Privacy policy

Privacy Policy

Preamble

With the following Privacy Policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

The terms used are not gender-specific.

Last updated: March 21, 2026

Controller

TradingForFuture.de
Andreas Stegmüller
Am Ringofen 33
86199 Augsburg
Germany

E-mail: hallo@tradingforfuture.de

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of Data Processed

Inventory data.
Employee data.
Payment data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication and procedural data.
Log data.

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations.
Communication.
Security measures.
Direct marketing.
Reach measurement.
Tracking.
Office and organizational procedures.
Target group formation.
Affiliate tracking.
Organizational and administrative procedures.
Conducting contests and competitions.
Firewall.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online offer and user-friendliness.
Information technology infrastructure.
Public relations.
Sales promotion.
Business processes and business procedures.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile.

Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of personal data relating to them for one or more specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

TLS/SSL encryption (HTTPS): To protect the data of users transmitted via our online services, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. All data transfers comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by HTTPS in the URL.

Transmission of Personal Data

In the course of our processing of personal data, it may be transmitted to or disclosed to other entities, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers tasked with IT functions or providers of services and content embedded in a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union or the European Economic Area), or if this occurs in the context of using third-party services or disclosing or transferring data to other persons or companies, this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), recognized as a secure legal framework by an EU Commission adequacy decision dated July 10, 2023. Additionally, we have concluded Standard Contractual Clauses with the respective providers. Further information on the DPF is available at https://www.dataprivacyframework.gov/.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal bases for processing exist. Data required for legal retention periods or for the establishment, exercise or defense of legal claims is retained accordingly.

General retention periods under German law:

10 years – Books and records, annual financial statements, inventories (§ 147(1) No. 1 AO, § 257(1) No. 1 HGB)
8 years – Accounting documents, invoices (§ 147(1) No. 4 AO, § 257(1) No. 4 HGB)
6 years – Other business documents, commercial correspondence (§ 147(1) No. 2, 3 AO, § 257(1) No. 2, 3 HGB)
3 years – Data for warranty and liability claims (§§ 195, 199 BGB)

Rights of Data Subjects

Under the GDPR, you have the following rights:

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR. You also have the right to object to the processing of your personal data for direct marketing purposes.
Right to withdraw consent: You have the right to withdraw consent at any time.
Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about that data.
Right to rectification: You have the right to request the completion or correction of inaccurate data concerning you.
Right to erasure and restriction: You have the right to request erasure of data concerning you or, alternatively, restriction of its processing.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, machine-readable format.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Business Services

We process personal data of our contractual and business partners, such as customers, clients, prospects, suppliers and other cooperation partners, for the purpose of establishing, executing and completing contractual relationships and comparable legal relationships. Processing serves in particular to fulfill our contractual main and ancillary obligations.

Types of data processed: Inventory data; payment data; contact data; contract data.
Data subjects: Service recipients and clients; prospective customers; business and contractual partners.
Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Use of Online Platforms for Offers and Sales

We offer our services on online platforms operated by other service providers. In addition to our privacy notices, the privacy notices of the respective platforms apply.

Steady: Internet platform for project financing via crowdfunding, subscription and membership sales, billing, and provision of access and payment systems; Service provider: Steady Media GmbH, Schönhauser Allee 36, Haus 1, 10435 Berlin, Germany; Website: https://steadyhq.com; Privacy policy: https://steadyhq.com/en/privacy.

Provision of the Online Offer and Web Hosting

We process users’ data to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Hetzner: Services in the field of information technology infrastructure; Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/legal/privacy-policy.
Wordfence: Firewall and security functions to detect and prevent unauthorized access attempts; IP addresses, user identification numbers and activities are processed; Service provider: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Transfer basis: Standard Contractual Clauses; Privacy policy: https://www.wordfence.com/privacy-policy/.

Use of Cookies

Cookies are functions that store and retrieve information on users’ devices. We use cookies in accordance with legal requirements. Where required, we obtain users’ prior consent. Where consent is not required, we rely on our legitimate interests. The consent can be revoked at any time.

Temporary cookies (session cookies): Deleted at the latest when a user closes the online offer and their device.
Permanent cookies: Remain stored even after the device is closed; storage duration up to two years.
Real Cookie Banner: We use the consent management tool “Real Cookie Banner” to manage cookies and similar technologies. Details: https://devowl.io/en/rcb/data-processing/. Legal bases: Art. 6(1)(c) and Art. 6(1)(f) GDPR.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication. Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons.

WordPress Emojis: WordPress emojis are retrieved from external servers (Automattic); IP addresses are processed; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Privacy policy: https://automattic.com/privacy.
Gravatar: Profile images for blog comments via Gravatar; email addresses are hashed and transmitted for profile lookup; Service provider: Aut O’Mattic A8C Ireland Ltd.; Privacy policy: https://automattic.com/privacy.
UpdraftPlus: Backup software and backup storage; Service provider: Simba Hosting Ltd., 11 Barringer Way, St. Neots, Cambs., PE19 1LW, GB; Privacy policy: https://updraftplus.com/data-protection-and-privacy-centre/.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone or via social media) as well as in the context of existing user and business relationships, the data of the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

Contact form: Data transmitted via contact form or email is processed solely for the purpose of responding to the inquiry; Legal bases: Performance of a contract (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications exclusively with the consent of the recipients or on a legal basis. Unsubscribed email addresses may be retained for up to three years on the basis of our legitimate interests before being deleted.

Brevo Email Marketing: Email sending, personalized campaigns, workflow automation, target group segmentation, CRM integration; Service provider: Sendinblue GmbH, trading as “Brevo”, Köpenicker Str. 126, 10179 Berlin, Germany; Privacy policy: https://www.brevo.com/en/legal/privacypolicy/.

Promotional Communication via Email, Post, Fax or Phone

We process personal data for the purposes of promotional communication, which may take place via various channels such as email, phone, post or fax, in accordance with legal requirements. Recipients have the right to withdraw their consent at any time or to object to promotional communication free of charge.

Contests and Competitions

We process personal data of participants in contests and competitions only in compliance with relevant data protection regulations, to the extent necessary for the provision, execution and processing of the contest, or participants have consented, or processing serves our legitimate interests. Participants’ data is deleted as soon as the contest or competition has ended and the data is no longer required.

Web Analytics, Monitoring and Optimization

Web analytics serves to evaluate visitor traffic to our online offer. IP masking (pseudonymization) is used to protect users. No clear data (e.g., email addresses or names) is stored.

Google Analytics: Measurement and analysis of the use of our online offer; pseudonymous user identification; no individual IP addresses logged for EU users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses; Opt-out: https://tools.google.com/dlpage/gaoptout; Privacy policy: https://policies.google.com/privacy.
Google Tag Manager: Central management of website tags; no user profiles created by Tag Manager itself; Service provider: Google Ireland Limited; Legal basis: Consent (Art. 6(1)(a) GDPR); Privacy policy: https://policies.google.com/privacy.
VG Wort / METIS: Access counting for online texts to determine copy probability for legal remuneration under copyright law; no personal data processed; no individual users identified; Service provider: Verwertungsgesellschaft WORT (VG WORT), Untere Weidenstraße 5, 81543 Munich, Germany; Privacy policy: https://www.vgwort.de/datenschutz.html.

Online Marketing

We process personal data for online marketing purposes, in particular for the marketing of advertising space or the display of advertising and other content based on the potential interests of users. User profiles are created and stored using cookies or similar methods. IP masking is used to protect users.

Google AdSense (personalized ads): Placement of personalized ads within our online offer; Service provider: Google Ireland Limited; Legal basis: Consent (Art. 6(1)(a) GDPR); Transfer basis: Data Privacy Framework (DPF); Privacy policy: https://policies.google.com/privacy.

Affiliate Programs and Affiliate Links

We embed affiliate links or other references to offers and services of third-party providers. If users follow the affiliate links and subsequently avail themselves of the offers, we may receive a commission from these third-party providers. Affiliate links may be supplemented by tracking parameters to enable commission accounting.

Amazon Associates Program: Affiliate partner program; Service provider: Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg; Transfer basis: Data Privacy Framework (DPF); Privacy policy: Amazon Privacy Policy.
Financeads Partner Program: Affiliate partner program; Service provider: financeAds GmbH & Co. KG, Karlstraße 9, 90403 Nuremberg, Germany; Privacy policy: https://www.financeads.net/datenschutz/.

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize and promote our services. When users rate us or provide feedback via rating platforms, the terms and privacy notices of the respective providers also apply.

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us. We note that user data may be processed outside the European Union.

Instagram: Privacy Policy; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland.
LinkedIn: Privacy Policy; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland.
Pinterest: Privacy Policy; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland.
X (Twitter): Privacy Policy; Service provider: X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland.
YouTube: Privacy Policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Plug-ins and Embedded Functions and Content

We embed functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter “third-party providers”), such as graphics, videos or maps. Where users have consented to this processing, the legal basis is consent (Art. 6(1)(a) GDPR); otherwise processing is based on our legitimate interests (Art. 6(1)(f) GDPR).

Changes and Updates

We ask you to inform yourself regularly about the content of our Privacy Policy. We will adapt the Privacy Policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

Definitions

This section provides an overview of the terms used in this Privacy Policy:

Personal Any information relating to an identified or identifiable natural person.
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing: Any operation or set of operations performed on personal data, such as collection, recording, storage, adaptation, disclosure or erasure.
Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data.
Profiling: Any form of automated processing of personal data to evaluate certain personal aspects, in particular to analyze or predict performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.