Privacy Policy

1. Overview

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy below.

We take the protection of your personal data seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, in particular the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications and Digital Services Data Protection Act (TDDDG).

This policy is the official English translation of our Datenschutzerklärung. In case of any discrepancy, the English version applies to users of this English-language website.

2. Controller

The controller responsible for data processing on this website, within the meaning of the GDPR, is:

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses).

3. Data Protection Officer

We are not legally required to appoint a data protection officer under Section 38 of the German Federal Data Protection Act (BDSG), as we are below the statutory thresholds. For any data protection enquiry, please contact the controller directly using the address above.

4. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): You may request information about the personal data we hold about you.
• Right to rectification (Art. 16 GDPR): You may request that inaccurate data be corrected and incomplete data be completed.
• Right to erasure (Art. 17 GDPR): You may request deletion of your data, subject to statutory retention obligations.
• Right to restriction of processing (Art. 18 GDPR): You may request that processing be restricted.
• Right to data portability (Art. 20 GDPR): You may request your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests or direct marketing at any time.
• Right to withdraw consent (Art. 7 (3) GDPR): If processing is based on consent, you may withdraw that consent at any time with effect for the future.
• Right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with a supervisory authority, in particular with the Hessian Commissioner for Data Protection and Freedom of Information (Hessischer Beauftragter für Datenschutz und Informationsfreiheit, datenschutz.hessen.de).

To exercise any of these rights, please contact us at hello@landedfrankfurt.com.

5. Legal Bases for Processing

We process personal data on the following legal bases under Art. 6 (1) GDPR:

• Consent (Art. 6 (1) (a) GDPR): for newsletter subscriptions, optional cookies, and other voluntary data submissions.
• Contract (Art. 6 (1) (b) GDPR): for processing orders of the Starter Kit, Expat Guide, and Custom Integration Report.
• Legal obligation (Art. 6 (1) (c) GDPR): for statutory retention periods under tax and commercial law.
• Legitimate interests (Art. 6 (1) (f) GDPR): for server logs, IT security, and the technical operation of this website.

Where we process personal data of subscribers to a paid product, processing is additionally based on Section 25 (1) TDDDG with respect to storing and accessing information on end-user terminal equipment, where such storage or access is not strictly necessary.

6. SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line in the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you submit to us cannot be read by third parties.

7. Hosting (Strato AG)

This website is hosted by Strato AG, Pascalstraße 10, 10587 Berlin, Germany (“Strato”). When you visit this website, Strato collects various log files including your IP address.

Strato is used on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable display of our website. To the extent required, consent is obtained pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG; consent may be withdrawn at any time.

We have concluded a data processing agreement (DPA) with Strato pursuant to Art. 28 GDPR.

Server Log Files

The provider of these pages automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server request
• IP address

These data are not merged with other data sources. Collection is carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website — to this end, the server log files must be collected. Server log files are stored for a maximum of seven days and then deleted.

8. Cookies

Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your end device (laptop, tablet, smartphone, or similar) when you visit our website.

We use technically necessary cookies to operate the website (legal basis: Art. 6 (1) (f) GDPR and Section 25 (2) No. 2 TDDDG). Any non-essential cookies — including those that may be set by embedded third-party services — are only used with your explicit consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, which you can grant or decline through our consent banner and withdraw at any time with effect for the future.

Most browsers accept cookies automatically. You can configure your browser so that no cookies are stored on your computer or so that a notice always appears before a new cookie is created. However, deactivating cookies completely may mean that you cannot use all functions of our website.

9. Contact by Email

If you contact us by email (hello@landedfrankfurt.com), the information you provide will be stored in order to process the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The legal basis for processing is Art. 6 (1) (b) GDPR if the enquiry relates to a contract or pre-contractual measures, and otherwise Art. 6 (1) (f) GDPR, based on our legitimate interest in responding effectively to enquiries.

The data you send us via contact enquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions — in particular retention periods under tax and commercial law — remain unaffected.

10. Newsletter (Beehiiv)

We use Beehiiv Inc., 228 Park Avenue #29976, New York, NY 10003, USA (“Beehiiv”) to deliver our newsletter.

If you subscribe to our newsletter, the personal data you provide (primarily your email address) is transmitted to Beehiiv’s servers and stored there. Beehiiv processes the following data to deliver the newsletter on our behalf:

• email address
• time of subscription
• IP address at the time of subscription
• technical metadata (approximate location, device information) to prevent fraudulent signups
• opens, clicks, and link interactions within newsletter emails (for performance analytics)

Legal basis: Processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. We use the double opt-in procedure: after you enter your email address, you receive a confirmation email and are only added to our list after you click the confirmation link. You can withdraw your consent at any time by clicking the “unsubscribe” link at the bottom of every newsletter, or by writing to hello@landedfrankfurt.com. Your email address will then be deleted from our distribution list.

Transfer to the USA: Your data is processed on servers located in the United States. Beehiiv is certified under the EU–US Data Privacy Framework (DPF), which the European Commission has deemed to provide an adequate level of data protection (adequacy decision of 10 July 2023). In addition, we have concluded a data processing agreement with Beehiiv pursuant to Art. 28 GDPR that includes the EU Standard Contractual Clauses as a further safeguard.

Storage duration: We store your data for as long as you are subscribed to the newsletter. After unsubscription, your email address is deleted from Beehiiv and from our systems, unless retention is required to demonstrate prior consent.

Beehiiv’s own privacy policy is available at beehiiv.com/privacy.

11. Digital Products (Gumroad)

To sell and deliver our digital products (Starter Kit, Expat Guide, Custom Integration Report), we use Gumroad, Inc., 548 Market St #72869, San Francisco, CA 94104, USA (“Gumroad”).

If you purchase a product, the personal data you enter during checkout (name, email address, billing address, country, and payment details) is processed by Gumroad on our behalf to fulfil the contract. Payment information is handled directly by Gumroad’s payment processors (including Stripe and PayPal); we do not store or see full payment card numbers.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract) and Art. 6 (1) (c) GDPR (compliance with statutory retention obligations under tax and commercial law).

Transfer to the USA: Gumroad is located in the United States. The transfer is secured by EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR and, where applicable, by Gumroad’s certification under the EU–US Data Privacy Framework.

Storage duration: Order data is stored for the statutory retention period of up to ten years pursuant to Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB). After expiry of this period, the data is deleted.

Gumroad’s privacy policy is available at gumroad.com/privacy.

12. Custom Integration Report Workflow (Typeform, Make, Docupilot)

For the Custom Integration Report, we use the following additional processors to collect your questionnaire responses and generate your personalised PDF:

• Typeform S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain — for hosting the questionnaire. Privacy policy: typeform.com.
• Make (Celonis s.r.o.), Křižíkova 148/34, 186 00 Prague, Czech Republic — for orchestrating the data flow between the services. Privacy policy: make.com.
• Docupilot (BizPilot LLC), 548 Market Street, San Francisco, CA 94104, USA — for automated PDF generation from your questionnaire data. Privacy policy: docupilot.app.
• Anthropic PBC, 548 Market Street PMB 90375, San Francisco, CA 94104, USA — the Claude API is used to draft parts of the report on our behalf. Questionnaire responses are transmitted and are not used by Anthropic to train its models (per the Anthropic Commercial Terms). Privacy policy: anthropic.com/legal/privacy.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract). We have concluded data processing agreements with each of these processors pursuant to Art. 28 GDPR. Transfers to the USA are secured by EU Standard Contractual Clauses and, where applicable, by certification under the EU–US Data Privacy Framework.

Storage duration: Questionnaire data is deleted from all processor systems within 90 days after report delivery, except where we are required to retain transaction data for statutory purposes (see section 11).

13. Web Fonts (Self-Hosted)

This website uses the web fonts “EB Garamond” and “Manrope” to ensure a consistent typographic presentation across browsers. Both fonts are licensed under the SIL Open Font License and are hosted locally on our own server (Strato AG, Germany). The font files are delivered directly from our domain landedfrankfurt.com as part of the website itself.

No connection to Google servers or any other third-party font provider is established when you visit this website. Your IP address and browser data are not transmitted to Google Fonts, Adobe Fonts, or any comparable service. Processing of the standard HTTP request data required to deliver the font files (such as the IP address in server logs) is covered by our hosting section above (see section 7) and is based on Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, a system default font is used.

14. Domain Registration (Strato)

Our domains (landedfrankfurt.com, landedfrankfurt.de, landedfrankfurt.net) are registered with Strato AG. WHOIS data is processed by the respective registry (ICANN for .com, DENIC for .de) pursuant to the applicable registration policies.

15. Transfers to Third Countries

Some of the services listed above are located outside the European Economic Area, in particular in the United States. Where personal data is transferred to a third country, we ensure an adequate level of data protection through one or more of the following safeguards:

• the processor is certified under the EU–US Data Privacy Framework (adequacy decision of 10 July 2023);
• EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) (c) GDPR are in place;
• your explicit consent pursuant to Art. 49 (1) (a) GDPR has been obtained where applicable.

16. Storage Duration (General)

Unless a more specific storage period is mentioned in this policy, personal data will be stored by us until the purpose for the data processing no longer applies. If a justified request for deletion is asserted or if consent to data processing is withdrawn, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). In the latter case, the data will be deleted after these reasons no longer apply.

17. Automated Decision-Making and Profiling

We do not use fully automated decision-making or profiling pursuant to Art. 22 GDPR.

18. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to reflect changes in our processing activities or in the applicable legal framework. The current version can always be accessed on this page.