Skip to main content
Big Wolf Business

Privacy Policy

Protecting your personal data is important to us. This privacy policy informs you in accordance with Art. 13/14 GDPR and § 25 TTDSG (German telecom-telemedia data protection act) about what data we process, for what purpose and on what legal basis.

Last updated: ·

1. Controller

The controller within the meaning of the GDPR is:

Big Wolf Business Owner: Saad Dyab Wehldorfer Str. 25 27616 Beverstedt Germany

Email: info@bigwolfbusiness.com Phone: +49 1578 0958196

2. Your rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), as well as the right to object (Art. 21) and to withdraw consent already given (Art. 7 para. 3). To exercise your rights, an informal email to info@bigwolfbusiness.com is sufficient.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). Our competent supervisory authority is:

Die Landesbeauftragte für den Datenschutz Niedersachsen Prinzenstraße 5, 30159 Hannover, Germany https://lfd.niedersachsen.de

3. Server log files

When you access our website, the hosting provider records technical data in server log files: anonymised IP address, date and time of the request, requested URL, referrer, user agent. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stability, security and error analysis). Retention: 30 days, then automatic deletion or anonymisation.

4. Hosting — Vercel

Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut CA 91789, USA. Technical delivery is performed from the "fra1" data centre in Frankfurt am Main (EU). A data processing agreement (Art. 28 GDPR) is in place with Vercel. Vercel is certified under the EU-US Data Privacy Framework; standard contractual clauses are additionally used. Vercel privacy policy: https://vercel.com/legal/privacy-policy

5. Database — Neon

Structured data (e.g. incoming contact form submissions, operational records) is stored in a PostgreSQL database operated by Neon Inc., USA. A data processing agreement is in place with Neon. Neon is certified under the EU-US Data Privacy Framework and additionally uses standard contractual clauses.

6. Contact form & email delivery — Resend

When you use our contact form, we collect the data you provide (typically name, email address, message). Confirmation and notification emails are sent via Resend, Inc., USA. Legal basis: Art. 6(1)(b) GDPR (initiation/performance of a contract) or Art. 6(1)(f) GDPR (legitimate interest in efficient handling of inquiries). Resend is DPF-certified; an Art. 28 data processing agreement is in place.

Retention: until your inquiry is resolved. If a business relationship arises from your inquiry, the commercial and tax-law retention periods apply (§ 257 HGB, § 147 AO; up to 10 years).

7. Google Tag Manager & marketing tools

If you consent to the "Marketing" category in the cookie banner, we load Google Tag Manager (container GTM-5HL35X6F) provided by Google Ireland Limited. Google Tag Manager serves as a container for additional marketing and analytics tags (e.g. Google Analytics, Google Ads, Meta Pixel) and allows their configurable delivery. As long as you have not granted consent, Google Tag Manager is not loaded and no data is collected through it. Legal basis: Art. 6(1)(a) GDPR and § 25(1) TTDSG (consent).

You can withdraw your consent at any time via the "Cookie settings" link in the footer.

8. Cookies & local storage

We use cookies and local-storage entries exclusively in the following categories:

• Necessary (no consent required, Art. 6(1)(f) GDPR): – "bwb-theme" (local storage, persistent) — stores your theme preference (light/dark) – "bwb-consent" (local storage, persistent) — stores your cookie consent

• Marketing (consent required): – Cookies set by Google Tag Manager and the tags configured through it. A complete list depends on the respective tag configuration and will be added here as soon as such tags go live.

9. Retention periods

We store personal data only as long as necessary to achieve the respective purpose, or as required by statutory retention obligations.

• Server logs: 30 days • Contact form submissions: until resolved; business-relevant correspondence up to 10 years (§ 257 HGB) • Consent record (cookie banner): until withdrawn or until re-prompt (12 months)

10. Data security

Transmission is encrypted via HTTPS/TLS. We apply technical and organisational measures in line with the state of the art to protect your data against unauthorised access, loss or manipulation.

11. Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or in order to implement changes to our services. The new privacy policy will then apply to your next visit.

Step 1/4

What do you need?

Select all that apply