top of page

Data Protection

1 Data Protection at a Glance

​

1.1 General notes

This privacy policy explains what happens to your personal data when you visit this website. Personal data means any information relating to an identified or identifiable natural person.

​

1.2 Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. See section 12 for the controller’s contact details.

​

How do we collect your data?
Some data are provided by you (e.g., via the contact form or when booking an appointment). Other data are collected automatically or—where applicable—with your consent by our IT systems when you visit the website (e.g., browser, operating system, time of access).

​

What do we use your data for?
Part of the data is collected to ensure error-free provision of the site. Other data are used for security, communication with you and to provide requested services (e.g., appointment booking).

​

What rights do you have?
You have the rights described in section 11, including access, rectification, erasure, restriction, portability, objection and withdrawal of consent, as well as the right to lodge a complaint with a supervisory authority.

​

2 Hosting

​

We host the content of our website with:

Wix
Provider: Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (“Wix”).
EU representative (Art. 27 GDPR): Wix Online Platforms Limited, 1 Grant’s Row, Dublin 2, D02 HX96, Ireland.

​

2.1 What data does Wix process?

When you visit our site, Wix automatically records server log files (e.g., IP address, date/time of request, referrer URL, browser and operating-system details). These logs are technically necessary to deliver the site, ensure stability and investigate security incidents.

​

2.2 Server locations & international transfers

Wix stores and processes data in data centres located in the EU (including Ireland/Germany), Israel and the United States and uses a multi-cloud network for global content delivery. Israel benefits from an EU adequacy decision (Art. 45 GDPR). Transfers to other third countries (e.g., the USA) are safeguarded by the European Commission’s Standard Contractual Clauses and additional technical and organisational measures.

​

2.3 Legal basis

The use of Wix is based on Art. 6(1)(f) GDPR: our legitimate interest in a secure and reliable presentation of our online offer. Where consent is requested (e.g., for cookies or device identifiers under § 25(1) TDDDG), processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG; consent can be revoked at any time.

​

2.4 Data Processing Agreement

We have concluded a Data Processing Agreement (Art. 28 GDPR) with Wix.

​

3 Supervisory authority for complaints

​

Under Art. 13(2)(d) GDPR you may lodge a complaint with a supervisory authority. Our competent authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
Tel.: +49 30 13889-0 E-Mail: mailbox@datenschutz-berlin.de

​

4 Cookies and comparable technologies (incl. Consent Management)

​

Our website uses only the cookies and browser-storage elements that are necessary for secure and stable delivery of the pages and for embedded services, plus any items for which you give consent.

​

4.1 Consent Management Platform (Usercentrics)

We use Usercentrics (Usercentrics GmbH, Germany) as our consent banner. Usercentrics stores your consent choices (e.g., consent status, time stamp, anonymous ID) in a cookie and/or local storage so we can document and honour your preferences.
Legal basis: Art. 6(1)(c) GDPR (compliance with legal obligations under ePrivacy/TTDDG) and/or Art. 6(1)(f) GDPR (our legitimate interest in compliant consent management). You can change or withdraw your choices at any time via the “Cookie settings” link/icon in the footer.

​

4.2 Wix technical cookies

Wix sets several essential identifiers (e.g., XSRF-TOKEN, hs, svSession, SSR-caching, cluster IDs beginning with TS…, bSession, fedops.logger.sessionId). These protect against CSRF, maintain session integrity and manage load balancing.
Legal basis: Art. 6(1)(f) GDPR; no prior consent is required under § 25(2) TDDDG.

​

4.3 HubSpot cookies/local storage (embedded calendar)

When the HubSpot Meeting Scheduler is loaded, HubSpot may store functional identifiers (e.g., hubspotutk, __hssc, __hstc, __hssrc) or use local storage for session continuity, security and booking functionality. These items are non-essential and therefore require your consent before activation via our CMP.
Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG (consent) for non-essential items; Art. 6(1)(b) and/or 6(1)(f) GDPR for strictly necessary functionality to perform the booking you request.

​

4.4 YouTube local storage

We use YouTube in enhanced privacy mode. While this mode does not set YouTube cookies until you interact with the player, YouTube/Google still writes local-storage identifiers to your device when the player loads. Under § 25(1) TDDDG, storing/reading such identifiers requires your consent unless strictly necessary. We therefore block the player until you consent via our CMP.
Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG (consent).

Note: The exact list and retention of cookies/local storage may vary. The Usercentrics banner provides the current overview and controls activation.

​

5 External links (incl. blog links)

​

Our website contains links to external websites, including our LinkedIn pages, partner organisations and links within our blog (e.g., to newspapers or other third-party sites). Once you click such a link you leave our sphere of control; processing of your data is then governed by the privacy policy of the respective provider.

​

6 Storage and deletion periods

​

Unless a more specific period is stated elsewhere in this policy, your personal data remain with us until the purpose for processing no longer applies. We then delete or anonymise the data unless statutory retention obligations require longer storage. Category-specific periods:

  • Contact-form enquiries: deleted no later than 12 months after our final response.

  • HubSpot booking data (appointments): stored until the appointment is fulfilled and for up to 12 months thereafter for documentation and follow-up; where an appointment results in a contractual relationship, statutory retention obligations may apply (typically up to 10 years under German tax/commercial law for relevant records).

  • Server log files (Wix): typically deleted automatically after 14 days.

  • Usercentrics consent records: retained for up to 12 months (or the period configured in our CMP) to document your choices.

  • YouTube local-storage items: expire automatically between 1 day and 1 year, depending on the key.

​

7 Data collection on this website

​

7.1 Contact form

If you send us enquiries via the contact form, we store the details you provide (including contact data) to process the enquiry and for follow-up questions.
Legal basis: Art. 6(1)(b) GDPR (contract or pre-contractual measures) or Art. 6(1)(f) GDPR (our legitimate interest in effective handling of enquiries); where applicable, Art. 6(1)(a) GDPR (consent).

Recipient/processor: We receive and process these emails in Microsoft Outlook / Microsoft 365 (Microsoft Ireland Operations Ltd.). Microsoft operates an EU Data Boundary for core customer data. However, Microsoft’s documentation explains that certain support operations or remote access from outside the EEA may still occur under the Standard Contractual Clauses and related safeguards. A Data Processing Agreement is in place.

​

7.2 Enquiries by e-mail or telephone

If you contact us directly by e-mail or telephone, we process the personal data contained in your request (e.g., name, contact details, message) for handling and responding.
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR; where applicable, Art. 6(1)(a) GDPR.

​

8 Plugins & Tools — HubSpot Meeting Scheduler (embedded)

​

Provider: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA; and HubSpot Ireland Limited, One Dockland Central, Guild Street, Dublin 1, Ireland.

Purpose: Online appointment booking and calendar management via an embedded scheduler.

Data processed: IP address, device/browser information, page URL, date/time, booking details you provide (e.g., name, e-mail address, selected time slot), and any free-text messages. HubSpot may store functional cookies or local-storage identifiers to ensure session continuity and prevent abuse (see section 4.3).

Legal basis:

  • Art. 6(1)(b) GDPR where booking is necessary to perform or prepare a contract or service you request; and

  • Art. 6(1)(a) GDPR and § 25(1) TDDDG for any non-essential cookies/local-storage items (consent via our CMP).

International transfers & safeguards: Processing may involve the USA. Transfers are safeguarded by the European Commission’s Standard Contractual Clauses and the provider’s participation in the EU-US Data Privacy Framework.

Data Processing Agreement: We have concluded a Data Processing Agreement with HubSpot.
Further information: HubSpot Privacy Policy: legal.hubspot.com/privacy-policy

​

9 Plugins & Tools — YouTube (enhanced privacy mode)

​

This website integrates videos from YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use enhanced privacy mode. While this mode does not set YouTube cookies until you interact with the player, local-storage identifiers are created as soon as the player loads (see section 4.4).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in an appealing presentation) and—where requested—Art. 6(1)(a) GDPR and § 25(1) TDDDG (consent). Further details can be found in Google’s privacy policy.

​

10 Technical and organisational security measures

​

We protect your data through, inter alia:

  • TLS 1.3 encryption for all pages;

  • private domain registration with registrar-side WHOIS privacy (subject to registrar availability);

  • DNSSEC-signed zone to prevent DNS spoofing;

  • role-based access controls and two-factor authentication for administrator logins;

  • hosting on ISO 27001/27018-certified infrastructure at Wix;

  • regular backups and vulnerability scans.

We do not use your data for automated decision-making, including profiling (Art. 22 GDPR). Our website is not directed at children under 16; we do not knowingly collect corresponding data.

​

11 Your rights and how to exercise them

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21) — including objection to processing based on Art. 6(1)(e) or (f) and to direct marketing at any time

  • Right to withdraw consent (Art. 7) — with effect for the future

  • Right to lodge a complaint with a supervisory authority (Art. 77)

​

11.1 Right to object — Art. 21(4) GDPR (separate notice)

You have the right to object, on grounds relating to your particular situation, to processing of personal data based on Art. 6(1)(e) or (f) GDPR at any time. Where personal data are processed for direct marketing, you may object at any time; we will then cease processing for such purposes. This notice is provided clearly and separately in accordance with Art. 21(4) GDPR.

​

11.2 Revocation of your consent to data processing

Where processing is based on your consent, you may revoke it at any time. The lawfulness of processing carried out before the revocation remains unaffected.

​

12 Controller details

​

Controller within the meaning of the GDPR and other applicable data-protection laws:

Yannick Piat
Blankenburger Strasse 16B
13156 Berlin
Germany
E-mail: ask@aisalestorm.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

bottom of page