Privacy Policy

Last updated: November 2025

1. Introduction

This Privacy Policy describes how Zentr – Web Design Studio ("we," "us," or "our") collects, uses, and protects your personal information when you visit our website or use our services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data Controller

The data controller responsible for processing your personal data is:

Christopher Ruttmann
Zentr – Web Design Studio
Am Blauen Camp 11k
21335 Lüneburg
Germany

Email: studio@zentr.design
Phone: +49 173 764529

3. Information We Collect

3.1 Information You Provide to Us

When you contact us or submit an inquiry through our contact form, we collect:

  • Name

  • Email address

  • Project details (description, requirements, budget)

  • Deadline (preferred project timeline)

  • Files (documents you voluntarily upload)

3.2 Information Automatically Collected

When you visit our website, we automatically collect certain technical information:

  • IP address (anonymized)

  • Browser type and version

  • Operating system

  • Referring website

  • Date and time of access

  • Pages viewed

  • Device information (screen size, device type)

  • Approximate geographic location (country/city based on IP address)

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 To Provide Our Services

  • Responding to your inquiries

  • Preparing project proposals

  • Communicating about projects

  • Delivering web design and development services

  • Processing payments

Legal Basis (GDPR): Performance of a contract (Art. 6(1)(b) GDPR) or legitimate interests (Art. 6(1)(f) GDPR)

4.2 Website Operation and Analytics

  • Ensuring website functionality

  • Analyzing website usage to improve user experience

  • Detecting and preventing technical issues

Legal Basis (GDPR): Legitimate interests (Art. 6(1)(f) GDPR)

4.3 Legal Compliance

  • Complying with legal obligations

  • Protecting our legal rights

  • Preventing fraud

Legal Basis (GDPR): Legal obligation (Art. 6(1)(c) GDPR) or legitimate interests (Art. 6(1)(f) GDPR)

5. Third-Party Services

We use the following third-party services that may process your personal data:

5.1 Framer (Hosting and Analytics)

Service Provider: Framer B.V., Herengracht 132, 1015 BV Amsterdam, Netherlands

Purpose: Website hosting and analytics

Data Processed:

  • IP address (anonymized)

  • Browser information

  • Page views and interactions

  • Device information

  • Geographic location (approximate)

Data Location: Servers hosted on Amazon Web Services (AWS) in the United States

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR)

Data Transfer: EU Standard Contractual Clauses (SCCs) ensure adequate protection for data transfers to the US

Retention: Analytics data is retained for up to 90 days

Privacy Policy: https://www.framer.com/privacy/

Note: Framer Analytics does not use cookies and anonymizes IP addresses automatically. No personally identifiable information is collected.

5.2 Tally (Contact Forms)

Service Provider: Tally Forms, Inc., Delaware, United States

Purpose: Contact form and project inquiry submissions

Data Processed:

  • Name

  • Email address

  • Project details (as provided by you)

  • Budget information

  • Deadline preferences

  • Uploaded files (if any)

How We Use Tally: The contact form is embedded on our website as an iframe. When you submit a form, your data is transmitted to Tally's servers.

Data Location: United States

Legal Basis:

  • Consent (Art. 6(1)(a) GDPR) when you submit the form

  • Performance of a contract (Art. 6(1)(b) GDPR) when your inquiry relates to a potential project

Cookies: Tally uses functional cookies to maintain your session and enable form functionality. These cookies are only set after you provide consent through our cookie banner.

Data Transfer: EU Standard Contractual Clauses (SCCs) ensure adequate protection for data transfers to the US

Retention: Form submissions are stored in Tally until we delete them or you request deletion. We typically retain inquiries for up to 2 years for business records purposes.

Privacy Policy: https://tally.so/help/privacy-policy

5.3 Fontshare (Web Fonts)

Service Provider: Indian Type Foundry, C-403, Bawa House, Ashok Estate, Ramkrishna Nagar, Kalkaji, New Delhi – 110019, India

Purpose: Loading web fonts to ensure consistent typography

Data Processed:

  • IP address (transmitted when your browser loads fonts)

  • Browser information

  • Referring website

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) - we have a legitimate interest in consistent, professional website presentation

Data Transfer: Data is transferred to servers in India

Privacy Policy: https://www.fontshare.com/

6. Cookies

6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites function properly and provide information about how the site is used.

6.2 Cookie Management

We use a cookie consent banner powered by Cookiebot to manage cookie preferences. When you visit our website for the first time, you'll be asked to accept or decline different categories of cookies.

Cookie Categories:

Necessary Cookies (Always Active)

  • Required for basic website functionality

  • Store your cookie consent preferences

  • Session management

Functional Cookies (Require Consent)

  • Tally form functionality and session management

  • Enable file uploads and form submissions

Legal Basis:

  • Necessary cookies: Legitimate interests (Art. 6(1)(f) GDPR)

  • Functional cookies: Consent (Art. 6(1)(a) GDPR)

6.3 Managing Your Cookie Preferences

You can change your cookie preferences at any time by:

  • Clicking the cookie settings link in our website footer

  • Adjusting your browser settings to block or delete cookies

  • Clearing your browser's cookie storage

Note: Disabling functional cookies will prevent the contact form from working properly.

7. Data Retention

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy:

  • Contact form submissions: Up to 2 years after submission or until you request deletion

  • Project-related communications: Duration of the project plus 6 years (for tax and legal compliance)

  • Analytics data: Up to 90 days (anonymized)

  • Cookie consent records: 12 months

8. International Data Transfers

We are based in Germany (EU), but some of our service providers are located in the United States and other countries outside the European Economic Area (EEA).

When we transfer your personal data outside the EEA, we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions by the European Commission (where applicable)

  • Other appropriate safeguards as required by GDPR

9. Your Privacy Rights

9.1 Rights Under GDPR (EU Residents)

If you are located in the European Union, you have the following rights:

Right to Access (Art. 15 GDPR)
You can request a copy of the personal data we hold about you.

Right to Rectification (Art. 16 GDPR)
You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17 GDPR)
You can request deletion of your personal data in certain circumstances.

Right to Restriction of Processing (Art. 18 GDPR)
You can request that we limit how we use your personal data.

Right to Data Portability (Art. 20 GDPR)
You can request your personal data in a structured, machine-readable format.

Right to Object (Art. 21 GDPR)
You can object to processing based on legitimate interests.

Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint
You can file a complaint with your local data protection authority:

German Data Protection Authority (for Niedersachsen):
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover, Germany
Phone: +49 511 120-4500
Email: poststelle@lfd.niedersachsen.de
Website: https://www.lfd.niedersachsen.de

9.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know
You can request information about the categories and specific pieces of personal information we've collected about you.

Right to Delete
You can request deletion of your personal information, subject to certain exceptions.

Right to Correct
You can request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing
We do not sell or share your personal information for cross-context behavioral advertising.

Right to Limit Use of Sensitive Personal Information
We do not use or disclose sensitive personal information beyond what is necessary to provide our services.

Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.

Shine the Light Law
You can request information about personal information shared with third parties for their marketing purposes (we do not share data for this purpose).

To Exercise Your California Rights:
Email us at studio@zentr.design with "California Privacy Rights" in the subject line.

9.3 Rights for Other US State Residents

If you reside in other US states with privacy laws (Virginia, Colorado, Connecticut, Utah, etc.), you may have similar rights. Contact us to exercise your rights.

9.4 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us:

Email: studio@zentr.design
Phone: +49 173 764529
Mail: Am Blauen Camp 11k, 21335 Lüneburg, Germany

We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include:

  • Secure data transmission (HTTPS/SSL encryption)

  • Regular security updates

  • Access controls and authentication

  • Secure data storage with trusted service providers

  • Regular backups

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

11. Children's Privacy

Our services are not directed to individuals under the age of 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

12. Do Not Track Signals

Some browsers have "Do Not Track" (DNT) features. We currently do not respond to DNT signals, as there is no industry standard for how to handle them. We honor the cookie preferences you set through our cookie consent banner.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page

  • Updating the "Last updated" date at the top

  • (For significant changes) Sending an email notification if we have your email address

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Christopher Ruttmann
Zentr – Web Design Studio
Am Blauen Camp 11k
21335 Lüneburg
Germany

Email: studio@zentr.design
Phone: +49 173 764529

Effective Date: November 2025