Websitemason — Websites built with care← Back to home

Legal

Privacy Policy

Last updated: May 2026

1. Controller

The controller responsible for data processing on this website is:

Guled Aden
Oppelnerstr. 61
53119 Bonn
Email: hello@websitemason.com

2. General principles

We process personal data only to the extent necessary to provide a functioning website together with our content and services, or where you have given explicit consent (GDPR Art. 6(1)(a), (b), and (f)). We minimise what we collect.

3. Hosting and server logs

Hosting via Vercel

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When the site is accessed, technical server logs are processed (IP address, timestamp, user agent, referrer URL, requested URL). Legal basis: GDPR Art. 6(1)(f) (legitimate interest in secure and efficient delivery).

We have concluded a Data Processing Agreement (DPA) with Vercel. Transfers to the US are made on the basis of EU Standard Contractual Clauses and the EU–US Data Privacy Framework.

4. Inquiry form (leads)

When you fill in the inquiry form, we process the following data:

  • Name, email address, phone number
  • Optional: company, website
  • Details about your project (service, industry, volume, timeline)
  • Technical metadata (referrer, user agent)

Purpose: responding to your inquiry, preparing a personalised quote, and contacting you. Legal basis: GDPR Art. 6(1)(b) (pre-contractual measures) and Art. 6(1)(f).

Storage via Supabase

Form data is stored with Supabase, Inc. (970 Toa Payoh North #07-04, Singapore 318992) on servers in Frankfurt am Main (region eu-central-1). A Data Processing Agreement is in place.

Email notification via Google (Gmail SMTP)

A notification email to us is sent via Google's Gmail SMTP service (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). A Data Processing Agreement including EU Standard Contractual Clauses is in place.

Retention period: until the matter is concluded, but no longer than 24 months, unless statutory retention obligations require otherwise.

5. Appointment booking via Cal.com

The /thanks page embeds a booking widget provided by Cal.com, Inc. (2261 Market Street #4288, San Francisco, CA 94114, USA). When the page loads, a connection is established to Cal.com servers. If you book an appointment, the data you enter (name, email, preferred time, and any notes) is transmitted to and processed by Cal.com.

Legal basis: GDPR Art. 6(1)(a) (consent via active booking) and Art. 6(1)(f) (legitimate interest in efficient scheduling). A Data Processing Agreement including EU Standard Contractual Clauses is in place with Cal.com. Cal.com privacy policy: cal.com/privacy.

6. Cookies

We use only technically necessary cookies where required. No tracking or advertising profiles are built. Consent under the applicable e-Privacy rules is therefore not required for these cookies.

7. Your rights

You have the right at any time to:

  • access the personal data held about you (GDPR Art. 15),
  • rectification of inaccurate data (Art. 16),
  • erasure of your data (Art. 17),
  • restriction of processing (Art. 18),
  • data portability (Art. 20),
  • object to processing (Art. 21),
  • withdraw consent you have given, with effect for the future (Art. 7(3)).

Send requests to: hello@websitemason.com.

8. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is that of the member state of your habitual residence or place of work. For our business: the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW).

9. Updates

This privacy policy is currently valid. Further development of our website or changes in legal requirements may necessitate an update. The latest version is always available on this page.