Privacy Policy

Effective date: 15 February 2026
Website: https://www.finnfaust.com
Consent management: Usercentrics

1. Controller (Art. 4(7) GDPR)

The controller responsible for processing personal data on this website is:

Finn Faust Web Design
Finn Faust

Email: letstalk@finnfaust.com

We have not appointed a Data Protection Officer (DPO). If you have privacy-related questions, please contact us using the details above.

2. Scope and overview of processing

This website is a marketing website. We do not offer user accounts, a webshop, or a contact form.

Depending on your choices and how you use the website, we process personal data for the following purposes:

  • Hosting, delivery, and security (Webflow and its infrastructure/sub-processors)
  • Consent management (Usercentrics cookie banner and consent logging)
  • Website analytics (Google Analytics, only with your consent)
  • Appointment scheduling (Calendly, when you book an appointment)
  • Links to social platforms (Instagram, YouTube, LinkedIn)

3. Your rights (Art. 12–22 GDPR)

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR) (withdrawal does not affect prior lawful processing)

To exercise your rights, email letstalk@finnfaust.com.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

4. Hosting and Content Delivery Networks (CDN)

4.1 Webflow hosting

Our website was built with and is hosted on the content management system/platform Webflow.

Provider: Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA (“Webflow”)

Purpose of processing: reliable operation, content delivery, security, performance, and administration of the website.

Data categories (typically processed when you access the website):

  • IP address
  • Date and time of access
  • Requested page/URL
  • Referrer URL
  • Device and browser information (user agent)
  • Technical log data (e.g., error logs, security events)

Legal basis: legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interest is the reliable, secure, and performant provision of our website.

4.2 Data processing agreement (DPA) with Webflow and transfer safeguards

We have concluded a data processing agreement with Webflow (Data Processing Addendum / DPA). The agreement is available here:
https://webflow.com/legal/dpa

Webflow’s DPA includes transfer safeguards such as standard contractual clauses where applicable. Further Webflow privacy resources can be found here:
https://webflow.com/legal/privacy
https://webflow.com/legal/privacy-faqs
https://webflow.com/legal/subprocessors

Please note that personal data may be processed by Webflow in the USA or other third countries. According to Webflow, international transfers are carried out only where an adequacy decision exists (Art. 45 GDPR) or on the basis of appropriate safeguards (Art. 46 GDPR).

Webflow is listed under the Data Privacy Framework here:
https://www.dataprivacyframework.gov/participant/6365

4.3 CDN usage in connection with Webflow (Cloudflare)

For fast and reliable delivery of website content (e.g., images, scripts, style files), Webflow uses a Content Delivery Network (CDN). Content is delivered via geographically distributed servers. In this context, access data (e.g., IP address, date/time of access, device/browser data) may be processed by the CDN provider.

CDN provider used in connection with Webflow: Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA
(Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany)

Legal basis: legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interest is secure and efficient delivery and improved performance of the website.

Cloudflare privacy information:
https://www.cloudflare.com/privacypolicy/
Cloudflare Data Privacy Framework listing (if relevant for transfers):
https://www.dataprivacyframework.gov/participant/5666

4.4 Infrastructure providers (e.g., AWS) as part of Webflow’s sub-processing

Webflow uses additional infrastructure and cloud service providers as sub-processors in connection with hosting and delivery of the platform/services.

One example of such infrastructure providers referenced in Webflow’s sub-processor information is Amazon Web Services (AWS).

AWS privacy information:
https://aws.amazon.com/privacy/
AWS GDPR resources (additional information):
https://aws.amazon.com/compliance/gdpr-center/

4.5 Optional: Open-source CDN (jsDelivr) (only if used on this website)

If this website loads open-source libraries via jsDelivr (for example, requests to cdn.jsdelivr.net), your browser must connect to jsDelivr servers to retrieve these files. This can result in processing of access/connection data (e.g., IP address, browser/device information, date/time of access).

Provider: Volentio JSD Limited (trading as jsDelivr), Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB

Legal basis: legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interest is secure and efficient delivery of static resources and performance optimisation.

jsDelivr privacy policy:
https://www.jsdelivr.com/terms/privacy-policy

jsDelivr data processing agreement (DPA):
https://www.jsdelivr.com/documents/data-processing-agreement.pdf

Blocking option: You may block this service using a JavaScript blocker. Note that this may impair website functionality.

5. Data collection on this website

5.1 Server log files

When you access our website, your device transmits certain data automatically for technical reasons. This data may be stored in server log files.

Log data may include:

  • IP address of your device
  • Date and time of access
  • Referrer URL (URL of the requesting page)
  • HTTP response code
  • Name of the retrieved file / requested URL
  • Amount of data transferred
  • Browser type and version
  • Operating system

Purpose: enabling website operation and administration, ensuring IT security, preventing misuse, analysing errors/unauthorised access, and optimising the website.

We do not combine this data with other data sources in a way intended to directly identify you.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Retention: log data is retained only as long as necessary for the purposes stated above (e.g., troubleshooting and security). Depending on the hosting provider and security needs, retention may vary.

6. Cookies and consent management

6.1 What cookies are

Cookies are small text files stored on your device. They can be:

  • Session cookies (deleted automatically after your visit)
  • Persistent cookies (remain stored until you delete them or your browser deletes them automatically)

Cookies can help operate the website and, depending on your choices, analyse usage.

6.2 Cookie types

  • Strictly necessary cookies (Type 1)
    Required for core website functions and security.
  • Functional cookies (Type 2)
    Improve usability and features (e.g., saving preferences).
  • Performance/analytics cookies (Type 3)
    Help us understand how the website is used so we can improve it.
  • Third-party cookies (Type 4)
    Set by third parties to provide their services (e.g., embedded content, analytics).

6.3 Legal basis

  • Strictly necessary cookies: legitimate interests (Art. 6(1)(f) GDPR) in operating and securing the website.
  • All non-essential cookies/technologies: consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time with effect for the future.

6.4 Managing cookies via your browser

Most browsers accept cookies automatically. You can configure your browser to block cookies, allow cookies only in certain cases, or delete cookies automatically when closing the browser. Disabling cookies may limit website functionality.

6.5 Cookie consent with Usercentrics

We use the cookie-consent technology of Usercentrics to obtain, manage, and document consent.

Provider:
Usercentrics GmbH, Rosental 4, 80331 Munich, Germany

We have concluded a data processing agreement with Usercentrics under Art. 28 GDPR.

When you visit our website, a cookie banner is displayed. You can:

  • Accept all cookies
  • Reject non-essential cookies
  • Choose individual settings and adjust them later

When you enter our website, the following data may be transmitted to Usercentrics:

  • Your consent(s) or withdrawal of consent(s)
  • Your IP address
  • Browser information
  • Device information
  • Time of your visit

Usercentrics stores a cookie in your browser to associate your choices.

Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain consent for certain technologies) and/or Art. 6(1)(f) GDPR (documenting consent and compliance), depending on the specific implementation and applicable national rules.

Usercentrics privacy information:
https://usercentrics.com/de/datenschutzerklaerung/

Cookie policy on this website:
https://www.finnfaust.com/cookie-policy

7. Google Analytics

We use Google Analytics to understand how visitors use the website and to improve content and performance.

Legal basis: consent (Art. 6(1)(a) GDPR). Google Analytics is loaded only if you consent via the cookie banner. You can withdraw consent at any time via the cookie settings.

Provider (EU): Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland)

Data categories (typical):

  • Online identifiers (cookie IDs, device IDs)
  • Usage data (page views, navigation paths, interactions, session duration)
  • Technical data (browser, device, OS, screen resolution)
  • Approximate location derived from IP address (not precise GPS)

We do not intentionally send personal identifiers (such as names or email addresses) to Google Analytics.

International transfers: data may be processed by Google entities outside the EU/EEA (e.g., USA). Transfer safeguards may apply depending on Google’s setup and legal frameworks.

Google privacy information:
https://business.safety.google/privacy/?hl=en
https://policies.google.com/privacy?hl=en
https://policies.google.com/technologies/partner-sites?hl=en

Retention in GA settings: [e.g., 14 months]

8. Appointment scheduling (Calendly)

We use Calendly to allow you to book appointments.

Legal basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract / communication at your request).

Provider: Calendly, LLC

Data categories (typically):

  • Name
  • Email address
  • Appointment date/time and timezone
  • Any information you submit in the booking form
  • Technical data (e.g., IP address, device/browser data)

Calendly privacy policy:
https://calendly.com/privacy

9. YouTube (channel links and/or embedded videos)

We maintain a YouTube channel and may link to it from this website. When you click such a link, you leave our website and YouTube processes your data under its own responsibility.

If videos are embedded on this website, YouTube/Google may receive technical data (including IP address and device information) and may set cookies or similar identifiers. Where required, embedded content is loaded only after consent via the cookie banner.

Google/YouTube privacy information:
https://policies.google.com/privacy?hl=en

10. Social media (Instagram and LinkedIn)

We maintain profiles on:

  • Instagram
  • LinkedIn

Our website may include links to these platforms. When you click a social media link, you leave our website. The respective provider processes personal data as an independent controller.

Instagram privacy information:
https://privacycenter.instagram.com/policy/

LinkedIn privacy information:
https://www.linkedin.com/legal/privacy-policy

11. Contact by email or phone

If you contact us via email or phone, we process the data you provide (e.g., your email address, message content, phone number) to respond.

Legal basis:

  • Art. 6(1)(b) GDPR (pre-contractual communication / contract-related), or
  • Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries)

Retention: we retain communications as long as necessary to handle the request and for documentation purposes.

12. International data transfers

Some providers we use are based outside the EU/EEA or process data outside the EU/EEA (particularly in the United States). Where required, transfers are safeguarded using recognised mechanisms under Chapter V GDPR (e.g., adequacy decisions, Standard Contractual Clauses, and/or Data Privacy Framework participation where applicable).

13. Security

We apply appropriate technical and organisational measures to protect personal data, including access controls and secure communication (HTTPS).

14. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to this website, our tools, or legal requirements. The current version is always published on this website.