Privacy Policy

1. Controller

The controller within the meaning of the GDPR is:

Big Wolf Business Owner: Saad Dyab Wehldorfer Str. 25 27616 Beverstedt Germany

Email: info@bigwolfbusiness.com Phone: +49 1578 0958196

2. Your rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), as well as the right to object (Art. 21) and to withdraw consent already given (Art. 7 para. 3). To exercise your rights, an informal email to info@bigwolfbusiness.com is sufficient.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). Our competent supervisory authority is:

Die Landesbeauftragte für den Datenschutz Niedersachsen Prinzenstraße 5, 30159 Hannover, Germany https://lfd.niedersachsen.de

3. Server log files

When you access our website, the hosting provider records technical data in server log files: anonymised IP address, date and time of the request, requested URL, referrer, user agent. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stability, security and error analysis). Retention: 30 days, then automatic deletion or anonymisation.

4. Hosting, Vercel

Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut CA 91789, USA. Technical delivery is performed from the "fra1" data centre in Frankfurt am Main (EU). A data processing agreement (Art. 28 GDPR) is in place with Vercel. Vercel is certified under the EU-US Data Privacy Framework; standard contractual clauses are additionally used. Vercel privacy policy: https://vercel.com/legal/privacy-policy

5. Database, Neon

Structured data (e.g. incoming contact form submissions, operational records) is stored in a PostgreSQL database operated by Neon Inc., USA. A data processing agreement is in place with Neon. Neon is certified under the EU-US Data Privacy Framework and additionally uses standard contractual clauses.

6. Contact form & email delivery, Resend

When you use our contact form, we collect the data you provide (typically name, email address, message). Confirmation and notification emails are sent via Resend, Inc., USA. Legal basis: Art. 6(1)(b) GDPR (initiation/performance of a contract) or Art. 6(1)(f) GDPR (legitimate interest in efficient handling of inquiries). Resend is DPF-certified; an Art. 28 data processing agreement is in place.

Retention: until your inquiry is resolved. If a business relationship arises from your inquiry, the commercial and tax-law retention periods apply (§ 257 HGB, § 147 AO; up to 10 years).

7. Google Tag Manager & marketing tools

If you consent to the "Marketing" category in the cookie banner, we load Google Tag Manager (container GTM-5HL35X6F) provided by Google Ireland Limited. Google Tag Manager serves as a container for additional marketing tags (e.g. Google Ads, Meta Pixel) and allows their configurable delivery. We use Google Consent Mode v2: until you grant consent, all consent signals are set to "denied" and no cookie-based data collection takes place. Legal basis: Art. 6(1)(a) GDPR and § 25(1) TTDSG (consent).

You can withdraw your consent at any time via the "Cookie settings" link in the footer.

8. Web analytics & session replay, Contentsquare

If you consent to the "Analytics" category in the cookie banner, we load Contentsquare via Google Tag Manager. Provider: Contentsquare SA, 8 rue Saint Fiacre, 75002 Paris, France. Contentsquare helps us understand how visitors use our site, which content gets read, which buttons get clicked, where users drop off.

Data processed: – Mouse, scroll and click behaviour ("pseudonymous interaction data") – Session recordings and aggregated heatmaps – Device and browser information (user agent, screen size, language, approximate city-level location derived from a truncated IP address)

Important: input fields, personal data and sensitive content are automatically masked before recording (data-cs-mask) and are never transmitted to Contentsquare.

Legal basis: Art. 6(1)(a) GDPR and § 25(1) TTDSG (consent). Contentsquare processes data within the EU; a data processing agreement under Art. 28 GDPR is in place.

Retention: session recordings are kept for up to 13 months in the default configuration, then deleted automatically. Cookies, see our Cookie Policy.

Further information: https://contentsquare.com/privacy-and-security/ Opt out directly with Contentsquare: https://contentsquare.com/optout/

9. Cookies & local storage

We use cookies and local-storage entries in three categories: Necessary, Analytics and Marketing. A complete overview of every cookie in use, including name, purpose, retention and provider, is in our separate Cookie Policy at /cookies.

In short: • Necessary (no consent required, Art. 6(1)(f) GDPR): "bwb-theme" and "bwb-consent" in local storage. • Analytics (consent required): Contentsquare cookies (_cs_id, _cs_s, _cs_c, _cs_ex). • Marketing (consent required): cookies set by Google Tag Manager and the tags configured through it.

10. Retention periods

We store personal data only as long as necessary to achieve the respective purpose, or as required by statutory retention obligations.

• Server logs: 30 days • Contact form submissions: until resolved; business-relevant correspondence up to 10 years (§ 257 HGB) • Consent record (cookie banner): until withdrawn or until re-prompt (12 months) • Contentsquare session data: up to 13 months

11. Data security

Transmission is encrypted via HTTPS/TLS. We apply technical and organisational measures in line with the state of the art to protect your data against unauthorised access, loss or manipulation.

12. Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or in order to implement changes to our services. The new privacy policy will then apply to your next visit.