Back to Home

Privacy Policy (GDPR)

1. Overview

This Privacy Policy explains how we process personal data when you visit this website, create an account, purchase a subscription, or contact us. “Personal data” means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).

2. Controller

Controller within the meaning of Art. 4(7) GDPR:

Pelle Krukow

Volksdorfer Str. 5

22081 Hamburg

Germany

Email: support@frozentweaks.com

Responsible for content under § 18(2) MStV: Pelle Krukow, address as above.

3. Personal Data We Process

  • Website access data: IP address, date/time, URLs visited, referrer, user agent, HTTP status, bytes transferred (server logs).
  • Account data: email address, password hash, internal user ID, plan/subscription status, timestamps.
  • Support data: contents of messages, email address, metadata.
  • Payment data: transaction identifiers and status information from our payment providers. We do not store full card numbers.
  • Cookies and similar technologies: essential cookies for login sessions and security. See “Cookies” below.

4. Purposes and Legal Bases (Art. 6 GDPR)

  • Provide the website, security, and logs: legitimate interests (Art. 6(1)(f) GDPR) in operating a secure, functional service.
  • Account creation, authentication, and customer area: contract performance or pre-contractual steps (Art. 6(1)(b) GDPR).
  • Payments and subscription management: contract performance (Art. 6(1)(b) GDPR) and legal obligations such as tax/commerce law (Art. 6(1)(c) GDPR).
  • Support and communication: contract performance (Art. 6(1)(b) GDPR) or legitimate interests (Art. 6(1)(f) GDPR) in responding to inquiries.
  • Consent-based features: if we request your consent for optional features, processing is based on Art. 6(1)(a) GDPR. You can withdraw consent at any time with effect for the future.

5. Cookies

We use essential cookies to keep you logged in, secure sessions, and prevent abuse. These cookies are necessary for the service and do not require consent. If we introduce non-essential cookies (e.g. analytics or marketing), we will request your consent and provide controls.

You can manage cookies in your browser settings at any time. If you block essential cookies, parts of the site may not function. If we add a cookie banner or settings, you will find it here: Cookie Settings.

6. Server Log Files

Our hosting environment automatically processes server logs to ensure availability and security. The data is stored for a limited period and deleted or anonymized unless needed for incident investigation.

7. Registration and Authentication

When you register, we store your email and a password hash. We may use session tokens or JSON Web Tokens (JWT) to authenticate your account. Do not share your credentials. We recommend enabling security best practices on your devices.

8. Payments

We use external payment processors to handle payments. Depending on your choice, the processor receives the necessary transaction data. We currently work with:

  • Mollie B.V. (EU payment service provider). Privacy information available on the provider’s website.
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. Privacy information available on the provider’s website.
  • NOWPayments for crypto payments. Privacy information available on the provider’s website.

Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (legal obligations). We do not store full card data on our servers.

9. Recipients and Processors

We may engage service providers (processors) for hosting, security, email delivery, customer support, and payments. These providers process data strictly under our instructions and under a data processing agreement in accordance with Art. 28 GDPR.

Where a provider is located outside the EU/EEA, appropriate safeguards such as the EU Standard Contractual Clauses (Art. 46 GDPR) are used. Copies or references to these safeguards can be requested from us.

10. International Data Transfers

If personal data is transferred to countries outside the EU/EEA, we ensure an adequate level of protection via adequacy decisions (Art. 45 GDPR) or appropriate safeguards (Art. 46 GDPR), typically the EU Standard Contractual Clauses.

11. Retention Periods

We retain personal data only for as long as necessary for the purposes stated, or as required by law (e.g. commercial/tax retention). Typical periods:

  • Account data: for the duration of your account; deletion upon request unless legal retention applies.
  • Contract, billing, and payment records: usually up to 10 years (German tax/commercial law).
  • Server logs and security data: typically days to months, longer if needed for incident analysis.
  • Support tickets/emails: as long as needed to handle your request plus applicable retention periods.

12. Your Rights (Arts. 15–21 GDPR)

  • Right of access to your data (Art. 15).
  • Right to rectification (Art. 16).
  • Right to erasure (“right to be forgotten,” Art. 17).
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object to processing based on Art. 6(1)(e) or (f) (Art. 21).
  • Right to withdraw consent at any time (Art. 7(3)), without affecting prior processing.

To exercise your rights, contact us at support@frozentweaks.com. You also have the right to lodge a complaint with a supervisory authority.

13. Supervisory Authority

You may lodge a complaint with your local authority or the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit).

Website: hamburg.de/datenschutz/ — Postal address available on the authority’s website.

14. Security

We use appropriate technical and organizational measures to protect personal data. This includes TLS encryption in transit, access controls, and least-privilege principles. No internet transmission or storage system is 100% secure.

15. Minors

Our services are not directed at children under the age required by applicable law for consent without parental approval. Do not register if you do not meet the legal age requirements.

16. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business developments. The “Last updated” date below indicates the current version.

Last updated: 06 November 2025