Privacy Policy

Effective date

Effective date: 13 October 2025

1. Controller

Marlene Zeising and Tom Zeising (GbR)
Bergheimer Str. 28, 69115 Heidelberg, Germany

Email: info@escaping2earth.com
Website: https://escaping2earth.com

This privacy policy explains how we process personal data when you visit and use our website (Arts. 13 and 14 GDPR).

2. Data protection officer

We are currently not legally required to appoint a data protection officer; the thresholds (in particular, at least 20 people who regularly engage in automated processing) do not apply to us at the moment (Art. 37 GDPR in conjunction with Sec. 38 BDSG).

Contact for privacy enquiries: info@escaping2earth.com

3. General information on legal bases, purposes and necessity

Legal bases: Art. 6 (1) lit. a (consent), lit. b (contract/pre-contractual steps), lit. c (legal obligation), lit. f (legitimate interests) GDPR.

Storage on end devices / cookies and similar technologies: Setting or reading non-essential cookies requires prior consent under Sec. 25 TDDDG (formerly TTDSG); consents are obtained in line with the GDPR.

Necessity of providing data: Without certain information (e.g. your email address for the newsletter) we cannot provide the respective service.

4. Hosting & infrastructure

4.1 Render (hosting/platform)

We host the website with Render. Render processes server log data (e.g. IP address, timestamp, user agent, referrer) to provide, stabilise and secure the service. Legal basis: Art. 6 (1) lit. f GDPR (operation/security).

International transfers: Render offers regions in the United States and the EU (including Frankfurt). Depending on the deployment, personal data may be transferred to third countries. Render provides a Data Processing Addendum (including Standard Contractual Clauses) and a list of subprocessors.

4.2 Cloudflare (CDN, DDoS/WAF protection)

We use Cloudflare as a content delivery network and security layer. Requests are routed through Cloudflare servers and technically necessary security cookies are set, including __cf_bm (bot management) and cf_clearance (proof of a successful challenge). Legal basis: Art. 6 (1) lit. f GDPR (security/performance).

International transfers: Cloudflare is certified under the EU-U.S. Data Privacy Framework; Standard Contractual Clauses (SCCs) provide additional safeguards.

5. Server log data

When you access our pages, we and/or our hosting provider automatically process your IP address, date/time, requested resource, HTTP status, amount of data transferred, referrer and user agent. Purpose: delivery, abuse detection, stability, evidence. Legal basis: Art. 6 (1) lit. f GDPR. Retention: log data are deleted once they are no longer required for these purposes; in the event of security incidents, they are retained until clarification is complete.

6. Cookies, local storage & consent management

6.1 Principles

Technically necessary cookies or storage technologies (e.g. for delivery or security) are used without consent.

Non-essential cookies (e.g. marketing/personalisation, affiliate tracking, analytics) are set only after consent (opt-in) under Sec. 25 TDDDG; you can withdraw your consent at any time with effect for the future.

6.2 Consent banner / CMP

We use a consent management platform (CMP) that provides users in the EU, United Kingdom and Switzerland with transparent choices. For Google advertising, Google requires a Google-certified CMP with IAB TCF integration in the EEA/UK (since 16 January 2024) and in Switzerland (since 31 July 2024). You can change your preferences at any time via the “Cookie settings” link in the footer.

6.3 Summary of the legal situation

In Germany, the obligation to obtain consent for non-essential cookies/trackers arises from Sec. 25 TDDDG; the provision refers to the GDPR for the requirements (voluntary, informed, unambiguous). Violations may result in sanctions.

7. Google AdSense (advertising)

We integrate Google AdSense. Depending on your consent, we display personalised or non-personalised ads:

Personalised ads: Google uses cookies/identifiers and processes usage data to select personalised advertising (profiling). Legal basis: consent (Art. 6 (1) lit. a GDPR in conjunction with Sec. 25 TDDDG).

Non-personalised ads: Ads are served contextually; nevertheless, Google requires a CMP signal and specific disclosures about ad tech partners. We comply with Google’s EU User Consent Policy (clear information, obtaining/withdrawing consent, naming recipients; use of a Google-certified CMP).

Note: The CMP lists the ad technology providers in use (Google “Ad technology providers”) and their purposes. You can view updates there at any time.

8. Affiliate links & partner programmes

We use affiliate links on selected pages to earn commissions for qualifying transactions. When you click such links, the respective affiliate partner may set cookies or identifiers to attribute conversions (e.g. click ID, timestamp, referrer).

Legal basis: consent (Art. 6 (1) lit. a GDPR in conjunction with Sec. 25 TDDDG). Without consent no marketing or tracking cookies are placed. The list of affiliate networks/partners in use can be found in the consent banner and/or on the “Partners & providers” page.

9. Comments

You can comment on posts. We process the data you submit (e.g. name/pseudonym, comment content, time) as well as your IP address and user agent to prevent abuse and spam.

Legal bases:

Publication/comment function: Art. 6 (1) lit. a GDPR (consent when submitting) or lit. f (legitimate interest in public discussion).
Spam/abuse prevention, IT security: Art. 6 (1) lit. f GDPR.

Retention: Comments remain published until deleted; IP/user agent data for spam prevention are stored for a maximum of [e.g. 7–30 days], unless a security incident requires longer retention.

10. Newsletter (delivery via third-party services)

10.1 Sign-up & double opt-in

We require your email address (optional: name) for the newsletter. We use a double opt-in process: after signing up you receive an email asking you to confirm your subscription. Legal basis: consent (Art. 6 (1) lit. a GDPR); the German Act Against Unfair Competition (UWG) also applies to email marketing. You can withdraw consent/unsubscribe at any time using the link at the end of each newsletter.

Existing customer exception (Sec. 7 (3) UWG): Email marketing may, in limited cases, be sent without separate consent (similar own products/services, address collected in connection with a sale, clear opt-out notice). We only rely on this exception where legally permissible.

10.2 Mailing services (processors)

We use an external newsletter service provider (processing under Art. 28 GDPR). At the time of this update this may be Brevo (Sendinblue GmbH, Berlin, EU) or Mailchimp (Intuit Inc., USA). Details:

Brevo (Sendinblue GmbH): Köpenicker Str. 126, 10179 Berlin; data processing in the EU; see Brevo’s legal pages for privacy information and the data processing agreement.
Mailchimp (Intuit Inc., USA): Used on the basis of the EU-U.S. Data Privacy Framework and Standard Contractual Clauses; see Mailchimp for details on EU data transfers.

Transparency: The active provider is named in the newsletter sign-up section; data processing agreements are in place.

10.3 Measurement/profiling within the newsletter

Depending on the provider’s features, we may measure opens, clicks and unsubscribes (e.g. via tracking pixels). Legal basis: consent (Art. 6 (1) lit. a GDPR). You can object to tracking or withdraw consent at any time (unsubscribe link).

11. Communication (email/contact)

When you contact us via email, we process your information to handle the request. Legal basis: Art. 6 (1) lit. b GDPR (contract/pre-contractual steps) or lit. f (general enquiries). Retention: until completion of the request, followed by statutory retention periods where applicable.

12. Recipients & categories

Infrastructure: Render (hosting), Cloudflare (CDN/security).

Advertising: Google (AdSense) and the ad tech providers named in the CMP.

Newsletter: Mailing services as described in section 10.

Affiliate partners/networks: As listed in the consent banner or on the “Partners & providers” page.

Authorities/consultants: Only where legally required (Art. 6 (1) lit. c) or to defend legal claims (lit. f).

13. International transfers

Where service providers in third countries (e.g. the United States) process data, we ensure an adequate level of protection through instruments such as EU Standard Contractual Clauses (SCCs) and/or participation in the EU-U.S. Data Privacy Framework (e.g. Cloudflare, Mailchimp).

14. Retention

We delete personal data once the purpose has been fulfilled and no statutory obligations require further retention. Specific retention periods arise from the processing activities described above (e.g. log data, comment IPs, newsletter records).

15. Your rights

Subject to the conditions of the GDPR you have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21; in particular to direct marketing) and withdrawal of consent (Art. 7 (3)). To exercise these rights, send a message to info@escaping2earth.com.

Right to lodge a complaint: You may lodge a complaint with a supervisory authority. For Baden-Württemberg this is the State Commissioner for Data Protection and Freedom of Information (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart; P.O. Box 10 29 32, 70025 Stuttgart; phone +49 711 615541-0; email: poststelle@lfdi.bwl.de.

16. Withdrawal/opt-out & “Cookie settings”

You can withdraw consents at any time with future effect:

via the “Cookie settings” link in the footer,
for email marketing via the unsubscribe link in each newsletter.

You may object to direct marketing at any time (Art. 21 GDPR).

17. Minors

Our services are not directed at children under 16 years of age. Where consent is required, it is only valid for minors below the age of 16 if their parent or guardian agrees (Art. 8 GDPR; national deviations may apply).

18. Security

We implement technical and organisational measures (including TLS encryption, hardened infrastructure, role-based access). Cloudflare adds protection against attacks (WAF/bot management) and Render provides scalable hosting.

19. Changes to this notice

We update this privacy policy whenever services, legal requirements or technology change. The current version is available at /datenschutz.