Skip to content
Loadshedding --
CT now
πŸ•’ --:-- 🌑️ --Β°C / --Β°F 🌬️ -- m/s

Privacy Policy

Last updated: April 4, 2026

1. Controller and Contact Information

The controller responsible for data processing on this website is:

Dr. Tina Koziol
Ceraluna Labs
Elchkamp 7
22846 Norderstedt
Germany

Email: info@capetowndata.com
Phone: +49 176 81336624

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us using the details above.

2. Data We Collect

2.1 Account Registration

When you create an account, we collect:

  • Email address (required)
  • Password (stored encrypted)
  • Name (optional)

Legal basis: Contract performance (Art. 6(1)(b) GDPR) – necessary to provide your account.

2.2 Social Login

If you register via Google or Facebook, we receive:

  • Your email address
  • Your name (as configured in your social account)
  • Profile picture URL (optional)

Legal basis: Consent (Art. 6(1)(a) GDPR) – you authorize the connection.

2.3 Payments and Purchases

When you make a purchase (e.g., ebook, subscription), we collect:

  • Full name
  • Email address
  • Billing address
  • Payment transaction ID (we do not store card numbers)

Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legal obligation for invoicing (Art. 6(1)(c) GDPR).

2.4 Contact Form

When you contact us, we collect:

  • Your name
  • Your email address
  • Your message content

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – to respond to your inquiry.

2.5 Technical Data (Automatically Collected)

When you visit our website, our servers automatically log:

  • IP address (anonymized where possible)
  • Browser type and version
  • Operating system
  • Referrer URL
  • Pages visited and time spent
  • Date and time of access

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – security and optimization.

3. Purposes of Processing

We process your data for the following purposes:

Purpose Legal Basis
Providing and managing your account Contract (Art. 6(1)(b))
Processing payments and issuing invoices Contract + Legal obligation (Art. 6(1)(b), (c))
Responding to inquiries Legitimate interest (Art. 6(1)(f))
Website security and abuse prevention Legitimate interest (Art. 6(1)(f))
Website analytics (Google Analytics - requires consent) Consent (Art. 6(1)(a))
Functional features (Mediavine Grow - favorites, enabled by default) Legitimate interest (Art. 6(1)(f))
Marketing and newsletters (MailChimp - requires consent) Consent (Art. 6(1)(a))

4. Recipients and Processors

We share your data with the following categories of recipients:

4.1 Payment Processing

Stripe, Inc.

Purpose: Payment processing for purchases and subscriptions.
Data shared: Name, email, billing address, payment details.
Location: USA (EU-US Data Privacy Framework certified)
Privacy Policy

4.2 Analytics (requires consent)

Google Analytics Opt-in

Purpose: Website usage analysis to improve our services.
Data shared: IP address (anonymized), browsing behavior, device info.
Location: USA (Standard Contractual Clauses)
Requires your explicit consent before activation.
Privacy Policy

4.3 Functional & Marketing Services

Mediavine Grow Default On

Purpose: Functional features including favorites/bookmarking and social sharing.
Data shared: IP address, browsing behavior, account data (if registered).
Location: USA
Enabled by default as a functional feature. You can opt out via cookie settings.
Privacy Policy

Mailchimp (Intuit) Opt-in

Purpose: Newsletter and email marketing.
Data shared: Email address, name (if provided).
Location: USA (Standard Contractual Clauses)
Privacy Policy

4.4 Security Services

Google reCAPTCHA

Purpose: Bot prevention and form security.
Data shared: IP address, browser data, interaction patterns.
Location: USA
Privacy Policy

4.5 Hosting and Infrastructure

Cloudflare, Inc.

Purpose: Content delivery, image optimization, security.
Data shared: IP address, request data.
Location: Global (EU-US Data Privacy Framework certified)
Privacy Policy

4.6 Accounting

Lexware Office (Haufe-Lexware GmbH)

Purpose: Invoice management and bookkeeping.
Data shared: Invoice data (name, address, purchase details).
Location: Germany
Privacy Policy

5. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), particularly in the USA. We ensure adequate protection through:

  • EU-US Data Privacy Framework: For providers certified under this framework (e.g., Stripe, Cloudflare).
  • Standard Contractual Clauses (SCCs): EU-approved contract terms for data transfers (e.g., Google, Mailchimp).

You may request a copy of the applicable safeguards by contacting us.

6. Cookies and Tracking

We use cookies and similar technologies. Our cookie consent banner allows you to choose which categories to accept:

Category Purpose Consent Required
Necessary Essential website functionality (session, security, consent storage) No (always active)
Analytics Understanding website usage (Google Analytics) Yes
Marketing Social features, newsletters (Mediavine Grow, Mailchimp) Yes

You can change your preferences at any time by clicking Cookie Settings.

For more details, see our Cookie Policy.

7. Data Retention

We retain your data only as long as necessary:

Data Type Retention Period
Account data Until you delete your account
Purchase/invoice data 10 years (German tax law requirement)
Contact form messages Until inquiry resolved, max. 3 years
Server logs 7 days
Consent records 3 years after last interaction
Analytics data 26 months (Google Analytics default)

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data.
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your data ('right to be forgotten').
  • Right to Restriction (Art. 18): Limit how we process your data.
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time (does not affect prior processing).

To exercise these rights, contact us at info@capetowndata.com.

Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany
Website: datenschutz-hamburg.de

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data transmission
  • Encrypted password storage (hashing)
  • Access controls and authentication
  • Regular security updates
  • CSRF protection on all forms

10. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting the updated policy on this page
  • Updating the 'Last updated' date
  • Sending an email notification for material changes (if you have an account)

11. Contact Us

For any questions about this privacy policy or your personal data:

Dr. Tina Koziol
Ceraluna Labs
Email: info@capetowndata.com
Phone: +49 176 81336624