Use of XLRAI Services

Privacy Policy

Stand: August 2025

§1 Controller

1.1 The controller responsible for data processing is:

ML Herrmann Consultants (Sole Proprietorship)
Thomasiusstraße 25, 04109 Leipzig, Germany
E-mail: service@ml-consultants.de
Representative: Marie-Luise Herrmann

§2 Purpose and Legal Basis of Processing

2.1 We process personal data for the following purposes:

  • Responding to inquiries (e.g., via the contact form)
  • Preparing offers and performing contracts (MVP / Web / SEO projects)
  • Invoicing and payment processing
  • Conducting webinars and online courses
  • Operating and securing the website
  • Analyzing and optimizing our online offerings
  • Marketing activities (only with consent)

2.2 The legal bases for processing are in particular:

  • Art. 6(1)(b) GDPR (performance of a contract / pre-contractual measures)
  • Art. 6(1)(c) GDPR (legal obligations)
  • Art. 6(1)(f) GDPR (legitimate interests)
  • Art. 6(1)(a) GDPR (consent, e.g., for cookies, newsletters, marketing)

§3 Categories of Data Processed

3.1 Depending on your use of our website and services, we may process the following categories of data:

  • Contact details: Name, e-mail address, postal address, telephone number
  • Contract and project data: Project description, access credentials, technical requirements
  • Payment data: Billing and payment information (via Stripe or PayPal)
  • Usage data: IP address, browser type, access times, pages visited, referrer
  • Communication content: Messages from the contact form or e-mail correspondence

§4 Recipients and Processors

4.1 We use the following service providers for the provision of our services and website operations:

  • Hosting / Website: Webflow, Inc.
  • Development / Platforms: Bubble Group, Inc.
  • Analytics / Tools: Google LLC / Google Ireland Ltd. (Google Analytics, Google Search Console, Google My Business)
  • Payment processing: Stripe Payments Europe Ltd., PayPal (Europe) S.à r.l. et Cie, S.C.A.
  • Cookie consent management: Cookiebot (Usercentrics A/S)

4.2 Data may be transferred to countries outside the EU (in particular the USA). We have entered into Data Processing Agreements (DPAs) with all providers. However, there remains a residual risk of access by U.S. authorities.

4.3 Data Processing Agreements pursuant to Art. 28 GDPR are in place with all relevant providers.

§5 Storage Period

5.1 We store personal data only for as long as necessary to fulfill the purposes outlined above or as required by statutory retention periods:

  • Contract and billing data: up to 10 years (tax and commercial law requirements)
  • Communication data: until completion of processing and for a maximum of 12 months
  • Website usage data: according to the retention periods of the tools used

§6 Cookies and Tracking

6.1 Our website uses cookies and similar technologies:

  • Technically necessary cookies: Required for website operation
  • Optional cookies (analytics/marketing): Only with your consent (via Cookiebot)
  • Google Analytics: Used only with consent; IP anonymization enabled

6.2 You may withdraw your consent at any time with effect for the future.

§7 Contact Form and Communication

7.1 When you contact us via the contact form or by e-mail, we process the information you provide (name, e-mail address, message) for the purpose of handling your inquiry. This data will not be shared with third parties without your consent.

§8 Data Subject Rights

8.1 In accordance with the GDPR, you have the following rights:

  • Access to your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (“right to be forgotten,” Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to certain processing activities (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)

§9 Necessity of Providing Data

9.1 The provision of personal data is required for the preparation of offers and project implementation. Without such data, we may be unable to provide our services or may only be able to provide them in a limited manner.

§10 Data Security

10.1 We implement appropriate technical and organizational security measures to protect your data against loss, misuse, or unauthorized access.

§11 Changes to this Privacy Policy

11.1 We reserve the right to amend this Privacy Policy as necessary. The current version is always available on our website.

Logo from XLRAI
Terms & Conditions
Privacy Policy
Imprint

Copyright ©

Design & Developed by XLRAI