hartmut.io

Privacy Policy

Effective date: 27/10/2025

This Privacy Policy explains how Kraft Fabrik Media Ltd. (“hartmut.io”, “we”, “us”) processes personal data when you use our website and services, including Managed Mautic Hosting and Managed WooCommerce Hosting.

Controller

Kraft Fabrik Media Ltd.
Kountourioti 6, Coral Elite Residences Building 1,
8560 Peyia, Cyprus

Authorized representatives: Alexander Hammerschmied, Natalia Dziadus‑Hammerschmied
Email: office@hartmut.io
Legal notice: https://hartmut.io/imprint

Summary of Processing

We process personal data for the purposes listed below. Categories may include:

  • Types of data:
    • Account and contract data (e.g., names, addresses, plan details)
    • Contact data (e.g., email, phone)
    • Content data (e.g., form inputs, uploaded media)
    • Usage and meta/communication data (e.g., IP address, device info, access times)
    • Payment data (e.g., invoices, transaction history)
    • Location data where applicable
  • Data subjects:
    • Website users, customers, business partners, and communication partners
  • Purposes of processing:
    • Provide and operate our online offering and services
    • Customer support and communication
    • Security and fraud prevention
    • Reach measurement, analytics, and onlinemarketing
    • Contract execution and billing
    • Remarketing, conversion measurement, and audience building where consented

We process personal data in line with the GDPR:

  • Consent (Art. 6(1)(a) GDPR) for specific purposes such as marketing cookies or newsletters.
  • Contract performance and pre‑contractual requests (Art. 6(1)(b) GDPR).
  • Legal obligations (Art. 6(1)(c) GDPR), e.g., tax retention.
  • Vital interests (Art. 6(1)(d) GDPR) in exceptional cases.
  • Legitimate interests (Art. 6(1)(f) GDPR), e.g., secure, efficient service operation.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Access controls and separation of duties
  • Encryption in transit (SSL/HTTPS)
  • IP anonymization where feasible (“IP masking”)
  • Procedures for incident response, data deletion, and data subject rights

Disclosure and Recipients

We disclose data to recipients where necessary and lawful:

  • Intra‑group or intrA‑organization transfers for administrative purposes
  • Service providers (e.g., hosting, email delivery, security, analytics)
  • Payment service providers
  • Authorities where legally required

Appropriate contracts (e.g., data processing agreements) are in place with processors.

Processing in Third Countries

Where data is processed outside the EU/EEA, this occurs only:

  • With an adequacy decision,
  • Under EU Standard Contractual Clauses (SCCs),
  • Or with other appropriate safeguards,
  • Or with your explicit consent where required.

Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve our services:

  • Necessary cookies for core functionality
  • Preference and performance cookies
  • Analytics, conversion, and marketing cookies (subject to consent)

Opt‑out and controls:

If we use a consent tool, only essential cookies load until you opt in.

Commercial and Business Services

We process partner and customer data in the context of contractual relationships (incl. setup, support, billing, analytics for service improvement). Data may be retained to comply with legal retention periods (e.g., up to 10 years for accounting).

Payment Service Providers

We offer secure payment processing via third‑party providers. These providers process payment data independently.

We do not store full payment card details on our systems.

Provision of Online Services and Web Hosting

To deliver a secure and efficient website, we use hosting providers for infrastructure, storage, databases, security, and maintenance. Typical data processed include IP addresses, access logs, user agent, referrer, and actions taken on the site. Email hosting may involve processing sender/recipient addresses and content for spam protection.

Blogs and Publications

If interactive areas (e.g., comments) are provided, we may log IP addresses to prevent abuse and enable moderation. Anti‑spam measures may apply. Content you publish may be stored until you request deletion unless legal obligations require retention.

Newsletter and Direct Communications

We send newsletters and service communications with consent or where legally permitted (e.g., existing customer communications).

  • Double opt‑in is used for newsletter subscriptions.
  • We log subscription and confirmation times and IP addresses to demonstrate compliance.
  • You can unsubscribe at any time via the link in each email or by contacting us.

We may use standard open and click tracking to improve content and measure performance where legally permitted or with consent.

Online Marketing and Analytics

We may use analytics and marketing technologies (subject to consent where required) for:

  • Reach measurement and performance analytics
  • Conversion tracking and remarketing
  • Audience building and interest‑based content

Examples of services:

You can also adjust your ad settings at: https://adssettings.google.com/authenticated

Affiliate Programs

We use affiliate links or references to third‑party offers. To measure success and allocate commissions, identifiers (e.g., referrer, time, offer ID, user ID) may be stored in cookies or similar technologies. Processing is based on consent or legitimate interests, as applicable.

Social Media Presences

We maintain profiles on social networks for communication and information. Data may be processed by the platforms for market research and advertising, including via cookies and device fingerprinting. Please refer to the privacy policies of each platform for details and opt‑outs.

Plugins and Embedded Content

We may embed content and functions from third parties. The providers need the user’s IP address to deliver the content. They may also use pixel tags and cookies.

Embedding is based on legitimate interests and/or consent where required.

Data Deletion

We delete or anonymize personal data when it is no longer necessary for its purposes and when no legal obligations require retention. If deletion is not possible, we restrict processing to the necessary purposes (blocking).

Changes to this Policy

Please review this page regularly. We will update this policy to reflect changes in our processing. If changes require your consent or individual notification, we will inform you accordingly.

Your GDPR Rights

You have the following rights under Articles 15–21 GDPR:

  • Right to object to processing based on Art. 6(1)(e) or (f) GDPR
  • Right to withdraw consent at any time
  • Right of access, rectification, and erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority

To exercise your rights, contact: office@hartmut.io

Contact

Kraft Fabrik Media Ltd.
Kountourioti 6, Coral Elite Residences Building 1, 8560 Peyia, Cyprus
Email: office@hartmut.io

Last updated: 27/10/2025