privacy policy

privacy policy

1. Introduction

Welcome to LennArtWorks. I am committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This Privacy Policy outlines how I collect, use, and protect your data when you visit my website.

2. Data Controller

As the sole proprietor of LennArtWorks, I, Lennart Ahlfeldt, serve as the Data Protection Officer (DPO). For any data protection inquiries, please contact me at:

info@lennartworks.de

3. Data Collection and Usage

I collect personal data to provide and improve my services. The types of data I collect include:

• Contact Information: When you use the built-in contact form on my website, I collect your name and email address to respond to your inquiries.

3.1 Use of Cookies and Tracking Technologies

This website uses cookies and similar technologies (hereinafter "cookies") to ensure functionality, improve the user experience, and enable marketing activities. Cookies are small text files that the browser stores on your end device.

I distinguish between the following categories of cookies:

Technically Necessary Cookies: These cookies are essential for the basic operation and security of the website. They cannot be deactivated. The legal basis for the processing of data collected by them is my legitimate interest in providing a functional website (Art. 6(1)(f) GDPR).

Optional Cookies (Analytics & Marketing): These cookies are only set after you have given your explicit consent via the cookie banner. They help me understand how the website is used in order to optimize my services (Analytics) and to display personalized advertisements on other platforms (Marketing). This includes the use of services such as Google Ads. The legal basis for this is your consent (Art. 6(1)(a) GDPR).

Managing and Revoking Consent: Your consent for optional cookies can be revoked at any time with future effect. The settings can be adjusted at any time via the "Cookie Settings" button in the footer of this website.

Browser Settings: Additionally, your browser can be configured to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Instructions for this can usually be found in your browser's help function. Deactivating technically necessary cookies may limit the functionality of this website.

3.2 Data Collection and Processing for Contests and Promotions

In addition to the purposes mentioned above, we process personal data for the purpose of running contests, sweepstakes, or similar promotions. Participation in these promotions is voluntary.

• What data we collect: For participation, we process the data you provide in the form (e.g. your name, Instagram username, or email address). This data is used exclusively for the purpose of managing the respective promotion, including contacting the winner and delivering the prize.

• Legal Basis: The processing of this data is based on your voluntary consent, which you provide by submitting the form.

• Data Retention: The data collected for the promotion will be deleted after the conclusion and full settlement of the promotion, unless there are legal retention obligations to the contrary.

• Withdrawal of Consent: You have the right to withdraw your consent to data processing for these purposes at any time. A withdrawal does not affect the lawfulness of the processing carried out up to that point.

4. Legal Basis for Processing

I process personal data based on the following legal bases of the GDPR:

Consent (Art. 6(1)(a) GDPR): For specific purposes, such as sending newsletters, processing data for contests, or setting optional analytics and marketing cookies, I obtain explicit consent.

Performance of a Contract (Art. 6(1)(b) GDPR): When a service is requested or a contract is concluded, I process the collected data to fulfill this contract. This also applies to the processing of payment data via Stripe.

Legitimate Interests (Art. 6(1)(f) GDPR): I process data to ensure the security and functionality of my website, to respond to contact inquiries, and to improve my services. This includes the use of technically necessary cookies.

5. Data Retention

I retain personal data in accordance with German legal requirements:

• Contact Information: Retained for up to 3 years to address inquiries and comply with legal obligations.

• Business Correspondence: Retained for 6 years to comply with commercial and business correspondence regulations.

• Accounting Records: Retained for 10 years as mandated by German law.

Data is deleted when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent, subject to legal retention periods.

6. Data Sharing and Third-Party Services

To provide my services and operate my website, I use various service providers. They are carefully selected and, where necessary, contractually obligated to comply with data protection regulations.

• Hosting and Domain Services: For the operation of this website, its security, and the provision of content, I use service providers in the categories of hosting and domain registration.

• Cloud Storage and File Transfer Services: To securely store and exchange files, I use cloud services that ensure encrypted transfer and storage.

• Social Media and Portfolio Platforms: I use external platforms to present my work and interact with my community. When you click on links to these sites, data may be transferred to the respective operators.

• Communication Service Providers: For business correspondence and the processing of inquiries, I use an email service provider.

6.1 Payment Services: Stripe

To process payments (e.g., for digital products or services), I use the external payment service provider Stripe. The provider is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. For users within the EU, the responsible entity is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

When you make a payment via Stripe, your payment data (e.g., name, payment amount, bank account details, credit card number) is processed by Stripe to execute the transaction. The processing of this data is based on Art. 6(1)(b) GDPR (processing for the performance of a contract).

Data processing may also occur in the USA. Stripe ensures compliance with European data protection standards through measures including the use of Standard Contractual Clauses approved by the EU Commission and by relying on the EU-U.S. Data Privacy Framework. For more information on Stripe's data protection practices, please visit: https://stripe.com/privacy

6.2 Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Purpose of Processing: Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. I use this information to evaluate website usage, compile reports on website activities, and improve my services.

IP Anonymization: The IP anonymization feature is activated on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Legal Basis: The processing of data is based exclusively on your consent (Art. 6(1)(a) GDPR), which is requested via the cookie banner.

Data Transfer to the USA: For the transfer of data to the USA, Google relies on the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

Opt-Out Option: The consent you have given can be revoked at any time in the "Cookie Settings" in the footer of this website. Additionally, you can prevent the collection of data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

6.3 Google Ads

This website uses Google Ads, an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose of Processing: Google Ads allows me to place advertisements in Google Search and on the Google Display Network. I use Google Ads in particular for conversion tracking and remarketing.

Conversion Tracking: This involves setting a cookie on the user's device if they reach my website via a Google ad. These cookies expire after 30 days and are not used for personal identification. With their help, I can track whether certain actions (e.g., making contact) have been performed on my site.

Remarketing: This function allows visitors to this website to be retargeted with interest-based advertising on other sites within the Google Display Network.

Legal Basis: The use of Google Ads is based exclusively on your consent (Art. 6(1)(a) GDPR), which is obtained via the cookie banner.

Data Transfer to the USA: A data transfer to the parent company Google LLC in the USA is possible. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

Opt-Out Option: Consent can be revoked at any time via the "Cookie Settings" in the footer. Furthermore, you have the option to disable personalized advertising in Google's ad settings: https://adssettings.google.com/authenticated.

Further information on data protection at Google can be found here: https://policies.google.com/privacy?hl=de.

For detailed information on the respective data processing practices, please refer to the privacy policies of the relevant service providers.

7. Data Security

I implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or destruction. These measures include:

• Secure Hosting: My website is hosted by Framer, which employs industry-standard security protocols, including:

• SSL Certificates: Dynamically generated and updated via Let’s Encrypt for secure delivery.

• Application Firewall: Global firewall protections and DDoS protection for Enterprise plans.

• Data Encryption: All data collected and transmitted is encrypted in transit and at rest using industry best practices, including Transport Layer Security (TLS).

• Domain Registration: My domain is registered through Namecheap, which also adheres to industry-standard security measures.

8. Image Rights and Usage

All images, graphics, and visual works (including, but not limited to, illustrations, designs, photographs, and other pictorial representations) published on this website are protected by copyright and remain the property of Lennart Ahlfeldt (LennArtWorks). Any use of these images for commercial purposes, or distribution to third parties, including for use in training artificial intelligence models or machine learning algorithms, is strictly prohibited without the express written consent of LennArtWorks.

9. Permitted Use

Users are permitted to download and view the content for personal, non-commercial use. Any commercial use of the images, including their use in AI training datasets or machine learning purposes, is prohibited without explicit permission from LennArtWorks.

10. User Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Access: Request a copy of the personal data I hold about you.

• Rectification: Request correction of any inaccurate or incomplete data.

• Erasure: Request deletion of your data, subject to legal retention requirements.

• Restriction: Request restriction of processing under certain conditions.

• Objection: Object to processing based on legitimate interests.

• Data Portability: Request transfer of your data to another service provider.

• Withdraw Consent: If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.

• Lodge a Complaint: You have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data infringes upon the GDPR.

State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)

Address: Kavalleriestraße 2-4, 40213 Düsseldorf, Germany

Phone: +49 211 38424-0

Email: poststelle@ldi.nrw.de

Website: www.ldi.nrw.de

To exercise these rights, please contact me at info@lennartworks.de. I will respond to your request in accordance with applicable laws.

11. Children’s Privacy

My website is not directed toward children under the age of 16, and I do not knowingly collect personal data from children. If you believe I have inadvertently collected such data, please contact me to have it removed.

12. Changes to this Privacy Policy

I may update this Privacy Policy periodically to reflect changes in my practices or legal requirements. I encourage you to review this page regularly for any updates.

Last update:

October 21, 2025

13. Contact Information

Lennart Ahlfeldt

hey@lennartworks.de