privacy policy

privacy policy

1. Introduction

Welcome to LennArtWorks. I am committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This Privacy Policy outlines how I collect, use, and protect your data when you visit my website.

2. Data Controller

As the sole proprietor of LennArtWorks, I, Lennart Ahlfeldt, serve as the Data Protection Officer (DPO). For any data protection inquiries, please contact me at:

info@lennartworks.de

3. Data Collection and Usage

I collect personal data to provide and improve my services. The types of data I collect include:

• Contact Information: When you use the built-in contact form on my website, I collect your name and email address to respond to your inquiries.

• Anonymized Usage Data: When you visit my website, anonymized usage statistics are collected via the integrated analytics services of my hosting provider, Framer. This data is used exclusively to improve the user experience and does not contain personal data such as your IP address or browser information. For this reason, a cookie consent banner is not required.

3.1 Data Collection and Processing for Contests and Promotions

In addition to the purposes mentioned above, we process personal data for the purpose of running contests, sweepstakes, or similar promotions. Participation in these promotions is voluntary.

• What data we collect: For participation, we process the data you provide in the form (e.g. your name, Instagram username, or email address). This data is used exclusively for the purpose of managing the respective promotion, including contacting the winner and delivering the prize.

• Legal Basis: The processing of this data is based on your voluntary consent, which you provide by submitting the form.

• Data Retention: The data collected for the promotion will be deleted after the conclusion and full settlement of the promotion, unless there are legal retention obligations to the contrary.

• Withdrawal of Consent: You have the right to withdraw your consent to data processing for these purposes at any time. A withdrawal does not affect the lawfulness of the processing carried out up to that point.

4. Legal Basis for Processing

I process your personal data based on the following legal grounds:

• Consent: By providing your contact information, you consent to me using it to respond to your inquiries.

• Legitimate Interests: I may process your data to improve my services and ensure the security of my website.

5. Data Retention

I retain personal data in accordance with German legal requirements:

• Contact Information: Retained for up to 3 years to address inquiries and comply with legal obligations.

• Business Correspondence: Retained for 6 years to comply with commercial and business correspondence regulations.

• Accounting Records: Retained for 10 years as mandated by German law.

Data is deleted when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent, subject to legal retention periods.

6. Data Sharing and Third-Party Services

To provide my services and operate my website, I use various service providers. They are carefully selected and, where necessary, contractually obligated to comply with data protection regulations.

• Hosting and Domain Services: For the operation of this website, its security, and the provision of content, I use service providers in the categories of hosting and domain registration.

• Cloud Storage and File Transfer Services: To securely store and exchange files, I use cloud services that ensure encrypted transfer and storage.

• Social Media and Portfolio Platforms: I use external platforms to present my work and interact with my community. When you click on links to these sites, data may be transferred to the respective operators.

• Communication Service Providers: For business correspondence and the processing of inquiries, I use an email service provider.

6.1 Payment Services: Stripe

To process payments (e.g., for digital products or services), I use the external payment service provider Stripe. The provider is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. For users within the EU, the responsible entity is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

When you make a payment via Stripe, your payment data (e.g., name, payment amount, bank account details, credit card number) is processed by Stripe to execute the transaction. The processing of this data is based on Art. 6(1)(b) GDPR (processing for the performance of a contract).

Data processing may also occur in the USA. Stripe ensures compliance with European data protection standards through measures including the use of Standard Contractual Clauses approved by the EU Commission and by relying on the EU-U.S. Data Privacy Framework. For more information on Stripe's data protection practices, please visit: https://stripe.com/privacy

For detailed information on the respective data processing practices, please refer to the privacy policies of the relevant service providers.

7. Data Security

I implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or destruction. These measures include:

• Secure Hosting: My website is hosted by Framer, which employs industry-standard security protocols, including:

• SSL Certificates: Dynamically generated and updated via Let’s Encrypt for secure delivery.

• Application Firewall: Global firewall protections and DDoS protection for Enterprise plans.

• Data Encryption: All data collected and transmitted is encrypted in transit and at rest using industry best practices, including Transport Layer Security (TLS).

• Domain Registration: My domain is registered through Namecheap, which also adheres to industry-standard security measures.

• Framer Analytics: I utilize Framer’s built-in analytics to gather anonymized usage statistics, enhancing user experience without collecting personal data. Framer’s analytics are fully GDPR-compliant, eliminating the need for cookie consent banners on my site.

8. Image Rights and Usage

All images, graphics, and visual works (including, but not limited to, illustrations, designs, photographs, and other pictorial representations) published on this website are protected by copyright and remain the property of Lennart Ahlfeldt (LennArtWorks). Any use of these images for commercial purposes, or distribution to third parties, including for use in training artificial intelligence models or machine learning algorithms, is strictly prohibited without the express written consent of LennArtWorks.

9. Permitted Use

Users are permitted to download and view the content for personal, non-commercial use. Any commercial use of the images, including their use in AI training datasets or machine learning purposes, is prohibited without explicit permission from LennArtWorks.

10. User Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Access: Request a copy of the personal data I hold about you.

• Rectification: Request correction of any inaccurate or incomplete data.

• Erasure: Request deletion of your data, subject to legal retention requirements.

• Restriction: Request restriction of processing under certain conditions.

• Objection: Object to processing based on legitimate interests.

• Data Portability: Request transfer of your data to another service provider.

• Withdraw Consent: If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.

• Lodge a Complaint: You have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data infringes upon the GDPR.

State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)

Address: Kavalleriestraße 2-4, 40213 Düsseldorf, Germany

Phone: +49 211 38424-0

Email: poststelle@ldi.nrw.de

Website: www.ldi.nrw.de

To exercise these rights, please contact me at info@lennartworks.de. I will respond to your request in accordance with applicable laws.

11. Children’s Privacy

My website is not directed toward children under the age of 16, and I do not knowingly collect personal data from children. If you believe I have inadvertently collected such data, please contact me to have it removed.

12. Changes to This Privacy Policy

I may update this Privacy Policy periodically to reflect changes in my practices or legal requirements. I encourage you to review this page regularly for any updates.

Last update:

September 20, 2025

13. Contact Information

Lennart Ahlfeldt

info@lennartworks.de

// kopieren und ziehen von Bildern verhinden