Privacy Policy (Datenschutzerklärung)
This Privacy Policy explains how personal data is processed when you visit https://fosterhousestudio.com, contact us, or subscribe to our newsletter. We take your privacy seriously and process personal data only in accordance with the EU General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (BDSG).
1. Controller (Verantwortlicher)
The controller responsible for data processing on this website is:
Aleksandar Toncev, trading as Foster House Studios [FULL STREET ADDRESS] [POSTAL CODE] Berlin, Germany Email: toncevalek@gmail.com · Phone/WhatsApp: +49 152 0103 2831
A statutory Data Protection Officer (Datenschutzbeauftragter) has not been appointed, as we are not legally required to designate one.
2. Overview of the Data We Process
We keep data collection to a minimum. Depending on how you use the site, we may process:
- Contact-form data â the name, email address, and message content you submit.
- Newsletter data â the email address (and any name) you provide to subscribe.
- Server log data â technical connection data automatically generated when your browser requests the site.
- Third-party embed data â data flowing to YouTube, SoundCloud, or Spotify when you choose to load an embedded player (see Section 8).
We do not run advertising trackers, analytics cookies, fingerprinting, or profiling on this site. Audio previews are hosted on our own server, so ordinary playback does not load any third-party tracker.
3. Contact Form and Direct Enquiries
What / where: If you use the contact / licensing-enquiry form, the data you enter (name, email address, message) is transmitted to and stored in our own PostgreSQL database, which runs on our self-hosted server (see Section 6). If you contact us directly by email, WhatsApp, phone, or social media, we process the data contained in that communication.
Purpose: To receive, process, and respond to your enquiry (including quoting for and arranging licensing, mixing, mastering, sound design, or scoring work).
Legal basis:
- Art. 6 (1)(b) GDPR (steps taken at your request prior to entering a contract, and performance of a contract), where your enquiry concerns a service or licence; and/or
- Art. 6 (1)(f) GDPR (our legitimate interest in answering and administering enquiries) for general messages.
Retention: We keep enquiry data for as long as needed to handle your request and any resulting business relationship. Data that becomes part of a concluded contract or an invoice is kept for the statutory retention periods under German commercial and tax law (generally 6â10 years, §§ 257 HGB, 147 AO). Other enquiry data is deleted when it is no longer required, unless you have consented to further retention.
4. Newsletter / Email Marketing
What: If you subscribe to our newsletter, we process the email address (and any name) you provide.
How (processor): Newsletter and transactional emails are sent via Resend and/or Mailgun (see Section 7), acting as our processors under Art. 28 GDPR.
Double opt-in: We use a double opt-in procedure. After you subscribe, we send a confirmation email; your address is only added to the mailing list once you confirm. We log the subscription and confirmation (timestamp and IP address) to demonstrate consent.
Legal basis: Art. 6 (1)(a) GDPR (your consent). You may withdraw your consent at any time with effect for the future â every newsletter contains an unsubscribe link, or you can email us. Withdrawal does not affect the lawfulness of processing before withdrawal.
Retention: We retain your email address for newsletter purposes until you unsubscribe. After unsubscribing, your address may be kept on a suppression / blocklist for the sole purpose of honouring your unsubscribe request (legal basis: Art. 6 (1)(f) GDPR).
5. Licensing Enquiries and Payment
We do not currently operate a payment processor on the website. Licensing enquiries are handled via WhatsApp or email; any payment is arranged directly (e.g. by bank transfer or an off-site method agreed with you). Data you provide in that process is processed under Art. 6 (1)(b) GDPR to prepare and perform the licence agreement, and is retained under the statutory periods described in Section 3. [If you later add a payment provider (e.g. Lemon Squeezy, Stripe, PayPal), update this section to disclose that processor, the data shared, and its legal basis.]
6. Server Logs and Hosting (Hetzner VPS)
Our website is self-hosted on a virtual private server (VPS) provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, with data stored on servers located in Germany. Hetzner acts as our hosting processor under a data-processing agreement (Art. 28 GDPR).
When you access the site, the server automatically records technical information in log files, including:
- anonymised / abbreviated IP address of the requesting device,
- date and time of the request,
- the page/file requested and the amount of data transferred,
- HTTP status code,
- the referring URL (if provided) and your browser type / operating system (user-agent).
Purpose: To deliver the website, ensure stability and security, defend against attacks and abuse, and diagnose technical faults.
Legal basis: Art. 6 (1)(f) GDPR (our legitimate interest in a secure, functional website).
Retention: Log data is stored for a maximum of [e.g. 7â14] days and then deleted or anonymised, unless a specific security incident requires longer retention for evidence.
7. Data Processors and International Transfers
We use the following processors, each bound by a data-processing agreement under Art. 28 GDPR:
| Processor | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Hetzner Online GmbH | Website hosting / server (VPS) | Germany (EU) | Within the EU/EEA |
| Resend (Resend, Inc.) | Sending newsletter & transactional email | USA | SCCs + EU-U.S. Data Privacy Framework where applicable |
| Mailgun (Sinch / Mailgun Technologies, Inc.) | Sending newsletter & transactional email | USA | SCCs + EU-U.S. Data Privacy Framework where applicable |
International transfers: Where a processor is located in the United States, personal data is transferred outside the EU/EEA. Such transfers are safeguarded by the European Commission's Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2)(c) GDPR and, where the processor is certified, the EU-U.S. Data Privacy Framework. You may request a copy of the relevant safeguards using the contact details in Section 1.
8. Embedded Third-Party Media (YouTube / SoundCloud / Spotify)
Some pages may embed players from YouTube (Google Ireland Ltd. / Google LLC), SoundCloud (SoundCloud Global Ltd. & Co. KG), and/or Spotify (Spotify AB).
Two-click / load-on-click: These embeds are configured not to load automatically. Nothing is requested from those providers until you actively click to load or play a player. Only when you click do we establish a connection to the provider's servers, which allows the provider to receive data such as your IP address, the page you are on, device/browser information, and â if you are logged in to that service â to associate the interaction with your account. These providers may set cookies and process data outside the EU under their own privacy policies, over which we have no control.
Legal basis: Art. 6 (1)(a) GDPR â your consent, given by clicking to load the embed. Please review the providers' privacy policies:
- YouTube/Google: https://policies.google.com/privacy
- SoundCloud: https://soundcloud.com/pages/privacy
- Spotify: https://www.spotify.com/legal/privacy-policy/
9. Cookies
The website uses only technically necessary session/functional storage required for the site to operate (Art. 6 (1)(f) GDPR / § 25 (2) TTDSG). We do not set advertising, analytics, or tracking cookies. Third-party providers may set cookies only if and when you choose to load an embedded player (see Section 8).
10. Your Rights as a Data Subject
Under the GDPR you have the right, in respect of your personal data, to:
- Access (Art. 15) â obtain confirmation and a copy of the data we hold about you;
- Rectification (Art. 16) â correct inaccurate or incomplete data;
- Erasure (Art. 17) â have your data deleted ("right to be forgotten"), subject to statutory retention obligations;
- Restriction (Art. 18) â restrict processing in certain circumstances;
- Data portability (Art. 20) â receive data you provided in a structured, commonly used, machine-readable format;
- Object (Art. 21) â object at any time, on grounds relating to your particular situation, to processing based on Art. 6 (1)(f), and to object at any time to direct marketing;
- Withdraw consent (Art. 7 (3)) â withdraw any consent at any time with effect for the future.
To exercise any of these rights, contact us using the details in Section 1. We do not charge for this unless requests are manifestly unfounded or excessive.
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The authority competent for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI) Alt-Moabit 59â61, 10555 Berlin, Germany Website: https://www.datenschutz-berlin.de
You may also contact the supervisory authority of your habitual residence or place of work.
12. Data Security
We use appropriate technical and organisational measures (including TLS/SSL encryption in transit, access controls, and up-to-date server software) to protect your data against loss, misuse, and unauthorised access. Please note that data transmission over the internet can never be completely secure.
13. No Sale of Data / No Automated Decision-Making
We do not sell your personal data and do not share it with third parties except the processors listed in Section 7 or where required by law. We do not use your data for automated decision-making or profiling within the meaning of Art. 22 GDPR.
14. Children
This website and its services are not directed at children under the age of 16. We do not knowingly collect personal data from children.
15. Changes to This Policy
We may update this Privacy Policy to reflect changes in our services or in the law. The current version is always available on this page. Material changes will be indicated by an updated date below.
Controller: Aleksandar Toncev (Foster House Studios) · Last updated: [DATE]