Skip to main content

Privacy Policy

Information about how we handle your data.

Data protection information is available in English and German. Additional languages, if provided, are offered for convenience only.

This Privacy Policy explains how Studio GAUS GmbH ("Studio Gaus", "we", "us") processes personal data when you use our website and related services.

Language versions

This Privacy Policy is provided in German and English.

In case of discrepancies or inconsistencies, the German version shall prevail.

Translations into other languages, if provided, are offered for convenience only and have no legal effect.

1. Controller

Studio GAUS GmbH
Erich-Steinfurth-Str. 6
10243 Berlin
Germany

Phone: +49 30 55 475 977
Email: info@studiogaus.com

Privacy contact:
privacy@studiogaus.com

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • studiogaus.com (this website), and
  • infrastructure domains we operate to technically deliver this website, in particular selected subdomains of sgaus.net that are used, for example, to serve static files (images/assets) and to run privacy-friendly, self-hosted analytics for this website.

These sgaus.net subdomains are used only in connection with operating and delivering studiogaus.com. They are not advertising or third-party tracking domains.

Other Studio Gaus products and projects: We operate multiple products and projects. If a product or project has its own website/app or its own privacy notice, that separate privacy notice applies. This Privacy Policy does not automatically apply to external project websites, third-party platforms, or other Studio Gaus services unless explicitly stated there.

3. General principles

We process personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

We do not sell personal data and we do not use third-party advertising trackers on this website.

4. Data processing when you visit the website

4.1 Website delivery and server log data

When you access our website, our servers automatically process technical data typically transmitted by your browser, such as:

  • IP address
  • date and time of access
  • requested page/URL
  • response status code
  • browser and device information (user agent)
  • referrer information (where available)
  • transferred data volume

Purposes

  • providing the website and ensuring its stability and security
  • detecting and preventing attacks and misuse
  • troubleshooting and error analysis

Legal basis
Art. 6(1)(f) GDPR (legitimate interests in operating and securing the website).

Retention
Server log data (including IP addresses) is retained for a short period (typically around 2 weeks, based on log rotation) and then deleted or overwritten, unless longer retention is necessary to investigate or document security incidents.

4.2 Rate limiting and abuse prevention

To protect our website and users, we apply technical measures such as rate limiting (e.g., on authentication or API endpoints). This involves processing IP addresses and request metadata to detect and prevent abusive behaviour.

Legal basis
Art. 6(1)(f) GDPR (legitimate interests in security and abuse prevention).

Retention
Security-relevant records may be retained for up to 30 days, unless an incident requires longer retention for investigation or legal defence.

5. Newsletter subscriptions and subscriber account

We use a technical subscription management system to manage newsletter subscriptions. When you subscribe to our newsletter(s), a subscriber account is created for you.

This subscriber account is used exclusively to manage your newsletter subscription(s) and preferences. There is no separate paid membership or customer account system.

5.1 What data we process

Data you provide

  • Email address (required) – needed to subscribe, send newsletters, and manage your subscription
  • Name (optional) – only if you choose to provide it
  • Preferred language (optional) – e.g. EN/DE
  • Topic/tag preferences (optional) – newsletter categories or interests

Data generated during subscription management

  • subscription status and selections
  • subscription and change timestamps
  • session/authentication data required for managing subscriptions

Email change requests

  • current email address and new email address
  • one-time verification tokens (temporary)

Providing your email address is required to receive the newsletter. Without it, a subscription is not possible. Providing your name or preferences is optional.

5.2 Purposes

  • newsletter delivery
  • subscription management
  • transactional emails (e.g., verification or access links)
  • newsletter performance measurement (opens/clicks)
  • consent documentation and compliance

5.3 Legal bases

  • Newsletter delivery: Art. 6(1)(a) GDPR (consent)
  • Newsletter performance measurement (open/click tracking): Art. 6(1)(a) GDPR (consent)
  • Subscription management (creating and maintaining your subscriber account, managing preferences, unsubscribe processing): Art. 6(1)(b) GDPR (performance of a contract / steps at your request)
  • Security measures and compliance documentation (e.g., authentication security, abuse prevention, documenting consent): Art. 6(1)(f) GDPR (legitimate interests)

5.4 Double opt-in and unsubscribe

Subscriptions are confirmed via double opt-in.

You can withdraw your consent at any time:

  • via the unsubscribe link in each newsletter email
  • via your subscriber account area
  • by contacting privacy@studiogaus.com

5.5 Newsletter tracking (opens and clicks)

To understand how our newsletters perform and to improve our communications, we use newsletter tracking. This typically measures:

  • whether a newsletter was opened (open tracking), and
  • whether links in the newsletter were clicked (click tracking).

How it works

  • Open tracking is typically implemented using a small tracking image ("pixel") that is loaded when your email client displays the newsletter.
  • Click tracking is typically implemented by using tracked links/redirects so that a click is registered before the browser is forwarded to the destination URL.

Depending on the technology and email client, tracking may involve processing technical information such as IP address, device/browser information (user agent), timestamps, message identifiers, and which links were clicked.

Important note on accuracy
Open and click metrics may be affected by technical factors and automated systems (for example, email privacy features or security scanners). As a result, these metrics may be approximate.

If you do not want newsletter tracking, you can withdraw your consent by unsubscribing at any time.

6. Contacting us

If you contact us by email, we process the personal data you provide (such as your email address and the content of your message) solely for the purpose of handling and responding to your inquiry.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in handling communications) or, where applicable, Art. 6(1)(b) GDPR (pre-contractual steps).

Retention:
Inquiry-related data is stored only as long as necessary to process your request and is then deleted, unless statutory retention obligations apply.

Contacting us is voluntary. Without processing your personal data, it is not possible to respond to your inquiry.

7. Self-hosted analytics (Plausible Analytics)

We use Plausible Analytics on our own infrastructure (self-hosted) to understand aggregated website usage and improve our website.

Typical data processed includes:

  • page views and visited URLs
  • approximate referrer information
  • interaction events (e.g. outbound link clicks)
  • derived information such as device type and browser/OS categories (based on the user agent)

IP addresses in analytics

IP addresses are technically processed when requests are received. Plausible Analytics uses the IP address (together with other information) to calculate aggregated statistics such as unique visitors and to populate location reports. The raw IP address is not stored in the Plausible Analytics analytics database.

Please note that IP addresses may appear in web server logs for operational/security purposes as described in the section above.

We do not use analytics cookies and do not build user profiles or track users across websites.

Legal basis:
Art. 6(1)(a) GDPR (consent obtained via our privacy settings banner). Analytics are only activated after you explicitly consent.

Retention:
We retain analytics data for as long as necessary to analyse long-term usage trends and to improve our website. In practice, this may mean analytics statistics are retained for the lifetime of the website (unless we decide to delete them earlier, for example when discontinuing the analytics system).

Web server logs (which may include IP addresses) are retained only for a short period (typically around 2 weeks, based on log rotation), as described above.

Withdrawal of consent:
You may withdraw your consent at any time by clearing your browser's local storage or by contacting us at privacy@studiogaus.com. Withdrawal does not affect the lawfulness of processing before withdrawal.

8. Embedded third-party content and players (two-click solution)

Our website may include embedded content or players from third-party providers (for example, video players). To protect your privacy, we use a two-click solution for embedded third-party content: the embedded content is only loaded after you actively choose to activate it.

Before activation

  • the embedded content is not loaded, and
  • no data is transmitted to the third-party provider.

After activation

When you activate embedded content, the third-party provider may process personal data such as your IP address, device information, referrer information, and usage data, and may set cookies or similar technologies under their own responsibility. This may also involve processing outside the EU/EEA, depending on the provider.

Legal basis:
Art. 6(1)(a) GDPR (consent via your voluntary interaction).

YouTube (currently used):
If we embed YouTube videos, we use the privacy-enhanced mode (youtube-nocookie.com).

YouTube privacy policy: https://policies.google.com/privacy

9. Cookies and similar technologies

We set only essential cookies and use functional localStorage items for basic website functionality and security. These are strictly necessary to provide functions you request (e.g., account/session management and protection against misuse).

These include:

  • session cookies (authentication)
  • csrf_token (security)
  • localStorage for theme preferences, cookie notice dismissal, and temporary email-change signalling

If you interact with embedded third-party content (see section above), the respective third party may use cookies or similar technologies under their own responsibility.

10. Recipients of personal data

Personal data may be processed by the following categories of recipients:

  • External hosting and infrastructure providers acting as processors on our behalf. Processing takes place solely in accordance with our instructions and on the basis of a data processing agreement pursuant to Art. 28 GDPR.
    Our hosting infrastructure is operated exclusively within the European Union.
  • Email service providers for transactional and newsletter delivery (including newsletter tracking, where enabled)
  • Authorities or advisors, where legally required

11. International data transfers

Our core website systems are operated within the EU/EEA.

Depending on your use of our services, data may be processed outside the EU/EEA in particular in the following cases:

  • Email delivery and newsletter tracking: email service providers may process data in third countries to deliver emails and provide tracking functionality.
  • Embedded third-party content: if you activate embedded third-party content (see section above), the respective provider may process data in third countries under their responsibility.
  • Social media: if you click on links to social platforms, the respective platform providers may process data outside the EU/EEA under their responsibility.

Where personal data is transferred to third countries in our area of responsibility, appropriate safeguards are implemented (e.g. Standard Contractual Clauses or an adequacy decision, as applicable). You can request further information about these safeguards by contacting us at privacy@studiogaus.com.

12. Social media presence

We maintain profiles on platforms such as Facebook, X (Twitter), Telegram.

Our website contains links only to these platforms. No social media tracking pixels or plugins are embedded.

For Meta platforms (e.g. Facebook/Instagram), Studio Gaus and Meta may act as joint controllers for page insights. Meta primarily provides and manages this processing.

13. Data retention

  • Subscriber account and subscription data: until unsubscribe or deletion
  • Suppression/unsubscribe records: retained as long as necessary to ensure we do not send you newsletters after you have unsubscribed
  • Consent/compliance records: up to 3 years
  • Server logs: typically around 2 weeks (log rotation)
  • Security logs: up to 30 days
  • Backups: up to 30 days

14. Your rights under the GDPR

You have the right to access, rectification, erasure, restriction, data portability, objection, withdrawal of consent, and to lodge a complaint with a supervisory authority.

We will respond to data protection requests without undue delay and generally within one month. We may request additional information to verify your identity where necessary.

Contact: privacy@studiogaus.com

15. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is unlawful.

For us, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information, or another supervisory authority in the EU member state of your residence or of the alleged infringement.

16. Automated decision-making

We do not use automated decision-making or profiling (Art. 22 GDPR).

17. Children

This website and newsletter are not directed at children under 16 years.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available on this website.

19. Contact

Privacy requests: privacy@studiogaus.com
General inquiries: info@studiogaus.com

Last updated: December 26, 2025