Data Privacy

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to briefly as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offering”).
The terms used are not gender-specific.

Status: January 1, 2026

Preamble
Controller
Overview of Processing Activities
Relevant Legal Bases
General Information on Data Storage and Deletion
Rights of Data Subjects
Business Services
Provision of the Online Offering and Web Hosting
Use of Cookies
Contact and Inquiry Management
Newsletters and Electronic Notifications
Presences on Social Networks (Social Media)
Plug-ins and Embedded Functions and Content
Amendments and Updates

Controller

K2MPR
Münchener Straße 13
10779 Berlin

Authorized representatives: Dr. Alexander Busche
Email address: info@alexanderbusche.de
Imprint: https://www.alexanderbusche.de/impressum

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of Data Processed

Inventory data.
Payment data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication, and procedural data.
Log data.

Special Categories of Data

Health data.

Categories of Data Subjects

Service recipients and clients.
Prospective customers.
Communication partners.
Users.
Business and contractual partners.

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations.
Communication.
Security measures.
Direct marketing.
Reach measurement.
Tracking.
Office and organizational procedures.
Audience creation.
Organizational and administrative procedures.
Feedback.
Marketing.
Provision of our online offering and user-friendliness.
Information technology infrastructure.
Public relations.
Business processes and business administration procedures.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in this privacy policy.

Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes. Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request.
Legal obligation (Art. 6(1) sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject requiring protection of personal data do not override those interests.

National Data Protection Regulations in Germany
In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases, including profiling. State data protection laws of the federal states may also apply.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with statutory provisions as soon as the underlying consents are withdrawn or no further legal bases for processing exist. This applies where the original purpose of processing no longer applies or the data is no longer required. Exceptions exist if statutory obligations or special interests require longer retention or archiving.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

If multiple retention periods or deletion deadlines are specified, the longest period applies.

Retention Periods under German Law

10 years – Accounting records, annual financial statements, inventories, management reports, opening balance sheets (§ 147 AO, § 257 HGB).
8 years – Accounting documents such as invoices and receipts.
6 years – Other business documents such as correspondence and payroll documents.
3 years – Data relating to warranty, damages, and contractual claims (§§ 195, 199 BGB).

Commencement of Periods
Retention periods generally begin at the end of the calendar year in which the triggering event occurred.

Rights of Data Subjects

Under Articles 15–21 GDPR, data subjects have the following rights:

Right to object
Right to withdraw consent
Right of access
Right to rectification
Right to erasure and restriction of processing
Right to data portability
Right to lodge a complaint with a supervisory authority

Business Services

We process data of our contractual and business partners for contractual fulfillment, communication, safeguarding of rights, administration, and organizational purposes.

Types of data processed: Inventory data, payment data, contact data, contract data
Data subjects: Service recipients, clients, prospective customers
Purposes: Contractual performance, communication, administration
Legal bases: Art. 6(1)(b), (c), (f) GDPR

Agency Services
Consulting, campaign planning, software and design development, data analysis, training services.

Event Management
Processing of participant data for events. Special categories of data are processed only where legally permissible or with consent.

Provision of the Online Offering and Web Hosting

We process user data (including IP addresses) to deliver online services.

Data types: Usage data, log data, meta data, content data
Purposes: Operation, security, infrastructure
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Wix
Hosting provider: Wix.com Ltd., Tel Aviv, Israel
Legal basis: Legitimate interests
Third-country transfer: Data Privacy Framework (DPF)

Use of Cookies

Cookies store and retrieve information on user devices. Consent is obtained where required.

Cookie Types

Session cookies
Persistent cookies (up to 2 years)

Users may withdraw consent or object at any time.

Contact and Inquiry Management

Data is processed to respond to inquiries via email, forms, phone, or social media.

Legal bases: Art. 6(1)(b), (f) GDPR

Newsletters and Electronic Notifications

Newsletters are sent only with consent or legal permission.

Provider: rapidmail GmbH
Data categories: Contact data, usage data
Legal bases: Consent, legitimate interests

Opt-out is available in every newsletter.

Presences on Social Networks (Social Media)

We maintain profiles on social media platforms.

Platforms

Instagram
Facebook
LinkedIn
YouTube

Processing may occur outside the EU. Users should contact platform providers directly regarding rights.

Plug-ins and Embedded Content

We integrate third-party content (e.g., videos).

Legal bases: Consent or legitimate interests
Storage: Cookies up to 2 years

Amendments and Updates

This privacy policy is updated as required. Users should review it regularly.