Privacy Policy

Last updated: January 2026

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR):

Alphashots - Toni Jahn

St. Antonius Straße 5, 95145 Oberkotzau, Germany

Email: info@tonijahn.com

Phone: +49 151 65066807

2. Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing.

Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. form entries), usage data (e.g. pages visited, access time), meta/communication data (e.g. IP addresses).

Purposes of processing: Provision of our website and content, responding to contact inquiries, appointment bookings, security measures.

3. Legal Basis

Below we inform you about the legal basis for processing personal data:

Consent (Art. 6 para. 1 lit. a GDPR): You have given your consent to the processing for a specific purpose.
Contract performance and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR): Processing is necessary for the performance of a contract or pre-contractual measures.
Legitimate interests (Art. 6 para. 1 lit. f GDPR): Processing is necessary to protect our legitimate interests, unless your interests or fundamental rights prevail.

4. Security Measures

We take technical and organizational security measures to protect your data. This website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser address bar changes from 'http://' to 'https://' and by the lock symbol in your browser bar.

5. Hosting

This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). When visiting the website, server log data is processed, including: IP address, browser type and version, operating system, referrer URL, access time.

Legal basis: Legitimate interest in the secure provision of the website (Art. 6 para. 1 lit. f GDPR).

Third-country transfer: Vercel is certified under the EU-US Data Privacy Framework and uses Standard Contractual Clauses. More information: https://vercel.com/legal/privacy-policy

Storage period: Server log files are deleted after a maximum of 30 days.

6. Database and Storage (Supabase)

For storing contact requests and appointment bookings, we use Supabase (Supabase Inc., USA). Data is stored on servers in the EU (region eu-west-1, Frankfurt).

Processed data: Name, email address, phone number (optional), message content, appointment details.

Legal basis: Contract performance or pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Security: Data is stored with AES-256 encryption. Supabase is SOC 2 Type 2 certified.

Third-country transfer: A data processing agreement (DPA) has been concluded with Supabase. Supabase is certified under the EU-US Data Privacy Framework.

Storage period: Contact requests are deleted after completion of processing and expiry of any retention periods, at the latest after 3 years.

7. Email Service (Resend)

For sending emails (confirmations, notifications), we use Resend (Resend Inc., USA).

Processed data: Email address, name, message content.

Legal basis: Contract performance (Art. 6 para. 1 lit. b GDPR) for confirmation emails.

Third-country transfer: Resend is certified under the EU-US Data Privacy Framework. A data processing agreement has been concluded with Resend. Resend is SOC 2 certified.

More information: https://resend.com/legal/privacy-policy

8. Contact Form

When you contact us via the contact form, your details are stored for processing the inquiry and for possible follow-up questions.

Processed data: Name, email address, company (optional), phone (optional), topic, budget, timeline, message.

Legal basis: Implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR) or legitimate interest (Art. 6 para. 1 lit. f GDPR).

Storage period: Data is deleted as soon as it is no longer required for the purpose of its collection, at the latest after 3 years.

9. Appointment Booking

For online appointment booking, we process the following data:

Processed data: Name, email address, phone (optional), desired appointment, notes.

Legal basis: Implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Storage period: Booking data is deleted after the appointment has taken place and any retention periods have expired.

10. Cookies

This website only uses technically necessary cookies required for the operation of the website (e.g. cookie consent preferences, language settings). No tracking cookies or advertising cookies are used.

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) for technically necessary cookies.

11. Analytics Tools

This website does not use any third-party tracking or analytics tools such as Google Analytics. No profiling or automated decision-making takes place.

12. Your Rights

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You can request information about your processed data.
Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.
Right to erasure (Art. 17 GDPR): You can request deletion of your data.
Right to restriction of processing (Art. 18 GDPR): You can request restriction of processing.
Right to data portability (Art. 20 GDPR): You can receive your data in a machine-readable format.
Right to object (Art. 21 GDPR): You can object to processing based on legitimate interest.
Withdrawal of consent: You can withdraw any given consent at any time. The lawfulness of processing carried out until withdrawal remains unaffected.

13. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. Competent supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany

https://www.lda.bayern.de

14. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to changed legal situations or changes to the service. The current version can always be found on this page.

Questions about privacy?

If you have questions about the collection, processing, or use of your personal data, please contact us:

info@tonijahn.com

Back to homepage