logo

Privacy Policy

Last updated: March 31, 2025

1. Collection and storage of personal data and the nature and purpose of their use

a) When Visiting the Website

When you access our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is automatically logged and stored temporarily until automated deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection setup of the website,
  • Ensuring comfortable use of our website,
  • Evaluation of system security and stability, and
  • Other administrative purposes.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about you as a person.

b) When Registering for our Newsletter

If you have expressly consented according to Article 6(1)(a) GDPR, we use your email address to regularly send you our newsletter. Providing an email address is sufficient to receive the newsletter.

Unsubscribing is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can send your unsubscribe request to us at any time via email at hello@ellume.studio.

c) When Using our Contact Form

If you have questions of any kind, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid email address so that we know who the request is from and can respond to it. Further information may be provided voluntarily. The data processing for the purpose of contacting us is carried out according to Article 6(1)(a) GDPR based on your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.

2. Transfer of Data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

  • You have given your express consent according to Article 6(1)(a) GDPR,
  • The disclosure is necessary according to Article 6(1)(f) GDPR for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • There is a legal obligation for the transfer according to Article 6(1)(c) GDPR, and
  • This is legally permissible and required according to Article 6(1)(b) GDPR for the processing of contractual relationships with you.

3. Cookies

We use cookies for the operation of the website. These are files that your browser stores on your device when you visit our website. They serve to store data from your visit and for statistical recording, improvement, and ensuring the operation of our website. The legal basis for this is Article 6(1)(f) GDPR. Temporary cookies are deleted after leaving the website. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all functions of our website.

4. Analytics and Error Tracking Tools

We use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/about) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") on our website. In this context, pseudonymized usage profiles are created and cookies (see under No. 4) are used. The information generated by the cookie about your use of this website such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Hostname of the accessing computer (IP address),
  • Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities, and to provide other services related to website use and internet usage for market research and tailored website design. This information may also be transferred to third parties if required by law or if third parties process this data on behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all functions of this website may be fully usable.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

When using the Google Adwords Conversion Tracking service, if you have reached this page via a Google ad, a cookie is set on your device. This serves to analyze and statistically evaluate the use of the website. The cookie is valid for 30 days. The person is not identified, but the observation is made whether the user reached the page via a Google advertisement. You can prevent this use by refusing to set corresponding cookies in your browser settings.

Error Tracking

We use Sentry (https://sentry.io), an error tracking service provided by Functional Software, Inc., to monitor and improve the technical stability of our service. When errors or crashes occur, anonymous technical data is automatically collected, including:

  • Technical error details
  • Device information (type, operating system)
  • Browser type and version (if applicable)
  • Timestamp of the error
  • Generic performance data
  • Anonymous session data

This data is processed without any personal identifiers and is used solely for:

  • Detecting and fixing technical issues
  • Improving application stability
  • Monitoring application performance

The data collection is based on Article 6(1)(f) GDPR, representing our legitimate interest in maintaining and improving the technical stability and security of our service. The collected data is automatically anonymized and does not contain any personally identifiable information. The data is stored in the EU/US (depending on your instance) and is subject to Sentry's data protection measures.

You can find more information about Sentry's privacy practices in their Privacy Policy (https://sentry.io/privacy/).

5. Social Network Plugins

Based on Article 6(1)(f) GDPR, plugins, links, and buttons to social media websites are used for advertising and information purposes. When these elements are installed, data is transmitted to the corresponding social media providers when our page is called up, possibly also to third countries. This data is stored and processed by the providers; in particular, a provider can recognize that you are visiting our website if you are simultaneously logged into the social media providers. Even if you share posts from our website in the social network ("Share") or otherwise pass them on ("Like"), this is transmitted to the provider and stored by them, possibly also to your user profile. The social networks use this data for business purposes, marketing, advertising, and other purposes, in particular also for creating and generating profiles about you and for providing personalized advertising. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and setting options for protecting your privacy, can be found in Facebook's privacy policy (https://www.facebook.com/about/privacy/).

6. Rights of the Data Subject

You have the right:

  • In accordance with Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about their details.
  • In accordance with Article 16 GDPR, to immediately request the correction of incorrect or completion of your personal data stored by us.
  • In accordance with Article 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of free expression and information, for fulfillment of a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims.
  • In accordance with Article 18 GDPR, to request the restriction of processing of your personal data, provided the accuracy of the data is contested by you, the processing is unlawful but you oppose its erasure, we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
  • In accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller.
  • In accordance with Article 7(3) GDPR, to withdraw your consent at any time. This has the consequence that we are no longer allowed to continue the data processing based on this consent for the future.
  • In accordance with Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

7. Right to Object

If your personal data is processed based on legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided there are reasons arising from your particular situation or the objection is against direct marketing. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.

If you would like to make use of your right to object or withdraw consent, it is sufficient to send an email to hello@ellume.studio.

8. Data Security

We use SSL (Secure Socket Layer) technology to protect your data during transmission. This ensures that the data you provide is made unreadable to anyone who might intercept it. You can recognize whether an individual page of our website is encrypted by checking for a closed key or lock symbol in your browser's address bar.

We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.