Privacy policy

How we handle your personal data

01

Controller

The controller (data controller) within the meaning of the GDPR is:

Daniel Geiger – The Digital District
Heidenfeldstrasse 4, 10249 Berlin, Germany
Email: info@the-digital-district.com

There is no separate data protection contact; please use the contact details above.

02

General information

This Privacy Policy explains how we process personal data when you use our website www.the-digital-district.com.

“Personal data” means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR)

03

Hosting and server log files

Our website is hosted by:

mittwald CM Service GmbH & Co. KG (Germany)
Königsberger Straße 4–6, 32339 Espelkamp, Germany 

When you visit our website, our hosting provider processes technical access data (server log files), in particular:

  • IP address
  • date/time of access
  • requested page/URL
  • referrer URL
  • browser type/version, operating system
  • status codes and transmitted data volume

 

Purpose: secure and stable operation of the website, troubleshooting, and protection against misuse.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Storage duration: log data is stored for a limited period and deleted in accordance with operational and security requirements (exact retention period depends on the hosting configuration).

mittwald operates data centres in Germany.

04

Contacting us (email / contact form)

If you contact us (e.g., by email or via a contact form), we process the data you provide (e.g., name, email address, message content and any other information you submit).

Purpose: handling your enquiry and communicating with you.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / contract) or Art. 6(1)(f) GDPR (legitimate interest in responding).
Storage duration: we delete enquiries when they are no longer required for processing, unless statutory retention obligations apply.

Contact form provider: [CONTACT FORM PLUGIN / PROVIDER – e.g., “Fluent Forms”, “WPForms”, “Contact Form 7”]
Spam protection: [SPAM PROTECTION – e.g., “Cloudflare Turnstile / hCaptcha / reCAPTCHA”]

Email delivery / SMTP: emails are sent via SMTP through our hosting provider (mittwald).

05

Cookies, consent management (Cookiebot), and Cookie Declaration

06

Google Tag Manager (GTM)

We use Google Tag Manager to manage website tags. Google Tag Manager itself does not necessarily create user profiles; it is used to deploy and control other tags. Whether and which data are processed depends on the tags that are activated and on your consent settings.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Legal basis: Art. 6(1)(a) GDPR (consent), where GTM is used to deploy non-essential tags; otherwise Art. 6(1)(f) GDPR for technically required tag management.

GTM Container ID: [GTM-XXXXXXX]

07

Google Analytics 4 (GA4) via GTM

We use Google Analytics 4 to measure and analyse website usage and to improve our website.

Provider: Google Ireland Limited (Ireland).
It cannot be ruled out that data may also be transferred to Google LLC (USA). 

Data processed (examples):

  • online identifiers (e.g., cookie IDs if consented)
  • device and browser information
  • approximate location (derived from IP address)
  • usage data (pages viewed, events, interactions)

 

Purpose: audience measurement, website optimisation, statistical analysis.
Legal basis: Art. 6(1)(a) GDPR (consent via Cookiebot), together with § 25(1) TDDDG for any storage/access on your device where applicable. 

GA4 Measurement ID: G-JEMCSSXXNB
Data retention (GA4): 14 months (as configured).
Google Signals: enabled (as configured).
Enhanced measurement / detailed location and device data: enabled (as configured).

Consent Mode v2 & cookieless pings:
We use Google Consent Mode v2. If you do not consent to analytics cookies, Google may still receive limited information in the form of “cookieless pings” (aggregated/technical signals) to support consent-aware measurement and modelling. This does not involve setting analytics cookies on your device without consent. (Legal basis remains your consent for analytics; cookieless pings support consent-mode functionality.)

08

Potential future use of Google Ads

At present, we do not use remarketing or conversion advertising tags for marketing purposes. If we enable Google Ads features (e.g., conversion tracking, remarketing), this will only happen with your consent via Cookiebot (Marketing category), and the Privacy Policy will be updated accordingly.

09

Google Fonts

We use Google Fonts, which may be loaded from Google’s servers. This can involve the transmission of your IP address and technical device information to Google.

Provider: Google Ireland Limited (Ireland); potential transfer to Google LLC (USA).
Purpose: consistent and attractive presentation of fonts.
Legal basis: Art. 6(1)(a) GDPR (consent) if loaded only after consent; otherwise Art. 6(1)(f) GDPR (legitimate interests in a consistent presentation).

10

Recipients, data processing, and international transfers

We use service providers (processors) for hosting and consent management, and Google services for measurement/tag management.

  • mittwald (hosting) – Germany.
  • Cookiebot by Usercentrics (CMP) – processing typically within EU/EEA under a data processing agreement.
  • Google (GTM/GA4, potentially Google Fonts) – Google Ireland Limited; potential transfers to the USA may occur. Google states compliance with the EU-U.S. Data Privacy Framework and also uses appropriate safeguards such as standard contractual clauses where applicable.

11

Storage durations

Unless a specific retention period is stated in this Privacy Policy:

  • We store personal data only as long as necessary for the stated purposes, or as required by law.
  • GA4 retention is configured to 14 months (see above).

12

Your rights

You have the following rights under the GDPR (subject to legal requirements):

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing prior to withdrawal

To exercise your rights, contact: info@the-digital-district.com

13

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). In Berlin, the competent authority is generally the Berlin Commissioner for Data Protection and Freedom of Information.

14

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is published on this page.