Your trust is our highest priority — here's how we protect your data.
Our promise
Protecting your personal data is important to us. We treat your information confidentially and responsibly.
Scope
This privacy policy applies to all of our online offerings, services, and digital platforms — comprehensively and bindingly.
Why a privacy policy?
Under the General Data Protection Regulation (GDPR) and the German Telecommunications-Telemedia Data Protection Act (TTDSG) we are required to inform you about the processing of your personal data.
Personal data is any information that allows conclusions about you as a person — e.g. name, address, email, or IP address.
What data do we collect?
Data you actively provide
Data you knowingly send us — e.g. through contact forms, newsletter signup, or orders: name, email, address.
Automatically captured data
When visiting our website: IP address, browser type, date and time of access, and referrer URL.
Cookies & tracking
We use only technically necessary cookies that are required for the operation of the website. For anonymous traffic measurement we use Vercel Web Analytics (Vercel Inc., USA) — the service works without cookies and without storing or reading information on your device. No tracking cookies, no Google Analytics, and no Meta Pixel are used; no cross-device or personal user tracking takes place. Since no non-essential cookies are used and no information is accessed on your device within the meaning of § 25 TTDSG, no cookie-consent banner is required. The legal basis is our legitimate interest in a data-minimizing analysis of website usage (Art. 6(1)(f) GDPR).
How we use your data
- Contract fulfillment: To deliver our contractual services and to handle your inquiries carefully.
- Analysis & optimization: To improve our offering and to analyze website usage in a privacy-compliant manner.
- Marketing: For marketing purposes only with your explicit consent — never without your knowledge.
Sharing with third parties
We share your data only when legally permitted or when you have explicitly consented. Your protection always comes first.
Partners such as hosting or shipping providers receive only the strictly necessary data and are contractually obligated to comply with data protection.
A transfer to countries outside the EU only occurs if an adequate level of data protection is guaranteed.
Specific service providers we use
- Email & contact form: When you use our contact form, the data you submit (name, email, company, message) is delivered to our inbox via the technical email provider Resend (Resend, Inc., USA). Processing in the USA is based on EU Standard Contractual Clauses; Resend only stores the content temporarily for delivery. To attribute your inquiry, we submit the technical origin of your visit along with the form (campaign / UTM parameters of the link you clicked and the referrer domain); this information is held client-side only for the duration of your visit and is not stored in cookies.
- Appointment booking: For booking intro calls we use Google Calendar (Google Ireland Limited, Ireland). When you book, you transmit your name, email address, and the chosen time directly to Google; this may involve processing on servers in the USA, secured via the EU-US Data Privacy Framework.
- Octopus app / login: Our web app (app.octopusprinciple.com) runs as a separate service. When you register or log in there, your account and usage data is processed in the app environment (hosting & database via Supabase, Inc.). The privacy notice provided within the app applies there.
Your rights as a user
The GDPR grants you comprehensive rights regarding your personal data:
- Right of access — You can find out at any time which data we have stored about you.
- Correction & deletion — The right to correction, deletion, or restriction of processing of your data.
- Data portability — You can receive your data in a common format and take it to another provider.
- Objection & withdrawal — Object to certain processing or withdraw consent you've given at any time.
- Right to complain — You can lodge a complaint with a data protection supervisory authority at any time.
Data security
We use technical and organizational measures to protect your data from loss, misuse, and unauthorized access. Our security standards are reviewed regularly and adapted to the current state of the art.
External services
Hosting: This website is hosted on the Vercel Inc. platform (USA), secured via the EU-US Data Privacy Framework. On request, technically necessary server logs are processed (IP address, browser type, timestamp, referrer).
Fonts (Signika Negative, DM Sans, JetBrains Mono) are served locally from our servers via next/font — no connection to Google servers is established. Your data stays with us.
Traffic measurement: To analyze website usage anonymously we use Vercel Web Analytics (Vercel Inc., USA, secured via the EU-US Data Privacy Framework). The service collects aggregated, cookieless usage data (e.g. pages viewed, referrer, approximate origin, device type) without using cookies and without building personal profiles. We do not use tracking pixels (e.g. Meta Pixel) or behavior-based user tracking.
Consent and withdrawal
Where we obtain your consent for data processing, this is always done voluntarily, informed, and explicitly.
You can withdraw your consent at any time with effect for the future — without giving reasons.
Withdrawal does not affect the lawfulness of data processing carried out up to that point.
Data protection officer
For questions or concerns about data protection, please contact us at any time:
E-Mail: privacy@octopusprinciple.com
Phone: +49 172 921 0391
Recipient: The Octopus Principle GmbH — z. Hd. Datenschutzbeauftragter, Jülicher Straße 344, 52070 Aachen
Changes to this privacy policy
We reserve the right to adjust this privacy policy in the event of new legal requirements or changed services. The current version can always be found on this page.
Legal basis
This privacy policy is based on the GDPR, TTDSG, and the German Federal Data Protection Act (BDSG). In particular, Articles 13 and 14 GDPR govern information obligations when data is collected directly from the data subject.
Note on IP addresses
IP addresses are considered personal data, since the internet provider can be used to associate them with a person. We therefore treat IP addresses with particular care and process them only within the legally permitted framework.
We take the protection of your data seriously and want to offer you maximum transparency with this privacy policy. If you have questions or concerns, we're happy to help at any time.
