Last updated: 28 October 2025
1. Controller
[d]tom Industrial Design
Dipl. Des. Tom Farenski
Lenkersheimer Straße 14
90431 Nuremberg, Germany
Telephone: +49 (0)911 92 333 599
Email: [farenski@d-tom.com]
(mailto:farenski@d-tom.com)
Website: d-tom.com
VAT ID: DE276444314
2. General information on data processing
We process personal data only to the extent necessary to provide this website and to handle your enquiries. The legal bases are, in particular, Article 6(1)(f) GDPR (legitimate interest in providing the website securely and without errors) and Article 6(1)(b) GDPR (contract / pre-contractual measures when you contact us).
3. Hosting & server log files
This website is hosted by:
IONOS SE
Elgendorfer Str. 57
56410 Montabaur, Germany
Processor (hosting): IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. We have concluded a data processing agreement with the hosting provider pursuant to Article 28 GDPR.
When you access our website, the host automatically processes server log files, including: IP address, date/time, time zone, URL/referrer, accessed files, amount of data transferred, HTTP status code, browser and operating system information.
Purpose: technical provision, stability, security (e.g. defence against attacks).
Retention period: generally {{e.g. 7–14 days}}; longer storage only for evidentiary purposes in the event of security incidents.
4. Contact by email or telephone
If you contact us by email or telephone, we process the data you provide (e.g. name, contact details, content of the enquiry) solely to deal with your request.
Legal basis: Article 6(1)(b) GDPR (pre-contractual/contractual communication) or Article 6(1)(f) GDPR (general enquiries).
Retention period: until your request has been fully dealt with; statutory retention obligations (e.g. under commercial/tax law) remain unaffected.
5. Newsletter (“Mailchimp”)
If you subscribe to the newsletter on this website, we process the data you enter (in particular your name and email address) in order to send you regular emails containing content related to my professional work.
Double opt-in
After submitting the form, you will receive a confirmation email. Your subscription becomes effective only once you click the confirmation link contained in that email (double opt-in). If you do not confirm, your address will not be added to the mailing list.
Logging
For legal protection (proof of consent pursuant to Article 6(1)(a) GDPR), we log the time of registration and confirmation as well as the IP address / technical metadata used at the time of registration. This information is stored solely for evidentiary purposes and is not used for any other purpose.
Dispatch service provider – Mailchimp
The newsletter is sent and recipient data is managed via the service **“Mailchimp”**, provided by:
Intuit Inc.
2700 Coast Avenue, Mountain View, CA 94043, USA
Mailchimp processes newsletter recipient data on our behalf.
In particular, Mailchimp stores:
* the email address you provided (and, if supplied, your name),
* information confirming your subscription (time, IP),
* information on delivery and deliverability of emails.
Legal basis
The newsletter is sent on the basis of your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future. An unsubscribe link is included in every newsletter email. Alternatively, a brief message to the contact address above is sufficient.
Transfer to third countries (USA)
Mailchimp/Intuit is based in the USA. This may involve the transfer of personal data to a “third country” outside the EU/EEA. We have concluded a data processing agreement with Mailchimp pursuant to Article 28 GDPR, which includes the EU Standard Contractual Clauses intended to ensure an adequate level of data protection.
Retention / deletion
Your data will be stored for as long as the newsletter subscription is active. After you unsubscribe (opt-out), your data is removed from the active mailing list. Certain evidence records of consent (e.g. registration timestamps) may be retained for a limited period for legal reasons.
6. No cookies for advertising/tracking purposes
We currently do not use any non-essential cookies or tracking services that require consent under Section 25(1) TTDSG. A cookie banner is therefore not necessary.
(Technically necessary, short-lived session cookies may be set by the system used; legal basis: Article 6(1)(f) GDPR.)
7. Spam protection via Google reCAPTCHA
To protect our online forms from misuse and automated enquiries (spam), we use the service **“reCAPTCHA”** provided by:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
reCAPTCHA analyses the behaviour of website visitors (e.g. IP address, mouse movements, time spent on the site, browser and device information) to assess whether the visitor is a natural person or an automated programme.
The data collected is transmitted to Google and processed there. This may also involve a transfer to the USA. Google is certified under the EU–US Data Privacy Framework.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in protecting our website against misuse and spam).
Further information can be found in Google’s privacy policy:
```text
https://policies.google.com/privacy
8. External links
Links to external websites are identifiable as such. The operators of the linked pages are solely responsible for the content and data processing on those pages.
9. Security / TLS encryption
This website uses TLS encryption (https). This protects data you transmit to us against unauthorised access by third parties.
10. Your rights
Under the GDPR, you have the following rights: access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), and the right to object (Article 21) to processing based on legitimate interests.
Where processing is based on your consent (e.g. newsletter dispatch), you may withdraw that consent at any time with effect for the future; the lawfulness of processing carried out up to the point of withdrawal remains unaffected.
You also have the right to lodge a complaint with a data protection supervisory authority, for example the authority responsible for your place of residence or work, or the authority responsible for the controller.
11. Changes
We will update this privacy policy if our technology, the legal situation, or the services we use change.
