Privacy Policy
Effective: February 2026
Last updated: February 2026
This Privacy Policy explains how Paperframe7 UG (haftungsbeschränkt) (“PaperFrame•7”, “we”, “us”) processes personal data when you visit our website, contact us, subscribe to updates, or book and attend our retreats.
1. Controller & Contact
Controller:
Paperframe7 UG (haftungsbeschränkt)
Belgradstr. 68, 80804 Munich, Germany
Phone: +49 151 52452142
Email: n.ondrak@paperframe7.com
Managing Director: Niclas Ondrak
We have not appointed a Data Protection Officer (not legally required). For privacy inquiries, please email n.ondrak@paperframe7.com.
Non-therapeutic scope: PaperFrame•7 is coaching-oriented. Please do not submit clinical or detailed medical histories via standard forms.
2. What data we process
- Website & technical data: IP address, browser info, device type, logs (security).
- Marketing & Pixel Data: If you consent via our Cookie Banner, we process usage data (pages visited, buttons clicked) and conversion events (e.g., "Application Submitted") via the Meta Pixel to optimize our advertising.
- Contact & Lead Data: Name, email, phone, job title (optional), and answers provided in forms (Squarespace, Typeform) or Meta Lead Ads.
- Booking & Travel Data: Identity, passport details (for hotels/visa), flight times, rooming preferences.
- Substitute Participant Data: If a booking is transferred to a colleague (Corporate Transfer), we process their data identical to the original participant.
- Payment Data: Transaction references (via Stripe/Bank). We do not see full credit card numbers.
- Health/Dietary (Special Categories): Allergies/intolerances solely for safety/catering (based on explicit consent).
3. Purposes & Legal Bases
| Purpose | Legal Basis (GDPR) |
|---|---|
| Website Security | Art. 6(1)(f) (Legitimate Interest) |
| Ad Conversion Tracking & Retargeting (Meta Pixel) | Art. 6(1)(a) (Consent via Cookie Banner) |
| Booking & Retreat Delivery | Art. 6(1)(b) (Contract Performance) |
| Processing Leads (Meta Forms) | Art. 6(1)(b) (Pre-contractual steps) |
| Newsletter | Art. 6(1)(a) (Consent) |
| Health/Dietary Requirements | Art. 9(2)(a) (Explicit Consent) |
4. International Data Transfers (Vietnam)
To deliver the retreat (e.g., hotel check-in, transfers, activities), we must transfer data to recipients in Vietnam (a third country without an EU adequacy decision).
Transfer Basis: We rely on Art. 49(1)(b) GDPR (necessary for the performance of a contract) and explicitly for strictly limited additional services requested by you or required for local safety compliance. Without this transfer, the retreat cannot be conducted locally.
5. Cookies & Tracking (Meta Pixel)
We use cookies to ensure the website functions securely. Additionally, only with your consent (via the Cookie Banner), we use marketing pixels (e.g., Meta Pixel) to:
- Measure Conversion: We track specific actions (e.g., submitting an application form) to understand if our ads are successful.
- Create Audiences: We may exclude you from seeing ads once you have already applied (Exclusion Targeting) or show you reminders if you didn't finish.
- Optimize Delivery: We allow Meta to use this data to find other professionals similar to our current applicants (Lookalike Audiences).
Provider: Meta Platforms Ireland Ltd. You can revoke this consent at any time by clearing your browser cookies or adjusting the Cookie Settings on our site.
6. Payments
Stripe: Credit card payments are handled by Stripe Payments Europe Ltd. We do not store card data. Stripe acts as an independent controller for transaction security. Data may be transferred to the US under Standard Contractual Clauses (SCCs).
Bank Transfer: We process IBAN/BIC/Name for invoice reconciliation (Art. 6(1)(c) - Tax obligations).
7. Photos & Testimonials ("The Vault Rule")
We respect your privacy and professional reputation. We will only take or publish identifiable photos/videos of you for marketing purposes if you have given us your separate, explicit consent (e.g., on-site via a media release form). You may decline this without any disadvantage. If you decline, you will not appear in any public material.
8. Social Media Leads (Meta/Instagram)
When you use a "Lead Form" on Instagram/Facebook, Meta and PaperFrame•7 act as Joint Controllers for the collection phase. Once the data reaches our systems, PaperFrame•7 is the sole controller. For Meta’s processing, please see the Meta Privacy Policy.
9. Retention
- Leads/Inquiries: Deleted after 3 years (standard limitation period) or upon your revocation to allow for long-term decision making cycles.
- Booking/Fiscal Data: 10 years (German Tax Code).
- Health/Diet Data: Deleted promptly after the retreat ends or once the specific safety purpose is fulfilled, unless required for the defense of legal claims.
10. Your Rights
You have the right to access, rectification, erasure, restriction, and data portability. You can revoke consents (Newsletter, Cookies, Photos) at any time.
To exercise your rights, email: n.ondrak@paperframe7.com.
Supervisory Authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).