Privacy Policy

Effective Date: 01.05.2025
Date of last change: 18.06.2025

1) Introduction and Contact Details of the Controller

1.1 We appreciate your visit to our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Georgios Sotiriou, Funnels.Agency, Warthestraße 39, 12051 Berlin, Germany, Tel.: 01605020199, Email: funnelsagencyltd@gmail.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:

• Our visited website
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (if applicable, anonymized) The processing is carried out according to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. Data is not passed on or used otherwise. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

We use a provider for hosting our website and displaying content, who provides these services solely through servers located within the European Union, either independently or via selected subcontractors.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies – small text files stored on your device. Some cookies are deleted after you close your browser (so-called "session cookies"), while others remain on your device and enable us to recognize your browser on your next visit (so-called "persistent cookies"). You can find the storage duration in your browser’s cookie settings.

If personal data is also processed by individual cookies we use, the processing takes place in accordance with Art. 6 para. 1 lit. b GDPR (for contract performance), Art. 6 para. 1 lit. a GDPR (in case of consent), or Art. 6 para. 1 lit. f GDPR (to protect our legitimate interests).

You can configure your browser to inform you about cookie settings and decide individually whether to accept them or exclude cookies for specific cases or in general. Please note that disabling cookies may limit the functionality of our website.

5) Contact

5.1 WhatsApp Business You may contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We use the "Business Version" of WhatsApp.

If you contact us via WhatsApp in the context of a specific transaction (e.g., an order), we store and use your mobile number and – if provided – your first and last name pursuant to Art. 6 para. 1 lit. b GDPR to process your request. On the same legal basis, we may ask for additional data (order number, customer number, address, or email) to assign your inquiry to a specific process.

If you use WhatsApp for general inquiries, we use your mobile number and name (if provided) based on our legitimate interest under Art. 6 para. 1 lit. f GDPR to efficiently provide the requested information.

Your data is used exclusively for response purposes via WhatsApp. No disclosure to third parties occurs.

WhatsApp Business accesses the address book of our device and transmits stored phone numbers to Meta Platforms Inc. servers in the USA. We only store contacts of those who have already contacted us via WhatsApp, ensuring prior consent under Art. 6 para. 1 lit. a GDPR.

See WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a processing agreement with the provider. Data may be transferred to Meta servers in the USA under the EU-US Data Privacy Framework.

5.2 Contact Form or Email If you contact us (e.g., via contact form or email), we process personal data only as necessary to respond to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your request aims at a contract, additional legal basis is Art. 6 para. 1 lit. b GDPR. Data is deleted when your inquiry has been conclusively answered and no legal retention periods apply.

6) Data Processing When Opening a Customer Account

According to Art. 6 para. 1 lit. b GDPR, we collect and process personal data when you voluntarily provide it upon opening a customer account. Mandatory data is listed in the respective input form.

You may delete your account at any time by contacting us. Your data will be deleted unless contractual obligations remain, legal retention periods apply, or we have a legitimate interest in continued storage.

7) Data Processing for Contract Fulfillment

7.1 For contract execution, we collaborate with service providers. Certain personal data is shared as needed.

7.2 Use of Payment Service Providers (Stripe) Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland

When selecting a prepayment method (e.g., credit card), your payment details (name, address, card info, etc.) are shared with Stripe per Art. 6 para. 1 lit. b GDPR.

For post-payment methods (e.g., invoice), additional data (e.g., date of birth, alternative payment details) may be required. For credit checks, we may transmit this data based on our legitimate interest under Art. 6 para. 1 lit. f GDPR. The credit check may include scoring data derived from statistical procedures.

You may object to this processing at any time, though this may affect payment options.

8. Use of the SMS service via Bird

To communicate with you, in particular to send important information such as booking confirmations, appointment reminders, or safety-related notices, we send SMS messages via the service provider Bird Technologies Ltd., Keizersgracht 268, 1016 EV, Amsterdam, The Netherlands (KvK 51874474).

In doing so, we process the following personal data:
- Your mobile phone number
- The content of the respective message
- The time of dispatch
- Technical meta and usage data (e.g., IP address, location data, device information), if applicable

Processing is carried out on the basis of Art. 6 (1) lit. b GDPR if the communication serves to fulfill a contract, or on the basis of Art. 6 (1) lit. a GDPR if you have explicitly consented (e.g., to receive marketing SMS messages).

Bird acts as our processor within the meaning of Art. 28 GDPR. A corresponding contract for order processing has been concluded, which ensures that your data is processed exclusively in accordance with our instructions. An adequate level of data protection is also guaranteed in the event of any international data transfer.

Your data will be used exclusively for the specified purpose, will not be passed on to unauthorized third parties, and will only be stored for as long as is necessary for the respective purpose or as long as statutory retention periods exist.

You can object to the use of your data for sending SMS messages at any time or revoke your consent. To do so, simply click on the attached link in each SMS message and select “STOP.”

Further information on data processing by Bird can be found in their privacy policy at:
https://bird.com/privacy

9) Web Analytics Services

9.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

Google Analytics 4 uses cookies by default when you visit the website. These small text files are stored on your device and collect specific information, including your IP address, which is anonymized by Google (last digits removed).

Data is transferred to Google servers and processed there, potentially including servers in the U.S. Google uses this information on our behalf to evaluate website use, compile activity reports, and provide additional services related to internet and website usage. The anonymized IP address is not merged with other Google data. Data collected is stored for two months and then deleted.

All described processing activities, particularly cookie placement, only occur if you have given explicit consent under Art. 6 (1)(a) GDPR. You may withdraw this consent at any time for the future using the website’s cookie consent tool.

We have signed a data processing agreement with Google to ensure protection and prevent unauthorized third-party access.

For legal details about Google Analytics 4, visit:

• https://business.safety.google/intl/en/privacy/
• https://policies.google.com/privacy
• https://policies.google.com/technologies/partner-sites

Demographics Feature
Google Analytics 4 offers demographic insights (e.g., age, gender, interests) based on ads and third-party data. These stats are not personally identifiable and are deleted after two months.

Google Signals
If you’ve enabled personalized ads and linked devices to your Google account, Google may use your data across devices to generate aggregated reports, per your consent (Art. 6 (1)(a) GDPR). You can disable this in your Google account: https://support.google.com/ads/answer/2662922?hl=en

UserIDs
With your consent and registration on the site, Google Analytics 4 may use UserIDs to track cross-device activity, including conversions.

Google complies with the EU-US Data Privacy Framework based on the European Commission’s adequacy decision.

9.2 Google Tag Manager
This website uses Google Tag Manager by Google Ireland Limited, which enables integration and management of other services through a single interface. It does not store or read any user data itself.

When activated, your IP address may be transmitted to and stored by Google, including servers in the U.S.

This service is only used with your explicit consent under Art. 6 (1)(a) GDPR, and consent can be withdrawn anytime via the cookie consent tool.

A data processing agreement with Google ensures data protection.

More info:

• https://business.safety.google/intl/en/privacy/
• https://policies.google.com/privacy

Google complies with the EU-US Data Privacy Framework.

10) Retargeting / Remarketing and Conversion Tracking

Google Ads Remarketing

This site uses Google Ads Remarketing by Google Ireland Limited.

A cookie is placed in your browser to allow interest-based ads based on your visited pages. Further processing occurs only if you’ve allowed Google to link your web and app history to your Google account and personalize ads accordingly.

If logged into Google during your visit, your data is temporarily merged with Google Analytics data to create cross-device remarketing lists.

All processing, including cookie placement, only occurs with your consent under Art. 6 (1)(a) GDPR. Consent can be revoked at any time via the cookie tool.

Google complies with the EU-US Data Privacy Framework.

More info:

• https://policies.google.com/technologies/partner-sites
• https://www.google.de/policies/privacy/

11) Site Functionality

10.1 YouTube
This site uses plugins from: Google Ireland Limited.
Data may also be sent to: Google LLC, USA.
When a page containing such a plugin is accessed, a connection is made to Google’s servers. Your IP and other info may be transmitted.
When video playback starts, cookies may be used to collect behavioral data and prevent abuse.
If you're logged in, your activity may be linked to your Google account. Log out beforehand to avoid this.
All processing only occurs with your explicit consent under Art. 6 (1)(a) GDPR. You may revoke consent anytime via the cookie tool.
Google complies with the EU-US Data Privacy Framework.

11.2 Google Sign-In
Single-Sign-On is offered via Google Ireland Limited. Data may also be sent to Google LLC, USA.

If you have an account, you can use it to register/login on our website. Even without an account, a connection is made to Google servers. Your IP and browser details may be transferred but are not used to personally identify you.

This is based on our legitimate interest under Art. 6 (1)(f) GDPR.

When logging in, general profile info may be shared with us under your consent (Art. 6 (1)(a) GDPR), and stored to create a user account. We may also send data back to Google if you allow it.

You may withdraw consent at any time.
Google complies with the EU-US Data Privacy Framework.

More info: https://business.safety.google/intl/en/privacy/

11.3 Google reCAPTCHA
We use Google reCAPTCHA (Google Ireland Limited). Data may also be sent to Google LLC, USA.
Google Fonts may be used to render the CAPTCHA visually. The service checks whether an input is from a real person to prevent spam and abuse.
This includes collecting your IP, browser, OS info, and visit duration. Cookies may be used.
If cookies are used, this only happens with your consent (Art. 6 (1)(a) GDPR).
Without cookies, the legal basis is our legitimate interest under Art. 6 (1)(f) GDPR.

We have a data processing agreement with Google.
Google complies with the EU-US Data Privacy Framework.

More info: https://business.safety.google/intl/en/privacy/

12) Rights of the Data Subject

12.1 According to GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction (Art. 18 GDPR)
• Right to notification (Art. 19 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
• Right to lodge a complaint (Art. 77 GDPR)

12.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME FOR REASONS RELATED TO YOUR PARTICULAR SITUATION.

IF YOU OBJECT, WE WILL STOP PROCESSING YOUR DATA UNLESS WE HAVE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR DATA IS PROCESSED FOR DIRECT MARKETING, YOU MAY OBJECT AT ANY TIME, AND WE WILL STOP PROCESSING FOR THIS PURPOSE.

13) Duration of Personal Data Storage

The storage duration is based on the legal basis, processing purpose, and statutory retention periods.

If processing is based on consent (Art. 6 (1)(a) GDPR), data is stored until consent is withdrawn.

If legal retention periods apply under Art. 6 (1)(b) GDPR, data is deleted once these periods expire unless needed for contracts or legal interest continues.

If data is processed based on Art. 6 (1)(f) GDPR, it will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we prove overriding legitimate grounds.

For direct marketing purposes, data is stored until you object under Art. 21 (2) GDPR.

Unless otherwise stated, personal data is deleted when no longer necessary for the purposes for which it was collected.

14) Contact

See Legal Notice visit Imprint.