

Delivery of digital products

We also deliver digital products (e.g., eBooks and templates) using Mailerlite. This includes the fulfillment of our contractual services and customer management. For this purpose, we process your email address, without which it would not be possible to deliver the products, as well as your name, if you choose to provide it. The legal basis for this is Art. 6 (1) lit. b) GDPR.

Data processing at Mailerlite

The registration process is logged for the purpose of verifying its proper execution on the basis of Art. 6 (1) lit. f) GDPR.

The processing of personal data takes place in accordance with the GDPR, mainly within the European Union (especially in Germany and The Netherlands). Subcontractors from third countries (e.g., for customer service or technical maintenance) may be used. Details can be found at https://www.mailerlite.com/legal.

We have concluded a data processing agreement (DPA) with MailerLite Limited. This contract regulates the scope, type, and purpose of MailerLite Limited’s access to data. The terms of the contract can be found at https://www.mailerlite.com/legal/data-processing-agreement.

The data will be deleted at the end of the contract between us and MailerLite, unless the website visitor revokes their consent beforehand. If this is the case, the data will be deleted as described above.

Contract Processing

The data transmitted by you for the use of our service offer is processed by us for the purpose of contract processing and is necessary in this respect. Conclusion and execution of the contract are not possible without the provision of your data. The legal basis for processing is Art. 6 para. 1 lit. b) GDPR.

We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.

CRM Systems

We use the CRM system Notion. This service is offered by Notion Labs, Inc., 2300 Harrison Street, San Francisco, CA 94110, USA. Notion enables us to manage customer relationships by storing and organizing data such as contact information, interactions and business transactions in a flexible and customizable database.

Notion stores the data on servers worldwide and can set cookies to collect and store data. These cookies are only set with consent. This consent can be revoked at any time. The legal basis for the use of cookies is Art. 6 para. 1 lit. a) GDPR and sec. 25 para. 1 TDDDG, insofar as this consent includes access to information in the user’s end device or the storage of cookies within the meaning of the TDDDG.

The legal basis for the processing of the data collected is Art. 6 para. 1 lit. b) GDPR, since the data processing is necessary to fulfill (pre-)contractual obligations. In addition, we have a legitimate interest in using this tool to optimize our customer relationship management, which is covered by Art. 6 para. 1 lit. f) GDPR.

The data will be stored until the person concerned requests deletion, consent to storage is revoked or the purpose for storage no longer applies. Mandatory legal provisions on retention periods remain unaffected.

You can find Notion’s privacy policy at https://www.notion.com/trust/privacy-policy.

LinkedIn

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to LinkedIn.

Further information about data processing can be found in the LinkedIn Privacy Policy.

Affiliate Marketing

Raidboxes Affiliate Program

The Raidboxes Affiliate Program, operated by Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany, is used on this website. The Raidboxes Affiliate Program makes it possible to earn commissions by linking to Raidboxes when purchases are made via this website. Personal data such as IP addresses, clickstream data, transaction data and information about the purchase process are processed. The purpose of the data processing is to track and manage affiliate links and to calculate and pay commissions.

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR, due to the legitimate interest in carrying out and optimizing affiliate marketing.

Raidboxes uses cookies to track the activities and purchases that reach their website via affiliate links. These cookies are only set with consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.

No personal data is transferred to third countries, as the data is processed within the EU. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected or deletion is requested. Statutory retention periods remain unaffected. Further information on data processing can be found here: https://raidboxes.io/en/legal/privacy.

Last updated: 29.01.2026