Privacy Policy

We Help Berlin's Local Businesses Grow Through Modernisation & Digitalisation.

Let's answer all your questions.

1. INTRODUCTION & RESPONSIBLE PARTY

Data Controller:

Singh Digital Solutions (trading as "Aspire Digital Design Agency")

[Your Full Business Address]

Berlin, [Postal Code], Germany

Contact:

Email: [INSERT EMAIL]

Phone: [INSERT PHONE]

Website: [INSERT WEBSITE]

Authorised Representative: Milap Singh, Founder

This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. SCOPE OF DATA PROCESSING

We process personal data only to the extent necessary to provide our services, fulfil legal obligations, and protect our legitimate business interests. This includes:

- Website visitors: Information collected when you visit our website

- Prospective clients: Information collected when you request information, book a consultation, or express interest

- Active clients: Information collected during service delivery (website design, CRM setup, SEO, automations)

- Newsletter subscribers: Information collected when you opt in to our email communications

3. WHAT DATA WE COLLECT

3.1 Data You Provide Directly

When you interact with us, you may provide:

Contact Information:

- Full name

- Business name

- Email address

- Phone number

- Postal address

- Job title/role

Business Information:

- Company details

- Industry/sector

- Business goals and challenges

- Service preferences

- Budget information

Account & Payment Information:

- Login credentials (username, encrypted password)

- Billing address

- Payment method details (processed securely via third-party payment processors)

- VAT number (if applicable)

- Invoice history

Communication Data:

- Messages sent via contact forms

- Email correspondence

- Chat conversations (via chatbot or live chat)

- Support tickets

- Call recordings (with consent)

- Meeting notes and consultation summaries

Project-Specific Data:

- Website content you provide (text, images, videos)

- Brand assets (logos, colour schemes, guidelines)

- Customer data you share for CRM setup

- Access credentials to third-party tools (stored securely)

3.2 Data Collected Automatically

When you visit our website, we automatically collect:

Technical Data:

- IP address (anonymised where possible)

- Browser type and version

- Operating system

- Device type (desktop, mobile, tablet)

- Screen resolution

- Referrer URL (which site you came from)

- Pages viewed and time spent

- Click behaviour and navigation paths

- Date and time of access

Cookies & Tracking Technologies:

We use cookies and similar technologies. See Section 5 for details.

4. HOW WE USE YOUR DATA

We process your personal data for the following purposes:

4.1 Service Delivery (Legal Basis: Contract Fulfilment - Art. 6(1)(b) GDPR)

- Providing website design, CRM setup, SEO, automation, and related services

- Managing your account and access to our platform

- Implementing and configuring systems (GoHighLevel CRM)

- Training your team on system usage

- Providing ongoing support and optimisation

- Processing payments and invoicing

4.2 Communication (Legal Basis: Contract Fulfillment & Legitimate Interest - Art. 6(1)(b)(f) GDPR)

- Responding to inquiries and support requests

- Sending service-related notifications (system updates, maintenance, security alerts)

- Scheduling consultations and meetings

- Providing updates on project progress

4.3 Marketing (Legal Basis: Consent - Art. 6(1)(a) GDPR)

- Sending promotional emails, newsletters, and offers (only with your explicit consent)

- Providing relevant content, tips, and resources

- Informing you about new services or features

- You may withdraw consent at any time by clicking "unsubscribe" in any email or contacting us

4.4 Analytics & Improvement (Legal Basis: Legitimate Interest - Art. 6(1)(f) GDPR)

- Complying with tax, accounting, and financial regulations

- Responding to legal requests from authorities

- Maintaining records as required by German law

- Preventing fraud and ensuring security

5. COOKIES & TRACKING TECHNOLOGIES

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognise you, remember your preferences, and analyse website usage.

5.2 Types of Cookies We Use

Essential Cookies (No Consent Required):

- Session cookies (keep you logged in)

- Security cookies (prevent fraud)

- Load balancing cookies (ensure website performance)

These cookies are strictly necessary for the website to function and cannot be disabled.

Analytics Cookies (Consent Required):

- Google Analytics (traffic analysis, page views, user behaviour)

- Hotjar or similar (heatmaps, session recordings - if used)

These help us understand how visitors use our site so we can improve it.

Marketing Cookies (Consent Required):

- Google Ads / Facebook Pixel (retargeting, conversion tracking)

- LinkedIn Insight Tag (if used)

These track your activity across sites to show you relevant ads.

5.3 Your Cookie Choices

You can manage cookie preferences via:

- Our cookie consent banner (appears on first visit)

- Browser settings (block or delete cookies)

- Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Note: Disabling essential cookies may prevent the website from functioning properly.

5.4 Cookie Duration

- Session cookies: Deleted when you close your browser

- Persistent cookies: Stored for up to 12-24 months

- Analytics cookies: Typically 12 months

- Marketing cookies: Typically 12-24 months

6. THIRD-PARTY TOOLS & DATA PROCESSORS

We use trusted third-party tools to provide our services. These processors may access your data, but are contractually bound to GDPR standards.

6.1 CRM & Marketing Platform

GoHighLevel (GHL)

- Purpose: CRM, email automation, SMS, website hosting, lead management

- Data Processed: Contact info, communication history, website activity, payment data

- Location: USA (EU-US Data Privacy Framework compliant)

- Privacy Policy: [INSERT GHL PRIVACY POLICY LINK]

- Data Processing Agreement: In place

6.2 Analytics

Google Analytics

- Purpose: Website traffic analysis, user behaviour tracking

- Data Processed: IP address (anonymised), browser info, pages viewed

- Location: USA (EU-US Data Privacy Framework compliant)

- Privacy Policy: https://policies.google.com/privacy

- IP Anonymisation: Enabled

6.3 Payment Processing

Stripe / PayPal

- Purpose: Secure payment processing

- Data Processed: Payment card details, billing address, transaction history

- Location: USA / EU (GDPR compliant)

- Privacy Policy: [INSERT STRIPE/PAYPAL PRIVACY LINK]

- Note: We do NOT store full credit card numbers on our servers

6.4 Communication Tools

Email Service Provider (e.g., Google Workspace, Microsoft 365)

- Purpose: Email communication, calendar scheduling

- Data Processed: Email content, contact details, attachments

- Location: [INSERT LOCATION]

- Privacy Policy: [INSERT LINK]

Video Conferencing (e.g., Zoom, Google Meet)

- Purpose: Client consultations, training sessions

- Data Processed: Name, email, meeting recordings (with consent)

- Location: USA / EU

- Privacy Policy: [INSERT LINK]

6.5 Cloud Storage & Backups

[e.g., AWS, Google Cloud, Hetzner]

- Purpose: Secure data storage, website hosting, backups

- Data Processed: All client data stored on our systems

- Location: EU data centres (Germany preferred)

- Privacy Policy: [INSERT LINK]

7. INTERNATIONAL DATA TRANSFERS

Some of our service providers are located outside the European Economic Area (EEA), particularly in the USA.

How We Ensure Protection:

- EU-US Data Privacy Framework: Providers certified under this framework (e.g., Google, Stripe) ensure adequate protection

- Standard Contractual Clauses (SCCs): We use EU-approved SCCs with all non-EU processors

- Data Processing Agreements: All processors sign agreements ensuring GDPR compliance

Your Rights: You have the right to object to international transfers. Contact us for details.

8. DATA RETENTION

We retain your personal data only as long as necessary for the purposes outlined or as required by law.

Retention Periods:

| Data Type | Retention Period | Legal Basis |

|-----------|------------------|-------------|

| Active client data | Duration of contract + 3 months | Contract fulfillment |

| Inactive client data | 2 years after last contact | Legitimate interest |

| Financial records (invoices, payments) | 10 years | German tax law (AO, HGB) |

| Marketing consent data | Until consent is withdrawn | Consent |

| Website analytics data | 12-24 months | Legitimate interest |

| Support tickets & communication | 3 years | Legal obligation & legitimate interest |

| Backup data | 90 days (rolling backups) | Security & legitimate interest |

Deletion: After retention periods expire, data is securely deleted or anonymised.

Your Right to Erasure: You can request earlier deletion unless we have a legal obligation to retain data (see Section 9).

9. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

9.1 Right to Access (Art. 15 GDPR)

Request a copy of all personal data we hold about you, including:

- What data do we have

- Why do we process it

- Who we share it with

- How long do we keep it

9.2 Right to Rectification (Art. 16 GDPR)

Request correction of inaccurate or incomplete data.

9.3 Right to Erasure / "Right to Be Forgotten" (Art. 17 GDPR)

Request deletion of your data if:

- It's no longer needed for the original purpose

- You withdraw consent (for consent-based processing)

- You object to processing (and no overriding legitimate grounds exist)

- The data was unlawfully processed

Exceptions: We may refuse if we have a legal obligation to retain data (e.g., tax records for 10 years).

9.4 Right to Restriction of Processing (Art. 18 GDPR)

Request that we limit how we use your data if:

- You contest the accuracy of the data

- Processing is unlawful, but you don't want erasure

- We no longer need the data, but you need it for legal claims

- You've objected to processing (pending verification)

9.5 Right to Data Portability (Art. 20 GDPR)

Request a copy of your data in a structured, machine-readable format (e.g., CSV, JSON) so you can transfer it to another provider.

9.6 Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interest (e.g., analytics, marketing). We will stop unless we have compelling, legitimate grounds.

For direct marketing: You can always object - we will stop immediately.

9.7 Right to Withdraw Consent (Art. 7 GDPR)

If processing is based on consent (e.g., marketing emails), you can withdraw it anytime. This doesn't affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

If you believe we've violated your data protection rights, you can file a complaint with:

German Data Protection Authority:

Die Bundesbeauftragte fÃ¼r den Datenschutz und die Informationsfreiheit (BfDI)

Graurheindorfer Str. 153

53117 Bonn, Germany

Website: https://www.bfdi.bund.de

Phone: +49 (0)228 997799-0

Berlin Data Protection Authority:

Berliner Beauftragte fÃ¼r Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin, Germany

Website: https://www.datenschutz-berlin.de

Phone: +49 (0)30 13889-0

10. DATA SECURITY

We implement industry-standard security measures to protect your data:

Technical Measures:

- SSL/TLS encryption (HTTPS) for all website traffic

- Encrypted data storage (AES-256 or equivalent)

- Secure authentication (strong passwords, optional 2FA)

- Regular security updates and patches

- Firewall protection and intrusion detection

- Daily automated backups (stored securely, encrypted)

Organisational Measures:

- Access controls (only authorised personnel can access data)

- Employee training on data protection

- Non-disclosure agreements (NDAs) with team members

- Data Processing Agreements with all third-party processors

- Incident response plan for data breaches

Data Breach Notification:

If a breach occurs that poses a risk to your rights, we will:

- Notify the relevant data protection authority within 72 hours

- Notify affected individuals without undue delay

- Provide details of the breach, potential impact, and remedial actions

11. CHILDREN'S PRIVACY

Our services are intended for businesses and individuals aged 18+. We do not knowingly collect data from children under 16 (or the applicable age in your jurisdiction).

If we learn we've inadvertently collected data from a child, we will delete it immediately. Parents/guardians: contact us if you believe we have your child's data.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

- Changes in our services or data processing

- New legal requirements

- Improved data protection practices

Notification:

- We will post the updated policy on this page with a new "Last Updated" date

- For material changes, we will notify you via email or a prominent website notice

- Continued use of our services after changes indicates acceptance

Review Regularly: We recommend checking this page periodically.

13. SPECIAL NOTES FOR SPECIFIC SERVICES

13.1 Website Design & Development

When you engage us for website services, we collect:

- Content you provide (text, images, videos)

- Brand assets and guidelines

- Access credentials to your existing systems (stored securely)

We use this data solely to deliver your website and will delete or return it upon project completion (unless ongoing hosting/maintenance is contracted).

13.2 CRM Setup & Implementation

We configure GoHighLevel CRM on your behalf. You are the data controller for customer data entered into the CRM. We act as a data processor. A separate Data Processing Agreement (DPA) is signed.

13.3 SEO Services

For SEO services, we may access your:

- Google Analytics, Google Search Console

- Website backend

- Social media accounts (read-only)

Access is limited to what's necessary for service delivery and is revoked upon contract termination.

13.4 Marketing Automations

We set up email/SMS campaigns on your behalf. You remain the data controller for your customer/subscriber lists. We process data only per your instructions.