Skip to content
Oakfyn
Data Protection

Privacy Policy

Last updated: 14 June 2026

This privacy policy explains how Oakfyn GmbH i.G. (“we”, “us”) collects, uses, and protects personal data when you visit this website. We process personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

1. Controller

The controller responsible for data processing on this website within the meaning of the GDPR is:

Oakfyn GmbH i.G.
Lindenallee 1, 31832 Springe, Germany
Email: info@oakfyn.com
Phone: +49 172 3673593

For all questions regarding data protection you may contact us at any time using the details above.

2. Your rights as a data subject

Under the GDPR you have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR) — to obtain confirmation as to whether and which data we process about you.
  • Right to rectification (Art. 16 GDPR) — to have inaccurate data corrected.
  • Right to erasure (Art. 17 GDPR) — to have your data deleted, where no retention obligation applies.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR) — to object, on grounds relating to your particular situation, to processing based on our legitimate interests.
  • Right to withdraw consent (Art. 7 (3) GDPR) — with effect for the future, where processing is based on your consent.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The authority competent for us is the State Commissioner for Data Protection of Lower Saxony (Die Landesbeauftragte für den Datenschutz Niedersachsen), lfd.niedersachsen.de. You may, however, contact the supervisory authority of your habitual residence.

3. Right to object

Where we process your personal data on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation. We will then no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

4. Access data and server log files

When you visit this website, the provider of the website’s infrastructure (see “Hosting” below) automatically collects and stores information in so-called server log files, which your browser transmits automatically. These are:

  • browser type and version
  • operating system used
  • referrer URL
  • host name of the accessing device
  • time of the server request
  • IP address

This data is not merged with other data sources. The processing is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the technically error-free presentation and the security of our website. Log data is stored only for as long as necessary for this purpose and is then deleted or anonymized.

5. Hosting

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA (“Vercel”). When you visit the website, Vercel processes the access data and server log files described above in order to deliver the website. The legal basis is Art. 6 (1) (f) GDPR; our legitimate interest lies in the secure and efficient provision of our website.

Processing takes place in part on servers in the United States, a third country within the meaning of the GDPR. We have concluded a data processing agreement (Art. 28 GDPR) with Vercel and rely on the EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR as the safeguard for the transfer of personal data to the USA. Further information can be found in Vercel’s privacy policy: vercel.com/legal/privacy-policy.

6. Cookies and tracking

This website does not use tracking cookies, web analytics, advertising pixels, or comparable technologies that require consent. We only use technically necessary data required to deliver the site. For this reason, no cookie consent banner is displayed. Should we introduce analytics or marketing tools in the future, we will obtain your prior consent (Art. 6 (1) (a) GDPR, § 25 (1) TDDDG) and update this policy accordingly.

7. Fonts

The fonts used on this website are hosted on our own server (or that of our hosting provider) and are loaded locally. No connection to a third-party font provider (such as Google Fonts) is established, and no personal data is transmitted to such providers for this purpose.

8. Contacting us by email

If you contact us by email, the personal data you provide (e.g. your name and email address) and the content of your message will be stored and processed by us for the purpose of handling your enquiry and any follow-up questions. The legal basis is Art. 6 (1) (b) GDPR where your enquiry relates to the performance of a contract or pre-contractual measures, and otherwise Art. 6 (1) (f) GDPR based on our legitimate interest in responding to enquiries. We delete this data once it is no longer required, unless statutory retention periods apply.

9. Booking a call

Our “Book a call” button is an external link to an appointment-scheduling page operated by Google (“calendar.app.google”). When you click the link, you leave this website and are taken to a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (and, where applicable, Google LLC, USA). Any data you enter there to book an appointment is processed by Google as part of Google Workspace. We have no influence over the data processed by Google through this scheduling page. Please refer to Google’s privacy policy for details: policies.google.com/privacy. We use this service on the basis of our legitimate interest in offering a simple way to schedule a call (Art. 6 (1) (f) GDPR).

10. Data security

This website uses TLS/SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the “https://” prefix in the address bar of your browser. We take appropriate technical and organizational measures to protect your data against manipulation, loss, or unauthorized access.

11. Data retention

We process and store your personal data only for as long as is necessary to achieve the purpose for which it was collected, or for as long as statutory retention periods (for example under commercial or tax law) require. Once the purpose ceases to apply and no retention obligation remains, the data is routinely deleted.

12. Changes to this privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or in order to reflect changes to our services. The version published here applies to your visit.