Last updated: 18.12.2025

1) Data Protection at a Glance

The following explains what happens to your personal data when you visit this website. “Personal data” means any information that identifies you (e.g., name, email, IP address). Detailed information appears in the sections below.

Data collection on this website

  • Who is responsible? Processing is carried out by the website operator (see “Controller Information” below).
  • How do we collect data?
    • Data you provide (e.g., via contact form, email, phone).
    • Data collected automatically or with your consent when you visit the site (technical data such as browser, operating system, IP address, access time).
  • For what purposes?
    • Ensure proper technical provision and security of the site.
    • Respond to your requests and, where applicable, initiate/execute contracts.
    • Statistical analysis of site usage (if analytics tools are enabled).
  • Your rights: access, rectification, erasure, restriction, portability, objection (including to direct marketing), withdrawal of consent, and lodging a complaint with a supervisory authority.
    → Contact: contact@fellerfinancialadvisory.com

2) Controller Information

Feller Financial Advisory
Homburger Landstraße 691, 60437 Frankfurt am Main, Germany
Phone: +49 (0)1522 945 90 84
Email: contact@fellerfinancialadvisory.com

The controller determines the purposes and means of processing personal data. At this time, no Data Protection Officer (DPO) is designated because it is not legally required given the scope of processing. If this changes, this policy will be updated.

3) Hosting (Hostinger)

We host the site with Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. When you visit, Hostinger may store server logs (including your IP address, URL accessed, date/time, user agent (browser/OS), referrer, and technical identifiers used for anti‑abuse).

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest: availability, security, performance).
    If consent is required (e.g., non‑essential cookies or device access/storage), the legal basis is Art. 6(1)(a) GDPR and Art. 25(1) TDDDG (German Telecommunications‑Digital Services Data Protection Act).
  • Processor agreement: A Data Processing Agreement (DPA) is in place with Hostinger; Hostinger processes data in accordance with our instructions and GDPR.
  • Hostinger Privacy Policy: <https://www.hostinger.fr/politique-de-confidentialite>

4) Legal Bases for Processing

We process your data under the following bases (details per activity in § 6):

  • Consent: Art. 6(1)(a) GDPR (and Art. 25(1) TDDDG for cookies/device identifiers).
  • Contract performance/pre‑contractual measures: Art. 6(1)(b) GDPR.
  • Legal obligation: Art. 6(1)(c) GDPR (e.g., tax/commercial retention).
  • Legitimate interests: Art. 6(1)(f) GDPR (IT security, fraud/abuse prevention, anonymized statistics).
  • Special categories (if ever processed): Art. 9(2)(a) GDPR, only with explicit consent.
  • Transfers to third countries (outside EEA): Art. 49(1)(a) GDPR with explicit consent, or reliance on Standard Contractual Clauses (SCC)/adequacy frameworks where available (see Google Maps in § 9).

5) Recipients / Categories of Recipients

  • Technical providers (hosting, IT, security, emailing).
  • Authorities (where legally required).
  • External advisors (legal/accounting) where necessary.
    Any disclosure is limited to what is necessary and relies on a valid legal basis (processing contract, legitimate interest, legal obligation, or consent).

6) Purposes, Data Processed, and Retention Periods

6.1 Server logs & security

  • Data: IP, timestamp, URL, referrer, user agent, status codes.
  • Purposes: operation, security, incident diagnostics, abuse prevention.
  • Legal basis: Art. 6(1)(f) GDPR.
  • Retention: typically 7–30 days (depending on host configuration); longer where a security incident requires it until resolved.

6.2 Contact form / email / phone / fax

  • Data: identity, contact details, message content, related metadata.
  • Purposes: handling requests, commercial follow‑up, pre‑litigation where needed.
  • Legal basis: Art. 6(1)(b) GDPR (pre‑/contractual) or Art. 6(1)(f) (legitimate interest: effective handling of requests); possibly Art. 6(1)(a) (if consent is used).
  • Retention: as long as necessary to process + up to 3 years after last interaction for legal defense; statutory obligations (e.g., 6 or 10 years for commercial/tax records in Germany) prevail where applicable.

6.3 Cookies and similar technologies

  • Necessary (session, preferences, security): site provision → Art. 6(1)(f) GDPR.
  • Functional/Personalization & Analytics/Marketing (if used): only with consent → Art. 6(1)(a) GDPR + Art. 25(1) TDDDG.
  • Retention: session to 13/24 months depending on the cookie.
  • Management: your browser lets you block/delete cookies; you can also manage preferences via our cookie banner (when displayed).

6.4 Pre‑contracts / contracts (if initiated or concluded via the site)

  • Data: identity, contact details, request content, billing data.
  • Legal basis: Art. 6(1)(b) GDPR; legal obligations Art. 6(1)(c).
  • Retention: as per statutory retention periods (notably tax/accounting).

7) Data Subject Rights

  • Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), Objection (Art. 21, including direct marketing).
  • Withdraw consent at any time (non‑retroactive).
  • Complaint: with the supervisory authority of your habitual residence/place of work or the place of the alleged infringement.
    → To exercise rights: contact@fellerfinancialadvisory.com

Right to Object – specifics
Where processing is based on Art. 6(1)(e) or (f) GDPR, you may object at any time on grounds relating to your particular situation; we will cease processing unless we demonstrate compelling legitimate grounds or the processing is needed to establish/exercise/defend legal claims.
If your data is processed for direct marketing, you may object at any time; we will stop processing for such purposes.

8) Transfers Outside the EEA

We strive to process data within the EU/EEA. Some third‑party services (e.g., Google Maps) may involve transfers to the United States. In such cases, we rely on SCC and/or the EU‑US Data Privacy Framework (DPF) where the provider is certified. Explicit consent may be required (Art. 49(1)(a) GDPR) to activate the functionality.

9) Plugins and Third‑Party Services

9.1 Google Maps

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

  • Data: IP address, device/browser settings; potential loading of Google Web Fonts for proper display.
  • Purpose: map integration, easier location finding.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or consent Art. 6(1)(a) GDPR + Art. 25(1) TDDDG (if cookies/device storage are involved).
  • Transfers: to the United States possible; bases: SCC and/or DPF (Google is DPF‑certified).
  • More info:
    • Google Privacy Policy: <https://policies.google.com/privacy>
    • SCC/terms: <https://privacy.google.com/businesses/gdprcontrollerterms/> and <https://privacy.google.com/businesses/gdprcontrollerterms/sccs/>
    • DPF certification: <https://www.dataprivacyframework.gov/participant/5780>

Conditional activation: Google Maps should only load after your consent via the cookie banner or a “double‑click” activation.

10) Data Security

We use SSL/TLS encryption. You can recognize it by “https://” and the padlock icon in your browser’s address bar. When encryption is active, transmitted data cannot be read by third parties.

11) Objection to Advertising Emails

Using the contact details published under the legal notice (Impressum) for unsolicited advertising is prohibited. We reserve the right to take legal action against spam.

12) Minors

Our website is not directed to children under 16. We do not knowingly collect their data. If you believe a minor has provided data to us, please contact us so we can delete it.

13) Obligation to Provide / Automated Decision‑Making

Providing your data is optional unless stated otherwise (e.g., data required for a contract). We do not perform automated decision‑making nor profiling within the meaning of Art. 22 GDPR.

14) Summary of Retention Periods

  • Server logs: 7–30 days (unless incident).
  • Requests (contact/email): duration of handling + up to 3 years (evidence); statutory obligations prevail.
  • Contract/invoicing data: per applicable legal retention periods.
  • Cookies: session to 13/24 months depending on type.

15) Updates to This Policy

We may update this policy for legal, technical, or operational reasons. The current version is the one published here with the last updated date.