This Privacy Policy explains how Stories for Strangers (“we”, “us”) processes personal data when you visit our website or contact us. We process personal data in accordance with the GDPR and applicable German data protection laws.
Mikael Johannson & Nicolai Schlepphorst
STORIESFORSTRANGERS
Friedrichstraße 135
10117 Berlin
Germany
Email: hej@storiesforstrangers.studio
We may process the following categories of personal data:
Technical data (e.g., IP address, device/browser information, referrer URL, timestamps) to operate and secure the website.
Contact and inquiry data (e.g., name, email, phone, website, message content) when you contact us.
Client/project data if you become a customer (e.g., contact persons, project requirements, communication).
We process personal data only where we have a lawful basis, such as:
Art. 6(1)(b) GDPR (steps prior to entering a contract / providing our services), Art. 6(1)(f) GDPR (legitimate interests, e.g., website security and efficient communication), Art. 6(1)(a) GDPR (consent, where required — especially for optional cookies/analytics), Art. 6(1)(c) GDPR (legal obligations, e.g., retention duties).
Our website is hosted on Webflow. When you visit our site, Webflow processes technical data needed to deliver the website and provide hosting infrastructure (including server logs).
Webflow, Inc.We rely on Webflow’s data processing agreement and recognized transfer mechanisms for any processing outside the EU/EEA (including the EU Standard Contractual Clauses and/or other approved safeguards).
When you access the website, technical information is automatically processed (e.g., IP address, browser type, operating system, date/time, requested page). This is necessary to:deliver the site content,ensure stability and security,prevent abuse and attacks.
Lawful basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable operation).
If you contact us via email, phone, or the contact form, we process the information you provide, including the content of your message and any contact details.
Purpose: responding to your inquiry, assessing fit, preparing or performing a contract.
Lawful basis: typically Art. 6(1)(b) GDPR (pre-contract steps) and/or Art. 6(1)(f) GDPR (efficient communication).
Where the data goes: form submissions may be processed via Webflow’s form handling and/or delivered to our email inbox.Retention: we keep inquiry data only as long as necessary to handle your request and for any required documentation/retention obligations.
If we enter a business relationship, we process personal data necessary to deliver our services (e.g., contact persons, briefing materials, communication, project coordination, invoices).
Purpose: contract performance, project delivery, administration.Lawful basis: Art. 6(1)(b) GDPR and, where applicable, Art. 6(1)(c) GDPR (legal obligations).
We may use cookies or similar technologies that are technically necessary to operate the website. If we use optional technologies (e.g., analytics, marketing tags), we will request consent in advance via a consent mechanism.
Technically necessary cookies: required for core functions and security.Lawful basis: Art. 6(1)(f) GDPR and applicable German rules for device access.
Optional cookies/technologies: only with your consent.Lawful basis: Art. 6(1)(a) GDPR (and the relevant German rules for consent where required).
You can also control cookies through your browser settings.
Our website links to external platforms such as Instagram, YouTube, Behance, and Facebook. If you click these links, you leave our site. The respective provider processes personal data under its own responsibility and privacy policy.
We share personal data only when necessary: service providers (processors) who help us operate the website and communication, authorities where legally required, professional advisors (e.g., tax advisors) where needed for legal compliance.
We have agreements in place where required by law.
Where personal data is processed outside the EU/EEA, we use legally recognized safeguards (e.g., Standard Contractual Clauses and/or other approved mechanisms) to protect personal data.
We retain personal data only as long as necessary for the purposes described above, and longer only if required by law (e.g., statutory retention obligations) or to establish, exercise, or defend legal claims.
Under the GDPR, you have the right to:
access your personal data (Art. 15),
rectification (Art. 16),
erasure (Art. 17),
restriction of processing (Art. 18),
data portability (Art. 20),
object to processing based on legitimate interests (Art. 21),
withdraw consent at any time (Art. 7(3)) where processing is based on consent.
You also have the right to lodge a complaint with a supervisory authority. For Berlin, this is typically:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany.
We implement appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access.
No internet transmission is fully secure, but we work to protect your data within reasonable standards.
We may update this Privacy Policy to reflect changes in our processing or legal requirements. The “Last updated” date at the top shows the current version.
