HOME / GDPR

GDPR

GDPR

DATA PROTECTION DECLARATION

Preamble

With this Privacy Policy, we would like to inform you about the types of personal data (hereinafter also referred to simply as “data”) that we collect, the purposes for which they are processed, and the extent to which this occurs. This policy applies to all processing of personal data carried out by us in connection with the provision of our services – in particular on our websites, in mobile applications, and on external online presences such as our social media profiles (hereinafter collectively referred to as the “online offering”).

The terms used in this policy are not gender-specific.

Last updated: January 8, 2026

 

Controller

ANTI ANTI Studio
Luise-Ullrich-Straße 14
80636 Munich
Germany

Authorized representatives: Robert Kittlaus, Stefan Zeuner

Email address: hello@antianti.studio

Legal notice: https://www.antianti.studio/index.php/en/gdpr/

 

Overview of Processing Activities

The following overview summarizes the types of data collected, the purposes of processing, and the categories of data subjects concerned.

 

Types of Data Processed

  • Contact data
  • Content data
  • Usage data
  • Meta, communication, and procedural data
  • Log data

 

Categories of Data Subjects

  • Users

 

Purposes of Processing

  • Communication
  • Security measures
  • Reach measurement
  • Tracking and usage analysis
  • Target group analysis
  • Firewall protection
  • Obtaining feedback
  • Marketing measures
  • Creation of user-related profiles
  • Provision and optimization of the online offering
  • Operation of information technology infrastructure
  • Public relations

 

Relevant Legal Bases

Legal bases under the GDPR: Below you will find an overview of the GDPR provisions on which we base the processing of personal data. Please note that national data protection regulations of your place of residence or our place of business may also apply. In certain sections of this Privacy Policy, we may specify more detailed legal bases.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override those interests.

National data protection regulations in Germany: In addition to the GDPR, national regulations such as the German Federal Data Protection Act (BDSG) apply in Germany. These include, among other things, special provisions regarding rights of access, erasure, and objection, the processing of sensitive data, commissioned processing, and automated decision-making including profiling. In addition, state data protection laws may apply.

 

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the processing. In doing so, we take into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the risks to the rights and freedoms of natural persons.

This includes, in particular, safeguarding confidentiality, integrity, and availability through controls on physical and electronic access, access rights, input, disclosure, storage, and separation of data. Furthermore, we ensure that data subject rights are respected, data is deleted, and security incidents are handled appropriately. Data protection is taken into account as early as the development or selection of hardware, software, and procedures (“privacy by design” and “privacy by default”).

IP address truncation: IP addresses are truncated (“IP masking”) where not strictly necessary in order to make identification of users more difficult.

Encryption of online connections: We use TLS/SSL to protect data during transmission, ensuring secure communication between server and browser. The use of HTTPS indicates a secure connection.

 

Transfer of Personal Data

Personal data may be disclosed to third parties, companies, or organizational units, for example to IT service providers or providers of integrated services. Legal requirements are observed and contracts to ensure data protection are concluded.

Within the organization, data may be shared for the fulfillment of administrative tasks or contractual obligations, based on legitimate interests or statutory permissions.

 

International Data Transfers

Data transfers to third countries (outside the EU/EEA) are carried out only in compliance with legal requirements. For the United States, we rely on the Data Privacy Framework (DPF) and standard contractual clauses. Transfers to other third countries are safeguarded by standard contractual clauses, consent, or legally required measures.

 

General Information on Data Storage and Deletion

We delete personal data as soon as the legal basis no longer applies or consent is withdrawn, unless statutory obligations or overriding interests require longer storage. Documents relevant under commercial and tax law are archived accordingly.

If multiple retention periods apply, the longest period is decisive. Retention periods under German law:

  • 10 years: books, records, annual financial statements, inventories, management reports, opening balance sheets, and related documents
  • 8 years: accounting records, invoices, expense receipts
  • 6 years: other business-related documents, e.g. commercial and business correspondence, billing documents
  • 3 years: data relating to warranty and compensation claims

The retention period begins at the end of the year in which the triggering event occurred. In the case of ongoing contracts, this is the time of termination or end of the legal relationship.

 

Rights of Data Subjects

Under the GDPR, data subjects have, among others, the following rights:

  • Right to object: Objection to processing based on particular grounds or for direct marketing purposes.
  • Right to withdraw consent: Consent may be withdrawn at any time.
  • Right of access: Information about whether data is being processed, as well as a copy and details of the data.
  • Right to rectification: Correction or completion of inaccurate or incomplete data.
  • Right to erasure/restriction: Deletion or restriction of data processing in accordance with legal requirements.
  • Right to data portability: Provision of data in a machine-readable format or transfer to third parties.
  • Right to lodge a complaint: Complaint to the competent supervisory authority.

 

Provision of the Online Offering and Web Hosting

We process data in order to provide our online services. This includes IP addresses and usage information.

  • Types of data processed: Usage data, meta, communication, and procedural data, log data, content data
  • Data subjects: Users of the online offering
  • Purposes: Provision of the online offering, operation of IT infrastructure, security measures
  • Retention: In accordance with general deletion periods
  • Legal basis: Legitimate interests

 

Use of Cookies

Cookies store information on users’ devices to ensure functionality, security, convenience, and analysis of visitor flows. We use cookies in accordance with legal requirements, based on consent or legitimate interests.

  • Temporary cookies: Are deleted when the browser is closed.
  • Persistent cookies: Remain stored, for example for login status or analysis, for a maximum of up to two years.

Withdrawal and opt-out: Users may withdraw consent at any time and object to processing.

 

Presences on Social Networks (Social Media)

We maintain profiles on social networks and process user data there for communication, feedback, and public relations purposes. Data may be processed outside the EU, which may result in limitations in the enforcement of rights. Usage profiles may be created for advertising purposes.

 

Plug-ins and Embedded Content

We integrate content such as videos, graphics, or maps from third-party providers. These providers process IP addresses and other information for the purpose of displaying and optimizing the content. The legal basis is consent or legitimate interest.

 

Amendment and Update

We recommend reviewing this Privacy Policy regularly. Changes will be indicated if actions requiring user participation (e.g. consent) become necessary. Addresses and contact details may change and should be verified before making contact.

 

Definitions

  • Firewall: A security system designed to protect networks or computers from unauthorized access.
  • Content data: Information generated during the creation, editing, and publication of content, including metadata.
  • Contact data: Information used to communicate with individuals or organizations, e.g. telephone number, email address, postal address.
  • Meta, communication, and procedural data: Data concerning the manner of processing, communication, and internal procedures, e.g. metadata, logs, audit logs.
  • Usage data: Information about how visitors use the online offering, e.g. click paths, time of visit, device data.
Yaay!
Your request is in – we’ll be in touch shortly.
Got it.

switch to:

MAIL
Call
briefing
MÜNCHEN BERLIN LEIPZIG MÜNCHEN BERLIN LEIPZIG