Privacy Policy

Represented by Simon Tozman, Managing Director.
Phone: +49 162 1694482
Email: info@st-munich.com

The following notes provide an overview of what happens to your personal data when you visit this website or contact us. Personal data is any data that can be used to identify you personally.

When you access this website, technically necessary data is automatically collected and processed in server logs by our hosting provider: IP address, time of request, transmitted data volume, browser type and operating system, referrer URL. Processing is based on Art. 6 (1) (f) GDPR (legitimate interest in a stable, secure operation of the website). Logs are deleted or anonymised within a maximum of 14 days.

This website uses only technically necessary cookies and comparable browser storage (e.g. for language preference and smooth scrolling). No consent is required for this (§ 25 (2) (2) TDDDG). We do not use tracking, advertising or analytics cookies.

If you contact us via the Bespoke configurator, by email or by phone, we process the data you submit (name, email address, description of your enquiry, optional inspiration image) to respond to your request. The legal basis is Art. 6 (1) (b) GDPR (initiation of a contract) or Art. 6 (1) (f) GDPR. We retain this data only as long as necessary to respond and thereafter only as required by statutory retention obligations.

We use service providers who process data on our behalf. Article 28 GDPR agreements are in place with all processors.

Currently in use:
Vercel Inc. (hosting, Frankfurt region fra1)
Resend (transactional email: internal atelier notification as well as an acknowledgement and confirmation email to the enquiring person)
Anthropic PBC (Bespoke response processing via the Claude language model)

Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992, server region Frankfurt am Main (eu-central-1). Purpose: customer authentication via magic-link procedure and storage of order data for display in the Atelier Portal. Data processed: email address, auth tokens, user profile (name, language preference), order metadata. Legal basis: Art. 6 (1) (b) GDPR (performance of a contract). Retention: until account deletion by the customer or up to three years after the last sign-in. Data Processing Agreement (DPA): supabase.com/legal/dpa. Provider’s privacy policy: supabase.com/privacy.

Asana, Inc., USA. Purpose: internal organisation and handling of Bespoke enquiries. When you send an enquiry via the Bespoke configurator, the data collected (name, email address, phone number, message history and any images you upload) is created as a task in Asana for processing. Legal basis: Art. 6 (1) (b) GDPR (initiation or performance of a contract) and Art. 6 (1) (f) GDPR (legitimate interest in orderly processing). As processing takes place in the USA, the transfer is based on the European Commission’s Standard Contractual Clauses (Art. 46 (2) (c) GDPR) as an appropriate safeguard.

Planned for a later project phase: Stripe (payment processing). This policy will be updated before activation.

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the lock symbol in your browser address bar and by the “https://” prefix.

You have the right at any time to free information about your stored personal data (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), objection (Art. 21 GDPR) and data portability (Art. 20 GDPR). For this and for further questions on the topic of personal data, you may contact us at any time.

You also have the right to lodge a complaint with a data protection authority. For our registered office, the competent authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Königstraße 10a, 70173 Stuttgart, Germany

Personal data is stored only as long as required for the respective purposes or as prescribed by statutory retention obligations (in particular under commercial and tax law). It is then deleted or anonymised.

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services. The current version will apply on your next visit.