Privacy Policy (Datenschutzerklärung)

1. Controller

whaamkabaam
Owner: Felix Holtkamp
Donaustr. 44
12043 Berlin
Germany

Email: hi@whaamkabaam.com

2. Overview of Data Processing

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (“data”) within our online offering whaamkabaam.com, including associated websites, functions, content, and external online presences such as social media profiles (collectively referred to as the “online offering”).

The terms used, such as “processing” or “controller”, are defined in Article 4 of the General Data Protection Regulation (GDPR).

3. Types of Data Processed

  • Master data (e.g. name, address)

  • Contact data (e.g. email address, Discord username)

  • Contract data (e.g. purchased product, scope of services)

  • Payment data (e.g. transaction ID, payment status)

  • Content data (e.g. information provided for customization)

  • Usage data (e.g. visited pages, access times)

  • Meta/communication data (e.g. IP address, device information)

4. Categories of Data Subjects

Visitors and users of the online offering (collectively referred to as “users”).

5. Purposes of Processing

  • Provision and operation of the website

  • Fulfillment of contracts and delivery of digital products and services

  • Communication with users (email, Discord)

  • Processing payments

  • Security and abuse prevention

  • Analytics, marketing, and optimization

  • Preparation and future operation of newsletters

6. Legal Bases

Unless otherwise stated, processing is based on the following legal grounds:

  • Art. 6(1)(a) GDPR – consent

  • Art. 6(1)(b) GDPR – performance of a contract

  • Art. 6(1)(c) GDPR – legal obligation

  • Art. 6(1)(f) GDPR – legitimate interests (secure, efficient operation and marketing)

7. Hosting and Infrastructure

Framer

The website frontend is hosted via Framer B.V., Netherlands.
Framer processes personal data (e.g. IP addresses, access data) on our behalf for the purpose of providing hosting and website functionality.

STRATO

Domain and related infrastructure services are provided by STRATO AG, Germany.

Hetzner

Backend services and servers are hosted by Hetzner Online GmbH, Germany.
Hetzner processes data as a processor under Art. 28 GDPR.

The processing is based on our legitimate interest in secure and efficient website operation (Art. 6(1)(f) GDPR).

8. Payments

Payments are processed via Stripe.

Stripe Payments Europe Ltd.
1 Grand Canal Street Lower
Grand Canal Dock
Dublin, Ireland

Stripe processes payment and transaction data (e.g. name, email, payment method, transaction details).
PayPal payments are also processed via Stripe.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Stripe may transfer data to third countries (e.g. USA). Such transfers are safeguarded by appropriate guarantees such as Standard Contractual Clauses or applicable adequacy frameworks.

Privacy policy: https://stripe.com/privacy

9. Analytics & Marketing

We use the following tools based on our legitimate interests in analyzing, optimizing, and marketing our online offering (Art. 6(1)(f) GDPR):

Google Analytics

Provided by Google Ireland Limited.
IP anonymization is enabled.
Data may be transferred to the USA under appropriate safeguards.

Opt-out: https://tools.google.com/dlpage/gaoptout
Privacy policy: https://policies.google.com/privacy

Google Tag Manager

Used to manage website tags. The Tag Manager itself does not process personal data.

Google Ads

Used for conversion tracking and remarketing.

Meta (Facebook / Instagram Pixel)

Provided by Meta Platforms Ireland Ltd.
Used to measure advertising effectiveness and display interest-based ads.

Privacy policy: https://www.facebook.com/policy.php
Ad settings: https://www.facebook.com/settings?tab=ads

10. Cookies

We use cookies and similar technologies. Cookies can be temporary (session cookies) or persistent.

Users can disable cookies via their browser settings. Please note that disabling cookies may limit website functionality.

11. Communication & Contact

If you contact us via email or Discord, your data will be processed to handle your request (Art. 6(1)(b) GDPR).

12. Newsletter (Planned)

We plan to offer a newsletter in the future via MailerLite UAB, Lithuania.

When activated:

  • Subscription will occur via double opt-in

  • Processing will be based on consent (Art. 6(1)(a) GDPR)

  • Users can unsubscribe at any time

Privacy policy: https://www.mailerlite.com/legal/privacy-policy

13. Data Retention

Personal data is deleted when no longer required for its purpose, unless statutory retention obligations apply.

German retention periods include:

  • 10 years for tax-related records

  • 6 years for commercial correspondence

14. Data Subject Rights

You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection to processing (Art. 21 GDPR)

  • Withdraw consent at any time (Art. 7(3) GDPR)

15. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

16. Security Measures

We implement appropriate technical and organizational measures in accordance with Art. 32 GDPR to protect personal data.

17. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect legal or technical changes.

Last updated: 2025