Privacy Page

Privacy Policy
Effective as of: June 19, 2025

1. Controller
Headuphigh GmbH
Langes Kamp 6
59427 Unna, Germany
Email: support@headuphigh.de
Represented by: Olga Reyes-Busch

2. General Information on Data Processing
We process personal data of our users only to the extent necessary to provide a functional website, deliver our services, and fulfill our contractual obligations.

Data processing is carried out in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

3. Collection and Storage of Personal Data and the Purpose of Processing
a) When visiting the website:
When accessing our website, information is automatically sent to our server and temporarily stored in log files:

IP address
Date and time of access
Name and URL of the accessed file
Referring website
Browser and operating system used
Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

b) Cookies & Consent Management:
Our website uses cookies and similar technologies. Upon your first visit, you can choose which categories to allow via a consent tool. Technically necessary cookies ensure functionality; others serve analytics or marketing purposes.

Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest)

c) Tracking & Analytics (e.g. Meta Pixel, TikTok Pixel, Google Analytics):
We use tracking tools to optimize our advertising and analyze user behavior. These may collect data such as IP address, on-site behavior, or conversions. Some services transfer data to third countries (e.g. the USA). In such cases, we ensure adequate data protection through appropriate safeguards.

Legal basis: Art. 6(1)(a) GDPR (consent)

d) Contact via form or email:
When you contact us, we process your submitted information (e.g. name, email, message) to handle your request.

Legal basis: Art. 6(1)(b) GDPR (contract initiation)

e) Newsletter Subscription:
When you subscribe to our newsletter, we store your email address and optional details. You can unsubscribe at any time. Emails are sent via a processor under a data processing agreement.

Legal basis: Art. 6(1)(a) GDPR (consent)

f) Messenger Communication (e.g. ManyChat, WhatsApp):
If you contact us via messenger platforms, your contact details and messages are stored for processing. The platforms' own privacy policies also apply.

g) Purchase via third-party platforms (e.g. Digistore24):
When purchasing digital products through Digistore24, their privacy policies apply. We only receive the data necessary to fulfill the contract. The platform acts as an independent controller under the GDPR.

h) Social Media (e.g. Instagram, Facebook):
We operate social media accounts. When you visit those platforms, their privacy policies apply. We receive aggregated insights data (e.g. reach, engagement). In some cases, data processing occurs jointly with Meta under Art. 26 GDPR.

i) Use of AI Tools:
We use AI-powered tools (e.g. ChatGPT, Gamma, HeyGen) for content creation, process optimization, and communication. Only low-risk systems as defined by the EU AI Act are used. No automated decision-making or profiling takes place.

For full transparency, please see our AI Transparency Statement, which outlines our use of AI tools and partnerships with third-party providers.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

4. Data Disclosure
We only share personal data:

for contract fulfillment (e.g. payment providers, delivery services)
where legally required
with your explicit consent
with processors under Art. 28 GDPR

5. Data Transfers to Third Countries
Some service providers (e.g. Meta, Google, TikTok) are located outside the EU. Where applicable, data transfers are based on appropriate safeguards under Art. 44 et seq. GDPR (e.g. EU Standard Contractual Clauses).

6. Data Retention
We retain personal data only as long as necessary for the respective purposes or as legally required.

7. Your Rights
Under the GDPR, you have the following rights:

Access (Art. 15)
Rectification (Art. 16)
Erasure (Art. 17)
Restriction of processing (Art. 18)
Data portability (Art. 20)
Objection to processing (Art. 21)
Withdrawal of consent (Art. 7(3))
Complaint to a supervisory authority (Art. 77)

8. Updates to This Privacy Policy
This Privacy Policy is current as of the date above. Due to legal or technical changes, updates may become necessary. The current version is always available on our website.