STUDIO NICOLAS ZUPFER

Concept, Art Direction, Graphic Design,
Web Development, Project Management, etc.

This legal notice and privacy policy apply equally to our website nicolaszupfer.com and to our social media profiles, in particular our presence on Instagram at instagram.com/nicolaszupfer.

ICOLOPHON

Responsible for Content According to § 10 Paragraph 3 MDStV

Dipl.-Des. Nicolas Zupfer
Schreiberstraße 36
70199 Stuttgart
mail@nicolaszupfer.com

Sales tax identification number according to Sect. 27 a of the German Sales Tax Law

DE309760201

Liability for Content

As a service provider, we are responsible for our own content on these pages in accordance with general laws, pursuant to Section 7 Paragraph 1 TMG. According to §§ 8 to 10 TMG, however, we as service providers are not obligated to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information in accordance with general laws remain unaffected. However, liability in this regard is only possible from the time of knowledge of a specific legal violation. If we become aware of any such legal violations, we will immediately remove this content.

Liability for Links

Our offer contains links to external third-party websites over whose content we have no influence. Therefore, we cannot assume any liability for this external content. The respective provider or operator of the linked pages is always responsible for their content. The linked pages were checked for possible legal violations at the time of linking. No illegal content was identified at that time. However, permanent monitoring of the content of linked pages is unreasonable without concrete indications of a legal violation. If we become aware of any legal violations, we will immediately remove such links.

Copyright

The content and works on these pages created by the site operators are subject to German copyright law. Reproduction, processing, distribution, and any kind of exploitation outside the limits of copyright law require the written consent of the respective author or creator. Downloads and copies of this page are permitted for private, non-commercial use only. If the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is marked as such. Should you nevertheless become aware of a copyright infringement, please notify us accordingly. If we become aware of any legal violations, we will immediately remove such content.

IIDATA PRIVACY

1. An Overview of Data Protection

General Information

The following information provides a clear overview of what happens to your personal data when you visit this website. "Personal data" includes all data that can identify you personally. For detailed information on data protection, please refer to our Data Protection Declaration below.

Data Recording on This Website

Who is Responsible for Data Collection (the "Controller")? The data is processed by the website operator. Contact details can be found in the "Information about the responsible party (controller)" section of this Privacy Policy.

How Do We Record Your Data? Your data is collected when you share it with us, such as via contact forms. Other data is recorded automatically by our IT systems when you visit the site. This includes technical data (e.g., browser, OS, access time).

What Is Your Data Used For? Some data ensures the error-free provision of the website. Other data helps us analyze user behavior. If contracts are made via the website, transmitted data is also used for those transactions.

Your Rights Regarding Your Data

You have the right to request information about your stored personal data, its origin, recipients, and the reason it is processed. You may also request correction or deletion of your data. If you've consented to processing, you can revoke it at any time. You may also request a restriction of data processing or file a complaint with the appropriate supervisory authority.

Analysis Tools and Tools from Third Parties

Your browsing behavior may be statistically analyzed using tools such as analytics programs. See our Data Protection Declaration below for details.

2. Hosting

External Hosting

This site is hosted externally. Data collected includes IP addresses, contact requests, metadata, communication data, contract data, names, and website usage.

Purpose

External hosting helps fulfill contracts and ensures secure, efficient online services (Art. 6(1)(b) and (f) GDPR). If consent is given, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Hosting Provider:

united-domains GmbH
Gautinger Straße 10
D-82319 Starnberg

Data Processing Agreement (DPA)

We have a DPA with our host to ensure GDPR compliance.

3. General Information and Mandatory Disclosures

Data Protection

We take your privacy seriously and treat your data confidentially in accordance with GDPR and this declaration.

Controller Information

Studio Nicolas Zupfer
Dipl.-Des. Nicolas Zupfer
Schreiberstraße 36
D-70199 Stuttgart
E-mail: mail@nicolaszupfer.com

Storage Duration

Data is stored until no longer necessary or until consent is revoked. Legal retention periods remain unaffected.

Legal Basis for Processing

Data is processed under Art. 6(1)(a) GDPR with consent, or Art. 6(1)(b), (c), or (f) GDPR depending on purpose. See policy for details.

Recipients of Personal Data

We share data only if required for contracts, legal obligations, legitimate interests, or under consent. DPAs or joint agreements are in place where necessary.

Revocation of Consent

You can revoke your consent at any time without affecting prior lawful processing.

Right to Object (Art. 21 GDPR)

You can object to processing based on Art. 6(1)(e/f) GDPR, including profiling. We will stop processing unless compelling legitimate grounds exist.

If your data is used for direct advertising, you may object at any time.

Right to Lodge a Complaint

You may file a complaint with a supervisory authority in your place of residence, work, or where the violation occurred.

Right to Data Portability

You can request your data in a machine-readable format or direct transfer to another controller.

Information, Rectification, Deletion

You have the right to request information, correction, or deletion of your personal data.

Right to Restrict Processing

You may request restriction if:

SSL/TLS Encryption

We use encryption for secure transmission. Look for "https://" or the lock symbol in your browser.

4. Data Recording on This Website

Server Log Files

Collected automatically: browser type/version, OS, referrer URL, hostname, time, IP address. No merging with other data. Basis: Art. 6(1)(f) GDPR.

Inquiries by Email, Phone, or Fax

Data provided in inquiries is stored and used for processing. Basis: Art. 6(1)(b) or (f) GDPR, or consent per Art. 6(1)(a). Retention lasts until deletion request or no longer needed.

5. Analysis Tools and Advertising

Plausible Analytics

Used to analyze site usage. Data includes URL, referrer, browser, OS, device, and IP (hashed for 24h). No personal identification.

Basis: Art. 6(1)(a) GDPR and § 25 TDDDG (if consented), or Art. 6(1)(f) GDPR otherwise.

Data Processing Agreement

A DPA ensures Plausible processes data only per our instructions.

6. Plug-ins and Tools

MyFonts

Fonts are loaded from Monotype Imaging Holdings Inc., USA. Your IP address and site URL are logged briefly for licensing. IPs are anonymized.

DPF-certified. See privacy policy:
https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/datenschutzrichtlinie-zum-trackingvon-webschriften

7. Online-Based Audio and Video Conferences

Data Processing

Conference tools collect your data (email, phone number, device info, metadata, recordings, shared files, etc.) when used.

Purpose & Legal Basis

Used for contract-related communication (Art. 6(1)(b) GDPR) and general business purposes (Art. 6(1)(f)). If consented, then Art. 6(1)(a) applies.

Storage Duration

Data is deleted upon request, consent withdrawal, or when no longer needed. Cookie duration depends on user settings. Contact providers for their storage policies.

Conference Tools Used
Data Processing Agreements (DPA)

DPAs are in place with all providers listed above to ensure GDPR-compliant processing of personal data.

7. Our Social Media Appearances

This privacy policy applies to the following social media presence:
https://www.instagram.com/nicolaszupfer/

Data Processing Through Social Networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, X (formerly Twitter), etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered.

In detail:

Using the data collected in this way, the operators can create user profiles that reflect your preferences and interests. This enables interest-based advertising inside and outside of the platform. If you have an account with the social network, such advertising may be displayed across all devices you are logged in to.

Note: We cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing may occur. Please refer to the respective provider’s terms and privacy policies.

Legal Basis

Our social media appearances are intended to ensure the broadest possible online presence. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR.

The analysis processes initiated by the platforms may rely on other legal bases specified by the network operators (e.g., user consent under Art. 6(1)(a) GDPR).

Responsibility and Assertion of Rights

If you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the operator for the data processing activities triggered during that visit.

You may exercise your rights (access, correction, deletion, restriction of processing, data portability, complaint) both with us and the platform operator.

Please note, however, that despite the joint responsibility, our influence on data processing by the platform is limited. Our control is subject to the policies of the respective provider.

Storage Time

Data collected directly by us will be deleted from our systems when:

Cookies remain on your device until manually deleted. Statutory retention obligations remain unaffected.

We have no control over the storage duration of data stored by the social media platforms themselves. For more information, please consult their privacy statements.

Your Rights

You have the right at any time and free of charge to obtain information about the origin, recipient, and purpose of your stored personal data. You also have the right:

Individual Social Networks
INSTAGRAM

We have a profile on Instagram. Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

Data Transmission to the US – Data is transferred based on the Standard Contractual Clauses (SCC) of the European Commission:

Privacy Policy:
https://privacycenter.instagram.com/policy/

EU-US Data Privacy Framework (DPF):
Meta is certified under the DPF, ensuring compliance with EU data protection standards.
Further info: https://www.dataprivacyframework.gov/participant/4452