Last updated: 15 June 2026

1. Controller

The controller responsible for the processing of personal data on this website (the “Controller”) within the meaning of the General Data Protection Regulation (GDPR) is:

Woatchman – Amir Hussein (sole proprietor)
c/o IP-Management #10605
Ludwig-Erhard-Straße 18
20459 Hamburg, Germany
Email: info@woatchman.com
VAT ID: DE317965147

We have not appointed a Data Protection Officer, as we are not legally required to do so.

2. General Information and Scope

We take the protection of your personal data seriously and process it exclusively in accordance with the GDPR, the German Federal Data Protection Act (BDSG), the German Digital Services Act (DDG) and the German Telecommunications Digital Services Data Protection Act (TDDDG). This Privacy Policy explains which personal data we process when you visit woatchman.com and use our forms and services, for what purposes, and on what legal basis.

“Personal data” means any information relating to an identified or identifiable natural person.

3. Your Rights as a Data Subject

You have the following rights in relation to your personal data:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR) – see the note below

• Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing based on consent before its withdrawal

To exercise any of these rights, please contact us at info@woatchman.com.

Right to lodge a complaint: You also have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Straße 22, 20459 Hamburg, Germany
https://datenschutz-hamburg.de

Right to Object (Art. 21 GDPR)

Where we process your data on the basis of our legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time, on grounds relating to your particular situation, to such processing. Where your data is processed for direct marketing purposes, you have the right to object at any time without giving reasons; we will then no longer process your data for these purposes.

4. Legal Bases for Processing

Depending on the purpose, we process personal data on one or more of the following legal bases:

• Your consent – Art. 6(1)(a) GDPR

• Performance of a contract or pre-contractual measures – Art. 6(1)(b) GDPR

• Compliance with a legal obligation – Art. 6(1)(c) GDPR

• Our legitimate interests – Art. 6(1)(f) GDPR

5. Data Security

This website uses TLS/SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

6. Use of External Service Providers

To operate our website and provide our services, we use carefully selected external service providers – for example for website hosting, email delivery, appointment scheduling, online meetings, and website analytics and advertising. Where these providers process personal data on our behalf, they act as processors bound by a data processing agreement pursuant to Art. 28 GDPR: they may only process your data in accordance with our documented instructions and are contractually obliged to ensure an appropriate level of data protection.

We only share your data where this is necessary for the relevant purpose, where you have given your consent, or where we are otherwise legally permitted or required to do so. The following sections explain for which purposes we process your data and on what legal basis.

7. Website Hosting and Server Log Files

Our website is hosted by an external service provider that processes data on our behalf. When you visit our website, information that your browser transmits is automatically processed in server log files, in particular:

• IP address

• date and time of the request

• browser type and version

• operating system used

• referrer URL

This data is not merged with other data sources and is processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in the secure, stable and efficient provision of our website.

8. Cookies and Consent Management

Our website uses cookies and comparable technologies (e.g. pixels and local storage). Cookies are small text files stored on your device.

Strictly necessary cookies that are required to provide the website and the functions you have requested are used on the basis of § 25(2) TDDDG and our legitimate interest (Art. 6(1)(f) GDPR); these do not require your consent.

All other cookies and technologies – in particular for statistics/analytics and marketing – are only used with your prior consent pursuant to § 25(1) TDDDG and Art. 6(1)(a) GDPR. We obtain this consent via our cookie consent banner, where you can also view the individual categories. You can withdraw your consent at any time with effect for the future via the settings in the banner / on our website, or by deleting cookies in your browser.

9. Contact Form and Contact by Email

If you contact us via our contact form or by email, we process the data you provide (in particular your name, email address and the content of your message) in order to handle your enquiry.

Legal basis: where your enquiry relates to the conclusion or performance of a contract, Art. 6(1)(b) GDPR; in all other cases, our legitimate interest in responding to enquiries, Art. 6(1)(f) GDPR; where you have given consent, Art. 6(1)(a) GDPR.

We retain this data until your enquiry has been fully dealt with and any follow-up questions have been resolved, unless statutory retention periods (e.g. under commercial or tax law) require longer storage.

10. Newsletter

On our website we offer free content that you can request by entering your first name and email address. We use this data to deliver the requested content and to send you our email newsletter containing information, offers and news about our services. For the delivery of our emails we use an external email service provider that processes the data on our behalf. Registration takes place using the opt-in procedure.

Legal basis: your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent and unsubscribe at any time, for example via the unsubscribe link in every newsletter. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

We store your data for the purpose of the newsletter until you unsubscribe. After you unsubscribe, your email address may be stored on an internal blocklist to ensure you no longer receive emails from us.

11. Appointment Scheduling

You can book an appointment for an initial consultation with us via a scheduling tool integrated on our website and provided by an external service provider. When you book, the data you enter (in particular your name, email address and the requested appointment details) is processed in order to arrange and conduct the appointment.

Legal basis: Art. 6(1)(b) GDPR (performance of pre-contractual measures and our service) and, where applicable, Art. 6(1)(a) GDPR (consent).

12. Online Meetings

We conduct initial consultations and meetings via video conferencing tools provided by external service providers. When you take part in a meeting, we process the data required to host it, in particular your name, email address, meeting metadata and the audio, video and chat content you provide during the meeting.

Legal basis: Art. 6(1)(b) GDPR for the performance of pre-contractual measures or our contract, and our legitimate interest in efficient online communication (Art. 6(1)(f) GDPR). We do not record meetings unless we have informed you and obtained your consent beforehand.

13. Web Analytics and Marketing

With your consent, we use analytics and marketing services provided by external providers in order to measure and improve the use of our website, to evaluate and optimise the effectiveness of our advertising, and to display relevant advertising to you on third-party platforms. For these purposes, cookies and comparable technologies may be used and pseudonymous usage profiles may be created.

Legal basis: your consent pursuant to § 25(1) TDDDG and Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future via our cookie banner. In some cases, we and the respective provider are jointly responsible for part of this processing within the meaning of Art. 26 GDPR.

14. Data Transfers to Third Countries

Some of our external service providers may process data outside the European Union / European Economic Area, in particular in the USA. A transfer only takes place where the requirements of Chapter V GDPR are met. We rely on:

• the European Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF), where the provider is certified under the DPF; and/or

• the EU Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR, supplemented by additional safeguards where necessary.

You can request further information about the safeguards in place from us using the contact details above.

15. Storage Period

We process and store your personal data only for as long as is necessary to achieve the purpose for which it was collected, or for as long as required by the statutory retention periods to which we are subject (in particular under commercial and tax law, generally between 6 and 10 years). Once the purpose ceases to apply and no retention obligation exists, your data is deleted.

16. Minors

Our website and services are not directed at persons under the age of 16. We do not knowingly collect personal data from minors. If you are under 16, please do not submit any personal data to us without the consent of your parent or guardian.

17. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our services or in the applicable legal situation. The current version is always available on our website.