Privacy policy
Status: 18 February 2026
Scope of application: This privacy policy applies to www.dr-frenzel.com. Our legal notice applies to www.dr-frenzel.com and Dr Frenzel's presence on LinkedIn, YouTube and other platforms.
1) Responsible person and contact
Dr Hartmut Frenzel
Fuhlrottstr. 15, 42119 Wuppertal, Germany
Phone: +49 160 29 12 140
e-mail: frenzel@dr-frenzel.com
Website: https://dr-frenzel.com
Data protection officer (internal): Dr Hartmut Frenzel.
2) Purposes and legal bases
We process personal data to:
- Provision, stability and security of this website,
- Handling of business communication (e-mail, video conferencing),
- Initiating, executing and finalising mandates (incl. electronic signatures),
- Fulfilment of commercial/tax obligations,
- Management of consents (cookie consent),
- Display of optional external content and web analytics (only with consent).
Legal basis (GDPR): Art. 6 para. 1 lit. b (contract/initiation), lit. c (legal obligations), lit. f (legitimate interests: secure operation, efficient communication), lit. a (consent for optional services; revocable).
3) Data processing in detail
3.1 WordPress hosting (lima-city)
Our WordPress installation is hosted by TrafficPlex GmbH („lima-city“), Konsul-Smidt-Str. 90, 28217 Bremen, Germany. Server log files (e.g. IP address, date/time, URL, referrer, user agent) are processed to ensure stability and security.
- Legal basis: Art. 6 para. 1 lit. f GDPR
- Storage period: usually 7-14 days
- AV contract exists
3.2 Email & video conferencing: Mailbox.org
Communication via Heinlein Hosting GmbH („Mailbox.org“), Berlin. Depending on usage, meta and content data (e.g. IPs, duration, text/audio/video) are processed.
- Legal basis: Art. 6 para. 1 lit. b and lit. f GDPR
- AV contract concluded
3.3 Project/mandate management: Meistertask; electronic signatures: inSign
Master task (MeisterLabs GmbH, Zugspitzstrasse 2, 85591 Vaterstetten, Germany) for task/project management: project-related content, comments, contact and usage metadata.
- Legal basis: Art. 6 para. 1 lit. b (contract) and lit. f (efficient internal organisation)
- DP agreement; any international transfers on the basis of suitable guarantees (e.g. standard contractual clauses)
inSign (inSign GmbH) for electronic signatures; processing of documents and identification/signature data.
- Legal basis: Art. 6 para. 1 lit. b GDPR
- AV contract exists
3.4 Financial accounting: tax consultant & DATEV
In order to fulfil legal obligations, we transmit accounting-relevant data to our tax consultant (independently responsible), who uses DATEV, among other things.
- Legal basis: Art. 6 para. 1 lit. c GDPR
3.5 Consent management: CCM19
Cookie/consent management via „CCM19“ (Papoo Software & Media GmbH). Storage of your decision (consent/refusal) to fulfil legal obligations to provide evidence.
- Legal basis: Art. 6 para. 1 lit. c GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR
3.6 Google Site Kit, Search Console & PageSpeed Insights
We use the WordPress plugin „Google Site Kit“ to manage Google services and view reports. Only the services described below (GTM/GA4/YouTube) are relevant for website visitors. Google Search Console and PageSpeed Insights do not set cookies for visitors on our website.
- Legal basis: Art. 6 para. 1 lit. f GDPR (efficient administration)
- Provider: Google Ireland Limited; transmission to the USA (SCC) if necessary
3.7 Google Tag Manager (GTM)
The GTM manages tags and loads optional services (e.g. GA4) only after consent has been given.
- Legal basis: Art. 6 para. 1 lit. a GDPR (consent via CCM19)
- Third country transfer: possible (USA) on the basis of standard contractual clauses; residual risks of access by authorities cannot be ruled out
3.8 Google Analytics 4 (GA4)
Purpose: Analysis of website use, range measurement, optimisation.
- IP anonymisation: active
- Data retention: 14 months
- Google Signals/Advertising features: deactivated
- Data categories: Usage data (click paths, interactions), device information; cookies/similar technologies
- Legal basis: Art. 6 para. 1 lit. a GDPR (consent; revocable via CCM19)
- Third country transfer: possible (USA) via standard contractual clauses
3.9 YouTube integrations
If possible, we use the „extended data protection mode“ (youtube-nocookie.com). Content is only loaded after consent has been given; the IP address and cookie data can then be transmitted to YouTube/Google.
- Legal basis: Art. 6 para. 1 lit. a GDPR
- Provider: Google Ireland Limited; third country transfer possible (USA, SCC)
3.10 Steady (widgets incl. payments/newsletter)
Provider: Steady Media GmbH, Wattstraße 11, 13355 Berlin. Embeddings/widgets on our website and - if used - memberships, newsletters and payment processing via Steady. Necessary cookies as well as device and usage data may be processed during loading.
- Embedding/tracking: Art. 6 para. 1 lit. a GDPR (consent via CCM19)
- Memberships/newsletters/payments: Art. 6 para. 1 lit. b GDPR (contract fulfilment by Steady); connected payment services (e.g. Stripe/PayPal) are independent controllers
3.11 WordPress core and technically necessary services
Functions required for operation (e.g. security, caching, preference cookies) may process personal data to a small extent.
- Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure, functional operation)
4) Recipient categories
- Host: lima-city (TrafficPlex GmbH)
- Communication services: Mailbox.org
- Project/Signature: Meistertask (MeisterLabs GmbH), inSign
- Analysis/embeddings: Google (GTM/GA4/YouTube), Steady
- Consultant/service provider: Tax consultant (with DATEV)
Data will only be passed on to authorities if required by law.
5) Third country transfers
In the case of Google services and any external embedding, data may be transferred to the USA. The legal basis is the EU Commission's Standard Contractual Clauses (SCC). Despite contractual/organisational measures, access by public authorities cannot be completely ruled out.
6) Storage period
- Server logs: typically 7-14 days
- GA4: 14 months
- Contract/billing data: in accordance with statutory retention obligations (e.g. HGB/AO)
7) Your rights
According to the GDPR, you have the right to information, rectification, erasure, restriction of processing, data portability and objection to processing based on legitimate interests. You can revoke your consent at any time with effect for the future.
Right to lodge a complaint: The competent supervisory authority includes the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).
9) Security
We take appropriate technical and organisational measures (e.g. encryption, access controls) to protect personal data against loss, misuse and unauthorised access.
10) Changes to this privacy policy
We will amend this declaration if necessary. The current version published on this website applies.