General Information and Security
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Processing of Personal Data
Data Processing Technologies on the Website
When you access this website, we process your personal data in order to provide you with this website and to ensure its operation and technical security. Further processing of personal data when using services and cookies on this website is detailed below.

Hosting & Content Delivery Network
About this Processing
In order to be able to display this website to you, we process your personal data. For this purpose, we use external service providers who provide us with storage space and technical infrastructure on servers (hosting) and ensure a fast and secure transmission of data to your browser (Content Delivery Network). Without this processing, it is technically impossible to access the website.

Description and Purpose of Processing
For hosting our website and displaying the page content, we use the system of the following provider: Aut O’Mattic Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland (Parent company: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA) – hereinafter: “WordPress.com”.

Categories of Personal Data
When you visit our website, your personal data (e.g., IP addresses) is processed on the servers of WordPress.com. Hereby, log files are created which may contain the following information:

• Our visited website
• Date and time at the moment of access
• Amount of data sent in bytes
• Source/reference from which you came to the page (referrer URL)
• Browser used
• Operating system used
• IP address used

Legal Basis for Processing
The processing is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable possible presentation, provision, and securing of our website.

Recipients / Categories of Recipients
All data collected on our website is processed on the provider’s servers. We have concluded a Data Processing Agreement (DPA) with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. Within the scope of the aforementioned services, data may also be transferred to Automattic Inc. in the USA for further processing on our behalf. The data transfer to the USA is based on the Standard Contractual Clauses (SCCs) of the European Commission, which the provider has contractually agreed to in order to guarantee an adequate European level of data protection.

Storage Duration
The personal data (server log files) will be stored for as long as is necessary for the provision of the services and the guarantee of technical security (e.g., to ward off cyberattacks). The data will be deleted or anonymized as soon as it is no longer required to achieve the purpose. This usually takes place after a short period of time, unless a longer storage period is required due to statutory retention obligations or for the preservation of evidence in the event of specific incidents.

Obligation to Provide Data
You are not obliged to provide the personal data in question. However, failure to provide it will mean that you cannot use our website, as the data (in particular the IP address) is absolutely necessary for the technical setup of the connection.

Consent Management (Real Cookie Banner)
About this Processing
To obtain and document your consent to store certain cookies on your end device or for the use of certain technologies in compliance with data protection laws, we use the consent management tool “Real Cookie Banner”.

Description and Purpose of Processing
When you enter our website, a connection is established to our servers in order to obtain your consent and other declarations regarding the use of cookies. For this purpose, the tool stores a technically necessary cookie in your browser in order to be able to assign the granted consent or its revocation to you. The plugin processes the data locally on our server (hosted by WordPress.com); no data is transferred to the developer of the plugin.

Categories of Personal Data
Processed are your IP address (usually anonymized), information on the browser and end device used, the date and time of your visit, as well as your specific consent data (opt-in and opt-out status) along with a randomly generated identification number (UUID).

Legal Basis for Processing
The use of Real Cookie Banner takes place in order to obtain the legally required consent for the use of cookies. The legal basis for this is the compliance with a legal obligation pursuant to Art. 6 (1) (c) GDPR.

Recipients / Categories of Recipients
The data is processed locally on the servers of our hoster (WordPress.com). There is no data transfer to the developer of the plugin or to other third parties.

Storage Duration
The consent data collected by Real Cookie Banner is usually stored for one year or until you request us to delete it or you delete the Real Cookie Banner cookie yourself. Mandatory statutory retention periods remain unaffected.

Obligation to Provide Data
The provision of the data is neither legally nor contractually required. However, without the processing of this data, we cannot fulfill our legal obligations to obtain and document consents (cookie banner), which is why visiting the website without this processing is technically and legally not possible.

Contact Form (WPForms) and Email Contact
About this Processing
We offer you the opportunity to contact us directly via a contact form provided on our website (using the “WPForms” plugin) or via the published email addresses. If you use this option, the data you enter will be transmitted to us and processed.

Description and Purpose of Processing
The processing serves exclusively to handle your contact inquiry and the associated concern (e.g., answering questions, preparing an offer, or support).

• When using the contact form (WPForms): The form plugin we use does not store the data entered into the form in the database of our website. After submission, the data is processed by the server solely in the working memory to instantly generate an email to our inbox, and is subsequently only available in our email system.
• When contacting via email: The data is received and stored directly by our email provider.

Categories of Personal Data
Data that you enter into the contact form or the direct email, as well as technically necessary metadata (e.g., time of sending, IP address for spam defense).

Legal Basis for Processing

• Initiation / Fulfillment of a Contract: If your inquiry aims at the conclusion or fulfillment of a contract with us, the legal basis is Art. 6 (1) (b) GDPR.
• Legitimate Interest: For all other inquiries, processing is based on our legitimate interest in fast and efficient communication pursuant to Art. 6 (1) (f) GDPR.

Recipients / Categories of Recipients
Your emails (both direct ones and those generated through the contact form) are stored on the servers of our email service provider. Our website hoster WordPress.com (Automattic) merely executes the server-side sending command (email routing), but does not store the form entries. The WPForms plugin itself does not forward any personal data to the developer in the configuration we have selected.

Storage Duration
We store your personal data in our email inbox for as long as is necessary to process your respective inquiry or as long as we are obliged to retain it due to statutory retention obligations (e.g., commercial or tax law requirements).

Obligation to Provide Data
You are not obliged to provide personal data. The fields marked with (required) in the contact form are mandatory fields. Without this data, your inquiry cannot be processed. The remaining details are voluntary.

Web Analytics with Matomo
About this Processing
We use the open-source software tool Matomo on our website to analyze the surfing behavior of our users. This helps us to continuously improve our website and its user-friendliness.

Description and Purpose of Processing
The software places a cookie on your computer (see below for cookies). If individual pages of our website are accessed, the following data is stored:

• Two bytes of the IP address of your calling system (anonymized)
• The accessed web page and the time of access
• The website from which you reached the accessed web page (referrer)
• The sub-pages accessed from the accessed web page
• The length of stay on the web page
• The frequency of access to the web page

Categories of Personal Data
Usage data, metadata, and communication data (e.g., IP address in anonymized form). The software is configured so that the IP addresses are not stored completely, but the last bytes of the IP address are masked (e.g., 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

Legal Basis for Processing
The use of Matomo takes place exclusively on the basis of your explicit consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. You can revoke your consent at any time via our cookie settings (Real Cookie Banner).

Recipients / Categories of Recipients
The software and the collected data are operated and stored exclusively on the servers of our hoster (WordPress.com). A transfer of data to third parties does not take place.

Storage Duration
The data will be deleted as soon as they are no longer required for our recording purposes.

Obligation to Provide Data
The provision of the data is voluntary. Without your consent, no evaluation of your visit will take place, which, however, has no negative impact on the usability of the website.

Video Integration: Vimeo
About this Processing
We embed videos from the “Vimeo” platform on our website to present visual content directly on our site to you.

Description and Purpose of Processing
The provider of the video portal is Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA. When you visit one of our pages equipped with a Vimeo video and play the video, a connection to the servers of Vimeo is established. In doing so, the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo obtains your IP address. We use Vimeo in a privacy-friendly manner in the so-called “Do Not Track” mode. This means that Vimeo does not analyze the playback of the video for tracking purposes or personalized advertising. During integration, Vimeo only sets two technically strictly necessary security cookies (__cf_bm and _cfuvid) from its service provider Cloudflare. These serve exclusively to ensure IT security and to fend off bot attacks.

Categories of Personal Data
Processed are communication data (such as your IP address), information about the browser and end device used, as well as the specific sub-page of our website from which you access the video.

Legal Basis for Processing
Since your IP address is transferred to the USA when connecting to Vimeo, the use of Vimeo and the associated data transfer takes place exclusively on the basis of your prior consent via our cookie banner pursuant to Art. 6 (1) (a) GDPR. You can revoke this consent at any time. The placement of the Cloudflare security cookies takes place after this consent has been given, based on our legitimate interest in a secure provision of the media content (Art. 6 (1) (f) GDPR in conjunction with § 25 (2) No. 2 TDDDG).

Recipients / Categories of Recipients
The recipient of the data is Vimeo.com, Inc. in the USA as well as their IT service provider Cloudflare. The data transfer to the USA is based on the EU-US Data Privacy Framework (DPF), to which Vimeo has certified. This guarantees an adequate European level of data protection.

Storage Duration
The storage duration of the security cookies set by Vimeo or Cloudflare is technically limited to a few hours or days. Further information on data protection at Vimeo can be found in Vimeo’s privacy policy: https://vimeo.com/privacy.

Obligation to Provide Data
The provision of your data is voluntary. If you do not consent, however, the corresponding videos on our site cannot be loaded and played.

Cookies and Similar Technologies
About this Processing
We use so-called “cookies” and similar technologies on our website. These are small text files that your browser automatically creates and stores on your end device.

Description and Purpose of Processing
We use cookies for different purposes:

Technically necessary cookies: These are absolutely necessary to ensure the operation of the website. These include:

• Real Cookie Banner: Stores your decision made in the cookie banner.
• Polylang (Multilingualism): To be able to offer you our website in different languages, we use the Polylang plugin. This sets a cookie to remember your selected language preference.

System Cookies: Security and login functions of our hoster WordPress.com.

• Security cookies for external media: Provided you have consented to loading Vimeo videos, essential security cookies (__cf_bm, _cfuvid) are set to fend off bot attacks.
• Analytics cookies (Matomo): These cookies help us to evaluate user behavior. These cookies are only set if you have actively consented in the cookie banner.

Categories of Personal Data
Through cookies and similar technologies, IP addresses (mostly anonymized), unique identification numbers (cookie IDs), device information, and usage data (e.g., language settings or your consent status) can be processed.

Legal Basis for Processing
For technically necessary cookies (incl. Polylang, Real Cookie Banner, and Cloudflare/Vimeo security cookies), the legal basis is our legitimate interest in the functional, secure, and legally compliant provision of the website pursuant to Art. 6 (1) (f) GDPR or the fulfillment of a legal obligation (Art. 6 (1) (c) GDPR) in conjunction with § 25 (2) No. 2 TDDDG. For analytics cookies (Matomo), the processing takes place exclusively on the basis of your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG.

Recipients / Categories of Recipients
The primary recipient of the data collected by technically necessary cookies is our hosting service provider WordPress.com. Upon consenting to Vimeo videos, Vimeo.com, Inc. (USA) and its service provider Cloudflare are also recipients of the corresponding cookie data.

Storage Duration
The storage duration varies depending on the type of cookie. So-called session cookies are deleted as soon as you close your browser. Persistent cookies (such as your language preference or your cookie consent) remain stored on your end device for a defined period of time (usually up to one year) unless you manually delete them.

Obligation to Provide Data

• Technically necessary cookies: The provision is not legally required, but technically absolutely necessary for the use of the website. Without these cookies, parts of the website cannot be used.
• Analytics cookies: The provision is voluntary. You are not obliged to consent to the use of these cookies. A rejection has no negative effects on the usability of the website.

Data Controller
Name and contact details of the Data Controller

The data controller responsible for the processing operations described in this privacy notice within the meaning of Art. 4 (7) of the General Data Protection Regulation (GDPR) is:

Barnabas Szantho
Pfaffengrunder Terrasse 1
hello@taenda.de
Heidelberg, Germany, 2026

Rights of the Data Subject
Overview
Under the GDPR, you are entitled to comprehensive rights regarding the processing of your personal data. We want to ensure that you are fully informed about these rights.

Your Rights in Detail:

• You can freely revoke a data protection consent at any time with effect for the future; we will point this out in more detail when obtaining the consent. Processing carried out prior to a revocation remains unaffected by the revocation.
• You have the right to request access to your personal data processed by us at any time.
• If your personal data is inaccurate or incomplete, you have the right to rectification and completion.
• You can request the erasure of your personal data at any time, provided we are not legally obliged or entitled to further process your data.
• If the legal prerequisites are met, you can request a restriction of the processing of your personal data.
• If processing takes place on the basis of your consent or within the framework of a contract, you have the right to portability of the data you provided, provided this does not adversely affect the rights and freedoms of other persons.
• You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data which is based on a balancing of interests or in the public interest. This also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
We also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time: this also applies to profiling to the extent that it is related to such direct marketing. We will observe this objection for the future. The objection can be made informally.

Contact
With regard to the processing of your personal data described in this privacy policy, you can assert the above-mentioned rights using the following contact details:
Email: hello@taenda.de