Privacy Policy
Controller (Art. 4 No. 7 GDPR)
Email: contact@wallstoneberg.com Web: https://www.wallstoneberg.com
Data Protection Officer: No Data Protection Officer is appointed. For data protection concerns, please contact us at contact@wallstoneberg.com.
1. Scope
This privacy policy informs about the processing of personal data when visiting wallstoneberg.com (including subpages) as well as when using our platform services (registration, business profile, upload/publication of business videos, contact requests). It does not apply to external websites to which we only provide links.
Our services are aimed primarily at entrepreneurs (B2B; Section 14 German Civil Code). Consumers (B2C; Section 13 German Civil Code) can also use our services; unless otherwise stated, the information in this policy applies to both groups.
2. Purposes, legal bases, recipients and storage periods
2.1 Visit of the website / server log files
Data: IP address, date/time, time zone, HTTP status, referrer URL, browser, operating system, pages/files accessed.
Purpose: Provision of the website, technical security, detection of misuse/attacks.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in stability and security).
Recipients: Hosting/technical provider (IONOS – EU), internal IT.
Storage period: generally 7–30 days, then deletion/anonymisation.
2.2 Registration & user account (B2B/B2C)
Required data: business website address, business name, business address/location, business telephone number, business email, opening/closing times, business description, at least one business video (upload), account email, password.
What we do not request: no private residential addresses, no private telephone numbers, no private financial data, no information about private life and no other non-business-related personal data.
Purpose: initiation/fulfilment of the user contract, account management, support.
Legal basis: Art. 6 (1) (b) GDPR.
Recipients: hosting (IONOS – EU), internal IT/support.
Storage period: for the duration of the contractual relationship; after account deletion, up to 12 months in working systems (proof/handling), then deletion/anonymisation. Backups are overwritten on a rolling basis (see section 6).
Note: Please do not use private data in free-text/profile fields or videos. Unnecessary private data will be removed/blurred by us as far as possible.
2.3 Public business profile (directory publication)
Published data: the business information referred to in 2.2 as well as your uploaded business videos (we publish exclusively business-related information).
Purpose: public display of your business profile on wallstoneberg.com; discoverability; presentation of your services.
Visibility: profiles are publicly accessible worldwide (also via search engines). Please do not include private residential addresses, private telephone numbers or other non-business personal data in public fields/videos. If such data is identifiable, we remove or mask it as far as it is not required.
Legal basis: Art. 6 (1) (b) GDPR.
Recipients: public (web), hosting (EU).
Storage period: as long as the account is active; after deletion, removal from the live system within 30 days (search engine caches/archives are outside our control).
2.4 Contact (email/contact form)
Data: name, email, message as well as any other information provided (e.g. URLs, timestamps).
Purpose: handling your request/communication.
Legal basis: Art. 6 (1) (b) GDPR (pre-contractual/contractual) or (f) (legitimate interest in appropriate response).
Recipients: email/hosting service, internal departments.
Storage period: until completion of processing plus up to 12 months; statutory retention obligations remain unaffected.
2.5 Invoicing/taxes (no online payment on the website)
Data: invoicing and communication data (name, address, email, scope of services, amounts, payment status).
Purpose: invoicing by email and payment by bank transfer outside the website; accounting; statutory record-keeping obligations.
Legal basis: Art. 6 (1) (b) GDPR; Art. 6 (1) (c) GDPR in conjunction with tax/commercial law provisions.
Recipients: tax adviser, accounting, banks (transfer), possibly authorities.
Storage period: 6–10 years (German tax/commercial law obligations).
2.6 Announcements with link to your Wallstoneberg video (without re-upload)
Data: the URL of your publicly accessible business video/profile on wallstoneberg.com as well as business profile details (e.g. name, category, location, short description).
What we do: We may publish link announcements on our official LinkedIn and Facebook pages which refer to your public video/profile on wallstoneberg.com and contain a short description. We do not download your video and do not upload it again; content remains hosted on our website.
Purpose: announcing new business profiles/videos; increasing reach; directing traffic to your Wallstoneberg profile.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interests). We take your interests into account and observe objections (see “Your rights”).
Responsibility for depicted persons: you ensure that persons depicted have the required consents/rights for public publication and link announcements.
Recipients: LinkedIn (LinkedIn Ireland Unlimited Company) and Facebook (Meta Platforms Ireland Limited) as independent controllers.
Third countries: the platforms may process data outside the EU/EEA (e.g. USA) using their transfer mechanisms (e.g. DPF/SCC).
Storage period: as long as the social post is live or required for the assertion/defence of claims. In case of objection (Art. 21 GDPR) we stop future announcements and review the removal of existing posts, unless overriding reasons or obligations oppose this.
2.7 Service communication & direct marketing (B2B/B2C)
Data: name, email, company and role (if specified), communication metadata (time stamps, delivery status).
Purposes: (a) service/transactional emails (account, security, invoices by email); (b) optional updates & marketing about Wallstoneberg features/offers/events.
Legal basis: (a) Art. 6 (1) (b) or (f) GDPR; (b) marketing B2C: Art. 6 (1) (a) GDPR (consent); (b) marketing B2B contacts: Art. 6 (1) (f) GDPR in compliance with Section 7 UWG (Germany).
Opt-out: objection to direct marketing is possible at any time (Art. 21 (2) GDPR); consents can be revoked at any time with effect for the future (Art. 7 (3) GDPR) – via unsubscribe link or contact@wallstoneberg.com.
Recipients: email/hosting provider, internal support.
Storage period: communication history up to 24 months after the last interaction, unless longer obligations/claims exist.
4. Legitimate interests
Where we rely on Art. 6 (1) (f) GDPR, we pursue in particular: operational security, error diagnosis, prevention of misuse (server logs, CSRF protection), efficient and secure handling of requests, assertion/defence of legal claims as well as platform promotion through link announcements (section 2.6).
5. Origin of the data
Data originates from your own provision (registration, profile maintenance, uploads, contact) as well as from automatically collected technical data when visiting the site (section 2.1). For free-text fields, please only provide business-related information. Non-required private data will be removed by us as far as possible.
6. Storage period, deletion, backups
We store personal data only as long as necessary for the purposes or as long as statutory obligations exist. After the purpose ceases to apply, we delete/anonymise the data. Backup copies are overwritten at regular intervals and are accessible exclusively for restoration purposes.
7. Obligation to provide data / consequences of non-provision
For the use of our platform as a business profile, certain business details are strictly necessary (e.g. business name, business website URL, business address/location, business contact details, opening hours, one business video). Without this information, registration/publication is not possible. We do not request private residential addresses, private telephone numbers, private financial/private-life data etc. Optional fields are labelled accordingly.
8. Recipients, processors, hosting
We use service providers (processors) for operation/provision, in particular hosting/technical services (IONOS, EU) and email/IT support. We have concluded contracts with all processors in accordance with Art. 28 GDPR.
No sale, no disclosure for third-party marketing purposes: We do not sell your business data and do not pass personal data to third parties for their own or our marketing purposes. Apart from processors and the public display of your profile on wallstoneberg.com we do not share your business data with third parties. The only additional disclosure consists of link announcements on our own LinkedIn/Facebook company pages (see section 2.6).
9. Data transfers to third countries
Regular transfers to countries outside the EU/EEA do not currently take place. As business profiles/videos are provided publicly on the internet, content can be viewed worldwide (e.g. via search engines).
Social media link preview: If we share a link to your Wallstoneberg page, LinkedIn/Facebook may retrieve public metadata from our website (e.g. title/thumbnail) to generate a preview. We do not transmit any video file to these platforms. Any further processing (including possible third-country transfers) is carried out under their own responsibility according to their privacy policies.
If we use services located outside the EEA in the future, transfers will be made only under the conditions of Art. 44 et seq. GDPR (e.g. adequacy decision, standard contractual clauses) and we will inform here in detail.
10. Children
Our services are not directed at children. We do not knowingly collect data from children and do not target minors. If you believe that a child has provided us with personal data, please contact us at contact@wallstoneberg.com so that we can delete it immediately.
11. No automated decision-making
There is no automated decision-making including profiling within the meaning of Art. 22 GDPR.
12. Security
We take appropriate technical and organisational measures (e.g. TLS encryption, access restrictions, logging, authorisation concepts) to protect data against loss, manipulation and unauthorised access. The measures are regularly reviewed and adapted to the state of the art.
13. Your rights (Art. 15–21 GDPR)
- Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20).
- Objection to processing based on legitimate interests, including direct marketing (Art. 21 (1)–(2) GDPR).
- Withdrawal of consents given with effect for the future (Art. 7 (3) GDPR).
Objection to link announcements: You can object to our link-only announcement practice (section 2.6) at any time – by email to contact@wallstoneberg.com. We stop future announcements and review the removal of existing posts, unless overriding reasons or legal obligations oppose this.
To exercise your rights, please contact us at contact@wallstoneberg.com. Additional information may be required to verify your identity.
16. Changes to this privacy policy
We may adapt this privacy policy if the legal situation, our procedures or services change. The current version is available on wallstoneberg.com.
© Wallstoneberg
15. Social media presence (notice)
We operate company pages on LinkedIn and Facebook for communication/marketing purposes. When visiting these pages, the terms and privacy notices of the respective platform operators apply; they process usage data there on their own responsibility (including “Insights”). If you send us messages there, we process your details to handle the request (legal basis: Art. 6 (1) (b) or (f) GDPR).
As described in section 2.6, we may publish link announcements on our social media pages that refer to your public profile/video on wallstoneberg.com. We do not re-upload your videos to these platforms.