Privacy Notice

**Effective date:** 31 May 2025 **Revision:** 1.1 



1 · Controller

Radiant Face Moves – Owner Julia Thielert
Am Ortfelde 78, 30916 Isernhagen, Germany
E‑mail:info@radiantfacemoves.com


2 · Legal framework

I process your personal data exclusively under 
- the EU General Data Protection Regulation (GDPR), 
- the German Federal Data Protection Act (BDSG), and 
- – where cookies are concerned – the German TTDSG. 
Where the GDPR requires a legal basis I indicate it (Art. 6 (1) GDPR).


3 · Hosting / Service Providers

**Web-hosting — Looka Inc. (Toronto, CA/US)** 

• **Data:** server logs, IP address, error logs 

• **Safeguards:** Canada adequacy (Art. 45 GDPR); USA SCC + EU-US DPF 


**E-mail & domain — Google Workspace / Google LLC (Mountain View, US)** 

• **Data:** e-mail content & metadata, domain data 

• **Safeguards:** SCC + EU-US DPF 


**Newsletter — Intuit Mailchimp (Atlanta, US)** 

• **Data:** e-mail address, opt-in timestamp, open/click stats 

• **Safeguards:** double opt-in; SCC + EU-US DPF 


*No profiling or automated decision-making within the meaning of Art. 22 GDPR.



4. Web-Fonts (Google Fonts) 

We serve **Google Fonts locally from our own server**. 

No request is made to `fonts.googleapis.com` or `fonts.gstatic.com`; your IP address is therefore **not transmitted to Google** when our pages load.



5. Contacting Me / Contact Form

When you contact me via the form provided on this website, I process the personal data you enter — name, e-mail address, subject and message content (plus any voluntary information you supply).

Purpose & Legal Basis
I process these data solely to handle your enquiry and — where your enquiry relates to a (prospective) contract — to initiate or perform that contract in accordance with Article 6 (1) (b) GDPR. Where no contractual relationship exists, processing is based on my legitimate interest in effective communication with website visitors (Article 6 (1) (f) GDPR).

Storage Period
Your data are stored only as long as necessary to answer your request. The conversation is deemed finished when it is clear from the circumstances that the matter has been fully resolved. Your data will then be erased no later than six (6) months after the last communication, unless statutory retention duties require longer storage. We erase enquiry data no later than six months after our last communication – **or longer where mandatory commercial or tax retention duties (up to ten years under German law) apply**.

Disclosure to Third Parties
Your data will not be passed on to third parties, unless this is necessary in an individual case to fulfil your request or I am legally obliged to do so.

Encryption
Your form submission is transmitted via TLS encryption, so the content you send cannot be read by unauthorised parties in transit.

Voluntariness & Right to Withdraw
Providing your data is voluntary. You may withdraw your consent to processing — or object to it — at any time with effect for the future. A brief e-mail to ✉ info@radiantfacemoves.com is sufficient. In that event, I may no longer be able to process your enquiry.


4 a · Contact Form Data at a Glance 
When you contact me via the form provided on this website, I process the personal data you enter – name, e-mail address, subject and message content (plus any voluntary information you supply).


6 · Newsletter (Mailchimp)

I send my newsletter via Intuit Mailchimp, The Rocket Science Group LLC, Atlanta GA, USA.

  • Sending only after your explicit double‑opt‑in consent (Art. 6 (1)(a) GDPR).
  • Mailchimp participates in the EU‑US Data Privacy Framework and additionally relies on SCCs.
  • You can withdraw consent at any time via the “Unsubscribe” link or by contacting me.

    .


7 · Data we process


**Personal data we process may include:**

- Identification data (name, e-mail address) 
- Technical data (IP address, browser type, operating system, referrer URL, timestamp) 
- Communication content (messages you send via the contact form or e-mail) 
- Newsletter engagement data (open and click statistics) 
- Log data generated by our hosting provider (server requests, error logs)

I process – and keep to a minimum – only the data that are strictly necessary to run this website and send my newsletter:

Site  visit logs – When you access the site, my servers automatically store your IP address, the date and time of the request, and your browser’s user‑agent string. I use these log files solely to deliver the website, maintain stability and detect attacks. Processing rests on my legitimate interest (Art. 6 (1)(f) GDPR). Log files are deleted automatically within 30 days.
Newsletter data – If you subscribe to my newsletter, I record your e‑mail address, optionally your first name, the time stamp of your double opt‑in and subsequent e‑mail opens and link clicks. I use these data to send the newsletter and improve its content and deliverability. Processing is based on your consent (Art. 6 (1)(a) GDPR). The data are erased as soon as you unsubscribe.
Essential cookies – We set strictly necessary cookies such as a session ID, a CSRF token and your consent status. These cookies are required for core functionality and security and therefore placed pursuant to § 25 (2) No. 2 TTDSG in conjunction with Art. 6 (1)(f) GDPR. Each cookie is removed automatically after the period indicated in your browser.

Social-Media Links 
This website contains ordinary hyperlinks to my external profiles on Instagram, TikTok and YouTube. 
**No embedded plug-ins or trackers are loaded** while you browse radiantfacemoves.com. Only when you click a link are you forwarded to the respective platform, whose own privacy policies then apply.


8 · You have the right to


1. **Access** the personal data we hold about you (Art. 15 GDPR), 

2. **Rectification** of inaccurate or incomplete data (Art. 16 GDPR), 

3. **Erasure** (“right to be forgotten”, Art. 17 GDPR), 

4. **Restriction of processing** (Art. 18 GDPR), 

5. **Data portability** (Art. 20 GDPR), 

6. **Object** to processing (Art. 21 GDPR), and 

7. **Withdraw any consent** you have given, with effect for the future (Art. 7 §3 GDPR).


9 · Supervisory authority 

You may lodge a complaint with any supervisory authority. Our lead authority is 


**State Commissioner for Data Protection of Lower Saxony** 

Prinzenstraße 5, 30159 Hanover, Germany ✆ +49 (0)511 120-4500 

✉ poststelle@lfd.niedersachsen.de


10 · Data recipients

Personal data are shared solely with the processors listed above (Looka for hosting, Mailchimp for e‑mail). Google LLC / Google Ireland Ltd.  We do not sell or otherwise disclose your data to third parties, nor do we engage in profiling or automated decision‑making (Art. 22 GDPR).



11 · International transfers

Where data are processed outside the EEA, we ensure an adequate level of protection through adequacy decisions, SCCs, or the EU–US DPF (Art. 44 ff. GDPR). Even under the EU–US DPF, U.S. intelligence access cannot be fully excluded; we therefore assess residual risks and apply additional safeguards where necessary.



12 · Data retention

**Server logs** 

• **Legal basis:** Art. 6 (1) f GDPR (legitimate interest: security & stability) 

• **Retention:** 30 days, then automatic deletion 


**Contact requests** 

• **Legal basis:** Art. 6 (1) b / f GDPR 

• **Retention:** deleted no later than six (6) months after the last communication 


**Newsletter data** 

• **Legal basis:** Art. 6 (1) a GDPR (consent) 

• **Retention:** erased immediately upon unsubscribe 





13 · Security

The site is delivered via TLS 1.3. Looka uses firewalls, redundancy and regular updates. Data access is role‑based and restricted to authorised personnel.


14 · Minors

Our services are not directed at children under 16 and we do not knowingly process children’s data.



15 · Changes to this policy

We may update this Privacy Notice to reflect legal or technical changes. The latest version is always available at/privacy‑notice; material changes will be announced on the site or by e‑mail.



TL;DR

- **Hosting:** Looka (CA/US) – adequacy / SCC / DPF  

- **E-mail + Domain:** Google Workspace (US) – SCC / DPF  

- **Newsletter:** Mailchimp (US) – double opt-in · SCC / DPF  

- **Fonts:** Google Fonts served locally  

- **No analytics, tracking cookies or profiling**  

- **Your rights:** access, rectify, erase, restrict, transfer, object, withdraw, complain  

- **Response time:** **within one month** (Art. 12 GDPR)