This privacy policy explains how personal data may be processed when you visit stillfin.org or contact STILL Financial Services GmbH using the details provided on this website.
1. Controller
STILL Financial Services GmbH
Berzeliusstraße 10
22113 Hamburg
Germany
Telephone: +49 40 / 7339 2040
Email: info@stillfin.org
2. Data that may be processed
Website access and server logs
When the website is accessed, the hosting infrastructure may process technical data such as IP address, date and time, requested file, referring page, browser type, operating system and response status. This data is needed to deliver the website, maintain security and diagnose technical faults.
Contact by email or telephone
If you contact us, we process the information you provide, such as your name, company, contact details and message, to handle the enquiry. The contact form on this website does not submit data to a website server. It prepares a message in your own email application, which you can review before sending.
Cookie preference
The website stores your cookie-banner choice in the browser so the banner does not reappear on every visit. No advertising or behavioural profile is created.
3. Purposes and legal bases
Depending on the circumstances, processing may be based on our legitimate interests in providing a secure and functional website, taking steps in response to an enquiry, fulfilling legal obligations, or your consent where consent is specifically requested. The applicable basis is determined by the context and relevant data protection law, including the General Data Protection Regulation.
4. Hosting and external resources
Technical service providers may process data on our behalf where necessary to host and operate the website. The site also loads Phosphor Icons through the jsDelivr content delivery network and selected photographs from the Unsplash image delivery network. When those resources load, the respective provider may receive technical connection data, including your IP address and browser information. Their own privacy information applies to their processing.
The external OpenStreetMap link on the contact page is activated only when you select it. Once you leave this website, the destination provider's terms and privacy policy apply.
5. Retention
Server log retention is determined by operational and security requirements. Enquiry data is retained only for as long as necessary to respond, document the communication, meet legal obligations or protect legal claims. Browser-based cookie preference data remains until it expires or is deleted through your browser settings.
6. Recipients and international transfers
Data may be accessible to hosting, IT support, communications or professional service providers where necessary and subject to appropriate safeguards. External content delivery providers may operate infrastructure outside the European Economic Area. Where required, recognised transfer mechanisms and supplementary safeguards should be used by the relevant provider.
7. Your data protection rights
Subject to legal requirements, you may request access, rectification, erasure, restriction, data portability or object to processing based on legitimate interests. You may withdraw consent with future effect where processing is based on consent. You also have the right to lodge a complaint with a competent data protection supervisory authority.
To exercise your rights, contact info@stillfin.org. We may need reasonable information to verify your identity.
8. Automated decisions
This website does not perform automated credit decisions, profiling or automated eligibility assessments.
9. Security
Appropriate technical and organisational measures should be used to protect personal data against loss, misuse and unauthorised access. Internet communication cannot, however, be guaranteed to be completely secure.
10. Changes to this policy
This policy may be updated when the website, legal requirements or processing activities change. The current version is published on this page.
This policy is general website information. It does not replace any separate data protection information provided in connection with a specific business relationship.