Vinbit logo

Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides an overview of what happens to your personal data when you visit this website. Personal data means any data by which you can be personally identified.

We process your data in accordance with the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

2. Controller

The controller responsible for data processing on this website is:

Melvin Kowal
Springer Straße 62
30459 Hannover
Germany

Phone: +49 (0) 171 7880282
Email: support@vinbit.studio

3. Hosting

This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. All data processing takes place exclusively in certified data centers located in Germany.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website operation).

We have concluded a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

4. Server Log Files

The hosting provider automatically collects and stores information in so-called server log files. These include:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing device

These data are not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring technical stability and security).

Retention period: Log files are automatically deleted after a maximum of 14 days unless longer retention is required for security reasons.

5. Cookies

Our website uses cookies. Cookies are small text files stored on your device.

Strictly Necessary Cookies

We use only technically necessary cookies.

Legal basis: Art. 6(1)(f) GDPR, Section 25(2) No. 2 TDDDG.

The following systems may set technically necessary session cookies:

  • Cal.com (self-hosted) – to manage the booking process and timezone settings
  • Next.js – to store technical settings (e.g., language/locale)

These cookies are essential for the operation of the website. Therefore, no consent banner is required.

6. Web Analytics with Umami

We use the open-source analytics tool Umami on this website. Umami helps us understand how visitors use our website. The software runs exclusively on our own servers in Germany.

Umami does not collect any personal data and does not use cookies. Visitors' IP addresses are anonymised (hashed) immediately upon collection. No merging with other data sources takes place.

Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the needs-based design and continuous optimisation of our website.

7. Contact Form / Project Inquiries

If you contact us via the contact form, the following data may be processed:

  • Name
  • Email address
  • Project information
  • Budget information (if provided)
  • IP address

The processing is carried out for the purpose of handling your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

Retention period: The data will be deleted once the purpose of processing no longer applies, unless statutory retention obligations exist.

8. Appointment Booking

We use a self-hosted instance of Cal.com hosted on servers in Germany. Processed data:

  • Name
  • Email address
  • IP address
  • Appointment details
  • Project information

No data are transferred to non-EU servers of Cal.com.

Legal basis: Art. 6(1)(b) GDPR.

9. Video Conferences with Jitsi Meet

We use the Jitsi Meet video conferencing platform hosted by 8x8, Inc. for online meetings. Personal data such as name, email address, IP address, audio and video may be transmitted to servers outside the EU/EEA (notably USA).

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Appropriate safeguards are in place for third‑country transfers (e.g., encryption, Standard Contractual Clauses).

For more information on the service's privacy practices see: https://jitsi.org/meet-jit-si-privacy

10. Email Delivery

We use the SMTP relay service of Brevo (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) to send booking confirmations. Brevo processes email metadata (e.g., recipient address, transmission time) for technical delivery purposes.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded. Transfers to third countries occur only if technically necessary and subject to appropriate safeguards under Art. 46 GDPR.

11. Web3 / Blockchain

When using Web3 functionalities, transaction data may be stored on the Algorand blockchain. This may include public wallet addresses.

Please note:

  • Blockchain transactions are permanently stored
  • Subsequent deletion is technically impossible
  • Storage is decentralized and outside our direct control

Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.

12. External Links and Reference Projects

Our website contains external links to:

  • LinkedIn
  • Discord
  • GitHub
  • External client reference projects

These are simple hyperlinks. No automatic data transfer occurs when visiting our website. Data are transmitted only after actively clicking a link.

The respective platform operators are solely responsible for data processing on their websites.

13. Data Retention

Unless a more specific retention period is stated in this privacy policy, personal data remain with us until the purpose for processing no longer applies. Statutory retention obligations (e.g., under tax or commercial law) remain unaffected.

14. Your Rights Under the GDPR

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, please contact: support@vinbit.studio

15. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. Competent supervisory authority:

The State Commissioner for Data Protection Lower Saxony
Prinzenstraße 5
30159 Hannover
Germany
https://lfd.niedersachsen.de

16. Automated Decision-Making

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.

17. Data Security

We implement appropriate technical and organizational measures (TOMs) in accordance with Art. 32 GDPR to protect your data against manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments.