Privacy Policy
Last updated: June 2026
1. Data Controller
The data controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Luis Aßmann
Güntherstraße 9
10318 Berlin, Germany
Phone: +49 1601161549
Email: info@luisassmann.de
Website: https://www.luisassmann.de
2. General Information on Data Processing
Scope of processing
Personal data is only processed to the extent necessary to provide a functional website and deliver our services. Processing generally takes place only with your consent or where permitted by applicable law.
Legal bases
Depending on the nature of the processing, we rely on the following legal bases under the GDPR:
Art. 6(1)(a) GDPR – Consent: where you have given explicit permission (e.g. for analytics or advertising cookies).
Art. 6(1)(b) GDPR – Contract performance: when processing is necessary to handle your enquiry or fulfil a contract.
Art. 6(1)(c) GDPR – Legal obligation: where processing is required by law.
Art. 6(1)(f) GDPR – Legitimate interests: where our interest in processing does not override your fundamental rights (e.g. secure operation of this website).
Retention periods
Personal data is deleted or restricted as soon as the purpose for which it was collected no longer applies. Further retention may occur where required by law. Data is deleted once any applicable statutory retention period expires.
3. Hosting and Website Operation (Squarespace)
This website is hosted and operated using Squarespace, a service provided by Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA. Squarespace acts as our hosting provider and content management system (CMS).
Automatically collected server data
Each time this website is accessed, the following information is automatically transmitted by your browser to the Squarespace server and recorded in server log files:
IP address of the requesting device
Date and time of the request
Name and URL of the page accessed
Referring website (referrer URL)
Browser type, operating system and device type
HTTP status code of the server response
Legal basis and purpose
The temporary processing of your IP address is technically necessary to deliver the website to your browser. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in the technically stable and secure operation of this website.
Data processing agreement and transfer to the USA
Squarespace processes data as our data processor. A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR is in place as part of the Squarespace Terms of Service (available at: https://www.squarespace.com/dpa). Squarespace, Inc. is a US-based company. The transfer of personal data to the USA is carried out on the basis of the adequacy decision of the European Commission on the EU–US Data Privacy Framework (EU–US DPF) of 10 July 2023, as well as Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Squarespace, Inc. is certified under the EU–US DPF.
Squarespace Privacy Policy: https://www.squarespace.com/privacy
4. Cookies and Cookie Settings
What are cookies?
Cookies are small text files stored on your device when you visit a website. They can serve to keep a website functional, analyse user behaviour, or personalise advertising.
Cookie consent
When you first visit this website, a cookie banner is displayed allowing you to consent to or decline non-essential cookies. You may withdraw your consent at any time with effect for the future by revisiting the cookie settings on our website or by clearing cookies in your browser.
Legal basis for cookies
Strictly necessary cookies: Permitted without consent under § 25(2)(2) of the German Telecommunications–Telemedia Data Protection Act (TTDDG), as they are technically indispensable for the operation of the website.
Non-essential cookies (analytics, marketing): Only stored with your explicit prior consent pursuant to § 25(1) TTDDG in conjunction with Art. 6(1)(a) GDPR.
Strictly necessary cookies (always active — no consent required)
Cookie names, purposes and duration
crumbCSRF protection token: required for secure form submissions Session end
ss_cookieAllowedStores your cookie consent decision 1 year
Non-essential cookies (active only with your consent)
Cookie name, provider, purpose and duration
ss_cid SquarespaceVisitor ID for Squarespace Analytics 2 years
ss_cvr SquarespaceVisitor recognition cookie 2 years
ss_cvisit SquarespaceRecords the current visit session Session end
ss_cpvisit SquarespaceRecords previous visits 2 years
_ga Google AnalyticsDistinguishes unique users 2 years
_ga_* Google AnalyticsSession persistence for GA4 2 years
_gid Google AnalyticsDistinguishes users (daily ID) 24 hours
_gcl_au Google AdsConversion tracking 3 months
5. Squarespace Analytics
This website uses Squarespace Analytics, an integrated analytics tool provided by Squarespace, Inc. It enables us to understand how visitors interact with our website. The following data may be processed: page views and time on page; country and approximate region (IP used for geolocation only, not stored); device type, operating system and browser; referrer URLs; most visited pages and session duration. Squarespace Analytics does not process personal identifiers such as names or email addresses.
Legal basis: Art. 6(1)(a) GDPR, § 25(1) TTDDG (consent). Consent may be withdrawn at any time via the cookie banner.
Transfer to the USA: Squarespace, Inc. processes analytics data on US servers under the EU–US DPF and SCCs (see Section 3).
6. Google Tag Manager
We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not set cookies and does not collect personal data. It acts solely as a container tool for loading and managing the services described in Sections 7 and 8. Actual data processing and cookie setting is carried out by those services, not by the Tag Manager itself.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in efficient tag management).
Transfer to the USA: Data may be transferred to Google LLC, Mountain View, CA, USA, under the EU–US DPF and SCCs. Google LLC is certified under the EU–US DPF.
Google Privacy Policy: https://policies.google.com/privacy
7. Google Analytics (GA4)
This website uses Google Analytics 4 (GA4), a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 uses cookies to analyse how visitors use this website. The following data may be processed:
IP address (used for geolocation only; GA4 does not store IP addresses — they are discarded immediately after location is determined)
Pages visited and event data (e.g. clicks, scroll depth)
Traffic source (direct, search engine, referral, paid ad)
Approximate geographic origin (city / region level)
Device data: browser, operating system, screen resolution
Session duration
GA4 creates pseudonymous user profiles using a randomly generated client ID. Direct identification of individuals is not possible.
Legal basis: Art. 6(1)(a) GDPR, § 25(1) TTDDG (consent). Consent may be withdrawn via the cookie banner or by installing the opt-out add-on: https://tools.google.com/dlpage/gaoptout
Transfer to the USA: Google LLC processes analytics data on US servers under the EU–US DPF and SCCs. A Data Processing Agreement pursuant to Art. 28 GDPR is in place as part of the Google Analytics Terms of Service.
Google Privacy Policy: https://policies.google.com/privacy
8. Google Ads (Conversion Tracking)
We use Google Ads, an online advertising service of Google Ireland Limited, to display ads on Google search result pages. In connection with Google Ads, we use the conversion tracking feature of Google LLC. When you click on one of our ads, a conversion tracking cookie (_gcl_au) is placed on your device. This allows us to measure whether visitors arriving via an ad subsequently completed a desired action (e.g. submitted the contact form). This cookie expires after 90 days.
Please note: We do not use remarketing. No audience lists are built based on visits to this website, and no ads are targeted at previous visitors to this website.
Data that may be collected: anonymised IP address; time of the ad click; type of conversion performed; device and browser used.
Legal basis: Art. 6(1)(a) GDPR, § 25(1) TTDDG (consent). Consent may be withdrawn at any time via the cookie banner.
Transfer to the USA: Google LLC processes data on US servers under the EU–US DPF and SCCs. A Data Processing Agreement pursuant to Art. 28 GDPR is in place under the Google Ads Data Processing Terms.
Google Privacy Policy: https://policies.google.com/privacy
9. Contact and Enquiries
9.1 Contact form
A contact form is available on our website. When you use it, the following data is collected: name; email address; project category; project description. Submissions are stored in our Squarespace dashboard (servers in the USA — see Section 3). We also receive an email notification via IONOS SE (Germany). Data is not passed on to any other third parties.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in processing enquiries).
Retention: Until the enquiry has been fully processed. If a contract is formed, statutory retention periods apply (§ 257 HGB: 6 years; § 147 AO: 10 years).
9.2 Email contact
When you contact us by email at info@luisassmann.de, your email address and message content are stored and used to process your enquiry. Our email hosting is provided by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, acting as a data processor pursuant to Art. 28 GDPR on servers in Germany.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Retention: Until the enquiry is resolved. Statutory retention periods apply where a contract is formed (§ 257 HGB: up to 6 years; § 147 AO: up to 10 years).
9.3 Telephone contact
When you contact us by phone, the data you provide (phone number, call time, information shared) is stored to process your enquiry.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
9.4 WhatsApp
We offer direct communication via WhatsApp, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When you contact us via the WhatsApp link on this website, the data exchanged (phone number, message content, metadata) is processed by Meta on servers in the USA and other countries.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Note: For the transmission of confidential project details, we recommend using encrypted email or the contact form instead.
WhatsApp Privacy Policy: https://www.whatsapp.com/legal/privacy-policy
10. External Links to Social Media
This website contains links to our profiles on Instagram and LinkedIn. These are simple hyperlinks. When this website loads, no data is transmitted to social networks. Data is only sent to the respective provider when you actively click a link.
Instagram: Meta Platforms Ireland Limited, Dublin 2, Ireland - https://privacycenter.instagram.com/policy
LinkedIn: LinkedIn Ireland Unlimited Company, Dublin 2, Ireland - https://www.linkedin.com/legal/privacy-policy
11. International Data Transfers
The following services used on this website transfer personal data to the USA: Squarespace, Inc. (hosting, CMS, analytics, contact form) and Google LLC (analytics, tag manager, ads). The following legal safeguards apply:
EU–US Data Privacy Framework (EU–US DPF): The European Commission issued an adequacy decision on 10 July 2023 pursuant to Art. 45 GDPR. Both Squarespace and Google are certified under this framework.
Standard Contractual Clauses (SCCs): Additionally used as a contractual safeguard pursuant to Art. 46(2)(c) GDPR.
More information: https://www.dataprivacyframework.gov/
12. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
Right of access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and obtain access to that data.
Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data and completion of incomplete data.
Right to erasure ‘right to be forgotten’ (Art. 17 GDPR): You may request deletion of your personal data, subject to statutory retention obligations.
Right to restriction of processing (Art. 18 GDPR): You may request restricted processing under certain circumstances.
Right to data portability (Art. 20 GDPR): You may receive your data in a structured, machine-readable format where processing is based on consent or contract.
Right to object (Art. 21 GDPR): You may object to processing based on Art. 6(1)(f) GDPR on grounds relating to your particular situation.
Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent at any time with effect for the future. Cookie consents can be withdrawn via the cookie banner on this website.
Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.
The supervisory authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
(Berlin Commissioner for Data Protection and Freedom of Information)
Friedrichstr. 219, 10969 Berlin, Germany
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de
To exercise any of your rights, please contact us at: info@luisassmann.de
13. Data Security
We implement appropriate technical and organisational security measures pursuant to Art. 32 GDPR to protect your personal data against loss, destruction, manipulation and unauthorised access. This website uses SSL/TLS encryption for all data transmissions between your browser and our servers, recognisable by ‘https://’ in the address bar.
14. Data Processors
We work with the following data processors with whom Data Processing Agreements (DPAs) pursuant to Art. 28 GDPR are in place:
ProviderLocationPurposeData transfer
Squarespace, Inc. New York, USAHosting, CMS, Analytics, Contact formUSA (EU–US DPF + SCCs)
Google Ireland Ltd. / Google LLCDublin / Mountain View, USAAnalytics (GA4), Tag Manager, AdsUSA (EU–US DPF + SCCs)
IONOS SEMontabaur, GermanyEmail hostingEU (no third-country transfer)
15. Updates to This Privacy Policy
This Privacy Policy was last updated in June 2026. As our website and services evolve, or in response to changes in law, it may be necessary to update this policy. The current version is always available at https://www.luisassmann.de/privacy-policy
We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your personal data.