Privacy Policy

Last updated: June 2026

This is an English translation for convenience. The German version is legally authoritative.

1. Privacy at a glance General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in the privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find her contact details in the “Information on the responsible party” section of this privacy policy.

How do we collect your data?
Your data is collected, on the one hand, when you provide it to us — for example, data you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of the page request).

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used, with your consent, to analyse your user behaviour.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. Hosting

We host the content of our website on a server in Germany (Falkenstein location). The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (“Hetzner”). For details, please see Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz/.

The use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. We have concluded a data processing agreement (DPA) with the provider, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”). Cloudflare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed through Cloudflare's network. This enables Cloudflare to analyse the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet.

The use of Cloudflare is based on our legitimate interest in the most error-free and secure provision of our website (Art. 6(1)(f) GDPR). Data transfer to the USA is based on the EU-US Data Privacy Framework and the EU Standard Contractual Clauses. Details: https://www.cloudflare.com/privacypolicy/. We have concluded a data processing agreement (DPA) with Cloudflare.

3. General information and mandatory disclosures Data protection

The operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy explains what data we collect and what we use it for, as well as how and for what purpose this happens. We point out that data transmission over the internet (e.g. communication by email) can have security gaps; complete protection of data against access by third parties is not possible.

Information on the responsible party

The party responsible for data processing on this website is:

Sandra Mannigel, Fotografin
Undinestraße 42
12203 Berlin, Germany
Phone: +49 155 6705 0950
Email: sandra@mannigel-photography.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage period

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing it (e.g. retention periods under tax or commercial law); in the latter case, deletion takes place once these reasons no longer apply.

General information on the legal basis for data processing

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR where special categories of data are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device, data processing is additionally based on § 25(1) TDDDG. Consent can be revoked at any time. If your data is required for the performance of a contract or for pre-contractual measures, we process it on the basis of Art. 6(1)(b) GDPR. We also process your data where it is necessary to comply with a legal obligation, on the basis of Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR.

Information on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA. When these tools are active, your personal data may be transferred to and processed in the USA. Where a provider is certified under the EU-US Data Privacy Framework, this is the basis for the data transfer; additionally, we base the transfer on the EU Standard Contractual Clauses. We point out that, in the opinion of the EU Commission, a level of data protection comparable to the EU may not be guaranteed in these countries.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object, on grounds relating to your particular situation, to the processing of your personal data; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection under Art. 21(1) GDPR).

If your personal data is processed for direct advertising, you have the right to object at any time to the processing of personal data concerning you for such advertising; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct advertising (objection under Art. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or the place of the alleged breach (for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit). This right exists without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time regarding this and other questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restriction of processing exists in particular if you contest the accuracy of your data, if the processing was unlawful, if we no longer need the data but you need it to assert legal claims, or if you have objected under Art. 21(1) GDPR and it has not yet been determined whose interests prevail.

SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser's address line changes from “http://” to “https://” and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising emails

We hereby object to the use of contact data published within the framework of the imprint obligation for sending unsolicited advertising and information materials. The operator of the pages expressly reserves the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam emails.

4. Data collection on this website Cookies

Our website partly uses so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Technically necessary cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. Where consent to the storage of cookies and comparable recognition technologies has been requested, processing is based exclusively on this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time. You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases or to exclude them generally.

Consent via our consent tool

Our website uses a self-hosted consent tool (cookie banner) to obtain your consent to the storage of certain cookies or the use of certain services and to document this in a data-protection-compliant manner. When you visit our website, your choice is stored in a technically necessary first-party cookie or in your browser's local storage. This data is not passed on to third parties.

The control of non-essential services (statistics, marketing) is handled via Google Consent Mode v2: before your consent, these services are not loaded. You can change or revoke your choice at any time via the “Cookie settings” link in the footer. The legal basis for storing your consent is Art. 6(1)(c) GDPR; the downstream services are loaded on the basis of your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request and IP address. This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The operator has a legitimate interest in the technically error-free presentation and optimisation of her website — for this, the server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent — with the exception of the technical service providers named in the following subsections.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) where requested. To prevent spam, we use technical measures (including a hidden honeypot field and a time check). The data you enter in the contact form remains with us until you ask us to delete it, revoke your consent to storage, or the purpose for storing the data no longer applies.

Email verification (Emailable)

After you enter an email address into the form, but before submitting it, the email address may be verified by an email verification service. This verification checks the email address for technical or syntactic correctness (whether the email address is spelled correctly and whether the mailbox exists). Email addresses classified as invalid or risky are rejected.

This service is provided by the processor EMAILABLE LLC, a US company based at 485 Underhill Blvd, Syosset, NY 11791, United States. Further details can be found in EMAILABLE, LLC's privacy policy: https://emailable.com/privacy-policy/. An email address is only transmitted to the processor for the purpose of immediate verification, stored in the account for 30 days and then automatically deleted. The legal basis is your implied consent through entering your data into the contact form (Art. 6(1)(a) GDPR). A basic format check of the email address already takes place without consent, directly in your browser. We have concluded a data processing agreement (DPA) with the provider.

Email delivery (Resend)

When you submit the contact form, the notification email to us and the confirmation reply to you are sent via the email service provider Resend (Plus Five Five, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA). Transactional email is sent from a dedicated subdomain to keep sending reputation isolated from the primary mailbox. Resend processes the data you enter (name, email address, subject, message) along with standard email metadata (sender, recipient, timestamp, delivery status). We use Resend's EU region (Ireland) for sending. A data processing agreement pursuant to Art. 28 GDPR is in place. Data transfer to the United States takes place on the basis of the EU-US Data Privacy Framework and, additionally, the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). For more information, see Resend's privacy policy: resend.com/legal.

5. Analytics tools and advertising GoatCounter (traffic measurement)

For anonymous, cookieless traffic measurement we use a self-hosted instance of GoatCounter. No cookies are set and no personal profiles are created; the IP address is not stored. The legal basis is our legitimate interest in privacy-friendly traffic measurement (Art. 6(1)(f) GDPR).

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool with which we can integrate tracking or statistics tools and other technologies on our website. Tag Manager itself does not create user profiles, store cookies or carry out independent analyses; it only manages and delivers the tools integrated through it. These are only triggered after your consent.

Hotjar

After your consent, we use Hotjar (Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) for the statistical evaluation of user behaviour (e.g. anonymised heatmaps and session recordings) in order to improve our offering. Cookies may be set. The legal basis is your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).

Google Ads & conversion tracking

After your consent, we use Google Ads including conversion tracking (Google Ireland Limited) to measure the effectiveness of our advertising. Cookies may be set. The legal basis is your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). The transfer to the USA is based on the EU-US Data Privacy Framework.

Fraud Blocker

After your consent, we use Fraud Blocker (Fraud Blocker, Inc., USA) to protect our advertising campaigns against click fraud. Technical data (including IP address, device and browser information) may be processed. The legal basis is your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).

6. Plugins and tools Self-hosted fonts

This website uses fonts hosted locally on our server for a consistent display of typefaces. No connection is established to third-party servers (e.g. Google Fonts); your IP address is not transmitted to third parties for this purpose.

Check the Google PageSpeed Insights report ↗ Built and maintained by Digital Domination ↗