Privacy Policy
Privacy Policy
Last updated: October 2, 2025 – v1.0
Data Controller
The data controller within the meaning of Art. 4 (1) of the Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) as well as national data protection laws, and the provider of the digital service within the meaning of the Telecommunications and Digital Services Data Protection Act (TDDDG), is:
Frautz Management GmbH
Lübecker Str. 89
23843 Bad Oldesloe
E-Mail: info@frautz-contemporary.com
Managing Director: Michael Frautz
For further details, please refer to the legal notice.
Contact data of the data protection team
For any questions or concerns regarding data protection, please contact our data protection team under privacy@frautz-contemporary.com
- Introduction
We prioritize the protection of your personal data. This Privacy Policy informs you about how we collect, use, and protect your data, in compliance with applicable data protection laws, particularly the GDPR and TDDDG.
- Hosting
The servers of our website are operated by the provider Dogado GmbH, a reliable hosting provider, situated in the EU (Germany) We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR. The legal basis for the use of external hosting is the fulfillment of a contract with our potential and existing customers in accordance with Art. 6 (1) (b) GDPR and our legitimate interest in the secure and high-performance provision of our website in accordance with Art. 6 (1) (f) GDPR (partly in conjunction with Art. 32 GDPR) and § 25 (2) TDDDG.
Each time our website is accessed, our system’s web server collects information from the end device used. We collect the following data:
- Information about the browser type
- Operating system of the user’s device
- Date and time of access
- The previous website from which the user accessed our websites (referrer)
This data is processed and partially stored in server log files for up to seven days, without drawing conclusions about the individual. The data is used to deliver website content correctly, ensure the IT-system’s functionality, prevent attacks, and assist law enforcement in cases of cyber-attacks.
2.1. Dogado
Our website is hosted by Dogado GmbH,a reliable hosting provider, situated in the EU (Germany). Dogado provides us with the technical resources needed to offer our website securely and efficiently. This includes storing and processing user data on Dogado servers, such as IP-addresses required for accessing our website and additional technical information necessary for site operation (e.g. log files).
Legal basis:
Data processing by Dogado is based on Art. 6 (1) (f) GDPR, as it is required to ensure the provision and secure operation of our website. We have a legitimate interest in providing a secure and stable website.
Location of servers and data security:
Dogado’s servers are located within the European Union, Germany. Dogado uses advanced security measures to protect your data from unauthorized access, loss or destruction. All data is processed exclusively in highly secure datacenters protected by state of the art firewalls and encryption technologies.
Data transmission to third parties:
Dogado processes data solely under our instructions and does not share this data with third parties unless legally required.
Storage duration:
Log files containing technical data such as IP addresses are stored for a maximum of seven days and then deleted unless a security-related event requires longer retention.
Essential Tools: (Necessary):
2.2. WordPress is the content management system (CMS) on which our website is based. It stores essential information to ensure the functionality of the website, including technically necessary cookies for session management and security tools to prevent malicious activities. No user behavior analysis is conducted.
Legal basis:
Processing is based on Art. 6 (1) (f) GDPR, as it is necessary to safeguard our legitimate interest in a secure and functional website. The information is not processed for advertising or analytics purposes.
Storage duration:
Session cookies are automatically deleted at the end of the browser session.
2.3. CloudFlare
We use the ‘Cloudflare’ service on our website to enhance security, performance, and reliability. The provider is Cloudflare, Inc. (“Cloudflare”),101 Townsend St., San Francisco, CA 94107, USA.
The legal basis for the use of Cloudflare is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to improve website performance, enhance security, and protect our website from malicious attacks.
The data processed by Cloudflare includes your IP address, system configuration information, device information, log data, and may include cookies to enhance security and performance.
The purpose of data processing is to enhance website security, performance optimization, and protection against malicious traffic.
Cloudflare states that logs are typically retained for up to 7 days by default. You can find this information in Cloudflare’s official privacy policy under the section ‘Data retention’: https://www.cloudflare.com/privacypolicy/
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. Cloudflare is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US. We have entered into a data processing agreement (DPA) with Cloudflare that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR.
Further information on the privacy policy of Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/
Information about the cookies used can be found at: https://www.cloudflare.com/cookie-policy/
- Contact
You can contact us by email, telephone, contact form, or letter, which may involve the processing of personal data. We process your data for the purpose of handling and processing your request. We will not disclose your data to third parties without your consent.
The legal basis for processing is our legitimate interest in the effective processing of your request in accordance with Art. 6 (1) lit. f GDPR.
When you contact us by email, we store your email address and the information contained in the email. If you use the contact form, your IP address will also be pseudonymized in addition to the information provided in the contact form. If you contact us by letter, your sender address and the content of the letter will be stored. If you contact us by telephone, we will collect personal data depending on the individual case.
We store your data until you request us to delete it or until the purpose of processing (the processing of your request) has been fulfilled.
- Recipients
Data is shared with external recipients only if technically necessary, required by law or if you have given consent.
These recipients may include public authorities, hosting providers, or other service providers.
Data may also be shared with external parties (e.g., lawyers) if needed to protect legal interests.
- Cookies and Tracking Tools Used
Our website uses cookies to ensure its functionality and to enhance your user experience. The setting and reading of these cookies are carried out based on § 25 (1) TDDDG and, where necessary, with your consent in accordance with Article 6 (1)(a) GDPR. To fulfill legal obligations, personal data is processed in accordance with Article 6 (1)(c) GDPR in conjunction with Article 32 GDPR.
6. Social media profiles
We maintain online profiles on the following social networks (hereinafter referred to as “social media”) in order to communicate with customers, interested parties, and the public and to draw attention to our services:
- Instagram (Meta Platforms, Inc.)
For information on the scope and purpose of data processing, please refer to the applicable privacy policies: (https://privacycenter.instagram.com/policy)
Processing is carried out on the basis of Art. 6 (1) lit. f GDPR, as we have a legitimate interest in contemporary public relations work. If consent is required, processing is carried out on the basis of Art. 6 (1) lit. a GDPR.
If you provide additional data (e.g., personal messages) to the services, your consent is generally required. Please note that we have no influence on data processing by social media providers. If you have any questions or wish to exercise your rights as a data subject (e.g., information, deletion), please contact the respective platform operator directly.
You can subscribe to or unsubscribe from our social media profiles at any time. If you do not want social media service providers to collect data about your visit to our profiles, please use the deactivation options (e.g., log out, advertising tracker blocking) in your user account or install appropriate browser add-ons.
- X (Twitter)
We use the ‘X’ service on our website to display social media content and enable user interaction. The provider is X Corp. (“X”), One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
The legal basis for the use of X is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. As long as you don’t click the button, no personal data will be transmitted to X.
Only when you actively click the button does your browser establish a direct connection to X’s servers and redirect you to the platform.
The data processed by X includes your IP address, account information, device and browser details, location data, and information about your interactions with the service; X also sets cookies to collect and store this information.
X collects data to build user profiles for purposes such as personalizing content and targeted advertising.
The purpose of data processing is to enable social interaction, content sharing, and personalized user experiences on the X/Twitter platform.
It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. X uses standard contractual clauses designed to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries. X is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US. We have entered into a data processing agreement (DPA) with X that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR.
Further information on the privacy policy of X can be found at: https://x.com/en/privacy
- Data Storage and Deletion
Data is stored only as long as necessary for the intended purpose or as legally required.
Business-related data is retained for the duration of the relationship, following retention and documentation obligations stemming from the German Commercial Code (HGB) and Fiscal Code (AO), and based on applicable statutory limitation periods.
8. Security of Processing
Frautz Management GmbH implements security measures per Art. 32 GDPR to protect personal data, including encryption and routine security evaluations.
- Data Subject Rights
You, as the data subject, have the following rights under the General Data Protection Regulation (GDPR):
Right to access (Art. 15 GDPR)
You have the right to request information about what personal data is stored about you, for what purpose it is processed, from whom it was received or to whom it is disclosed, and how long it will be stored.
Right to rectification (Art. 16 GDPR)
You can request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.
Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)
Under certain circumstances, you may request the erasure of your personal data, e.g. if it is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data, for example if you dispute the accuracy of the data or if the processing is unlawful but you request restriction instead of erasure.
Right to data portability (Art. 20 GDPR)
You can request that the personal data concerning you that you have provided to us be transmitted to you in a structured, commonly used and machine-readable format – or that we transfer this data directly to another controller.
Right to object (Art. 21 GDPR)
You have the right to object to the processing of your personal data at any time, provided that the processing is based on the legitimate interests of our company or on a task that is in the public interest. In the event of a justified objection, we will cease processing unless there are compelling legitimate grounds for the processing.
Withdrawal of consent (Art. 7 GDPR)
If you have given us your consent, you can withdraw it at any time for the future without giving reasons.Should we process data to safeguard our legitimate interests, you may object to this processing at any time for reasons arising from your particular situation. The objection will be effective going forward.
Under the GDPR and the Federal Data Protection Act (BDSG), certain limitations apply to the right of access under Art. 15 GDPR and the right to erasure under Art. 17 GDPR. Specifically, the restrictions in Sections 34 and 35 of the BDSG apply.
To exercise your rights, you may contact our Data Protection Team any time using the contact details provided.
Additionally, you have the right to file a complaint with a data protection supervisory authority (in accordance with Art. 77 GDPR in conjunction with § 19 BDSG).
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel
Telefon: +49 431 988-1200
E-Mail: mail@datenschutzzentrum.de
Contact
If you have questions about our information offerings or wish to exercise your rights, you may contact us through our contact form on the Frautz Contemporary website or by emailing us directly at privacy@frautz-contemporary.com
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy as needed. The current version is always available on our website.