We take the protection of your personal data very seriously. This Privacy Policy informs you about the processing of personal data when using our website and our app.

3.1 Server Log Files

When you access our website, our hosting provider (STRATO AG) automatically collects and stores information in so-called server log files:

• IP address (anonymized)
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL
• Hostname of the accessing device

This data is technically required to correctly display the website and is not merged with other data sources. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in technically error-free presentation).

3.2 Contact Form / Registration

When you register for the app via our contact form or contact us, we process the data you provide (e.g. name, e-mail address, age of child). The data is processed solely to handle your request or registration. Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures).

3.3 Contact by E-mail

When you contact us by e-mail, we process the data you provide in order to handle the request. Legal basis: Art. 6 (1) lit. b or lit. f GDPR.

4.1 Google Analytics

We use Google Analytics (Google Ireland Ltd.) to analyze website usage.

• Cookies are set to record your usage behavior (e.g. visited pages, duration, clicks).
• IP addresses are anonymized (IP masking).
• Data may be transferred to the USA. Protection is ensured through EU Standard Contractual Clauses (SCCs).
• Processing is carried out only with your consent via our cookie banner.

Legal basis: Art. 6 (1) lit. a GDPR (consent). You may revoke your consent at any time via the “Cookie settings.” Further information: Google Privacy Policy.

4.2 Brevo (Newsletter / E-mail Communication)

We use Brevo (Sendinblue GmbH, Berlin) for e-mail communication and newsletters.

• Brevo acts as a data processor on our behalf.
• Data (e.g. e-mail address, name) is stored on servers within the EU.
• A Data Processing Agreement (DPA) and SCCs are in place.
• You can withdraw your consent to receive e-mails at any time (e.g. via unsubscribe link).

Legal basis: Art. 6 (1) lit. a GDPR (consent). Further information: Brevo Privacy Policy.

4.3 CookieYes (Consent Management)

We use the consent management tool CookieYes to manage your consents regarding cookies and tracking technologies.

The following data is processed:

• Your granted or withdrawn consent
• Time of the decision
• An anonymous key (consent ID)
• Technical metadata

This information is stored in a technically necessary cookie so that the website can remember your preferences. Legal basis: Art. 6 (1) lit. c GDPR (legal obligation to manage user consents). Further information: CookieYes Privacy Policy.

Our processors (Brevo, Google/Firebase) may use sub-processors. Current lists are available on the providers’ websites. We ensure appropriate agreements (DPA, SCCs) are in place.

You have the following rights under GDPR:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to object (Art. 21)
• Right to data portability (Art. 20)
• Right to withdraw consent at any time (Art. 7 (3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

Our website is hosted by STRATO AG, Berlin.
A Data Processing Agreement is in place.

We implement technical and organizational measures (TOMs) to protect your data against loss, misuse, or unauthorized access, including encryption, SSL, access restrictions, and regular security audits.