and whoo logo
and whoo

Privacy Policy

Last updated: May 2026

1. Controller

And Whoo
Owner: Hannah Nitschinger
Hölderlinstr. 13
71083 Herrenberg
Germany
Phone: +49 (0)7032 7840220
E-Mail: welcome@whoo-is-ready.com
You can also contact us via the contact form on this website.

2. General Information

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations, in particular the General Data Protection Regulation (GDPR), the German Telecommunications-Telemedia Data Protection Act (TDDDG), and this privacy policy.

Personal data means any information relating to an identified or identifiable natural person (e.g., name, address, email address, IP address).

3. Data Collection on Our Website

3.1 Server Log Files

When you visit our website, our hosting provider automatically collects information in so‑called server log files, which your browser automatically transmits:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical provision and security of the website).

Retention period: This data is deleted after no more than 7 days.

3.2 Contact Form and Email Contact

If you send us inquiries via our contact form or email, your information from the inquiry form or email, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and in case of follow‑up questions.

For the contact form, we use the service “Static Forms”, operated by Qualascend FZ‑LLC, Business Center 1, M Floor, The Meydan Hotel, Nad Al Sheba, Dubai, United Arab Emirates (“Static Forms”). The data you enter in the contact form is transmitted via Static Forms’ servers and then forwarded to us by email. Static Forms processes this data as a data processor on the basis of a Data Processing Agreement pursuant to Art. 28 GDPR.

According to Static Forms’ own information, it uses in particular Amazon Web Services (AWS) for cloud hosting, database (DynamoDB), and email delivery (SES), as well as Vercel for hosting the application【call\_u5nFVRIOXcbJDrtQ0EoXghbq-0】. This may involve the transfer of personal data to countries outside the EU/EEA. Such transfers are safeguarded by appropriate guarantees (e.g., EU Standard Contractual Clauses pursuant to Art. 46 GDPR) as set out in Static Forms’ Data Processing Agreement.

Further information can be found in Static Forms’ privacy policy at https://www.staticforms.dev/privacy-policy and in the Data Processing Agreement at https://www.staticforms.dev/dpa .

Legal basis: Art. 6(1)(b) GDPR (pre‑contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry).

Retention period: This data will be deleted as soon as it is no longer necessary for the purpose for which it was collected, but no later than after the expiry of statutory retention periods.

4. Use of Cookies and Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files that are stored on your device. Some cookies are automatically deleted after you close your browser (session cookies), while others remain stored on your device (persistent cookies).

4.2 Consent and Cookie Banner

To the extent that cookies or similar technologies are used that are not technically necessary, we obtain your consent via a cookie consent tool (§ 25 TDDDG, Art. 6(1)(a) GDPR).

You can revoke or change your consent at any time via the cookie settings on our website.

5. Analytics Tools and Marketing

5.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Scope of processing: Google Analytics uses cookies and similar technologies to analyze the use of our website. The information collected (e.g., IP address, pages visited, time spent, device used) is usually transmitted to a Google server and stored there.

We have activated IP anonymization, so that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

Data transfer to third countries: Google processes data partly in the USA. The transfer is based on Standard Contractual Clauses (Art. 46 GDPR) and additional guarantees.

Retention period: Cookies set by Google Analytics are automatically deleted after 14 months. User‑level data is deleted after 14 months.

Objection and deletion: You can prevent the storage of cookies by adjusting your browser software settings or by revoking your consent via our cookie banner.

Further information:
https://policies.google.com/privacy
https://tools.google.com/dlpage/gaoptout

Data Processing Agreement: We have concluded a Data Processing Agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

5.2 HubSpot

We use HubSpot, a CRM and marketing platform provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.

Scope of processing: HubSpot enables us to manage contacts, process inquiries, conduct email marketing (if you have consented), and analyze the use of our website and communications.

The following data may be processed:

  • Contact data (name, email address, phone number)
  • Usage data (pages visited, click behavior, device information)
  • Communication data (email opens, link clicks)

Legal basis:
– Art. 6(1)(b) GDPR (contract performance/pre‑contractual measures)
– Art. 6(1)(a) GDPR (consent for marketing)
– Art. 6(1)(f) GDPR (legitimate interest in efficient customer management)

Data transfer to third countries: HubSpot processes data partly in the USA on the basis of Standard Contractual Clauses.

Data Processing Agreement: We have concluded a Data Processing Agreement with HubSpot.

Retention period: Data is stored as long as you are a customer or until you request deletion, unless statutory retention obligations exist.

Objection: You can object to the processing at any time or revoke your consentoder, by sending an email to welcome@whoo-is-ready.com or using our contact form on this Website.

Further information:
https://legal.hubspot.com/privacy-policy
https://legal.hubspot.com/dpa

6. Automation and AI Tools

6.1 Make.com

We use Make.com (formerly Integromat), a service provided by Make.com, Inc., to automate workflows and integrate various applications.

Scope of processing: Make.com processes data that arises in the context of automated workflows (e.g., contact data, project information, status updates).

Legal basis:
– Art. 6(1)(b) GDPR (contract performance)
– Art. 6(1)(f) GDPR (legitimate interest in efficient business operations)

Data Processing Agreement: We have concluded a Data Processing Agreement with Make.com.

Further information:
https://www.make.com/en/privacy
https://www.make.com/en/dpa

6.2 n8n

We use n8n, a workflow automation tool, to automate internal and client‑specific processes.

Self‑hosted or cloud version

Scope of processing: n8n processes data required for automated workflows (e.g., contact data, project data, communication data).

Legal basis:
– Art. 6(1)(b) GDPR (contract performance)
– Art. 6(1)(f) GDPR (legitimate interest)

If cloud: Data Processing Agreement: We have concluded a Data Processing Agreement with n8n.

Further information:
https://n8n.io/legal/privacy/

6.3 Langdock

We use Langdock, an AI assistance platform, to support our consulting and development activities.

Scope of processing: Langdock processes texts, documents, and other content that we enter to process your inquiries or projects. This may also include personal data.

Legal basis:
– Art. 6(1)(b) GDPR (contract performance)
– Art. 6(1)(f) GDPR (legitimate interest in efficient service delivery)

Special notes: We take care not to process particularly sensitive data (e.g., health data) in AI tools without explicit agreement.

Langdock is used internally and also for client projects

Further information:
https://www.langdock.com/privacy

7. Disclosure of Data to Third Parties

We only disclose your personal data if:

  • You have given your explicit consent (Art. 6(1)(a) GDPR),
  • This is necessary for contract performance (Art. 6(1)(b) GDPR),
  • There is a legal obligation (Art. 6(1)(c) GDPR), or
  • There is a legitimate interest (Art. 6(1)(f) GDPR).

Data processors: We use external service providers as data processors (e.g., hosting, CRM, automation). We have concluded data processing agreements with all processors in accordance with Art. 28 GDPR.

8. Data Processing for Client Projects

When we provide services for you as a client and process personal data in the process (e.g., as part of consulting projects, workshops, automation), we generally act as a data processor.

In this case, we conclude a separate Data Processing Agreement (DPA) with you in accordance with Art. 28 GDPR. Processing is carried out exclusively according to your documented instructions.

9. Your Rights

You have the following rights:

  • Access (Art. 15 GDPR): You can request information about the personal data we process.
  • Rectification (Art. 16 GDPR): You can request the correction of incorrect data.
  • Erasure (Art. 17 GDPR): You can request the deletion of your data, unless statutory retention obligations prevent this.
  • Restriction (Art. 18 GDPR): You can request the restriction of processing.
  • Data portability (Art. 20 GDPR): You can receive your data in a structured, commonly used, and machine‑readable format.
  • Objection (Art. 21 GDPR): You can object to the processing of your data insofar as it is based on legitimate interest.
  • Withdrawal of consent (Art. 7(3) GDPR): You can withdraw consent you have given at any time. The lawfulness of processing carried out until the withdrawal remains unaffected.

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority, e.g.:

The State Commissioner for Data Protection and Freedom of Information Baden‑Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany
https://www.baden-wuerttemberg.datenschutz.de

10. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

Our security measures are continuously improved in line with technological developments.

11. Retention Period

We only store personal data for as long as is necessary for the respective purposes or as long as statutory retention periods exist (e.g., 6 or 10 years under commercial and tax law).

After the expiry of the periods, the data is routinely deleted unless further processing is required.

12. Online Dispute Resolution and Consumer Arbitration

Online Dispute Resolution: The European Commission provides a platform for online dispute resolution (ODR):
https://ec.europa.eu/consumers/odr
Our email address can be found above.

Consumer Arbitration: We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.

13. Changes to This Privacy Policy

We reserve the right to amend this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services.

The current privacy policy can be accessed on our website at any time. Your next visit will be subject to the new privacy policy.