Privacy policy.

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data refers to all data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Amelie Baumbach
Journey to Santosha
Virchowstraße 3
65191 Wiesbaden
Germany
Phone: +49 179 2437655
Email: amelie@baumbach.cc

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you visit our website purely for informational purposes (i.e., without registering or otherwise submitting information), we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following technically necessary data:

• Website visited

• Date and time of access

• Amount of data sent (in bytes)

• Source/reference (from which website you accessed us)

• Browser used

• Operating system used

• IP address used (possibly in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. This data will not be disclosed or used for other purposes. However, we reserve the right to retrospectively check server log files if there is specific evidence of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (such as inquiries or orders), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” in your browser’s address bar and the padlock symbol.

3) Hosting & Content Delivery Network

Squarespace
We use the services of the following provider to host our website and display content:

Squarespace, Le Pole House, Ship Street Great, Dublin 8, Ireland

All data collected on our website is processed on the servers of this provider.
We have concluded a Data Processing Agreement (DPA) with the provider, which ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.
In the course of these services, data may also be transferred to Squarespace Inc. in the United States.

The provider is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection based on a decision by the European Commission.

4) Cookies

To make your visit to our website more attractive and to enable the use of certain features, we use cookies—small text files stored on your device. Some cookies are deleted after the browser session ends ("session cookies"), while others remain stored to retain your settings ("persistent cookies"). You can view the duration of storage in your browser’s cookie settings.

Where cookies involve the processing of personal data, we process this data based on:

• Art. 6(1)(b) GDPR – if necessary for contract performance

• Art. 6(1)(a) GDPR – if consent has been given

• Art. 6(1)(f) GDPR – based on our legitimate interest in the functionality and user-friendliness of the site

You can configure your browser to notify you about cookie placement, accept them on a case-by-case basis, or reject cookies entirely.
Please note that deactivating cookies may restrict website functionality.

5) Contacting Us

When contacting us (e.g., via contact form or email), we collect personal data. Which data is collected depends on the input form used. This data is stored and used solely for the purpose of responding to your inquiry and related technical processes.

The legal basis for processing is our legitimate interest in responding to your request (Art. 6(1)(f) GDPR). If your contact aims to initiate or fulfill a contract, Art. 6(1)(b) GDPR additionally applies.
Data will be deleted once the inquiry is resolved and no legal retention obligations apply.

6) Web Analytics Services

Squarespace Analytics
This website uses the analytics service from:

Squarespace, Le Pole House, Ship Street Great, Dublin 8, Ireland

The service collects and stores pseudonymized visitor data using cookies and similar technologies (tracking pixels, web beacons, device/browser identification). This includes device data such as IP address and browser info to analyze user behavior and create pseudonymized usage profiles. This allows for the evaluation of behavior patterns (e.g., heatmaps, scrolls, clicks).

No personal identification takes place; no linkage to identifiable data is made.

All such processing and the reading or storage of data on your device takes place only after your explicit consent (Art. 6(1)(a) GDPR). Consent can be revoked at any time via the cookie consent tool on the website.

A DPA has been signed with Squarespace to ensure proper data protection and to prevent unauthorized third-party disclosure.

Squarespace is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with EU data protection standards.

7) Website Functionality

Adobe Fonts (Typekit)
We use web fonts from:

Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA

When visiting our site, your browser loads the required fonts directly from Adobe’s servers. In doing so, browser-specific data including your IP address may be transmitted to Adobe.

This data processing only occurs after your explicit consent (Art. 6(1)(a) GDPR), which can be withdrawn at any time via the cookie consent tool. If your browser does not support web fonts, a default system font is used.

Adobe participates in the EU-U.S. Data Privacy Framework.

8) Cookie Consent Tool

To obtain legally valid consent for cookies and cookie-based applications, this website uses a cookie consent tool. The tool appears upon page load as an interactive interface allowing you to consent to specific cookies and services by ticking checkboxes.

Only services for which consent is given will be loaded—ensuring compliance with data protection laws.

Technically necessary cookies are used to save your consent preferences. As a rule, no personal data is processed unless required to assign or log consent (e.g., IP address). In such cases, processing occurs based on our legitimate interest (Art. 6(1)(f) GDPR) and our legal obligation (Art. 6(1)(c) GDPR) to implement a compliant cookie management system.

Where applicable, we have signed a DPA with the provider to ensure data protection.

You can find more details in the consent tool interface on our website.

9) Links to Social Media Profiles

Our website contains links to our profiles on Instagram and Pinterest. These are simple external links (not embedded plugins or social media widgets). When you click on these links, you will be redirected to the respective platform, which may then collect personal data from you in accordance with their own privacy policies.

We have no control over how these third-party platforms process your personal data. For more information, please consult the privacy policies of:

• Instagram (Meta Platforms Ireland Ltd.)

• Pinterest (Pinterest Europe Ltd.)

10) Data Subject Rights

10.1 Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restrict processing (Art. 18 GDPR)

• Right to notification (Art. 19 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to withdraw consent (Art. 7(3) GDPR)

• Right to lodge a complaint (Art. 77 GDPR)

10.2 Right to Object

IF WE PROCESS YOUR DATA BASED ON OUR LEGITIMATE INTERESTS PURSUANT TO ART. 6(1)(F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
WE WILL THEN STOP PROCESSING YOUR DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS OR THE PROCESSING SERVES TO ESTABLISH, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR DIRECT MARKETING PURPOSES, YOU MAY OBJECT TO THIS PROCESSING AT ANY TIME.
ONCE YOU OBJECT, YOUR DATA WILL NO LONGER BE USED FOR DIRECT MARKETING.

11) Data Retention Period

The duration of data storage depends on the applicable legal basis, the purpose of processing, and—where relevant—statutory retention periods (e.g., under commercial or tax law).

• If processing is based on your consent (Art. 6(1)(a) GDPR), data is stored until you withdraw consent.

• If processing is based on contractual necessity (Art. 6(1)(b) GDPR), data is stored until the contract ends and no further obligations remain.

• If processing is based on our legitimate interest (Art. 6(1)(f) GDPR), data is stored until you object under Art. 21(1) GDPR unless overriding grounds apply.

For processing related to direct marketing under Art. 6(1)(f) GDPR, data is stored until you object under Art. 21(2) GDPR.

Unless otherwise stated in this policy, personal data will be deleted when it is no longer necessary for the purposes for which it was collected or processed.

Status: Wiesbaden, March 25th, 2025