PRIVACY

This Privacy Policy applies to all websites, project pages, applications, services, products, forms, communications, and other offerings provided by Lynn Ferrier and any related entities or brands controlled by us. It may be referenced from individual project websites, landing pages, product pages, or other service-specific sites, but it remains the master privacy notice unless a specific service provides additional or different privacy information.

Where a project, service, or product page links to this Privacy Policy, that reference means this policy applies to the processing of personal data connected with that project, service, or product unless the page explicitly states otherwise.

Controller

The controller responsible for processing personal data is:

Mia Lynn Ferrier
Spitzgarten 9
59494 Soest, Germany

Contact:
Phone: +49 152 51570255
Email: me@lynn.ac

Scope of This Policy

This Policy covers personal data processed in connection with:

Websites and subdomains operated by us.
Project websites and landing pages that reference this Policy.
Business services and private services provided by us.
Contact forms, support channels, newsletters, and mailing lists.
Authentication, user accounts, and membership features.
Billing, invoicing, and contract administration.
Infrastructure, hosting, monitoring, security, analytics, and communications tooling.
Offline or manual processing that is connected to our digital or business services, where applicable.

What Personal Data We Process

Depending on how you interact with us, we may process the following categories of personal data:

Identity data, such as name, username, title, or customer ID.
Contact data, such as email address, postal address, telephone number, or messaging handle.
Account data, such as login credentials, access tokens, preferences, and profile settings.
Contract data, such as orders, subscriptions, agreements, invoices, and service history.
Payment data, such as billing details, payment status, and transaction references, if applicable.
Communication data, such as emails, support messages, form submissions, or chat messages.
Technical data, such as IP address, browser information, device identifiers, operating system, referrer URL, timestamps, and log data.
Usage data, such as pages visited, clicks, session duration, navigation paths, and interaction patterns.
Consent and preference data, such as cookie settings, newsletter preferences, and opt-in records.
Security data, such as authentication logs, abuse-prevention signals, and anomaly events.
Application data, if you apply for a job, project, or collaboration.
Any other data you voluntarily provide to us in the context of our services.

Why We Process Personal Data

We process personal data for the following purposes:

To provide, operate, maintain, and improve our websites and services.
To make our content, tools, and communications available to you.
To respond to inquiries, support requests, and business communications.
To create and manage accounts, subscriptions, and access permissions.
To process contracts, deliver services, and handle invoicing or billing.
To monitor, secure, and protect our systems, users, and infrastructure.
To analyze usage, performance, and reliability of our services.
To comply with legal obligations, court orders, and regulatory requirements.
To manage consent, preferences, and cookie settings.
To detect, prevent, and investigate abuse, fraud, spam, and security incidents.
To send marketing or informational communications where permitted by law or based on consent.

Legal Bases for Processing

Depending on the specific context, we process personal data on the following legal bases:

Article 6(1)(a) GDPR, where you have given consent.
Article 6(1)(b) GDPR, where processing is necessary to enter into or perform a contract, or to take steps at your request before entering into a contract.
Article 6(1)(c) GDPR, where processing is necessary to comply with a legal obligation.
Article 6(1)(d) GDPR, where processing is necessary to protect vital interests.
Article 6(1)(f) GDPR, where processing is necessary for our legitimate interests, provided those interests are not overridden by your interests, rights, or freedoms.

Our legitimate interests may include operating and securing our services, preventing abuse, maintaining audit trails, improving functionality, and communicating with users and business contacts.

Where we process special-category data, we only do so if a valid exception under Article 9 GDPR applies.

Cookies and Similar Technologies

We use cookies and similar technologies across our services where appropriate. These may include strictly necessary cookies, preference cookies, analytics cookies, and, where used, marketing or embedded-content cookies.

We use strictly necessary technologies to provide core website functionality, security, load balancing, authentication, session handling, and operational stability. Preference technologies may store settings such as language, display mode, or consent choices. Analytics technologies may be used to understand how our services are used and to improve them. Marketing or third-party embedded technologies are only used where applicable and, where legally required, only with consent.

Under German law, access to information on a user’s end device generally requires consent unless the technology is strictly necessary for providing the requested service. For that reason, we distinguish carefully between essential and non-essential technologies and request consent where necessary.

Service Providers and Recipients

We may disclose personal data to service providers and other recipients where necessary for the purposes described in this Policy. These may include:

Hosting and infrastructure providers.
CDN, DNS, security, and edge-network providers.
Email delivery and communication platforms.
Support, ticketing, and CRM providers.
Analytics, monitoring, and logging providers.
Payment processors, banks, and accounting providers.
Professional advisers such as lawyers, tax advisers, and auditors.
Authorities, courts, and public bodies, where required by law.

Where third parties process data on our behalf, they do so under contractual data processing terms or equivalent legal safeguards. Where third parties determine the purposes and means of processing independently, they act as separate controllers.

International Data Transfers

Some of our service providers may process personal data outside the European Economic Area. This may occur, for example, when we use globally distributed cloud, infrastructure, communication, or analytics services.

Where such transfers occur, we rely on a lawful transfer mechanism recognized under the GDPR, such as:

An adequacy decision.
Standard contractual clauses.
Another permitted transfer tool or exception.

We take reasonable steps to assess and document transfer safeguards where required by law. If a particular project or service uses a different transfer setup, we may provide additional project-specific information.

Retention of Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the nature of the data and the service involved. In particular, we may retain data for as long as needed for:

Contract performance and customer support.
Tax, accounting, and commercial retention obligations.
Security logging and abuse prevention.
Audit and compliance requirements.
The establishment, exercise, or defense of legal claims.
Consent management and proof of consent.

When personal data is no longer required, we delete it, anonymize it, or restrict it in accordance with applicable law and technical feasibility.

Your Rights Under Data Protection Law

Subject to legal limitations, you have the following rights:

Right of access.
Right to rectification.
Right to erasure.
Right to restriction of processing.
Right to data portability.
Right to object to processing based on legitimate interests or direct marketing.
Right to withdraw consent at any time, where processing is based on consent.
Right to lodge a complaint with a supervisory authority.

If you wish to exercise any of these rights, you may contact us using the details in the Contact section. We may need to verify your identity before processing a request. We will respond within the time limits required by applicable law.

Security Measures

We use appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure.

These measures may include access control, least-privilege permissions, encryption, logging, monitoring, backup procedures, network security controls, incident response processes, and contractual safeguards with processors. Security measures are continuously reviewed and updated to reflect the nature of the data, the systems used, and the associated risks.

Children and Minors

Our services are generally not directed to children. Where a service is likely to be used by minors, we process their personal data only where permitted by applicable law and, where necessary, with parental or guardian authorization.

Business and Private Use

Because we provide both business and private services, the exact type of data processing may differ between projects, clients, products, and personal pages. A project website may therefore reference this master policy while also publishing additional notices for a specific feature, service, or legal entity where needed.

If a specific service has its own privacy notice, that notice applies in addition to this Policy for the scope it covers. If there is any conflict between this Policy and a service-specific notice, the service-specific notice governs for that service.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technical setup, legal obligations, or external providers. The version published here is the current version and applies from the date stated at the top or end of the document.

Contact

For contact and legal information, please refer to our Imprint.