Privacy Policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in the text of this privacy policy below.

Data Collection on Our Website

Who is responsible for data collection?
Data processing on this website is carried out by the website operator. Contact details can be found in the imprint/legal notice of this website.
How do we collect your data?
Some data is collected when you provide it to us (e.g. by filling out a contact form). Other data is collected automatically by our IT systems when you visit the website (e.g. IP address, browser type, operating system, time of access).
What do we use your data for?
Data is used to ensure proper provision of the website, to analyze user behavior, and to process inquiries.
What rights do you have?
You have the right at any time to obtain free information about the origin, recipient and purpose of your stored personal data. You also have the right to request correction, deletion, restriction of processing, or to object to processing. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. General Notes and Mandatory Information

Data Protection

We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Please note that data transmission over the internet (e.g. communication by email) can have security gaps. Complete protection of the data against access by third parties is not possible.

Responsible Party

echoed.studio

Stephanie Bachmaier

E-Mail: post@echoedstudio.com

Phone: +49 (0) 176 13135070

SSL or TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests sent through contact forms. You can recognize an encrypted connection by the “https://” address prefix and the lock icon in your browser.

3. Hosting & Content Management

Our website is hosted on the platform Squarespace, Inc.

Provider: Squarespace, Inc., 8 Clarkson Street, New York, NY 10014, USA
Server locations: United States and Singapore

This means that personal data (e.g. IP addresses, browser information) may be transferred to countries outside the EU/EEA.

Squarespace is certified under the EU–US Data Privacy Framework for transfers to the USA. For transfers to other third countries (such as Singapore), Standard Contractual Clauses (SCCs) are used. However, a level of data protection equivalent to EU law cannot always be guaranteed.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of our website).

4. Cookies

Our website uses cookies. Cookies are small text files stored on your device that enable certain website functions.

Types of Cookies Used

Necessary cookies: Required for the operation of the website (e.g. saving cookie preferences, enabling navigation).
Performance/Statistics cookies: Collect anonymous usage data (e.g. Google Analytics) to improve our site.
Advertising/Tracking cookies: Used to track visitors across websites and deliver personalized advertising (e.g. YouTube, Google Ads).

Cookie Consent

We use a Consent Management Platform (CookieFirst, Digital Data Solutions BV, Netherlands) to obtain and document user consent. Only cookies that you have approved will be set.

Cookie Examples

  
    
        Cookie
        Provider
        Purpose
        Duration
      

    
        _ga
        Google Analytics
        Distinguishes users for website usage statistics
        2 years
      

        _gid
        Google Analytics
        Stores session-based analytics data
        24 hours
      

        YSC
        YouTube
        Registers a unique ID to keep statistics of videos watched
        Session
      

        VISITOR_INFO1_LIVE
        YouTube
        Estimates bandwidth to optimize video playback
        6 months
      

        __cfduid
        Cloudflare (Squarespace CDN)
        Improves security and loading performance
        1 month
      

  

5. Analysis Tools and Third-Party Services

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC, USA. Google Analytics uses cookies to analyze how users interact with our site. Information generated is generally transferred to a Google server in the USA.

Legal basis: Art. 6(1)(a) GDPR (consent)
Data transfer: EU–US Data Privacy Framework & SCCs

You can revoke your consent at any time or install a browser add-on to block tracking:

https://tools.google.com/dlpage/gaoptout

Google Fonts

We use Google Fonts for consistent display of fonts. When you access our site, your browser may connect to Google servers. This may transfer IP addresses to the USA.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent design)

Google Maps

Our website integrates Google Maps for location display. When loading maps, your IP address may be transmitted to Google servers in the USA.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in easy navigation)

YouTube

Our site may embed YouTube videos. When visiting such pages, a connection to YouTube servers is established. This may transmit information about which of our pages you visit.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner)

Squarespace Analytics

This website uses Squarespace Analytics, a service provided by Squarespace, Inc., USA, to collect statistical information about site traffic and user behavior. Data such as IP addresses, browser information, and interactions with the site may be processed and transferred to servers in the USA.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing and improving our website)
Data transfer: EU–US Data Privacy Framework & SCCs

6. Server Log Files

The website and hosting provider automatically collect and store information in server log files, which your browser automatically transmits:

Browser type and version
Operating system
Referrer URL
Hostname of the accessing device
Time of the server request
IP address (anonymized where applicable)
Consent preferences (via CookieFirst)

These log files are not merged with other data sources.

7. Security Measures

We use technical and organizational measures (TLS encryption, consent management, server-side security policies) to protect your data. However, absolute security against unauthorized access cannot be guaranteed.

8. Your Rights as a Data Subject

You have the following rights under the GDPR:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)

To exercise these rights, you can contact us at any time using the details above.