Privacy Policy

1. Data Privacy at a Glance

General Information

The following overview provides a simple summary of what happens to your personal data when you visit this website. “Personal data” refers to information that can identify you personally. For detailed information, please refer to the complete privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details under the section “Responsible Entity” in this privacy policy.

How do we collect your data?

Some data is provided by you, e.g. via a contact form. Other data is automatically or, where applicable, based on your consent, collected by our IT systems when you visit the site. These include technical data such as the browser, operating system, or time of page visit. Collection begins as soon as you access the site.

Why do we use your data?

Some data is necessary to deliver the website correctly. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to request, free of charge, information about the origin, recipients, and purpose of your stored personal data at any time, as well as rights to correction or deletion. You can withdraw consent at any time for future data processing. You also have the right, in certain cases, to restrict processing, and you may file a complaint with the relevant supervisory authority.

For further questions regarding data privacy, you can contact us at any time.

Analytics and Third‑Party Tools

When visiting this website, your browsing behavior may be statistically evaluated, mainly using analytics programs. Detailed information about these tools is provided in the full privacy policy below.

2. Hosting

We host this website with:

Strato AG, Otto‑Ostrowski‑Straße 7, 10249 Berlin – Germany.

When you visit the website, Strato collects various log files, including your IP address. Details can be found in Strato’s privacy policy.

Use of Strato is based on Article 6 (1) f GDPR — our legitimate interest in reliable website operation. If you have given consent, processing may also be based on Article 6 (1) a GDPR and §25 (1) TTDSG regarding cookies or device access. Consent can be revoked at any time.

We have a Data Processing Agreement (AVV) with Strato to ensure compliance with GDPR and that data is processed only on our instructions.

3. General Information and Mandatory Disclosures

Data Protection

We treat your personal data confidentially and in compliance with legal data protection regulations and this policy. We collect various personal data when you use this website. “Personal data” includes any information that identifies you personally. This policy explains what data we collect, how we use it, and for what purposes, as well as how it is processed.

Please note that data transmission over the internet (e.g., via email) may have security vulnerabilities, and absolute protection against third-party access cannot be guaranteed.

Responsible Entity

Olivia Krzemiński
Schälker Landstrasse 11b
58119 Hagen
Germany
Phone: +49 176 72597753
Email: hello@blocknotes.com

Storage Period

Unless otherwise stated, your personal data will be stored until the purpose of processing is fulfilled. If you request deletion or withdraw consent, we will delete your personal data unless we have lawful grounds to retain it (e.g., for tax or commercial retention requirements), in which case deletion will occur once those purposes expire.

Legal Bases for Data Processing

Consent: Article 6 (1) a GDPR (and Article 9 (2) a GDPR for special categories of data); for transfers to non‑EU countries, also Article 49 (1) a GDPR
Cookies/Device Access: §25 (1) TTDSG
Contractual Necessity: Article 6 (1) b GDPR
Legal Obligations: Article 6 (1) c GDPR
Legitimate Interest: Article 6 (1) f GDPR

Data Transfers to Non‑EU Countries

We use tools from companies based in non‑EU countries, including the U.S., which may not offer comparable data protection. If tools certified under the EU‑US Data Privacy Framework are used, or other safeguards applied, transfers are permissible. Details are provided further in this policy.

Recipients of Personal Data

We share personal data only when contractually required, legally obliged (e.g., tax authorities), or based on legitimate interest, and with processors under GDPR-compliant agreements or joint processing arrangements when applicable.

Withdrawal of Consent

You may withdraw any consent at any time. Withdrawal does not affect the legality of processing carried out before the withdrawal.

Right to Object (Art. 21 GDPR)

If processing is based on Article 6 (1) e or f GDPR, you have the right to object to processing on grounds relating to your particular situation; this also applies to profiling. If processing is for direct marketing, you may object at any time, including profiling related to direct marketing.

Complaint to Supervisory Authority

In case of GDPR violations, you have the right to lodge a complaint with the supervisory authority in your usual place of residence, workplace, or the location of the alleged violation. This does not affect other administrative or legal remedies.

Right to Data Portability

You have the right to receive data we process based on your consent or contract in a commonly used, machine-readable format, and to transfer it to another controller if technically feasible.

Rights to Access, Correction, and Deletion

You may request free access to your stored personal data, information on its origin, recipients, and processing purposes, and you also have correction or deletion rights. Please contact us at any time for requests.

Right to Restriction of Processing

You have the right to request restriction of processing in the following cases:

You contest accuracy and need time for verification.
Processing is unlawful and you prefer restriction over deletion.
We no longer need your data but you require it for legal claims.
You object to processing (Art. 21 (1) GDPR) pending balance of interests.

Restricted data may only be processed with your consent or for legal claims defense or public interest.

SSL/TLS Encryption

This website uses SSL/TLS for secure transmission of confidential content (e.g., orders, inquiries you send). You can identify a secure connection by “https://” and the lock icon in your browser. With encryption enabled, your data cannot be read by third parties.

Encrypted Payment Transactions

Whenever payment data (e.g., bank account for direct debit) is transmitted after entering a paid contract, it is processed over an encrypted SSL/TLS connection, identifiable by “https://” and the lock icon.

Objection to Marketing Emails

Use of contact details published under legal notice for sending unsolicited advertising and informational material is hereby objected to. We reserve the right to pursue legal action against sending unsolicited advertising, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called „cookies.“ Cookies are small data packets that do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are required to carry out electronic communication, to provide certain functions you desire (e.g., for the shopping cart), or to optimize the website (e.g., cookies for measuring the web audience) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically flawless and optimized provision of its services. If consent to store cookies and similar recognition technologies has been requested, processing is based solely on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

Consent with CookieYes

We also use CookieYes to manage your cookie preferences and ensure a compliant implementation of your consent. CookieYes is a service provided by CookieYes Limited, 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.

CookieYes collects your consent, IP address, browser information, device information, timestamp of your visit, and consent status. This data is stored in a cookie in your browser and on servers located in the EU.

The processing is based on your consent (Art. 6(1)(a) GDPR) and our legal obligation to document consent (Art. 6(1)(c) GDPR).

Contact Form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if requested; the consent can be revoked at any time.

The data you enter in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for the data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Inquiry via Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager lets us deploy tracking or analytics tools and other technologies on our site. It does not create user profiles, store cookies, or analyze data on its own. It only manages the tools loaded through it. Your IP address is collected and may be transferred to Google’s parent company in the United States.

We rely on Art. 6(1)(f) GDPR—the binding of legitimate interest—for its use. If you have consented, data processing is based on Art. 6(1)(a) GDPR and §25(1) TTDSG. Consent can be revoked any time.

Google is certified under the EU–US Data Privacy Framework (DPF), which commits them to uphold European data protection standards.

Google Analytics

This site uses Google Analytics by Google Ireland Limited. It helps us analyze visitor behavior— such as page views, session duration, operating systems used, and geographic origin. No User IDs are used, but mouse movements, scrolls, and clicks may be tracked. Google uses cookies or fingerprinting for user recognition. Data is transferred to and stored on Google servers in the United States.

Use of Google Analytics is based on your consent (Art. 6(1)(a) GDPR and §25(1) TTDSG) and can be withdrawn at any time. Data transfers are based on the EU standard contractual clauses.

IP anonymization is enabled—your IP is truncated within the EU/EEA before transmission. Only in rare cases is the full IP passed to Google in the U.S. and then shortened. Google will use this data to evaluate site usage and compile reports, without merging it with other Google data.

You can prevent data collection via Google by installing the browser plugin at https://tools.google.com/dlpage/gaoptout?hl=de. More info: Google Analytics Privacy.

Google Ads & Remarketing

We use Google Ads by Google Ireland Limited to display ads in Google Search and on others sites (keyword‑ and audience‑targeted). We receive aggregated info on which keywords triggered ads and the number of clicks.

Remarketing allows us to show personalized ads based on past interactions, across devices if you have a Google Account. Use of these tools is based on your consent (Art. 6(1)(a) GDPR and §25(1) TTDSG). Data transfers rely on standard contractual clauses and DPF certification.

Conversion Tracking allows us to see if actions (e.g., clicks, purchases) were completed after an ad, without identifying individuals. It uses cookies/fingerprinting. Basis for processing: your consent (Art. 6(1)(a) GDPR and §25(1) TTDSG).

Further info: Google Ads Privacy, Google Conversion Privacy.

Not here yet – but almost. Stay in the loop for early access + The free Signature Bookmark, just for insiders.