Stand:
1. Controller
The Nexus Collective GmbH Poststraße 14-16 20354 Hamburg Germany
Email: [email protected]
Legally represented by: Daniel Hanelt (Managing Director)
A Data Protection Officer has not been appointed as the legal requirements under § 38 BDSG are not met.
2. Hosting and CDN
DigitalOcean
This website is hosted on servers of DigitalOcean LLC. Data center: Frankfurt am Main, Germany (EU). DigitalOcean acts as a data processor pursuant to Art. 28 GDPR; a data processing agreement has been concluded.
Cloudflare
We use the content delivery network (CDN) and DNS service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare acts as a reverse proxy, routing requests through its infrastructure for DDoS protection and performance optimization. Cloudflare is certified under the EU-US Data Privacy Framework.
More information: https://www.cloudflare.com/privacypolicy/
When you visit our website, your browser automatically transmits: IP address (anonymized by Cloudflare), date/time of access, requested URL, referrer URL, browser type, and operating system.
Legal basis: Art. 6(1)(f) GDPR. Retention: 7 days.
3. Cookies and Consent Management
Technically necessary cookies
We use technically necessary cookies required for website operation (e.g. session management, authentication). These do not require consent.
Legal basis: Art. 6(1)(f) GDPR.
Cookie Consent
On your first visit, a cookie banner appears. Your choice is stored in your browser (localStorage). You can withdraw your consent at any time via "Cookie Settings" in the footer.
4. Analytics and Marketing Tools
Google Tag Manager
We use Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager itself sets no cookies. We implement Google Consent Mode v2: all tags are loaded in "denied" mode by default and only receive access to analytics or advertising cookies after your explicit consent.
Legal basis: Art. 6(1)(a) GDPR (consent).
Google Ads
We use Google Ads (conversion tracking) by Google Ireland Limited. When you arrive via a Google ad and complete an action (e.g. registration), a conversion cookie is set. Data is transferred to Google servers; Google LLC is certified under the EU-US Data Privacy Framework. Transfer only occurs with consent (Consent Mode: ad_storage = granted).
Legal basis: Art. 6(1)(a) GDPR (consent). Retention: 90 days.
Opt-out: https://www.google.com/settings/ads
5. Account Registration
Upon registration we collect: name, email address, company data, password (encrypted). Processed for contract performance. Retained until account deletion plus statutory retention periods.
Legal basis: Art. 6(1)(b) GDPR.
6. Payment Processing
For payments we use Stripe Payments Europe, Ltd., The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland. Payment card data is processed exclusively by Stripe (PCI-DSS certified) and not stored on our servers.
Legal basis: Art. 6(1)(b) GDPR.
7. Your Rights
Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)).
Contact: [email protected]
Right to Lodge a Complaint
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany https://www.datenschutz.hamburg.de
8. Data Security
We use SSL/TLS encryption for all data transmissions (indicated by "https" in the address bar).
Last updated: April 2026